WHAT IS SPYWARE ?
The answer depends on to whom you pose that question!
Spyware is considered, by
some, to be synonymous with such terms as adware, malware, or scumware. But to be a bit more encompassing, and also consistent
with Anti-Spyware community jargon... here are some more terms that may be associated with
spyware:
Adware, Backdoor, Botnet, Dataminer, Downloader, Droneware, E-mailer, Hijacker (Browser, Dialer, Search, Toolbar), Logger (Keystroke,
ScreenScraper, Snoopware), P2P-share, Parasite, Remote-Administration-Tool, Rootkit, Thiefware, Tracking-Cookie, Trickler, Trojan
While there may be some arguably-legitimate use for some of these things... I prefer to label all
of these things as
"trashware", because from the perspective of a computer novice (one who has no clue about what's being
done to them and/or to their computer,
"without their full-understanding and consent")... it all belongs in the TRASH (not on
their computer)! For purposes of simplicity, on this page... I'll just refer to all trashware as
"spyware". Within today's Computing
and Internet environment,
spyware is definitely not something to dismissed as trivial! And rather than my trying to persuade
you about what to believe, I'll simply suggest that you peruse the links from this page then decide for yourself?!
WHY SHOULD I BE CONCERNED ABOUT SPYWARE ?
Reason #1: One's personal privacy and one's computer
security "are at risk", while connected to the Internet (this is discussed at length elsewhere on the Internet--see links presented
above)!
Reason #2: But even putting aside those important issues; in my opinion it
boils down to a simple axiom--one should always be aware of what is installed on their computer! Additionally, within this same context,
one should consider the legal liabilities which
a spyware infected system might bring down upon its owner/user! I'm not a legal
expert, but I do try to protect myself against culpability issues.
IS ANY SPYWARE LURKING ON MY COMPUTER ?
There are ways to find out, but this sort of sleuthing typically is beyond
the computer novice's competence. Fortunately; there are knowledgeable people who are willing to provide
spyware detectors and removers which can be used for detecting, identifying,
quarantining and/or removing, spyware!
It has been my observation that many detection tools do similar things, and rightly so. And while there may be
some overlap in coverage, it's my opinion that each tool (
A-Squared,
CounterSpy, and Spybot S&D), as presented herein, does something which
is both useful and unique unto itself! I personally use all of these tools for protecting myself, and my computer, against
spyware infiltration! I've decided to post (and continue to maintain) this page, so as to provide summarizing details
about them. I hope this information proves to be useful to others.
WHAT ARE SOME GOOD SPYWARE DETECTORS AND REMOVERS ?
Some of them are freeware and some are not. In my opinion; some of the FREE products
are among the best performers, when it comes to detecting and removing spyware (A-squared FREE, for example, is updated daily
and detects over TWO million objects)! I personally use the products referenced below. I consider each of them to be safe when used prudently
(as I suggest they be used--refer to NOTE 4 & 5 below).
Caution is highly advised!
Before you decide to install any anti-spyware product, DO YOUR HOMEWORK! Take time to research the product (and source thereof)!
DO NOT rely on SEARCH ENGINE results (to "hunt for" and then begin installing
anti-spyware software), because "Internet search engine results" do not distinguish between good & bad software.
Also DO NOT rely on EMAIL & INTERNET ADS, because they can be intentionally misleading,
even to the point of nefarious intent!
Beware, the many pretenders out there!
In this regard,
SPYWAREWARRIOR.COM's
research data should be of particular interest. Peruse their list of
349 SUSPECT
products. Check-out their SIX-STEP strategy toward utilizing
TRUSTWORTHY
anti-spyware methods and products. Eric Howes (Eric maintains the aforementioned "SUSPECT" list) has
promised an update with
many more rogue products to be added. In the meantime; information regarding more recently "identified suspects" is available, on this
Examined Rogues forum.
