SPYWARE - anti-spyware programs as part of Layered Security
What is Spyware?
Many people get visions of covert programs designed by governments to invade your system, track your email, monitor your usage, and think this is the end of the explanation. Not so.
Though those would be the ultimate forms of spyware, and they do sometimes occur. For those, one needs to be fully informed of the extent, the style of program and its usage, and obtain specialized programs to even find this type of activity.
Whether you believe this occurs or not, there is evidence available that it does.
Carnivore - government email spying program
D.I.R.T. - government program to invade and spy within your computer
http://www.threatchaos.com/archives/spyware/ - Spying on the Internet
These types of spying are not within the scope of this presentation. This page is for the more open styles now so prevalent on the Internet.
INTERNET USAGE - SECURITY - NETWORKING
Using the Internet requires you to provide your own local security since you become part of the INTERNET network. It has always been recommended to use LAYERED security.
- The first is your ISP and its security which you have no control over other than complaints or suggestions.
- The second is the modem router or router if possible. This device will provide a form of hardware firewall. When properly configured, it will only allow access to properly assigned addresses unless hacked, generally by something which the user allows. DO NOT be mislead into belief this will completely protect you. It has an address just like everything else on the Internet and your network.
- The third is the software firewall. All computers accessing the Internet must have a good software firewall installed, particularly if on dialup. A good firewall will help protect against attacks from outside {Internet hackers} and some of the software/coding which might be unwhitingly installed while on the Internet by browsing. This is also the program which will keep track of your applications, and their access during Internet usage.
- The fourth is your anti-virus, spyware detection software, and removal tools. The first two [router and firewall] will protect you from blatant attacks, but provide little protection from problems which you might install or which are installed via Internet usage on web sites or via their coding. Also, the addition of "browser bars" adds direct input to the Internet accessing computer, since they are generally connected to the "service" upon connecting to the Internet..
- The fifth is your local security settings. How much control you have placed upon the Internet usage via the Browser, Email, FTP client, and News Reader programs will determine how hackable you are. Java, Windows Scripting, ActiveX, DirectPlay, Flash, RealPlayer, Quicktime, and like "enhancements" provide potential additional hackable access points.
- The sixth is sensible usage. If your P2Ping [file sharing], going to _ography sites, or other questionable activities, you are obviously more open to attack and compromise. You will be required to pay much closer attention to your system.
- The seventh is monitoring usage, network traffic, and reviewing logs. Using your: firewall logs; system control logs [like in XP, NT, and the like]; and specialty monitoring programs, you can occasionally review those logs created to properly control the potential issues that might occur do to the Internet usage. The Internet is constantly changing, so must you and your protection.
Part of Layered Security necessary for Internet usage.
SEE:
ANTI-VIRUS Programs as part of your Layered Security
SEE:
FIREWALLS - WHY YOU NEED ONE AND WHAT TO DO
Anti-spyware programs
The types of spyware these programs work to prevent or remove are things
like:
- Browser Hijacks - BHOs which track you, send information concerning your internet activity to a collection/data base server, or otherwise monitor your usage.
- Tracking Cookies - server placed files which identify you on the site, track your movements around the Internet, collect information concerning your OS, browser, and installed programs.
- Limiting ActiveX scripting activities through which just about anything can be accomplished.
- Known attack sites - some of these programs instill restricted sites within the registry/hives of windows based systems to limit or deny hostile activities against you.
Here are some links to some useful programs related to Spyware detection and removal:
- http://www.ccleaner.com - cleaner for registry and spyware
- http://www.spybot.info/en/download/ - Spybot Search and Destroy - check out the other tools
- http://www.javacoolsoftware.com/spywareblaster.html - Spyware Blaster- restricts access to/from sites, blocks some ActiveX, and other
- http://www.winpatrol.com/download.html - WinPatrol
- http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
- http://www.spywarewarrior.com/uiuc/res/ie-spyad.zip
- http://www.mvps.org/winhelp2002/hosts.zip - Setting up your hosts file to help with security
- http://www.funkytoad.com/hoster.htm - hosts management
- http://www.lavasoft.de/software/adaware/ - AdAware spyware removerThe 2007 version only supports Win2k and above
- http://www.spywarewarrior.com/uiuc/resource.htm
- http://www.siteadvisor.com/download/ie.html
- http://commandondemand.com/eval/index.cfm
XP AND UP
http://onecare.live.com/site/en-us/default.htm - Microsoft's versions of security protection- just how much do you trust Microsoft to protect you?
Do I have spyware installed?
If you haven't been using {anti}spyware programs, your system is likely filled with many types of spyware.
When dial-up access was the most prevalent connection to the Internet; slow downs, freezes, site problems, and image corruption were indications of spyware due to the interference with the speed of the connection. Now that high speed access is used more often, the increased bandwidth may not show these types of indications until way to late. Consider that every hack is an entry point for others.
With these high speed services, and due to the increased attempts to install spyware on your system, NOT protecting yourself is NOT something you can ignore.
How do you know if you have spyware installed on your computer · How to
protect your computer against spyware · How to remove the spyware. Related
Topics ...
http://howtonetworking.com/others/spyware0.htm
Trojans and Spyware block Internet
Resolution: Based on the Network Monitor and log, the problem computer may
be determined to be infected with many Trojan and spyware.
[case study] -
http://www.howtonetworking.com/casestudy/spywareblockinternet1.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
MVP Chuck - online analysis tools - online-analysis-of-suspicious-files
When all else fails:
Run the HiJack program (
http://castlecops.com/zx/Merijn/hijackthis.zip
Interpretation engine for HiJack output here,
http://www.hijackthis.de/en
This is a good program that will/can make a report of all hooks and processes in your system. It can be difficult for a new user to understand the output, so it is best to post the output to a forum familiar with diagnosing the report. Check the Internet for other reputable sites/forums to help decipher the output.
Other Parts of Layered Security necessary for Internet usage.
SEE:
FIREWALLS - WHY YOU NEED ONE AND WHAT TO DO
ANTI-VIRUS Programs as part of your Layered Security
SEE:
GENERAL WINDOWS NETWORKING DIAGNOSTICS AND SETUP
Diagnosing
Windows problems - Part 1
Part 2 -
Diagnosing Windows Problems
INSTALLATION OF SIGNING AND TRUST CERTIFICATES
After support end information for 98
SEE:
END OF SUPPORT
FOR WINDOWS 98 AND MILLENNIUM. WHAT DO I DO?
SEE:
Manually updating a new installation of Windows 98SE