Internet Coaching Library > Site Links > Internet
Security
How to
Prevent the Online Invasion of Spyware and Adware
by Enrique de
Argaez, webmaster
Many definitions are circulating, but the
generic term "malware" essentially refers to "adware" and "spyware"
programs that are loaded onto computers from the Internet, often
unknown to the computer user.
These malware programs often change browser
settings, alter system files and create new default Web pages.
Typically, infected systems are plagued with new tool bars and a
constant barrage of popup ads. Scores of useless and annoying Web
sites can be added to your "favorites" folders without you having
selected them!
Typically, malware will also collect
personal information from users' systems regarding their Web
activities, transferring it to advertising and data-research
companies. These companies determine the Web sites that users
frequent and employ the information to tailor the ads they send
to individual users. Several malware programs even regularly
update their own program codes on infected computers...
Popup and popunder ads are another great
nuisance originated by adware, but more importantly, malware also
causes computers to perform poorly. Frequently, infected systems
freeze up or crash.
The most common way for malware to work its
way into your system is to piggyback on a free program that is
downloaded from the Internet. Most users click on an "I agree" or
"I accept" button without reading the long and complex license
agreement that expresses consent to place the malware onto their
systems.
These days, most users have been warned
about not clicking into unknown attachments or accepting
downloaded programs. Unfortunately, at this point, a "wrong
click" is not all you have to be worried about. More
sophisticated malware programs are now employing the so-called
"drive-by downloads." All you have to do to become infected with
malware these days is visit a popular and presumably safe Web
site, where malware can automatically latch onto your
system.
High-speed Internet users are also at
greater risk for spyware due to the lack of consumer usage of
built-in firewalls, the speed at which spyware files can download
and because of the "always on" nature of broadband. Once
downloaded onto a computer, spyware can be difficult to find,
uninstall or disable.
Set Up Your Defenses
So, what protections against malware are
available? Certainly, the best time to address malware and
viruses is before they find their way onto your computers.
Various emerging technologies and service providers can assist
you with analyzing network traffic patterns, monitor your systems
and practices, assess risk exposure, and recommend remedial
measures.
Minimally, adequate pop-up blockers and
firewalls should be installed and regularly maintained. Experts
recommend rebuilding networks into easily isolatable segments to
keep malware from overwhelming core networks.
Many anti-malware and anti-virus products
exist, some better than others, and some more expensive than
others. There are also excellent free programs, Here is a list
from Freebyte . It is important to remember the importance of updating
anti-malware and anti-virus programs. New malware is designed
every day, and whenever a new defensive product or revision hits
the market, it is only a matter of time before the malware
designers find creative ways to circumvent the software. This
continuous game requires you to constantly update your protective
software. Below several tools you can use to avoid and to remove
malware are presented.
Legal Liabilities Abound
Some businesses have looked to deal with
malware concerns by tightening company Internet usage policies.
These companies are limiting employees' Internet access, and some
are going so far as to prohibit Internet usage completely. While
recognizing the benefits of unrestricted employee access to the
Internet, some companies have concluded that the risk, time and
money devoted to defending against attacks far outweigh any
potential benefits.
When you get down to the basics, using
broadband connections in the workplace to download files for
personal use does more than steal productivity and cheat
employers out of bandwidth costs. Employees generally are not
aware of the damage their P2P and instant-messaging use does to
their companies.
File Sharing Dangers
File-sharing through the dozens of software
piracy mills on the Internet and well-known peer-to-peer networks
like Kazaa , Morpheus , iMesh, eDonkey, Gnutella, LimeWire and
Grokster accounts for thousands of illegally downloaded music
files, games, movies and software.
Computer security experts warn that more
harm than the mere theft of intellectual property by piracy
occurs through participation in file-sharing over the Internet.
For example, use of file-sharing operations usually leads to
situations in which computers -- and even networks -- are
infected with spyware, malware and backdoors left ajar for
hackers.
MP3 downloads remain a big draw, despite
continuing lawsuits against downloaders by the music industry.
