Spyware/Adware/Malware --- What is it
and what can you do to protect yourself?
Derek Johnson, Network and Server Administrator

The past few years have been interesting for the Internet community. Between illegal file sharing, Trojans, viruses, worms, spam, and crackers (note: hackers are not the people who break into your computers), the Internet has almost become a “ghetto” of communications mediums. While many of these inflictions cause us great trauma when unprepared, I focus today on a growing and evermore popular threat to the afflicted Internet surfer: spyware and adware. Malware is often a term given to these two types of software, because they generally cause malicious problems with your computer. Fortunately for you Mac and Linux users out there, though there are threats out there aimed at your computers, the significant majority attack Windows 95 / 98 / ME / 2000 / XP / 2003 machines.

Spyware

From Wikipedia, “strictly defined, spyware consists of computer software that gathers and reports information about a computer user without the user's knowledge or consent. ” Generally speaking, it’s a program that explicitly and illegally tracks information on your computer, and could potentially obtain some very private data, including your social security number, credit card numbers, and passwords.

Symptoms of Spyware may include, but are not limited to:

• Slow surfing on the Internet
• Unstable computer (crashes, blue screens, etc…)
• Noticeable degradation in system performance

Adware

Again, from Wikipedia, “Adware or advertising-supported software is any software application in which advertisements are displayed while the program is running.” This program may not be visible to you as the user. I may run in the background without your knowledge.

Symptoms of Adware may include, but are not limited to:

• Unstable computer or degradation in system performance
• Popups without visiting a website, or having an Internet browser window open
• Advertisements in task bars or title bars (Internet Explorer is commonly afflicted with this problem).

A distinction needs to be made between advertisements, and adware. While visiting a website, you may often experience another window opening with some form of solicitation. Though this is annoying and generally frowned upon by the Internet and programming communities, this does not necessarily mean you have spyware. If, however, you experience popups even after your browser has been closed for a few seconds, then that may be a sign that you have some nasty programs to remove.

How to Prevent Spyware/Adware

There are several ways you can prevent the installation of spyware.

• If using Internet Explorer, never click “Yes” when asked to install extra software or ActiveX controls unless you are absolutely sure it is safe. For instance, if you have visited Macromedia’s website to install Flash player, it is ok to click yes. Or, if you are visiting Windows Updates, it is generally ok. However, if visiting a website for the first time, and you are approached by a popup to install software, always click No.
  
• Use an alternative Internet Browser. The latest browser making headlines is Mozilla Firefox (http://www.mozilla.org). It is not susceptible to the common ailments of Internet Explorer, such as ActiveX. However, this comes at a price. Some websites have been specifically coded for Internet Explorer (like Windows Update), so you must switch back and forth between browsers, depending on the website. Fort Hays State University’s website is compatible with several different types of browsers.
  
• Install Anti-Spyware software. Well, there’s anti-virus, there was bound to be anti-spyware. Microsoft purchased company GIANT Software, and obtained some pretty great anti-spyware software. It’s still in Beta, but the beta’s better than any other anti-spyware available to date. The Full version is expected to be released in March, 2005, but you can download the beta by doing a search for “AntiSpyware” on Microsoft’s website (http://www.microsoft.com).
  
• When installing software, be sure to skim the End User License Agreement (EULA – yes, the long text at the beginning of a software installation that nulls the software company of all responsibilities) looking for mention of software designed to display advertisements or track your personal information. If you think a certain program installs piggybacking adware/spyware, don’t install it and look for an alternative program to do the same thing. A good place to look for free/open-source software is SourceForge (http://www.sf.net).
  
• Install a firewall, such as ZoneAlarm (http://www.zonelabs.com), to monitor your Internet activity and prevent intrusion from unwanted applications. Firewalls can also help stop adware/spyware from reporting information back to their central servers, meaning your information would be safe. The Windows Firewall will prevent incoming attacks, but will do nothing to stop outgoing information.
  
