Network Security Analyst,
note: Our article, "Foundations:
Avoiding Dangerous URLs,"
drew high acclaim from readers. LiveSecurity subscriber Tiffany
Allshouse, an MCSE at CPros, Inc., suggested a follow-up topic we
liked so much, we wrote today's article. Please feel free to
forward it within your organization to non-technical users who
could benefit from a more educated approach to Web surfing. --
"Corey!" yells my dad as I stumble into the
door of my parent's house, balancing an infant, a backpack, and
two suitcases. "Your sister has screwed up my computer again!"
Informal tech support is my routine role
when I visit my folks. As I drop my bags, hand off the baby, and
pass the Pomeranian's leash to my wife, my dad stomps up the
stairs from his basement office, complaining, "The machine's gone
bonkers! Every time I try to go on the Net I get all these
pop-ups, and the browser runs really slow. I don't even get MyMSN
Dodging my daughter's chubby little hands
grasping for my hair, I say, "I'll take a look."
When I make it down to Dad's office PC, it
takes me all of three seconds to diagnose his problem. "Dad,
you've been infected by spyware."
Hm, how shall I politely paraphrase his
heated response? Let's say Dad shouts, "How
did that get on there?"
You've probably asked yourself this same
question after encountering irritating pop-ups, useless toolbars,
and mysterious bookmarks in Internet Explorer (IE). How did they
get on my PC? I didn't install them. What can I do to get rid of
This article has the answers.
Spyware? What's that?
the catchy name for malicious software that hides on your computer
and sends information about you, your PC, or your Web-surfing
habits to someone else on the Internet. Spyware takes many forms.
It can be a program that starts over whenever you restart your
computer, Web "bugs" that invisibly track your clicks, or even
code that takes over Internet Explorer (IE) and steers it
someplace you didn't want to go.
Most often, malicious advertisers use
spyware to gather information about what Web pages you visit and
what you buy online. They use their findings to forcefully deliver
ads to your computer that match your interests. Although this
doesn't sound too nefarious, the ad-delivering spyware can clog up
your computer, slowing it down or even crashing it. Plus, their
diabolically persistent pop-up ads can drive the sanest user mad.
Even the most polite spyware does not have your interests at
heart. It's there to
Spyware also takes more harmful forms. For
instance, some spyware records your keystrokes. These malicious
variants can learn your logins, passwords, and even your credit
card information. The spyware creators swear that they won't
exploit this private data. That's like someone sneaking into your
house through a window, then when caught, promising, "I won't hurt
anything, I just want to watch you." Creepy!
Whether you encounter the pesky
ad-generating variety or the more stealthy, sinister variations,
spyware is generally something you don't want.
How the heck does it get onto my
As its name suggests, spyware uses elusive
techniques to slink its way onto your PC. Here are the three most
Spyware can hide inside desirable
freeware and shareware programs
Next time you download a free scenic
screensaver or a cute mini-game, remember that you might get more
than meets the eye.
Many "free" applications come booby-trapped
with ad-generating spyware. When you install the application, it
also infects your PC with a spyware program. These deceptive
applications don't go out of their way to advise you of the
attached spyware. At best, they bury information about the spyware
deep within their complex End User License Agreements (EULAs).
Spyware creators know that most users don't read these lengthy
Luckily, you won't find spyware bundled with
every freeware and shareware offer. Instead, spyware tends to
partner itself with legally-suspect Internet applications. For
instance, spyware seems particularly fond of
applications (best known as the kind of music-sharing programs
teenagers are fond of). Many P2P programs, such as Kazaa, eDonkey,
and Exeem, have come bundled with spyware.
Spyware can hide on the Web pages you
Most people feel relatively safe bro ws ing
the Net. You shouldn't! Many areas of the Web offer about as much
safety as a rickety old barn in a tornado.
You don't have to try to download something
from a Web site to get infected. Spyware often hides in the code
of Web pages. By taking advantage of Web browser vulnerabilities
(particularly those found in IE), spyware can secretly download and install itself
onto your computer without your knowledge.
Legitimate Web sites have accidentally
introduced spyware to their visitors through spyware-infected
banner ads. Ironically, when spyware on your PC generates pop-up
ads, you can get doubly infected by new spyware in those ads!
Thankfully, most legitimate Web sites don't
deal with spyware creators. You're most likely to encounter it
when wandering the darker neighborhoods on the Net. Sites
containing porn, illegal software, illicit product serial numbers,
and online gambling present the most risk for spyware infections.
But pleasant-looking sites can hide danger, too. In general, any
offer on the Internet that seems too good to be true, probably is.
Spyware can hide in HTML e-mail
Since certain types of Web sites tend to
spread spyware, you can just avoid those sites, right? Not
exactly. If you won't go to spyware, it'll come to you. The same
people spreading spyware also have strong affiliations with junk
e-mailers and spam. These miscreants can exploit the same
vulnerabilities they use on Web pages, to deliver spyware right to
your Inbox via
e-mail advertisements. They send out millions of Web-based e-mails
advertising anything from Viagra to fake Rolex watches. Just by
opening one of these unsolicited HTML e-mails, you can unknowingly
infect your PC with spyware.
Keeping Dad infection-free
After a long afternoon of cleaning a
particularly insidious strain of spyware from my dad's PC, I
figured he needed some tips to avoid a repeat. I made sure my
sister listened, too, since her Kazaa installation probably caused
Dad's problem. Here's what I told them:
- Avoid bad neighborhoods on the Net.
Web sites dealing in porn, illegal software, and gambling have a
higher chance of containing spyware. As Scott Pinzon's article,
Avoiding Dangerous URLs,"
suggests, avoid straying into the dangerous part of the
- Free software isn't always free.
Carefully consider the "free" software you download and install.
If spyware is attached, you'll end up paying for that freeware
with pop-up advertisements or advertisers hijacking your Web
searches. Before installing a free program, check to see if it
sho ws up in the
lists of known spyware. Don't forget to read the software's
license agreement. Where possible, stick with well-known brands
of software that have a reputation to protect.
- Don't use peer-to-peer software.
Not only do their installers tend to include spyware, but the
software you download while on a P2P network may include spyware,
viruses, and worms. Dump Morpheus, Kazaa, Limewire, and their
- Don't open unsolicited e-mail.
Simply opening certain unsolicited e-mail messages can trigger
spyware infections. Don't open spam!
- Ask your network administrator for
anti-spyware tools. I use
and the more recent
MS Anti-Spyware (BETA)
tool. Whatever tools you
choose, keep them up to date.
- Tweak IE's Security Settings.
In IE, click Tools => Internet Options => Security tab. You
should set IE's security level at least to Medium. Click the
Default Level button and then move the slider to Medium. As an
extra tweak, click the Custom Level... button and scroll down
till you see Scripting. Now, disable Active Scripting. This
helps prevent malicious Web sites from automatically installing
spyware. It might also disrupt legitimate scripts, so check with
your network administrator before taking this step.
- Be careful who uses your computer.
Following all these tips won't help if you share your computer
with someone else who doesn't follow them. Another user's
innocent mistake could open the floodgates to your computer's
It's been three months since that trip to my
parent's house and, after learning my tips, Dad has remained
spyware-free. He enjoys bro ws ing the Web quickly and safely
again and makes sure my sister downloads MP3s on her own system.
You, too, can dodge annoying spyware infections by following these
Interested in learning more about spyware?
Visit the Core Competence
Spyware Resources Web page.