Strategies for Avoiding and Removing Spyware

by Cliff Hatch on March 30, 2008

Over the last twenty years I’ve worked on computers in the military, IT service providers, businesses both large and small. The one major complaint they all have in common are viruses and spyware. It also happens to be number one on my “Family Tech Support” call list as well. The Anti-Spyware Coalition defines spyware as:

Spyware: Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

  • Material changes that affect their user experience, privacy, or system security;
  • Use of their system resources, including what programs are installed on their computers; and/or
  • Collection, use, and distribution of their personal or other sensitive information.

Spyware can report back on your surfing habits to advertisers, hijack your browser’s home page, log key strokes, and in extreme cases allow complete remote control of your system by an attacker- it even intensifies the dangers of webcams. In January of 2007, Julie Amero was convicted on four felony counts of risking injury to minors after she was unable to prevent pornographic pop-ups from showing up on a computer in a classroom in 2004, in spite of testimony that the computer was infested with spyware (her case is going to be re-tried after outrage from the IT community and the media).

So how do we shutdown spyware once and for all? Security is always a compromise with usability. There is no silver bullet that will make your computer immune to spyware. We can, however, put together a layered defense, which should greatly reduce your risk and make your computer less likely to become a pop up factory or a paperweight. To make this a little less painful, let’s compare it to securing your home from a burglar.

1. Get Insurance. Back up your computer regularly. It’s not exciting, but it’s absolutely necessary if your data is important. Think about what you’ve got on your machine- perhaps finance records for the business? Family pictures? Just back it up, preferably on removable media, which is then stored away from the computer. Instructions for XP here and Vista here.

2. Secure the perimeter fence line – Invest in a good hardware firewall. Most businesses run high end appliances, the small business/home user can get adequate protection for less than $100 with a Linksys or Netgear router/firewall. For medium and large businesses with more budget, I’m partial to Cisco equipment. CERT/CC has a good article on home network security here.

3. Secure the front door- If you’ve never seen a firewall log on an Internet facing network, it’s an interesting experience. Every day hundreds of machines will search for an open port to connect to. It’s the cyber equivalent of a car thief walking down a row of cars pulling each door handle to see what’s unlocked. And yes, they do the same thing on your home machine if you have a broadband connection. You can make sure this casual intrusion is stopped dead with a software firewall. At a minimum turn on the Windows Firewall (here’s how to turn it on in XP, in Vista go to the control panel>security center>firewall), particularly if you’re a laptop user connecting without a corporate firewall while traveling. If you’re more security conscious (and comfortable with additional complexity), Zone Labs Zone Alarm replaces the Windows firewall and provides additional protection.

4. Make sure that deadbolt defeats the latest lock picks- Believe it or not, this one catches big businesses a lot more than it should. Make sure you install the latest service packs and patches as soon as possible. For most home users that’s immediately, businesses should test them on pilot systems at a minimum, but deploy them with urgency. The easiest way to do this is automatically- here’s how.

5. Defend the homestead from multiple angles-
a. You should be running a good anti-virus product. Be sure to periodically check it to make sure your definitions are up to date. I recommend Grisoft AVG Anti-Malware, which scans for both spyware and viruses. They offer free anti-virus and anti-spyware for personal use, the anti-spyware link is here.
b. In addition to using AV and anti-spyware from one company, you should periodically (preferably weekly but at least once a month) scan with a different product. Spybot Search and Destroy, and Lavasoft Ad-Aware are great products, and will usually turn up malware on what was believed to be a clean system. They also offer free versions for personal use.

6. Look at things in a new way- Change your browser from Internet Explorer to Firefox– I know, I know, Internet Explorer is easier because it’s preinstalled. I, and several of my peers, have discovered a dramatic decrease in spyware on machines with Firefox, particularly those with Adblock Plus installed.

7. Don’t open the door for strangers- Watch where you surf. Questionable sites, like pornography, illegal software download portals, and some peer to peer networks have been known to infect unsuspecting users with spyware. Also, if you get a popup asking you to install something unexpected, do not click “OK” or “Cancel”. Close the window with the “X” in the top corner- some disreputable programmers install when cancel is clicked…

8. Beware of free samples- Some free programs come with other programs bundled that you don’t want, particularly toolbars. Scan any executable file with an anti-virus program BEFORE you install.

9. Don’t fall the sales pitch- Be sure to read the End User License Agreement when you install unknown software- there have been several cases of questionable software makers including clauses where you allow them access to your personal information, and automated reporting on your habits.

10. Something still got in- Now what? Well you have a couple of choices. Believe it or not, if you followed my advice in Step 1, it may be easier to just restore from backup. Manually hunting down and remove spyware can be time consuming and frustrating. If you’re determined and a little technical, there is help in the form of a great support forum, and a reporting product called HijackThis (now from Trend Micro). The author’s homepage and the forums can be accessed here. Be sure to check out the FAQ before posting. You may also want to read “So how did I get infected in the first place?” by MS MVP Tony Klein for some additional great tips!
Additional Reading
http://onguardonline.gov/index.html
http://www.antispywarecoalition.org/documents/safetytips.htm
http://www.ftc.gov/bcp/conline/pubs/alerts/spywarealrt.shtm

About Cliff Hatch

Cliff Hatch, MCSE+I, ACE, Security+ is the CIO for Cliff Edge Consulting, LLC (www.cliffedgeconsulting.com), a Las Vegas based consultancy specializing in Microsoft Technologies. (You may republish article in its entirety on your site provided you leave the author credit.)

Leave a Comment

{ 1 trackback }

Next post: