Understanding Malwared-Ware, Spy-Ware, and Viruses
By: McKinley H. Tabor, August 5, 2005
Fully 70% of my practice now involves problem with, or stemming from, Ad-ware, Spy-ware, and Viruses, (collectively called Mal-ware, for “Malicious Software”). However, with a few simple steps you can make sure your computer is free of these modern technology scourges.
The Culprits:
To understand how to avoid mal-ware, some back ground on what mal-ware is might be helpful.
Ad-ware, is a program installed on your computer that an advertising company will use to send you advertising. Most often this is done via the dreaded “Popup” window. The most aggressive forms of Ad-ware even monitors your keystrokes and web searches so as to custom tailor it’s ads to you. For example you may go to Google and search on the work “travel”, and an ad for a travel company will pop up. Normally ad-ware is just an annoyance rather than a destructive force. (it would be counter productive for an advertising company to disable your computer). But a large infestation of ad-ware on a system will cause it to crash simply because of the load that the program puts on the system. Furthermore, some types of ad-ware programs are not compatible with each other, as a result they will crash the system when run simultaneously, jut like any two other legitimate but incompatible program will.
Spy-ware comes in two flavors. While the term “spy” my conger up images of dark forces collecting secret information about you, this is only one flavor of spy-ware, and is actually very, very rare. Most spy-ware is actually just sisitiscsal gathering programs, used to track the computing habits of many hundreds of thousands of people. Unlike ad-ware, these programs can do real harm, not to your computer, but you personally. Some types of spy-ware are used in conjunction with “Phishing” scams, and try to collect data from you such as passwords, credit card numbers, and personal identification information like driver’s license data and social security numbers.
Viruses are and old threat with a new twist. Back in the mid 1980s the first computer virus was found “in the wild” (meaning not in a lab or a test center). Oddly, it was the old world Macintosh which first fell victim to viruses because of it superb multitasking operating system. Back then viruses had to be spread on floppy disks. Now in the Internet age, the most common way for a virus to spread is by e-mail. One of the most annoying types of virus (at least from a system administrators stand point) is the “worm”. This is a type of virus which moves form computer to computer infecting a system, then reaching out to other system to try and infect them. This movement from computer to computer almost always comes about from a flaw in the software which that computer runs and the method of movement can be either from a direct connection, or through an email set out to everyone in the computers address book. An infected computer is at the whim of whatever the virus wants to do. Sometimes virus do little more then spread themselves, with little or no negative effect on the computer they are on. Some viruses are used by malicious computer experts to co-op an infected system to help the malicious expert attack an internet site, or spread “Spam” (unwanted advertising e-mail). Some viruses are used to get ad-ware and spy-ware on a system.
How Mal-ware gets on a computer.
Ironically 99% of all mal-ware is put on at the user’s request. This is because Mal-ware writers and distributors are very cunning in how they move their “product”.
Also 99% of all mal-ware installs take advantage of security holes in the popular web browser “Internet Explorer”. These security holes in IE often will allow software to be install from the internet with little or no warning to the user, and can be start be just one click. Sadly, Microsoft is reluctant to fix these holes because it is the same security holes when used properly by reputable companies that allow for online updates to legitimate software, certain types of online databases, and some online banking programs.
Nothing is “Free”.
A lot of mal-ware is installed when a user installs a bit of “free” software from the internet. Most of these “free” software programs are paid for by adverting, is the form of ad-ware. Popular programs for things like, weather, e-mail customization, desktop enhancement, similes, emoticons, chatting, search toolbars, and music downloading (the worst) all support themselves by ad-ware.
“You’re a winner”
Most, if not all of the flashing “winner” banners are way to lure people into installing mal-ware. Furthermore some of these “winner” banners or “do this, and win a prize” games are used to collect personal information which can be used in Identity theft.
