ZenLunatic
03-10-2006, 10:58 PM
Spyware (http://en.wikipedia.org/wiki/Spyware#Anti-spyware_programs)
From Wikipedia, the free encyclopedia
In the field of computing, the term spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party.
Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware - by design - exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.
As of 2005, spyware has become one of the pre-eminent security threats to computer-systems running Microsoft Windows operating-systems (and especially to users of Internet Explorer because of that browser's dependence on the Windows operating system). Some malware on the Linux and Mac OS X platforms has behavior similar to Windows spyware, but to date has not become anywhere near as widespread.
TYPICAL EXAMPLES OF SPYWARE
A few examples of common spyware programs may serve to illustrate the diversity of behaviors found in these attacks.
Caveat: As with computer viruses, researchers give names to spyware programs which frequently do not relate to any names that the spyware-writers use. Researchers may group programs into "families" based not on shared program code, but on common behaviors, or by "following the money" or apparent financial or business connections. For instance, a number of the spyware programs distributed by Claria are collectively known as "Gator". Likewise, programs which are frequently installed together may be described as parts of the same spyware package, even if they function separately.
CoolWebSearch, a group of programs, installs through the exploitation of Internet Explorer vulnerabilities. The programs direct traffic to advertisements on Web sites including coolwebsearch.com. To this end, they display pop-up ads, rewrite search engine results, and alter the infected computer's hosts file to direct DNS lookups to these sites. [8]
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites. [8]
180 Solutions transmits extensive information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies. [5]
HuntBar, aka WinTools or Adware.Websearch, is a small family of spyware programs distributed by Traffic Syndicate. [8] It is installed by ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs — an example of how spyware can install more spyware. These programs add toolbars to Internet Explorer, track Web browsing behavior, redirect affiliate references, and display advertisements.
Remedies and prevention
As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system.
Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system.
SECURITY PRACTICES
To deter spyware, computer users have found a number of techniques useful in addition to installing anti-spyware software.
Many system operators install a web browser other than Microsoft's Internet Explorer (IE), such as Opera (http://www.opera.com/) or Mozilla Firefox (http://www.mozilla.com/firefox/) - though such web browsers have also suffered from some security vulnerabilities. Not a single browser ranks as safe, because in the case of spyware the security comes with the person who uses the browser.
Some Internet Service Providers - particularly colleges and universities - have taken a different approach to blocking spyware: they use their network firewalls and web proxies to block access to Web sites known to install spyware. On March 31, 2005, Cornell University's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it. [15] Many other educational institutions have taken similar steps against Marketscore and other spyware. Spyware programs which redirect network traffic cause greater technical-support problems than programs which merely display ads or monitor users' behavior, and so may attract institutional attention more readily.
Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. One site, CleanSoftware.org (http://www.cleansoftware.org/), founded as an alternative to other popular Windows software sites, offers only software verified not to contain "nasties" such as spyware. Recently, C|Net revamped its download directory: it has stated that it will only keep files that pass inspection by Ad-Aware and Spyware Doctor.
FAKE ANTI-SPYWARE PROGRAMS
Malicious programmers have released a large number of fake anti-spyware programs, and widely distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware or worse, may add more spyware of their own. [13] [14]
The recent proliferation of fake or spoofed antivirus products has occasioned some concern. Such products often bill themselves as antispyware, antivirus, or registry cleaners, and sometimes feature popups prompting users to install them.
Known offenders include:
SpyAxe
AntiVirus Gold
SpywareStrike
SpyFalcon
WorldAntiSpy
WinFixer
SpyTrooper
Spy Sheriff
SpyBan
SpyWiper
PAL Spyware Remover
Spyware Stormer
PSGuard
Notable programs distributed with spyware
Bearshare [16]
Bonzi Buddy [17]
DAEMON Tools [18]
DivX (except for the paid version, and the "standard" version without the encoder). DivX announced removal of GAIN software from version 5.2. [19]
Dope Wars [20]
ErrorGuard [21]
FlashGet (free version) [22]
Grokster [23]
Kazaa [24]
Morpheus [25]
LimeWire (all free Windows versions up to 3.9.3) [25]
RadLight [26]
WeatherBug [27]
FREE ANTI-SPYWARE PROGRAMS
Spybot - Search and Destroy (http://www.safer-networking.org/en/download/index.html)
Ad-Aware SE Personal (http://www.lavasoft.de/software/adaware/)
And, Microsofts contribution to the free Anti-Spyware programs...
Windows Defender by Microsoft (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
I won't personally recommend Windows Defender as I've heard many complaints about this product... Causing system instability
and or sucking huge amounts of system resources being the main complaints...
