|
What is a Virus ?
What is a Spyware ?
What is a Computer Worm ?
Antivirus Software
Vulnerability
Replication strategies
Recovery methods
|
 Spyware
is computer software that is installed surreptitiously on a personal
computer to intercept or take partial control over the user's
interaction with the computer, without the user's informed consent.
While the term spyware suggests software that secretly monitors the
user's behavior, the functions of spyware extend well beyond simple
monitoring. Spyware programs can collect various types of personal
information, but can also interfere with user control of the
computer in other ways, such as installing additional software,
redirecting Web browser activity, or diverting advertising revenue
to a third party.
In response to the emergence of
spyware, a small industry has sprung up dealing in anti-spyware
software. Running anti-spyware software has become a widely
recognized element of computer security best practices for Microsoft
Windows desktop computers. A number of jurisdictions have passed
anti-spyware laws, which usually target any software that is
surreptitiously installed to control a user's computer.
Spyware, adware and tracking
The term adware frequently refers to any software which displays
advertisements, whether or not the user has consented. Programs such
as the Eudora mail client display advertisements as an alternative
to shareware registration fees. These classify as "adware" in the
sense of advertising-supported software, but not as spyware. Adware
in this form does not operate surreptitiously or mislead the user,
and provides the user with a specific service.
Although most adware is spyware in a different sense for a different
reason: it displays advertisements related to what it finds from
spying on you. Claria Corporation's Gator Software and Exact
Advertising's BargainBuddy are examples. Visited Web sites
frequently install Gator on client machines in a surreptitious
manner, and it directs revenue to the installing site and to Claria
by displaying advertisements to the user. The user receives many
pop-up advertisements.
Other spyware behavior, such as reporting on websites the user
visits, occurs in the background. The data is used for "targeted"
advertisement impressions. The prevalence of spyware has cast
suspicion upon other programs that track Web browsing, even for
statistical or research purposes. Some observers describe the Alexa
Toolbar, an Internet Explorer plug-in published by Amazon.com, as
spyware (and some anti-spyware programs report it as such).[citation
needed] Many users, however, choose to install it.[citation needed].
Many of these adware distributing companies are backed by millions
of dollars of adware-generating revenues. Adware and spyware are
similar to viruses in that they can me malicious in nature, however,
people are now profitting from these threats making them more and
more popular.
Similarly, software bundled with free, advertising-supported
programs such as P2P act as spyware, (and if removed disable the
'parent' program) yet people are willing to download it. This
presents a dilemma for proprietors of anti-spyware products whose
removal tools may inadvertently disable wanted programs. These
recent test results show how a bundled software (WhenUSave) is
ignored by popular anti spyware program AdAware, (but removed as
spyware by most scanners) because it is part of the popular (but
recently decommissioned) Edonkey client. To address this dilemma,
the Anti-Spyware Coalition has been working on building consensus
within the anti-spyware industry as to what is and isn't acceptable
software behavior. To accomplish their goal, this group of anti-spyware
companies, academics, and consumer groups have collectively
published a series of documents including a definition of spyware,
risk model, and best practices document.
Remedies and prevention:
As the spyware threat has worsened, a number of techniques have
emerged to counteract it. These include programs designed to remove
or to block spyware, as well as various user practices which reduce
the chance of getting spyware on a system.
Nonetheless, spyware remains a costly problem. When a large number
of pieces of spyware have infected a Windows computer, the only
remedy may involve backing up user data, and fully reinstalling the
operating system.
Anti-spyware programs:
1. They can provide real time protection against the installation of
spyware software on your computer. This type of spyware protection
works the same way as that of anti-virus protection in that the
anti-spyware software scans all incoming network data for spyware
software and blocks any threats it comes across.
2. Anti-spyware software programs can be used solely for detection
and removal of spyware software that has already been installed onto
your computer. This type of spyware protection is normally much
easier to use and more popular. With this spyware protection
software you can schedule weekly, daily, or monthly scans of your
computer to detect and remove any spyware software that has been
installed on your computer. This type of anti-spyware software scans
the contents of the windows registry, operating system files, and
installed programs on your computer and will provide a list of any
threats found, allowing you to choose what you want to delete and
what you want to keep.
Such programs inspect the contents of the Windows registry, the
operating system files, and installed programs, and remove files and
entries which match a list of known spyware components. Real-time
protection from spyware works identically to real-time anti-virus
protection: the software scans disk files at download time, and
blocks the activity of components known to represent spyware. In
some cases, it may also intercept attempts to install start-up items
or to modify browser settings. Because many spyware and adware are
installed as a result of browser exploits or user error, using
security software (some of which are antispyware, though many are
not) to sandbox browsers can also be effective to help restrict any
damage done.
Earlier versions of anti-spyware programs focused chiefly on
detection and removal. Javacool Software's SpywareBlaster, one of
the first to offer real-time protection, blocked the installation of
ActiveX-based and other spyware programs.
Like most anti-virus software, many anti-spyware/adware tools
require a frequently-updated database of threats. As new spyware
programs are released, anti-spyware developers discover and evaluate
them, making "signatures" or "definitions" which allow the software
to detect and remove the spyware. As a result, anti-spyware software
is of limited usefulness without a regular source of updates. Some
vendors provide a subscription-based update service, while others
provide updates free. Updates may be installed automatically on a
schedule or before doing a scan, or may be done manually.
Not all programs rely on updated definitions. Some programs rely
partly (for instance many antispyware programs such as Windows
Defender, Spybot's TeaTimer and Spysweeper) or fully (programs
falling under the class of Hips such as BillP's WinPatrol), on
historical observation. They watch certain configuration parameters
(such as certain portions of the Windows registry or browser
configuration) and report any change to the user, without judgment
or recommendation. While they do not rely on updated definitions,
which may allow them to spot newer spyware, they can offer no
guidance. The user is left to determine "what did I just do, and is
this configuration change appropriate?"
Windows Defender's Spynet attempts to alleviate this through
offering a community to share information, which helps guide both
users, who can look at decisions made by others, and analysts, who
can spot fast-spreading spyware. A popular generic spyware removal
tool used by those with a certain degree of expertise is HijackThis,
which scans certain areas of the Windows OS where spyware often
resides and presents a list with items to delete manually. As most
of the items are legitimate windows files/registry entries it is
advised for those who are less knowledgeable on this subject to post
a HijackThis log on the numerous antispyware sites and let the
experts decide what to delete.
If a spyware program is not blocked and manages to get itself
installed, it may resist attempts to terminate or uninstall it. Some
programs work in pairs: when an anti-spyware scanner (or the user)
terminates one running process, the other one respawns the killed
program. Likewise, some spyware will detect attempts to remove
registry keys and immediately add them again. Usually, booting the
infected computer in safe mode allows an anti-spyware program a
better chance of removing persistent spyware. Killing the process
tree can also work.
A new breed of spyware (Look2Me spyware by NicTechNetworks is a good
example) is starting to hide inside system-critical processes and
start up even in safe mode. With no process to terminate they are
harder to detect and remove. Sometimes they do not even leave any
on-disk signatures. Rootkit technology is also seeing increasing
use,[39] as is the use of NTFS alternate data streams. Newer spyware
programs also have specific countermeasures against well known anti-malware
products and may prevent them from running or being installed, or
even uninstall them. An example of one that uses all three methods
is Gromozon, a new breed of malware. It uses alternate data streams
to hide. A rootkit hides it even from alternate data streams
scanners and actively stops popular rootkit scanners from running.
Ref.: wikipedia
GNU Free Documentation License
|
 |