Computer users can find just about anything through file-sharing
and P2P exchanges. Much of the software available on P2P networks
comes cracked, meaning antipiracy activation technologies that
are supposed to ensure use only by legitimate purchasers are
disabled. Other software can be downloaded with serial numbers
included in the zipped file so installation is not impeded. But
all of this seemingly free software is not without
risks.
Spyware is a byproduct of peer-to-peer
file-sharing. People are generally unaware of how easily spyware
gets into their computers. The programs required to participate
in peer-to-peer networks do not just help people share music
files. They share whatever they can find on the hard drive and
the network.
Malware, bad enough on a consumer's home
PC, is worse when it enters the workplace. Some forms of spyware
can track user activity, identify files and their locations, and
capture passwords. This sensitive personal and corporate data
then can be automatically uploaded to servers controlled by
spammers, mass marketers and hackers. Employees generally are not
aware of the damage their P2P and instant-messaging use does to
their companies.
File-sharing is sharing company
information. Often, workers contribute software put on corporate
networks in exchange for the downloads they get. Some people
don't realize that P2P applications can search for files and
other software and upload them unknowingly.
According to IDC, employees at up to 70
percent of businesses are using free, consumer-oriented instant
messaging, in some cases without corporate IT consent. Many IM
applications, by default, give direct file-sharing access to
computer users listed on each other's buddy lists.
Thus, while employees chat away on company
time, they can be manipulated to expose their corporate networks
to attack. The MyDoom worm was first distributed through P2P
networks by file-sharers.
Often, employees also are tempted to use
their high-speed connections at work to download songs, movies
and software through P2P applications. Besides compromising
network security, their association with illegal file-sharing
creates legal liabilities for their employers. More often than
not, companies aren't aware of software license violations and
other infractions their workers commit through
file-sharing.
On the other hand, there are numerous
claims that could be brought by a business that has become
infected by malware, but litigation may not be a viable option.
The costs associated with a lawsuit will be significant and the
results of litigation are uncertain, given that there are no
federal laws in place that directly address malware. Also, the
responsible parties might be judgment-proof.
Increasingly, legislatures have taken
notice of the malware problem, and at least one has taken action.
Earlier this year, Utah became the first state to enact
anti-malware legislation. The Utah law generally prohibits
companies from installing software that pops up advertisements
without users' consent, sending personal information to third
parties and installing software that reports users' online
actions.
Governments in most countries have been
slow to act. The Information Highway involves international
commerce, so it is an issue to be addressed at a global level.
The drain on critical business assets and resources is
considerable, and it's growing at an alarming rate. Malware has
increased in sophistication, and it will continue to grow in
complexity and in the nefarious ways in which it
operates.
The costs associated with dealing with this
problem will continue to explode. One recent survey released by
ICSA Labs, a provider of risk management products and services
out of Virginia, states that the median cost of disaster recovery
from a virus and/or malware infection is about $11,000. Virus and
malware encounters more than doubled in 2003, according to ICSA
Labs. And, 88 percent of survey respondents - all security
managers - believe that the problem is getting worse.
Prevention Is Possible - Here are
Seventeen Tips
Spam, viruses and spyware continue to grow
exponentially, despite the first federal law regulating junk
e-mail going into effect last January, and other laws combating
spyware and adware. All these nuisances are associated and we
must be always careful because they can come from e-mail, from
downloading software, and by simply clicking a link in an unsafe
website.
There are ways to fight these menaces,
however. Here are 17 tips to help you avoid spam, virus,
spyware, adware and malware:
A - Be careful with the spam you receive
1 - Don't buy anything promoted in a spam message.
2 - Don't reply to spam or click on its "unsubscribe" link. That
simply informs the sender that your e-mail address is valid.
3 - If your e-mail program has a preview pane, disable it to
prevent the spam from reporting back to its sender.
4 - Use one e-mail address for family and friends, another for
everyone else. When an address attracts too much spam, abandon it
for a new one. Select an address with embedded digits, such as
jane8doe2@isp.com.
5 - If you get lots of spam, check your Internet service
provider's filtering features and compare them with those of
competitors.
6 - To help the Federal Trade Commission control spam, forward it
to spam@uce.gov.
7 - Don't post your e-mail address in its normal form on a
publicly accessible Web page. Post it in a form, such as "Jane AT
isp DOT com," that can't be easily read by harvesting
software.