The anti-spyware products & strategies which I use are delineated below:
|
|
Other Utilities: |
(freeware) useful for identifying and disabling problematic parasites
|
|
Other Strategies: |
(freeware) some final words of advice to be considered
|
|
NOTE 1: |
Dates, as displayed on this page, are all presented in the YY/MM/DD format.
|
|
NOTE 2: |
You may have noticed that the
Microsoft®
Windows Defender (Anti-Spyware for Microsoft Windows XP-SP2, 2000-SP4, Server2003-SP1, and Vista)
is NOT on my list. My reason? Originally a
GIANT product,
it's now a product from Microsoft® -- and their well known,
continuing history of security issues
(scroll down, once the page-load is completed), speaks for itself. And so I say; use it at your own risk, but I'll pass on this one!
OTOH: I think Sunbelt's offering to be worthy of a look. Sunbelt was a close partner with GIANT and continues its own
(divergent from Microsoft®) development of a formidable Anti-Spyware product, namely,
CounterSpy!
|
|
NOTE 3: |
As is typically stated within most EULAs (End User License Agreements),
you pretty much assume the risks and liabilities when installing and using any of the products listed herein.
|
|
NOTE 4: |
Here are some of my observations, when using any good/typical anti-spyware software to perform a Full-System scan:
- scans active-in-memory processes
- scans the Windows Registry (I prefer using an "in-depth" scan mode, if available)
- scans user-designated System Drives, Folders, and select Files (I prefer scanning "all" of these)... including a scan inside compressed file types
(such as; CAB, EXE, and ZIP)
- includes menus/buttons which allow the program to IGNORE/SKIP certain USER-specified files and folders (for example; if the USER finds
a particular item to be useful, but their anti-spyware software identifies it as a "potential problem", then the USER can typically configure
their anti-spyware software "ignore or skip" that item during future/subsequent scans)
Typically, anti-spyware software can be configured to perform scans in the background, while you are performing other
computing tasks. However; I suggest CLOSING all other unnecessary processes (doing so can greatly reduce the time required to perform
a Full-System scan), and then allow your anti-spyware software to perform an uninhibited scan.
|
|
NOTE 5: |
I never allow ANY program to do automatic updates. Instead of doing "auto updates", I manually check for updates several times each week.
In lieu of "auto updates", when it comes to using anti-spyware software, I suggest the following routine:
- OPEN your Internet connection, if not already opened
- LAUNCH the anti-spyware's UPDATER process
- IMPLEMENT any program updates
- CLOSE your Internet connection
- *IF* updates were implemented, then
CLOSE all other unnecessary applications/processes
CLOSE and then RESTART the ANTI-SPYWARE program
(doing this ensures that the most recent/updated files will be used)
- then PERFORM a Full-System SCAN
(SCANS can typically take 10 minutes or more to complete;
so while you're waiting for it to finish scanning... go get a
sandwich, something to drink, or just take a relaxing walk)
- upon completion of the scan, "if something gets detected"
TAKE ANY ACTION action which you deem necessary
(note: rather than completely DELETING any "detected item/s",
I suggest adding same to either the IGNORE or QUARANTINE list)
- CLOSE the ANTI-SPYWARE program
(note: *IF* any QUARANTINE was implemented,
RESTART your computer, and then TAKE THE TIME
to ensure that any "detected/quarantined something/s"
did not foul-up software which you REALLY needed/wanted:
if this happens... don't panic, simply
UNDO the QUARANTINED "something/s"
and then RESTART your computer)
- PROCEED with your normal computing activity...
|
|
Anti-Spyware Products & Strategies
top of page
|
Added 06/11/02:
|
AutoRuns (freeware - version 9.57) Support Forums
|
| |
AutoRuns is not an anti-spyware detector/scanner "per se".
But, it can provide the user with comprehensive knowledge of the "auto-start" locations for anything being "run at Windows Startup"...
by delineating in tabular form which programs are configured to run during system bootup or login. "AutoRuns" displays entries in
the order that the Windows operating system processes them.
Otherwise hidden locations (exposed and displayed by "AutoRuns") include the Startup-folder and Registry-keys (Run, RunOnce, and
others). "AutoRuns" can selectively show you other locations, from where things might run (i.e., Auto-start Services, BHOs,
Shell-extensions, Toolbars, Winlogon-notifications, and more).
Armed with this utility, it's very unlikely that any "unwanted malware" processes will be able to HIDE from you!
|
|
Added 04/11/23:
|
HijackThis (freeware - version 2.0.2)
|
| |
HijackThis is not an anti-spyware detector/scanner "per se".
