Federal Agency of Education
State Educational Institution of Higher Education
«Siberian State Aerospace University named after M.F. Reshetnev»
CONTENTS
What are Spyware and Adware?. 7
Drive-by Downloads or Foistware. 8
A virus is a self-replicating program that spreads by inserting copies of itself into programs or documents that already exist on a computer. The name comes from an analogy with biological viruses. These cannot reproduce by themselves but make use of the functions of infected cells to spread. Similarly, a computer virus makes use of the executable code in legitimate programs to carry out its purposes. A virus may be designed to be destructive to a system or to be a prank. In either case, the virus will rapidly reproduce itself until the system may be overwhelmed. Viruses spread to other systems when infected programs are copied to another machine. Documents with executable code like Word macros can also be vectors of infection. A very common method of spreading viruses is by attachments to email . Today a variant of a virus known as a worm is more often used.
Viruses and worms are often lumped together in the single category of virus but there is technical distinction. A worm differs from a virus in that it contains all the code it needs to carry out its purposes and does not depend on using other programs. Most recent instances of malware have been worms, spread primarily by email. Worms are designed to replicate rapidly and to use the Internet or other networks to spread with great facility. They may contain code to damage or erase files or may carry other malicious payloads. On a number of occasions, large numbers of computer systems have been brought down by worms. In addition to the damage from whatever payload they carry, the sheer number of worm copies can bring systems to a halt.
A very common method of spreading is by use of any email addresses on an infected computer. The worm searches address books, temporary Internet caches and other possible sources of email addresses. The worm then mails out random infected fake messages. It may use the addresses it finds not only as recipients but also may spoof mail to show them as senders. It may also combine random pieces of addresses into new fake addresses. All the messages will contain an attachment that is infected. None of this activity may be known by the owner of the infected machine and may go on for weeks or months. A single infected machine can send out thousands of worm-carrying messages.
Most people know that anti-virus software is a necessity and most computers come with some form of anti-virus program already installed. (Note that anti-virus is a catchall term that refers to a variety of malware.) All the major programs check email as well as scanning your system. However, new viruses appear every day and anti-virus programs are only as good as their database or definitions of viruses. A program can't recognize a new virus unless it has been kept up to date. Anti-virus programs contain update features and these are automatic in the newer major programs. However, the big vendors like Symantec and McAfee no longer give unlimited free updates but start to charge after some initial period ranging from 3 months to 1 year. Very often people do not subscribe to the new updates and let their protection lapse. This leaves the computer open to any new virus that comes along. Actually, it may be better to periodically buy a whole new version of whatever anti-virus program you use. I have often found rebate offers that make the new program cheaper than the update subscription.
Personally, I find both the Norton and McAfee programs to be very heavy users of system resources. An alternative is one of the free programs like Grisoft AVG. In the past, Symantec's Norton has always seemed to get much better reviews for efficacy against infection than the freebies but a recent review by the magazine PC World indicates that there are several free programs that now provide acceptable levels of protection. Tech Support Alert gives a critique of the various free programs and describes an effective computer defense that uses free programs.
The term Trojan horse is applied to malware that masquerades as a legitimate program but is in reality a malicious application. It may simply pretend to be a useful program or it may actually contain a useful function as cover for a destructive one. Screen savers are often used as a carrier. Trojan horses do not replicate themselves as do viruses and worms. However, a Trojan horse can be part of the payload of a worm and can be spread to many machines as part of a worm infestation. Many Trojan horses have been sent out as email attachments.
One favorite use of Trojan horses is to allow a malicious hacker ( more properly called a "cracker") to use systems of unsuspecting owners for attacking other machines or as zombies. Another use is for relaying spam or pornography. Yet another use is to steal account passwords and then relay them back to someone for fraudulent use. Trojans can also be destructive and wipe out files or create other damage. Recently, phishing scams have been making use of Trojans.
Defenses
Many Trojans are recognized by the major anti-virus programs. However, not all Trojans have characteristics that trigger anti-virus programs so additional software is recommended. The spyware programs discussed on the next page should be considered as well as the references in the sidebar.
It is essential in the present conditions to have a firewall. The Internet is a two-way street. Unless your computer is properly protected, it is all too easy for unwanted visitors to gain access to your computer while you are on-line. Once into your system, a cracker can plant a Trojan or worm or do other harm. Good firewall software can make your computer invisible to all except the most determined cracker. Further, most firewalls will warn you if programs on your computer try to connect to the Internet without telling you. That will help to warn you if you get an infection. Note, however, that some Trojans may hide by piggybacking on essential services like your email client.
Unless they had a broadband Internet connection, I used to tell people that they probably did not need a firewall. However, hacking has reached the point where everyone, even those with dial-up connections, needs a firewall. My firewall keeps a log of the attempts that are made to probe my computer and once in a while I check it out of curiosity. The attempts are unceasing and come from all over the world. (I know because I look up some of the IPs.) Even my wife's dial-up AOL account is probed all the time. Many of these probes are not malicious but I see no reason to take chances on the good will of all these strangers.