Bait and Click
Some popup windows come right out and asks if you want to install something “yes” or “no”…. but if you click “no” it will install anyway. (remember, the IE hole can install software with only one click, doesn’t mater what you clicked on in the window) ALSO, many more popup are putting images that look like real Windows XP objects, such as the close X, and Notification Windows. Thus a user can be “tricked” into clicking on a part of the IE window which looks like part of Windows XP, and hens install software.
E-mail attachments
The most common virus/worm movement is through e-mail attachments. You may get an e-mail form someone you know, but it’s really from a virus, so if your not expecting the message, don’t open it. Also some new e-mails don’t have attachments, but have Web hyper links in them, which satisfies the “one click” to install flaw.
Guerrilla warfare
The term “Guerrilla” warfare has come to represent a covert war fought in irregular ways. The term “Guerrilla” originally comes from the Spanish, and means “Little War”. Having said that, there is open warfare between the writers of mal-ware software, and the writers of anti-mal-ware software, and the add to the confusion there are even confects between the various mal-ware writers.
There are (at the time of writing this) about 30 to 50 thousand different and specific type of ad-ware and spy-ware. These however come from only about 1,000 different “firms” which write and spread these programs. (There are of course many, many little independent shops that do this as well) Anti-mal-ware programs try to detect and remove mal-ware based on what and where it is installed. Naturally, mal-ware writers are always changing that they do and how they do it to stay ahead of the anti-mal-ware people.
But mal-ware writers also know that if there are too many bits of mal-ware on a given system, the user of that system will be more inclined to spend money to remove ALL the mal-ware. But if there is just a few mal-ware programs, most users will tolerate the ads, not knowing any better to remove them, or not pestered enough to pay for software or services to remove a small announce. Hens, most of the major mal-ware writers are also in the business of removing the mal-ware of there competitors. This is where you get the “you have ad-ware/spy-ware on your computer, would you like us to remove it for free?” popup. This most often is a mal-ware writer trying to remove all but their own mal-ware.
Mal-ware writers will so make their products friendly with each other. Meaning that once you have a bit of mal-ware on your system, that mal-ware could allow other bits of mal-ware from the same company onto your system, even going to far as to seek out and download other program totally outside of the users awareness.
This constant adding and removing of programs, especially those programs which operate “under the radar”, can case havoc with a system, leaving little bits of partially removed and partially installed programs all over the hard drive. Again, just like the damage you would do if you decided to install, uninstall, and then reinstall any program several dozen times.
How to dispose of Mal-ware and how to protect yourself in the future
The bad news is that there is no fool proof way to remove a bad mal-ware infestation. A system that is covered with mal-ware could take hours and hours to clean off, and you can never be 100% sure you got everything. Sometimes when approaching an infestation the easiest way to clean it off is to wipe the computer and start from scratch. Backup all of your data files, format the hard drive and reinstall Windows, your drivers, and your programs. It may take a couple of hours, but it’s better that twice that long trying in vain to remove something which will never come out all the way.
Once on a system mal-ware can be very tricky to deal with. For example, a bit of mal-ware may have two programs running at once. If you succeed in defeating program 1 (by stopping the program while running and deleting it from your hard drive) program 2 will simply restore program 1 while you are tying to defeat program 2. The same works in reverse.
Mal-ware will also hide in the shutdown scripts of the computer. So, just as soon as you remove the program, it will reinstall itself as you are shutting down. Mal-ware once on will also seek to cripple those programs which hunt it (more Guerrilla warfare). If the mal-ware program starts before the anti-mal-ware program starts, then the mal-ware can hide itself from the anti-mal-ware or worse the mal-ware and disable the anti-mal-ware all together, and the user is completely unaware of their lack of protection.
The best way to avoid mal-ware is to install anti-mal-ware software right from the start. Most of the blocking software packages also have a cleaning element which can be used to clean off small (and try to clean off large) amounts of mal-ware.
This however no one “Magic Bullet” software that clean and protects all types of mal-ware. Most people will use a “cocktail” of software to protect their system. They come mainly is three “styles” of software.
