Adware & Spyware

Up

 

Adware and Spyware – What is it?  How to Guard Against it?

by Greg Hanger

Many of us have heard of adware, and by now most of us have even heard about spyware.    In recent months these sometimes nefarious programs have become an overwhelming issue for computer users.  Victims many times have unintentionally allowed software to be installed on there systems that interferes with computer performance.  At the extreme these software pests can damage a computer’s operating system to the point of no return, creating a costly reinstallation of operating system software, and programs.

The good news is no one has to put up with adware or spyware, and prevention is the cure.  In this article I will explain in greater detail exactly what these software programs do, and how to avoid bogging down computer hardware with them.

 Definitions

 Adware is defined by “webattack.com” as a product that is available for free and in exchange displays advertising banners within the software interface.  Instead of you having to pay for the software, the company creates revenue by selling advertising space in the software product. http://www.webattack.com/Adwarepop.html.

 Spyware is defined by “netlingo.com” as software that gathers information about a user as he or she navigates around the Web.  It is intended to “track” surfing habits in order to build marketing profiles.  Spyware is often included in “free downloads” from the Web, where the license agreement (which so many of us accept without reading) may mention that information about your habits will be transmitted back to the company’s website, but not information specifically about you.  http://www.netlingo.com

 The Good, the Bad and the Ugly

Although abuse exists all adware is not necessarily bad.  Adware should only be viewed as a problem when it does not function in a way that is fully disclosed and understood by the user.  For example Internet service provider Netzero provides a useful service in exchange for advertising that appears when you logon to their network.  Many who use a free service may find that they are not getting much for the advertising they endure, but it is fully disclosed and appears to be honest.  Many other examples exist.  Google Toolbar, AOL Instant Messenger, Netscape Radio etc.  While I personally do not recommend installing any of these programs; they do attempt to disclose what is happening, and might provide a valuable service for some people.

 If you decide to take the adware plunge, always read the license agreements and privacy policies to avoid a nasty surprise.  Free software that uses advertising is a tradeoff between the advertising, and tracking of your information and the utility of the program.

 When do they cross the line and become bad?  Unscrupulous products may piggyback on existing software without sufficient or any disclosure.  Adware that calls itself freeware or shareware is an abuse.  In addition, if the advertising or tracking spyware is not fully disclosed it is abusive behavior.  This is often accomplished through the use of cookies installed without your knowledge.  Software that changes the behavior of your web browser without your consent is abuse.  For example software that changes your default homepage and the behavior of your browser without your consent is abusive.  Pop-up browser windows are probably the most annoying of these changes.  Spyware at its worst may attempt to monitor user activity on the Internet and transmits that information in the background to someone else.  Spyware potentially could be used to gather information about email and even passwords and credit card numbers, although I am not personally aware of this happening.   

 In addition, so called free software may lead to problems.  For example use of file sharing programs like WinMX or Kazaa may result in ethical or legal problems in addition to exposing the user to an overload of advertising. 

 One company, Claria (formerly known as Gator) delivers contextual advertising in the form of pop-ups.  Their software builds a profile of your surfing habits.  This information is collected and stored on a file on your computer identifiable through your IP address. The information is then collected from your computer while you browse the internet.  I recommend avoiding all adware from this company including eWallet, DateManager, WeatherScope, and PrecisionTime. eWallet keeps track of the data you enter on web forms (including credit cards) so it can autofill the data for you later. DateManager provides appointment alarms and date reminders. WeatherScope shows the current and forecast weather. PrecisionTime keeps your system clock up to date.

 Prevention is the Cure

The best way to avoid the issues created by adware and spyware is to not install it.  A pop-up blocker is a first line of defense.  Much of the unscrupulous spyware I have seen installed on work computers was the result of responding to a pop-up.  Generally the user is tricked into giving permission.  For example one user I know responded to a pop-up that offered to correct the time on her windows clock.  One “yes” click later and she had turned her machine into an advertising dedicated device.