When used, it creates log-files which document "what is being run" on your computer... and it's from close inspection of
those logs, one might discover "that something" which is causing a perceived problem.
*NOTE* - I suggest that before running this utility:
- RESTART your Windows-computer in its SAFE MODE, and then while still in SAFE MODE:
- SCAN your computer, using up-to-date Anti-Virus & Anti-Spyware software
If after performing the above steps you still suspect an infection is plaguing your computer, then HijackThis
may help you to uncover the hidden culprit(s).
After running HiJackThis you can have its log-file analyzed ONLINE, by going here.
And before taking any action (based solely on your own HijackThis log-file analysis), you may find
this tutorial
to be invaluable.
If after consulting the analysis service and the tutorial (both of which are "linked" in the previous paragraph)
you are still unsure as to what may be safely deleted from your computer... then you may want to consult with
others, within these free support forums!
|
|
Added 06/02/01:
|
PrcView (freeware - version 5.2.15.1)
|
| |
PrcView is a utility that you can launch it at "Windows Startup", and leave running all the time (at least that's what I do)...
or alternatively, it can be "RUN on demand" at any time. Utilized either way, it consumes very little of your system resources!
Some of the things, for which PrcView can be used, include:
- display all applications and processes which are running; some of these may be hidden from (i.e., NOT listed on) the Windows Task List
- display the relationship, of any process, to its "parent" (using the TREE view)
- display memory and module usage, as well as full path and version, associated with each item listed
- "KILL" any process, with ease (caution: some items listed are essential to the Operating System,
killing any of these may cause system instability or shutdown)
What's the bottom line here? Knowing what is actually running at all times allows more control over your computer. Using PrcView
will help you to IDENTIFY and STOP unwanted activity, dead in its tracks!
|
|
Added 05/12/31:
|
SpywareBlaster
(freeware - version 4.2)
Support
|
|
note 1:
|
AUTOMATIC-updates are available for a very modest fee. MANUAL-updates remain a FREE service (updates typically occur twice monthly).
|
|
note 2:
|
SpywareBlaster does not scan+detect+remove spyware parasites; and is therefore
NOT LIKE A-squared, CounterSpy, or Spybot S&D. Info relative to how SpywareBlaster works:
- It INOCULATES several Web Browsers (Firefox, Flock, Internet Explorer, Netscape, and Seamonkey) against tracking cookies and against known
ActiveX scripting attacks
- "Inoculation Coverage" is expanded whenever UPDATES are implemented
- Once a computer is "inoculated," there is no need to leave this software "running"
- The user has the OPTION to, at will, ENABLE and DISABLE these "inoculations"
- BEFORE uninstalling this software (for example; if one were to do so BEFORE upgrading to a more recent version)
one *MUST* DISABLE its "inoculations", and then uninstall the software (elsewise, the software would be removed,
but its implemented "inoculations" would remain "in effect")
- Consult Javacool's Knowledge Base,
and/or visit the
Help Forum,
for more information.
|
Anti-Spyware Products & Strategies
top of page
|
Other Anti-Spyware Strategies:
|
» A WORD (or several) ABOUT ONLINE SPYWARE SCANNERS «
Some people tend to NOT install (and keep up-to-date) anti-spyware products, on their computer.
But then (after repeatedly having nagging second thoughts), they might occasionally rely on ONLINE SCANNERS to check their
computer for spyware infections. SOME (not all) ONLINE SCANNERS are little more than a ploy to get victims to download substandard
products (some of which may actually install "spyware infections")! How are newcomers supposed to know which ONLINE SCANNERS to
trust? While there may be other reliable scanners "out there"... here's my short list:
- A-squared (required browser: Microsoft's Internet Explorer)
- Panda (required browser: Mozilla's Firefox or Microsoft's Internet Explorer)
- TrendMicro (required browser: Mozilla's Firefox or Microsoft's Internet Explorer)
Why such a short list? Having avoided the illegitimate ones... these three are legitimate.