Firewalls, which watches your internet connection and keeps bad stuff from flowing in/out or malicious computer experts from getting into your system
Anti-Viruses, which scan computers looking for Virus and their virus components
Anti-Ad-ware/Anti-spy-ware, which looks for ad-ware and spy-ware, but also stop popup not caused by ad-ware, and stop legitimate programs from starting at boot time (which can slow down your computer), and stop legitimate programs from tweaking your system setting (again, not ad-ware, but very, very annoying)
Here are some of the software packages out there and what they do:
Norton Intern Security: This is the closest thing to a Magic Bullet out there, but it’s actually a collection of existing Symantec products. It has a firewall, anti-virus, but it’s a little weak on the anti-ad-ware side. Norton also has a history of being very invasive on a system, it takes also of system resources to do what it does, and bombards the user with windows tell him or her very detail of what’s going on (while this can be interesting and helpful for the first couple of days, after a few weeks the Norton popup are more of a hassle than the ad-ware popups). Norton also uses a “subscription” model for it’s software. You pay yearly for the software to work. If you stop paying the software loses most of its effectiveness.
Macafee: MacAfee has a history as good anti-virus and their firewall is also it has a subscription model as well, but is less invasive and uses less system over head. Like Norton, a long time player in the anti-virus realm, they too are weak in their anti-ad-ware department.
Microsoft: Mother Microsoft has two products, both for XP. First, XP service pack 2 contains its own firewall, thus rendering any other firewall as redundant. Second Microsoft has their own Anti-Ad-ware product, Windows Defender. On the up side, both products are free to XP users (which most of the world is). The firewall is integrated into the TCP/IP stack of the computer, which in a perfect world would mean that the firewall would be bullet proof. Because Microsoft also makes IE (the primary case of mal-ware) one would figure that its anti-mal-ware scanner/blocker would take full advantage of their own knowledge of the proprietary code of both IE and Windows.
Microsoft also releases updates to windows, IE, office, and all if their products on a fairly regular bases, just as other software vendors do. You should download these updates daily to help protect your system.
AVG: Avg anti-virus is arguably the best “free” anti-virus around today. AVG dies has a pay version they sell to larger customers, but their free product is not crippled in any way. AVG also has just as many updates to their software as Norton and MacAfee (remember an anti-virus not updated regularly is soon useless), but AVG is NOT subscription based. Like most other anti-virus programs it scans your e-mail (to remove viruses and worms not spam), and does a full system scan late at night (if you leave your computer on.)
Mozilla Firefox: This is the golden arrow of computer safety. As stated 99% of all mal-ware comes in because of security holes in IE, well if you stop using IE, your 99% safe. Firefox does just about everything IE will do in term as day-to-day surfing. Firefox will not connect to Microsoft to download updates and there are some online things which need IE to work, but you can keep IE just for that takes, and use Firefox for your general surfing. Firefox has build in non-mal-ware popup blocking and an integrated search toolbar for Google, Yahoo and other search engines. Is Firefox completely safe? No, nothing is, but it is far and away a better browser than IE. If fact, studies of the surfing habits of normal Internet users show that just with Firefox alone, you are better protected than using IE and the best anti-virus, anti-mal-ware, and firewall systems money can buy. Firefox is of course a free download.
Ad-aware: Ad-ware with the first widespread anti-adware systems available, and still one of the best. The free ad-aware product scans and removes ad-ware and spy-ware, and is updated regularly. If you want “real time” protection you have to buy the full product, but it’s not subscription based.
Spybot Search and Destroy: Another early pioreer in the anti-mal-ware group, this it of software is funded by donations, free to download, and works great for older system. It was a real-time protection system which blocks EVERYTHING even overzealous legitimate software
Hijack-this!: This is very technical program which defeats mal-ware by removing its ability to start. Once a mal-ware program fails to start, removing it with anti-mal-ware products becomes much easier. Hijack-this also give the user a read on all processes that start on the computer, giving the more knowable computer user the ability to better control his or her system.
Related Articles
No user responded in this post
Leave A Reply