• Make sure you have Antivirus installed, and keep it up to date! Check with your vendor to ensure that your auto-update feature is working properly.
• You can try a blocklist file, which will prevent your computer from accessing certain IP addresses or websites. This can prevent the installation of spyware/adware, and/or the transmission of data from an already infected machine. However, blocklists are black & white, meaning it does not use any intelligence to block spyware. http://www.spywareguide.com/blockfile.php
• Visit windowsupdate.microsoft.com at least once a week to check for the latest updates, or configure Automatic Updates (check Microsoft’s website for more information on this).

How do I Check for Spyware/Adware and Remove It?

As with most things, there are two different ways to remove this software: the easy way, and the hard way. There seems to be no middle ground.

The easy way…

• Visit http://home.earthlink.net/~doniteli/index73.htm
• Open Add/Remove Programs
• Search through the list of programs to see if you recognize any of them. For programs that you do not recognize, compare them to the list from the website above.
• If you find a program listed on the website, try to remove the application. Note, this may take several minutes to complete, depending on how deeply it integrated into your system.
• If you find a program that you don’t know what it is, but it is not listed on the website, continue onto the hard way.

The Hard Way…

The hard way could also be called the “Brute Force” method. Basically, we’re going to install an application that will search through your computer, find files that have been identified as known spyware/adware, and remove them. Do note that doing this may cause instability in your computer, depending on the type of infection.

• Download Microsoft AntiSpy (http://www.microsoft.com), AdAware (http://www.lavasoftusa.com), or Spybot S&D (http://www.safer-networking.org), and install it. All three are 100% free.
• Open the application and follow the instructions to perform a full system search for spyware/adware. I can’t list the instructions here, as this document would be 30 pages long. Consult the respective vendor’s website (check the forums, too) for more information on how to search for and remove spyware/adware.

Frequently Asked Questions about Spyware/Adware:

Q: I get a popup telling me I have spyware. Is this true?

A: Probably not. These are advertisements trying to goad you into purchasing their product to remove spyware. Sometimes, these products are spyware themselves! Close the browser window, and ignore them.

Q: Can I get virus or spyware from a webpage?

A: Yes. Many times websites will use ActiveX to install their malicious code into your computer. Once it’s installed, it integrates itself very deeply into the operating system, often causing instability and poor performance.

Q: I ran an adware/spyware remover, and now my computer is worse than it was before! What happened?

A: There are two possibilities for this. 1: the spyware/adware that was removed was integrated so deeply into your system (replacing system files), then when removing it, the operating system was still looking for the removed files. Unfortunately, this may mean you will have to reinstall your operating system. Consult with a technician for more details. 2: the program you used to remove spyware was spyware in and of itself. Uninstall the program, then download one of the recommended programs in this series.

Q: Which is worse: Spyware or Adware?

A: Actually, Adware isn’t always that bad. For instance, when using CuteFTP, advertisements may be displayed in the program to help cover the costs of distributing the program for free. These ads are out of the way, and are safe to click. However, when it begins displaying ads when the program is closed, that’s when the adware has crossed the line. Spyware is generally considered the worse of the two, because it’s a “data miner,” and can run without your knowledge.

Q: Is there a list of known applications that contain spyware and/or adware?

A: There are several lengthy lists of applications that contain spyware (search: list of spyware). Here are some examples: AOL Instant Messenger, AOL ICQ, Download Accelerator Plus, FlashGet, Ezula, Gator, Go!Zilla, Grokster, Hotbar, Kazaa, MySearchBar, Real Jukebox, and WeatherBug. For a more comprehensive list, check eTrust’s website: http://www3.ca.com/securityadvisor/pest/browse.aspx

More Resources:

http://www3.ca.com/securityadvisor/pest/

http://www.cexx.org/adware.htm

http://www.spyware-support.com/resources/spyware-infected-applications.html

http://www.spywareguide.com/index.php