Windows XP recently released an update (service pack 2 or SP2) which adds pop-up blocking, and other security features making adware and spyware much more difficult to install.  I have been using the service pack for a month or so and highly recommend it.  However your network administrator should test the service pack with your office applications before rolling it out to the entire office. 

The pop-up blocker seems to be very effective, and unobtrusive.  The blocker provides information about blocked pages.  Below is an example of the yellow bar that appears in Internet Explorer alerting the user to a blocked page.

 The user can right click on this bar to reveal options on how to allow pop-ups.  You have the option to always allow pop-ups at this site, or temporarily allow pop-ups.  You might want to allow a pop-up when it is part of a site you use that has pop-up tools or notifications you need.  For example CCH Internet Tax Research NetWork notifies the user that they are about to be logged off.  Pop-up blockers will prevent this notification from appearing.  Users can configure this blocker to always allow this window.

New security warnings help users avoid the issue of programs installing without  their knowledge.  Permission must be given to install items accessed over the Internet.  In addition, ActiveX, a set of technologies from Microsoft that enables interactive content for the World Wide Web, requires permission to install.  The service pack also enables the built in internet firewall to be enabled by default.

If you have not upgraded to Windows XP, or you already have a spyware problem two free solutions exist for dealing with this issue, first, Spybot Search & Destroy http://www.safer-networking.org  and second, Ad-Aware by Lavasoft http://www.lavasoftusa.com.  I recommend running both of these products if you have a problem. 

 Download and update the Spybot software first.  Run it to remove adware and spyware from your machine.  Then download, update, and run the Ad-Aware software.  Accept the Spybot options to protect your machine if you would like to safeguard against problems.  In addition the Spybot software offers the opportunity to backup your computer settings or registry.  I recommend you do this just in case. 

 Note that you might be required to reboot your machine and run the software again to remove programs running in the background on your machine.  The software products will provide you with caveats concerning the removal of adware.  You will be warned that adware will be removed and therefore will not function.  Running these programs does pose a risk of damaging your system; however, the risk posed by most spyware is greater.

 If you want to avoid pop-ups and you are not running Windows XP,  I suggest you consider the free pop-up blocker from Google.  MSN and Yahoo also offer pop-up blockers.  Yahoo has one that claims to scan for spyware.  I found the Google blocker relatively unobtrusive and easy to configure.  Check out this site before you decide on a free pop-up blocker http://www.you-niversity.com/help/popup/popups.htm it has information on configuring these blockers.

 If you want to be more aggressive in avoiding spyware and adware that capitalize on Microsoft’s Internet Explorer, an alternative might be to consider Mozilla’s Foxfire browser.  See http://www.mozilla.org for more information.  This browser has many interesting features such as the ability to open multiple web pages and tab between them.  I have not tried out this alternative as I understand a drawback is that some web pages just don’t work with it.

 Larger offices should consider restricting user rights to install software as a solution to avoiding the problem.  The Windows operating system is easily configured to restrict a user’s ability to install software.  Smaller offices without a network administrator or offices running a multitude of frequently updated software may find this to be too restrictive.

Executive Summary

Adware and spyware are essentially an outgrowth, and many times an abuse of the interactivity built into web browsing software.  The browsers ability to remember information about sites users visit (cookies) can be a useful tool.  And ActiveX and Java tools that create an interactive web browsing experience add depth and interest to the Internet.  An industry has evolved that attempts to abuse these tools in order to gather marketing information or sell sometimes legitimate, but many times illegal, illicit, or fraudulent goods and services.

The good news is that these problems can often be easily avoided and prevention is the cure.  Tools available by updating your Windows XP operating system to service pack 2, and/or installing software available for free on the Internet should all but eliminate the issue.  Policies restricting the installation of new software packages may also help prevent the problem.  As with all computer security issues a trade off exists between the cost of preventing the problem and the benefit obtained by doing so.

 

Home ] Up ]