From Wikipedia, the free encyclopedia
In the field of computing, the term spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party.
Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware - by design - exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.
As of 2005, spyware has become one of the pre-eminent security threats to computer-systems running Microsoft Windows operating-systems (and especially to users of Internet Explorer because of that browser's dependence on the Windows operating system). Some malware on the Linux and Mac OS X platforms has behavior similar to Windows spyware, but to date has not become anywhere near as widespread.
TYPICAL EXAMPLES OF SPYWARE
A few examples of common spyware programs may serve to illustrate the diversity of behaviors found in these attacks.
Caveat: As with computer viruses, researchers give names to spyware programs which frequently do not relate to any names that the spyware-writers use. Researchers may group programs into "families" based not on shared program code, but on common behaviors, or by "following the money" or apparent financial or business connections. For instance, a number of the spyware programs distributed by Claria are collectively known as "Gator". Likewise, programs which are frequently installed together may be described as parts of the same spyware package, even if they function separately.
CoolWebSearch, a group of programs, installs through the exploitation of Internet Explorer vulnerabilities. The programs direct traffic to advertisements on Web sites including coolwebsearch.com. To this end, they display pop-up ads, rewrite search engine results, and alter the infected computer's hosts file to direct DNS lookups to these sites. [8]
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites. [8]
180 Solutions transmits extensive information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies. [5]
HuntBar, aka WinTools or Adware.Websearch, is a small family of spyware programs distributed by Traffic Syndicate. [8] It is installed by ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs — an example of how spyware can install more spyware. These programs add toolbars to Internet Explorer, track Web browsing behavior, redirect affiliate references, and display advertisements.
Remedies and prevention
As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system.
Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system.
SECURITY PRACTICES
To deter spyware, computer users have found a number of techniques useful in addition to installing anti-spyware software.
Many system operators install a web browser other than Microsoft's Internet Explorer (IE), such as Opera (http://www.opera.com/) or Mozilla Firefox (http://www.mozilla.com/firefox/) - though such web browsers have also suffered from some security vulnerabilities. Not a single browser ranks as safe, because in the case of spyware the security comes with the person who uses the browser.
Some Internet Service Providers - particularly colleges and universities - have taken a different approach to blocking spyware: they use their network firewalls and web proxies to block access to Web sites known to install spyware. On March 31, 2005, Cornell University's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it. [15] Many other educational institutions have taken similar steps against Marketscore and other spyware. Spyware programs which redirect network traffic cause greater technical-support problems than programs which merely display ads or monitor users' behavior, and so may attract institutional attention more readily.
Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. One site, CleanSoftware.org (http://www.cleansoftware.org/), founded as an alternative to other popular Windows software sites, offers only software verified not to contain "nasties" such as spyware. Recently, C|Net revamped its download directory: it has stated that it will only keep files that pass inspection by Ad-Aware and Spyware Doctor.
FAKE ANTI-SPYWARE PROGRAMS
Malicious programmers have released a large number of fake anti-spyware programs, and widely distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware or worse, may add more spyware of their own. [13] [14]
The recent proliferation of fake or spoofed antivirus products has occasioned some concern. Such products often bill themselves as antispyware, antivirus, or registry cleaners, and sometimes feature popups prompting users to install them.
Known offenders include:
SpyAxe
AntiVirus Gold
SpywareStrike
SpyFalcon
WorldAntiSpy
WinFixer
SpyTrooper
Spy Sheriff
SpyBan
SpyWiper
PAL Spyware Remover
Spyware Stormer
PSGuard
Notable programs distributed with spyware
Bearshare [16]
Bonzi Buddy [17]
DAEMON Tools [18]
DivX (except for the paid version, and the "standard" version without the encoder). DivX announced removal of GAIN software from version 5.2. [19]
Dope Wars [20]
ErrorGuard [21]
FlashGet (free version) [22]
Grokster [23]
Kazaa [24]
Morpheus [25]
LimeWire (all free Windows versions up to 3.9.3) [25]
RadLight [26]
WeatherBug [27]
FREE ANTI-SPYWARE PROGRAMS
Spybot - Search and Destroy (http://www.safer-networking.org/en/download/index.html)
Ad-Aware SE Personal (http://www.lavasoft.de/software/adaware/)
And, Microsofts contribution to the free Anti-Spyware programs...
Windows Defender by Microsoft (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
I won't personally recommend Windows Defender as I've heard many complaints about this product... Causing system instability
and or sucking huge amounts of system resources being the main complaints...