While most users are aware of virus and worms threat, they usually overlook the other biggest threat ie the spywares.
What are spywares ?
Spywares are programs that get installed on your computer without your knowledge and collect data about your usage patterns like what sites you visit, what programs you run, even your personal details like age, gender and financial details too : all those things that can be useful for a marketing company to send you customized advertising. These programs send this data back to their websites where they are given to spammers and advertisers. All these things happen without the user's knowledge and that is the most ironical point of the story.
Categories of spywares:
Adwares: Adwares usually monitors your usage patterns and show you ads corresponding to them. Adwares are usually installed as freewares and it is quoted in their EULA (End User License Agreement) that the program will show relevant ads.
Many of the adwares are freeware version of programs which are availible as paid versions. Examples of these programs : Opera, Divx, Download Accelerator Plus, Flashget etc. While these programs specifically tells the user that they can upgrade to their paid version if they dont want to get these advertisements but not every adware is like that.
Browser Hijackers: This is a broad category in which parasites like home page hijackers and search hijackers can be included.
Home page hijackers change the start page of the user's browser to some specific sites and some notorious of these are very difficult to remove. Search hijackers change the search behaviour of the user's browser and when user searches for something on the Internet, these search sites give them the results.Usually both of the hijackers stated above work on clickthrough systems. Here they are affiliates to other companies which give them money according to the hits they recieve through them. So, the ultimate goal of hijackers is to make the users click on the links through which they earn their revenue. As this is a difficult task, the program authors go extreme ways to achieve it and create difficult to remove parasites. Recent examples of such parasite are CoolWebSearch and AboutBlank.
Dialers: Dialers are programs that promise to make some "premium content" availible to the users by making calls through them. All their objective is to make the users dial the number which are usually long distance numbers of their affiliates.
Tracking Cookies: Cookies were meant to be used for customizing the websites according to the user's preferences. But marketing companies found another use of them. This useful feature is being abused by marketing companies by putting "third party cookies". Third party cookies means cookies stored by websites other than you are visiting - most often put through banners and ad rotators. These cookies can keep track of what sites you visit that contains their ads.
Keyloggers: Keyloggers arent thankfully installed by marketing companies. Usually they are installed by some trojans or hackers. Here hackers refer to those breed of computer users who use such programs to break into other's computers to steal passwords or to destroy those systems. These programs monitor each keypress on your system and keep track of them and send it back to their originators. There are many sophisticated keyloggers which have their own SMTP engine to mail back the tracking records.
Sources of Spywares:
How do these programs get installed ?
These programs are usually installed as bundled with other programs. While most users dont care to read the Terms and Conditions of the programs they are installing, third party tools such as these are installed easily.
Browser hijackers are usually installed as ActiveX controls while the user is visiting their affiliate's websites. The most common source of spywares are porn and cracks websites. These websites promise the user to enable them to view their content if they install these add ons.
A new class of them is called betraywares. These programs promise to remove spywares but they are themselves housing many of them. A whole new breed of search assistants, pop up blockers, online form filling tools, password keepers comes under this list.
How to tell you are infected ?
Usually when spywares are installed on your system, your network traffic increases. If you feel your computer is not behaving the way it was supposed to be, most probably you are infected. You should check what programs are getting loaded when the computer is starting up and what programs are running in the task manager. If you notice some suspicious entries in task manager or startup list, look out what programs are these. If you are on an always on connection, you should monitor the network traffic of your computer.
How to remain safe from spywares ?
Spywares will not get installed if the user himself will not allow it to install. If the user is careful in monitoring what programs get installed to his computer, it become very difficult for spywares to get installed.The user should pay attention to the Terms and Conditions or EULA of them program being installed. Reference to third party installation should be given more attention.
Not every freeware is a spyware. But those free programs which utilize the internet to deliver their objectives should be looked at suspicously. Usually Search Assistants or popup blockers apart from reputable companies should be avoided.The user should remain careful of sites he visits. Most of the users get infected while browsing the "underground" sites. Websites that provides cracks or porn websites are often source of dialers and hijackers. The user should use his intuition while browsing these sites. They will not come to you if you dont go to them.
Use antispywares:Programs like Spybot Search & Destroy and Ad Aware are considered reputed in removing spywares. Spyware Blaster is a great utility that will not let the spywares getting installed in the first place. All these program should be updated regularly as new parasites gets discovered daily.
