Tech Tips: Spyware Surpasses Viruses, Worms and Unintended Deletions

Doug Hayman

As the technology support person for DO-IT, I've been called upon to repair and restore Scholar machines each year. Whereas it used to be accidentally deleted files or virus infections that occupied much of my service time, now I'm mostly removing spyware or wiping and restoring machines because the intrusion of this malware is too great to allow for recovery of the system.

Spyware comes in many guises. Some are relatively benign, merely providing information to outside users so that your web-browsing experience is customized to meet your unique needs. Visitors of the New York Times website, for example, can read articles by having a free account. Creating this account deposits a cookie in your web browser so that on return visits to that site, the site knows it is you, sparing you the need to reenter your username/password.

The cookie that is deposited is a small text file that has enough information for their remote servers to know it is you visiting again. If they keep an extensive record of your visit and surfing habits, then they'll have a great deal of unique, private information about you all linked to that cookie.

You can agree to the deposit of cookies or not via your web browser's preferences settings. You can also pick and choose which cookies to accept or reject. Additionally, you can manually delete individual cookies stored on your computer.

The more pervasive spyware threat comes in the form of web plug-ins and hidden applications. Some of these are installed during visits to particular websites, perhaps as something "required" to view content on a site. Others are installed as part of the installation of another application that the user downloads. Sometimes the End User License Agreement shows somewhere in the fine print that this other application will be installed and is being OK'd by the end user in exchange for use of this so-called free application. Worse yet, some applications purporting to be spyware removal software actually install what they are expected to remove—spyware.

Each of the thousands of known spyware has its own unique activity and threat level. Some may hijack the web browser's home and search pages, redirecting the user toward a target site. Others can go as far as installing backdoor entrances for intrusion, logging keystrokes to capture passwords and private information such as credit card numbers, and then sending that information to a remote computer without your knowledge or permission.

Once spyware "infects" a computer, it can be difficult to impossible to remove. Imagine accidentally spilling some pepper in your salt shaker and shaking it up before you've discovered your mistake. Picking through the salt grain by grain to remove the foreign substance is tedious and time-consuming. Likewise, once spyware has entered your computer, the removal process can be so difficult that it is easier to wipe the system. More than once in the past year, my tech coworker has seen me painstakingly sifting through the "salt" attempting to remove the "pepper" and said to me, "Wipe and restore it." And often that has been the end solution met with an "I told you so."

Users need to take a two-pronged response to dealing with spyware. First is prevention: not allowing it into your computer in the first place. Second is using removal tools to clean up the machine.

The use of peer-to-peer network file sharing is highly risky. Many of the shared files moving between users are illegal copies of another's audio/visual content. There is an inherent risk in opening these unknown files and in giving others access to drives on your machine.

Free applications, which are popular, get installed without much scrutiny regarding the implications of doing so. Many users want the instant gratification of using what their peers are playing with and don't take the time to investigate spyware that may be associated with these applications.

Before downloading and installing any new application, use your favorite search engine and see if the application has been implicated as an intrusion vector for spyware. Put the name of the application and the word spyware into the search text box and see if you get hits indicating a connection.

Once you've been infected with spyware, there are a couple of programs that are mentioned again and again by those writing about ridding your machine of the spyware threat. They are Ad-Aware (www.lavasoftusa.com/software/adaware) and Spybot Search & Destroy (www.safer-networking.org/en/index.html).

With each of these spyware removal tools there is an update function to ensure that the tool can remove the latest threats. Each may also require repeated runs to remove all of the infection, often doing so as a process that loads upon a restart of Windows™.