However; I do not recommend use of ONLINE SCANNERS as a sole means to employing spyware detectors and removers. On the other
hand, should one desire a "Second Opinion" (i.e., an occasional double-check against their own preference in anti-spyware products),
I think use of these three ONLINE SCANNERS would be a good choice!
Aside from using ONLINE SCANNERS... if you've not been using anti-spyware products, and you suspect a spyware infection...
before panicking, I recommend that you deploy (download and install) the likes of A-Squared,
CounterSpy, and Spybot S&D... to scan/disinfect/protect your computer. Prudent use,
of spyware detectors and removers (and the continuously updated versions thereof), will go a long way toward protecting your
computer from future unwanted parasites & malware infections.
Having said the above...
There is a possibility that something may have slipped past your chosen defenses (for example;
if/when something NEW is encountered, which has not already been addressed by Anti-Spyware programs).
Also, in my opinion, if you're NOT using Microsoft's Internet Explorer as your general purpose Web Browser... then I think it to
be less likely that you will have to resort to using something like HijackThis (a diagnostic tool, discussed above)! However;
you may still need such a tool, since "spyware" could be hidden within software that you might obtain from others (while not using
your web browser to do so).
» A WORD (or several) ABOUT WEB BROWSERS «
Most probably because of its dominant market-share and close integration with the Operating System itself,
Microsoft's Internet Explorer (and other skinned web browsers which are based upon it) seems to be an easy target for spyware hijacks. A myriad
of addons--Browser Toolbars, Plugins, and other Browser Helper Objects (BHOs)--are among the methods used for such hijacks. These
types of hijacks are too easily downloaded and installed without the victim's awareness that they've been "hijacked" (until after the fact)! More information,
about BHOs, is available at msdn.microsoft.com.
I suggest that you seriously consider abandoning use of Microsoft's Internet Explorer, most especially
versions 6.x and earlier, for general web browsing purposes! You may still have to use Internet Explorer, for such things as obtaining CRITICAL
SECURITY PATCHES (for Operating Systems and other Products) from Microsoft. But that does not mean you have to use
Internet Explorer exclusively, for your general web surfing needs! I recommend using an alternative Web Browser,
such as either of these:
Am I all alone in making such a recommendation, and is such advice being ignored? Hardly! In case you are unaware;
government privacy/security experts have made the same recommendation (i.e., users should seek alternatives to
using Microsoft Internet Explorer). FYI, here are some pertinent news articles and websites which you may have missed:
First -- here's some current information about Web Browser Security...
- us-cert.gov -- Securing Your Web Browser
- news.com -- IE7 better than IE6, but Firefox is a better alternative
Second -- here are some suggestions against the use of IE6...
- cert.org (see section entitled: "Use a different web browser")
- sans.org (recommended using an alternative browser for sites other than those which you explicitly trust)
- slashdot.org (U.S. Dept. of Homeland Security recommended using alternative browsers)
- w3reports.com (German Information Security Office recommends switching away from Internet Explorer)
- informationweek.com ("Israel Suspends Acquisitions Of Microsoft Software")
- alternativebrowseralliance.com ("Firefox. Opera. Safari. You've heard the names...")
- also see: wikipedia.org (Internet Explorer is losing market share to Firefox)
And finally; if you insist on ignoring this prudent advice, and continue using Internet Explorer
as your sole method of web-surfing... then I strongly suggest that you DO NOT WAIT until you encounter problems... if you
are not already familiar with the following; then I recommend that you quickly become familiar with these basic practices and
computing skills:
- KNOW how to backup & restore your Windows-registry, and routinely create sequential BACKUPs
- Routinely PERFORM both incremental and full BACKUPs of your critical DATA files and valuable software PROGRAMs
- KNOW how to start your Windows-computer in its safe mode
- DEVELOP a good understanding of startup applications which routinely are being run on your system
- Routinely UPDATE your Windows-computer with all critical security patches
- Routinely UPDATE your Anti-Virus and Anti-Spyware software
|
Anti-Spyware Products & Strategies
top of page
More of Karl's Goodies
This page was updated on 10/02/27.
DATES, on this page, are in the format of YY/MM/DD.
Site Map and latest version of Karl's Goodies
© copyright 1995-2010 all rights reserved
|