Use Firewall:Firewalls have become a necessity these days. And those with with always on connection should enable firewall on their systems. Firewall monitors the network traffics and blocks unnecessary connections. They are also effective against worms propogating through random ip addresses.
Use Antivirus:Antivirus are now just as essentials as operating systems are. Antivirus should be updated regularly too as new virus are discovered on daily basis.
Use Windows Update regularily:As new vulnerabilities are discovered, parasites exploiting them too arise. So patches to fix them should be installed regularily.
[Edit]This thread isnt closed. This was a part of an assignment I had to submit to my Univ .. I am working on more of it .. So keep a watch on it ..
DEFINITIONS:
A Biological Virus: an entity that attatches itself to a healthy cell and uses the infected cell to infect other cells
a computer virus works in a similar way
it NEEDS to attatch itself to something before it can infect and spread
there has to be a mechanism to run this virus automatically
this is explained below
Malware: MALicious softWARE, including viruses, worms, Trojans, Denial of Service and other such attacks. Sometimes referred to as rogue programs
Denial of service (DoS) attacks: cause thousands of access attempts to a Web site over a very short period of time, overloading the target site and shutting it down.
Identity theft: is the impersonation by a thief of someone with good credit.
Macro viruses: are viruses that spread by binding themselves to software like Word or Excel.
Malware: is malicious software that is designed by people to attack some part of a computer system.
Worm: is a computer virus that spreads itself, not only from file to file, but from computer to computer via e-mail and other Internet traffic.
How A Virus Can Attach / Two Types of Virii
1.) Boot-Sector Virii: infects boot sector executables. affects MBR's / Partition Tables .
once its loaded in the memory .. it sits and waits
2.) Macros / Macro Virii: A macro is a series of commands and instructions that you group together as a single command to automate a task.
Go Here for more
Guide To AntiVirus Software :
an extensive shootout performed Here
Detailed Reports: Here in .RAR format
im posting the top 10 with final rank ( acc. to how many virii out of the 76556 it detected ) here:
Code:
1. Kaspersky Personal Pro version 4.5.0.58 - 99.09%
2. F-Secure 2004 version 4.71.5 - 98.77%
3. Extendia AVK Pro version 11.0.4 - 98.68%
4. AVK version 14.0.7 - 98.50%
5. Kaspersky Personal version 5.0.149 - 97.88%
6. eScan 2003 Virus Control version 2.6.484.8 - 96.75%
7. McAfee version 8.0.41 - 93.59%
8. Norton version 2004 Professional - 93.38%
9. RAV version 8.6.105 - 93.14%
10. F-Prot version 3.15 - 91.85%
Steps that should be taken ?
use IE's inbuilt pop-up blocker and Info Bar (IF ur still using IR and SP2 Required)tho most of the browsers have pop up blockers now .. for those still on IE and SP1 u can use
MSN Toolbar
Google Toolbar
other software like POP UP COP
in my experience the latter 2 were VERY effective
block activeX components ( set them on 'prompt' ) use a better browser 
like maxthon (still based on IE tho), FireFox, Opera [top 3] use a firewall.zone alarm and sygate are good personal firewalls
then in shareware u have
NIS, McAfee's Firewall and ZoneAlarm the PRO version
personally i think ZAPro rocks ... i put my trust in it
get ZAP tips Here
personal firewalls compared Here
use a good AV . ( this should be a top rankin point but i already covered an AV shootout ) spyware adware removers L like adaware and spybot like bat mentionedin addition other good ones are
BPS ( Bullet Proof Software ) spyware remover<== i love this. got immunisation for 150 threats for ur browser. Plus inbuilt HiJack This
Spyware remover
spyware doctor
speaking of HJT learn how to use it and use it well here DO NOT neglect trojans ... DO Treat them as SEPARATE YET MALICIOUS threatsDO use separate Trojan removers like Anti Trojan Shield
Other links:
Spyware Glossary but we have a better one here
Some More Spyware Tools recommended from Download.com
DISCLAIMER: i am not responsible for the quality of this post
it was written in half hour
i have made a lot of repeat points from bats post ... ive just made a few additions
be safe
No comments:
Post a Comment