The present version of Windows XP has half a firewall built in. Unfortunately, it monitors only incoming traffic and therefore is of no help in warning about programs on your computer that call up Internet sites without telling you. Also, note that that you have to specifically enable it. (Service Pack 2 turns it on by default.). I recommend a more robust program. If you want to, you can go for one of the commercial suites that include a firewall together with a variety of other programs. However, there are several very good free programs. The sidebar contains references.
Spyware, adware and their variations are programs or applets that get installed on your computer by a download from the Internet. (You could also get them on a disk from somebody but that is less common.). There are basically three scenarios where problems arise:
1. You knowingly download and install something but do not understand all the functions of the program.
2. You download and install one thing but other things are installed along with it that you do not know about.
3. Something is downloaded and installed without your knowledge.
There are many software downloads available on the Internet that call themselves freeware. Quite a few of these are, in fact, free and come without strings. In the end, however, the cost of any software has to paid for by somebody, somehow. One way to support the cost of software is through advertising that is downloaded and displayed on the user’s computer along with the software. Many useful and reputable programs are now distributed this way. Often they come both in a version that is “free” (but with ads) and in a version that has no ads but has to be paid for. As long as the user is told up-front about the ads and about any tracking that might be going on, this form of adware has a perfectly legitimate role. For example, I use the adware version of the Opera browser. I do not use the browser very often and I wouldn’t pay for it but I am willing to have small ads running when I do use it. Actually, they are unobtrusive and I pay them no attention.
Note that I said that I was willing for ads to run while I was using the program. Less scrupulous software distributors may have pop-up windows showing ads whether you are using their program or not. Even worse offenders graduate to “spyware” and contain a component running all the time in the background to track your viewing habits on the Internet (and possibly other things). Your preferences are relayed to advertisers so that ads may be targeted specifically to what is perceived to be your interests. For example, if you visit a lot of sports sites on the Web, you may find ads for athletic equipment showing up on your computer.
Legitimate programs are straightforward in alerting you that advertising banners or pages will be downloaded to your computer and shown to you whenever you try to use that program. Others are less up front and bury the notice about ads and other actions in the EULA (End User License Agreement). Having seen this type of turgid legalese innumerable times when using Microsoft applications, most of us just click the “I agree” button without reading the stuff. If you do read the EULA thoroughly, you may find that you have signed away all your rights to privacy. How legally binding this really is, I am not competent to say, but personally I find the implications disconcerting. Still other software packages do not even bother with hiding details in the legalese but simply carry out surreptitious actions on your system without notifying you beforehand.
Drive-by Downloads or Foistware
Not content to entice you into using their spyware by providing some useful function, some firms download stuff to your computer whether you want it or not. Many Web sites have ad banners that contain download links. If you accidentally click on the ad, you may initiate a download. Some of these ads contain messages that your system "may" be infected with a virus or otherwise impaired in order to lure you into clicking on something. Depending on your browser security settings, you may then receive some unwanted software automatically or get the standard Windows pop-up message asking, "Do you accept this download?" If you click "Yes," spyware is installed. Note that the presence of a security certificate is no guarantee that something is not spyware. An example of a download window for a well-known problem program is shown in the figure below.
Sometimes, just viewing a page is sufficient. Many of these downloads take advantage of ActiveX controls in Internet Explorer (IE). The settings for Internet security zones in IE can be configured to prevent this. Also, Windows XP Service Pack 2 increases the security in this area of IE. Other browsers generally are not susceptible to ActiveX downloads. However, most browsers with insecure settings can be made to run Javascript or certain other types of code.
Lists of these types of spyware are available at the spyware database references given in the sidebar. Unless you are sure about a program, check it out on these lists before installing.
One issue is to how much of your privacy is invaded by the ad tracking. To some degree, it is the nature of an individual’s personal psychology that decides what is private. Some people are unconcerned while others react violently to the notion of being tracked. Privacy is a large subject and beyond the scope of this article but several references are given in the sidebar.
However you may feel about the privacy issues, the practical matter is that spyware uses your computer resources and bandwidth and often causes sluggish behavior or even crashes. Some spyware like the very popular file-sharing program Kazaa may even use your idle CPU time for whatever computational purposes they see fit. Many PC users have suffered significant degradation or worse for their system from the presence of spyware.
Defenses
Because of the proliferation of spyware, many programs are now available for detecting spyware and cleaning it out. Anti-virus programs do not detect most spyware because the programs do not have the characteristics of a virus. Thus a separate application is needed that specifically targets spyware. Links to two free programs, "AdAware" and "SpyBot Search & Destroy" are given in the sidebar along with references for others. Unlike ant-virus programs, where installing more than one program is not recommended, it is a good idea to clean your system with consecutive application of two or more spyware removers. According to PC Magazine , the commercial programs Spy Sweeper and Spyware Doctor are the two best anti-spyware programs. PC World also chooses Spy Sweeper as its top ranked program.
Firewalls that monitor programs on your system that attempt to connect to the Internet will give you warning of the presence of spyware. The Windows XP firewall does not have this capability so one of the firewalls mentioned in the references in the sidebar is recommended. If another firewall is installed, turn off the Windows XP version. The update SP2 automatically enables the Windows XP firewall.