Here are some of the commonly identified types of spyware:
- Browser objects (IE hacks, ActiveX controls, malicious toolbars, and so on)
- Bots and rootkits (allow others to control your system remotely)
- Keyloggers (record your keystrokes looking for sensitive data)
- Bundled parasite software (miscellaneous nuisance)
- Adware (run on the system or in the browser to display advertisements)
Let’s look at some common spyware specimens. As reported by commercial anti-spyware company Sunbelt Software, these spyware programs were common in September 2005: Claria.DashBar, AvenueMedia.DyFuCA, IST.SlotchBar, ABetterInternet, and IST.ISTbar, to name a few. Most of the above are “adware” specimens (they display ads that can potentially generate revenue for the software creator) and do not spy on the victim, but others (such as IST.ISTbar, a malicious browser toolbar) actually collect web usage information and may install other, more harmful spyware on the user’s system.
How Spyware Spreads
There are many mechanisms for spreading spyware, employed by their creators. Let’s look at a few common ways spyware can infect:
- When installed by other spyware (unlike viruses and worms, spyware rarely treads alone; some machines analyzed by the anti-spyware vendors were found to have hundreds of spyware specimens)
- When installed by malicious websites through flaws in Internet Explorer (so called “drive-by downloads”)
- When bundled with “free” or sponsored applications (unfortunately, with permission of the application creators)
Later we’ll cover some of the things all computer users should do to lower the risk of “catching spyware.”
Spyware’s Impact on Your PC
Overall, what can spyware do on your system? For that, we will refer you to Microsoft’s Ten Immutable Laws of Security. While it might be ironic that such laws are formulated by the makers of the most common spyware platform — Windows — they do provide vital insight into security. For example, Law 1 proclaims: “If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.” Thus, the above question becomes “what can spyware do on their system?” The answer to this one is really easy: everything that its creator wants. Common changes due to spyware include registry changes, browser configuration and settings modification, new program installation, as well as using your system for whatever else is needed. In other words, spyware, when installed and running, can do everything you can do on your system (and sometimes more).
Protecting Yourself
Now that the evils of spyware are understood, let’s use the well-known security mantra “prevention/detection/response” to focus on what you can do to:
- Prevent spyware from happening to you
- Detect that it might be sneaking by the defenses
- After it happens anyway, respond by cleaning your systems
First, will an antivirus solution will take care of all spyware problems? The answer is a resounding “no.” Many anti-spyware products (both freeware and commercial) have features to block (prevention), scan for (detection), and remove the offending program (response), but PC Magazine’s recent anti-spyware and antivirus software review, which compares stand-alone anti-spy defenses, indicates that antivirus solutions still do not do a good job of fending off hordes of spies.
Fortunately though, there are several simple things every computer user can do to lower the risk of spyware infection:
- Keep your Windows systems up-to-date by using Microsoft Update, which will update both your Windows and MS Office software. Installing Windows XP SP2 (Service Pack) is also important.
- Restrict some of the Internet Explorer settings (refer to Google for tips) or use Firefox, which significantly decreases the chance of spyware infestation. Here are some of the important settings to tweak: block popups using Windows XP SP2 popup blocker or another solution, limit or block ActiveX controls, and limit file downloads via the IE settings panel.
- Use antivirus and anti-spyware tools, and frequently update them using each tool’s own automated update mechanism. The best free programs to use are Spybot Search and Destroy, Ad-Aware, and Windows AntiSpyware (to be renamed Windows Defender later this year). Most antivirus vendors, such as Symantec, McAfee, and Trendmicro are launching their own anti-spyware solutions. However, stand-alone anti-spyware companies such as Webroot and Sunbelt Software still outperform them. Also, make sure that you not only run the anti-spyware software, but also use it to perform spyware scans on a periodic basis, just like you do with an antivirus software.
- Use a personal firewall with outbound protection; it might notify you when the spyware that sneaked in tries to “extrude” the stolen information to its “mothership.” It is important to note that at the time of this writing, Windows’ built-in firewall didn’t offer this protection, so other free (such as ZoneAlarm from Check Point) or paid (such as Norton or McAfee) software solutions should be used.
- Use only software obtained from trusted sources. For those needing a more specific suggestion, downloading from a random site from the Internet or receiving it from a “friend” you just met online does not count.
If you think your system is acting suspiciously, you need to determine if spyware is the factor to blame. Since there are so many parts of the system that can be modified by spyware, the best way for users to detect spyware is to run any of the free anti-spyware tools mentioned above. For better results, run multiple tools, since recent tool surveys indicate that no commercial or free tool will detect all spyware specimens. Some of the tools will also attempt to clean spyware traces, which brings us to the next item: response to spyware infections.
As far as responding to a spyware infection, the only guaranteed 100 percent effective measure a user can take is to rebuild a system. Only this will guarantee removal of all traces of malicious software from a system. On a typical Windows system there are numerous places where a piece of malicious code might reside. In a more real-world situation, where it is not possible or desirable to rebuild the entire system, try looking for spyware removal tools, sometime published by anti-spyware and antivirus vendors. All of the above anti-spyware solutions provide this functionality and will clean the spyware traces with varying degrees of efficiency (often depending on the type of malicious program). Same applies to the antivirus tools with anti-spyware defenses. However, note that the latter category is more likely to leave the risk alone and just warn the user about its presense.
Microsoft, which is now an anti-spyware vendor due to a recent acquisition, often publishes stand-alone removal tools for various malware. Microsoft’s Malicious Software Removal Tool, which is updated monthly, can be downloaded to your system via Automatic Updates or the above link. It can be run online from the above link (via an ActiveX control).
Removing complicated spyware manually, such as a driver-based keylogger, will often render the system inoperable and should only be undertaken by those intimately familiar with their system internals. On the other hand, instructions for removing simpler specimens, such as adware, are often published online and can be followed by anybody who maintains their own PC.
Tidak ada komentar:
Posting Komentar