B - Beware of viruses and hackers
8 - Don't open an e-mail attachment unless you were expecting
it.
9 - Use anti-virus software and heed security alerts e-mailed
directly from anti-virus vendors to download antidotes for newly
circulating viruses and worms.
10 - Install a firewall with both incoming and outgoing
protection.
11 - Regularly update your operating system, Web browser and other
major software.
12 - Use passwords that are at least eight characters long that
include at least one numeral and one symbol. Never disclose a
password online.
13 - When you aren't using the computer, shut off the modem or the
computer itself.
C - Beware of New Software Downloads
14 - Download and install software only from trusted sources. Close
windows containing pop-up ads or unexpected warnings by closing
the entire window, not by clicking within the window.
15 - clicking on "Agree" or "OK." Read any privacy statements. If they
are difficult to find or include questionable practices, abort
the installation by closing the window in which it's
occurring.
16 - Adjust your Web browser's security settings. If you use
Microsoft Internet Explorer 6, keep its security level at medium
or higher to block Web sites from downloading a file without your
authorization.
17 - Use updated anti-spyware software to scan your hard drive
regularly. Always download it from a trusted site. Update the
anti-spyware.
One good way to avoid popups is to use the Firefox browser for
surfing. This browser is faster than the Internet Explorer
and much safer and has a popup blocking feature.
This option can be activated or de-activated easy. Download Firefox
for free here and enjoy a great popup-free faster surfing
experience.
Another possibility is to use the new
free toolbars that come with ad popup blocking features.
One of them that I use and recommend is the Google Toolbar.
Here are some Tools to Clean Spyware
from your PC
There are many new tools, some are free and
some are for purchase. The following have been tested on my PC
and work well. They are all helpful and safe. Always follow
the easy instructions included with each cleaning tool. An
important point to remember is to place the spyware in quarentine
first. Test your computer and programs. Then, and only then, you
can safely remove the spyware, adware, etc.
- Try Window
Washer for free and enhance
your privacy protection. The original and best selling
system-cleaning tool on the market, a must have surfing tool.
- TheSpy
Sweeper was recently
featured in the New York Times, on CBS Evening News and awarded
4-Stars by PC Magazine. Check out this tool, a quality solution
to a real-world online threat, free trial
here. This program has
safety features that allow you to block and avoid the action of
the malware.
- The Pop Up
Washer is another tool that
stops the growing threat of ads delivered through the Windows
Messenger Service. Allows desirable navigation windows while
stopping intrusive ads. Click here to buy or to test drive for
free the Pop Up
Washer.
Other recommended tools to consider are ad-aware, an
excellent Swedish product. Comes free for personal use. Spybot Search and
Destroy is another good
freeware program. You may download it from Spybot, where additional information is available.
Updates are Necessary
Similarly to the anti-virus tools, the spy-
and adware tools need to be up-dated frequently to be effective.
This is very important to remember. Please keep in mind that each
tool has its own special features. See at Websense the latest security
warnings on malicious Internet events including spyware, phishing
and corrupted Web sites.
Personally, in order to get rid of ALL the spyware and adware in
my PC I use several tools together, one right after the other.
Some tools also have features to block the access points and
protect the computer from these nuisances in the future. Most of
the adware and spyware reproduce themselves if not fully removed
from your computer. Get rid of them completely, including all the
traces.
According to statistics, about 90% of all
computers are infected with malware. This is a growing problem
for everyone that uses the Net. It is possible to fight badware.
The Stop Badware Organization can be contacted
for help. They seek to provide reliable, objective information
about downloadable applications in order to help consumers to
make better choices about what they download on to their computers.
To detect if Spyware is running in your PC you can do a free and
safe spyware audit scan in your PC. Click here for details. It's fast and safe, the results might
surprise you!
Take care,
Ricky
About the Author:
Enrique De Argaez (Ricky) is the webmaster of the
"Internet World Stats" website.
Since 2000 he has been publishing Internet Usage Statistics and
population data from over 233 countries and regions of the world
for free use by the academia, the global business community and
the general public. For more information on Internet World Usage,
please visit: http://www.InternetWorldStats.com/stats.htm