Some time ago, I posted a note about malicious
code, with lots of details on how to detect and avoid it. That
note is still accurate, but the biggest threat now is a bit different
from back then: spyware. So this note focuses
exactly on that, and how to deal with it. (Also, that note was
very long and detailed; this note is short.)
What is spyware?
Software on your PC that sends information to a remote server
without your knowledge or consent. If you agree
to allow information to be sent out (such as in an ad-supported version
of Opera) then it’s not spyware.
Why is it bad?
It can disclose any information you have on your PC, no
matter how confidential. Even worse, it can do anything to your
PC that the remote server it connects to directs. Spyware may be
benign today, then change to malicious tomorrow.
Also, many spyware vendors are so heavy handed that their spyware
overloads PCs so badly as to make them unusable.
How does it get on my PC?
In one of three ways: through a network service; via your e-mail or
browser program; or by your deliberately installing it.
How do I avoid spyware?
First, close each of the three possible avenues of entry as much
as you can.
- Prevent other PCs from connecting to (and then exploiting)
network services on your PC by always running behind a firewall.
A firewall is just software or hardware that intercepts network
traffic to your PC and blocks it when appropriate.
If you connect to the Internet from different places, like hotels
and airports, you’ll need a software firewall. A very decent
software firewall is built into Windows XP Service Pack 2.
If your PC is always in the same place, you should get a hardware
firewall (also called a router at the stores), too;
they cost around $50. - Keep spyware from hitchhiking on e-mail by turning off the display
of images in e-mail, and disable HTML mail if possible. Avoid it
coming in with web pages by setting your web browser’s security
level high. The easiest way to do those things is to not use
Outlook for your e-mail (except for Outlook 2003, which is
pretty secure), and not use Internet Explorer for web browsing.
Use Firefox instead. In
those rare cases you actually have to use Internet Explorer for
a site, fire it up just for that site, not for normal use. - You don’t want spyware that you deliberately installed on your
PC? Then don’t install software, unless you absolutely know
it’s okay. Seriously: don’t download and install fancy
screen savers, file sharing programs, or other unnecessary
software.
Then get one or more Spyware detection, avoidance, and removal
programs and use them. Microsoft now
has
one in beta that looks pretty good.
Spybot
Search and Destroy and
AdAware
are well known and reliable, too, and all these tools have free
versions or are just plain free in the first place. Antivirus
programs are all expected to add Spyware tools this year, too.
Do not, under any circumstances, download a Spyware removal
program you found via e-mail spam or a random web page ad. These
are very often actually pernicious spyware themselves!
How do I get rid of it?
The tools listed above can usually remove spyware. If not, it’s
a tricky job that requires booting your PC in a special mode and
removing files and registry entries manually. You’ll need a PC
expert to do it in those cases. Sometimes it may be easier to
back your data up and then reformat your hard drive and reinstall
all your software than to remove some spyware.
Charles Engelke's Blog 