Spyware

• What is spyware?
• Where did it come from??????
• How do I know if I have spyware?
• How do I find, and more importantly GET RID OF spyware?
• How do I keep from getting spyware?

• What is spyware?
  Spyware is marketing software which runs on your computer, usually without your knowledge. It falls into two categories:
  • Adware - This software uses your computer to present you with advertising. The most common type generates forests of pop-up ads, but it can also change your home page and "hijack" your browser so that when you try to go to a website you want, instead you're redirected to an advertiser's website.
  • Spyware - This is software that keeps track of your activities on the computer and periodically sends this information to the marketers. The more harmless type tracks information about your browsing habits (ex. what type of websites you visit the most), but it could also potentially keep track of more private information you're typing, such as account numbers and passwords.


• Where did it come from??????
  
  • Downloaded software
  - Spyware almost always comes "bundled" in with other software, usually "free" software that you download from the Internet. You may find a neat application like a searchbar, music-sharing software, or screensaver, and when you download and install that application it also quietly installs a bunch of spyware. Some of the applications that are most notorious for installing spyware on your computer are file-sharing applications such as Kazaa and Gator.
  • File-sharing software - Notice that this is mentioned twice? It's one of the biggest sources of spyware, both spyware that comes bundled with the file-sharing software and spyware that comes attached to the shared files.
  • Disreputable websites - You can also pick up spyware by going to the wrong web page. Some web pages will attempt to download software or ActiveX controls to your computer, which are actually spyware. If you go to a web page and a window pops up asking you to install something, make sure you know that the software it's trying to install is clean before you click OK.


• How do I know if I have spyware?
  Some symptoms of spyware are:
  • You're seeing lots of pop-up ads, sometimes when you're not even on the Internet
  • The computer is running unusually slow
  • Your "Connect to" dial-up window pops up all the time - ie the computer is trying to dial into the Internet by itself
  • Your home page changes by itself
  • You can't access web pages
  • You're getting a lot of strange error messages
  • Your hard drive light is always on
  • When you're on the Internet, the little green screens that show you're connected are always lit, even when you're not doing anything
  
  If some of this sounds familiar, you may be infested with spyware. Please note that viruses can cause some of these symptoms, too. If you're seeing this kind of behavior on your computer, you should check for both viruses and spyware.



• How do I find, and more importantly GET RID OF spyware?
  
  • Run a spyware scanner. This is definitely the first step and will usually clear up the problem. The most recommended spyware scanners are:
    • Ad-Aware: Available from the Boreal library or via a free download at http://www.lavasoftusa.com.
    • Spybot Search and Destroy: Available via a free download from http://www.safer-networking.org.
    Make sure you run the update for your spyware scanner before running the scan. Be cautious about downloading unknown spyware scanners - some so-called spyware scanners actually drop more spyware on your system.
  
  
  
  • Add/Remove Programs. Some of the more reputable spyware vendors will provide an uninstall option for their software. To see if an uninstall is available, click the [Start] button, then click [Settings] (except on Windows XP), [Control Panel]. Double-click the Add/Remove Programs icon, look through the list of software in the window that appears, and if you see a program you know is spyware, click on it and click the [Remove] button. (If you don't see the Add/Remove Programs icon in the Windows XP Control Panel, click the "Switch to classic view" link at the top left of the screen.)
  
  
  
  • Advanced Removal. Spyware scanners won't always be able to remove some of the more invasive spyware. If the same spyware shows up every time you run a scan or if the scan doesn't show any spyware but you're still having problems, you may need to be more agressive. CAUTION! Only try this if you're pretty tech savvy! If not, bring your computer in to be worked on.
    • Hijack This! Hijack This! is a scanner that will check for anything that's using the same methods spyware uses. Many of the things it finds are legitimate programs and utilities, so you should NOT just "fix" everything it finds! Before fixing anything it finds, you should post a log of your scan to a forum where experts can look it over and recommend what items you should have it fix. (If you don't know how to copy the log you probably shouldn't be using Hijack This.)

      You can download Hijack This! at http://www.spywareinfo.com/~merijn/downloads.html. There are several forums on the Internet where you can post logs - many are listed at Merjin.org Forums. If you're a Boreal member, you can also send a copy of your log to support@boreal.org and we'll give you some guidance on what items to have Hijack This! fix. (Please ONLY send us a Hijack This log if you've already tried running one of the spyware scanners listed above, and have not been able to completely remove your spyware.)

    • Manual Removal There are manual removal instructions for many types of spyware at http://doxdesk.com/parasite/.


• How do I keep from getting spyware?
  • Watch what you download - Read the License Agreement for software you're installing. If you find something buried in the small print saying that by installing this software you agree to allow them to gather and/or share demographic data, subscribe you to or present you with advertising, be cautious about this software! When in doubt, go to a search engine such as Google and search for the name of the software and "spyware". (Ex. search for "Gator" "spyware".) If the software is a known spyware source, you'll find this out in your search results.
  
  
  
  • Tighten up your web browser - If you're using Internet Explorer, you should adjust some of the security settings to prevent malicious websites from downloading spyware on your machine without your knowledge. To do this:
    1. For most versions of Windows, click [Start], [Settings], [Control Panel]. For Windows XP, click [Start], [Control Panel].
    2. Double-click the Internet Settings icon. If you're in Windows XP and don't see an Internet Settings icon, click the "Switch to classic view" link at the top left of the screen.
    3. In the window that opens, click the [Security] tab, and click on the [Custom Level] button. Click on the following settings to check them:
       • Under "Download signed ActiveX scripts" click "Prompt".
       • Under "Download unsigned ActiveX scripts" click "Disable".
       • Under "Initialize and script ActiveX not marked as safe" click "Disable".
       • Under "Installation of Desktop items" click "Prompt".
       • Under "Launching programs and files in a IFRAME" click "Prompt".
       Click OK.
    4. Click the [Content] tab and click the [Publishers] button. Look through the list and delete anything you don't recognize.
    5. Click OK to close the Internet Settings window and save your settings.
    6. Now, when a web page attempts to load something to your computer you'll be notified. Before you click OK, make sure you know that the software it's asking you to install is not spyware!
  
  
  • Install a spyware blocker. The spyware scanners mentioned above will detect and remove spyware, but won't prevent it from being re-installed on your machine. To block spyware, you can install a spyware blocker such as Spyware Blaster. Please note that Spyware scanners and blockers are like Anti-virus software in that they need to be updated on a regular basis. Be sure to run the "Check for Updates" function regularly with Spyware Blaster and then enable protection for all unprotected items.

Contents © 2000 Boreal Access. All rights reserved.