Accidental IT: Spyware, Spyware Everywhere
Welcome to Accidental IT, a series of technical how-tos for people whose job descriptions don't necessarily include tech support but who often find themselves doing just that for their co-workers. First up: tackling spyware.
Welcome to Accidental IT, a series of technical how-tos for people whose job descriptions don't necessarily include tech support but who often find themselves doing just that for their co-workers.
More SMB Insights
- Why Rational Development Solutions for Power?
- 2012 IBM Chief Information Security Officer Assessment
Every day in your workplace, the curses get louder. Unwanted pop-up ads, slow computers, PCs that crash all the time. Despite the network firewall and the anti-virus software installed on the server and every computer, your office is infested with spyware.
You've read the news stories. You know that spyware is not only annoying, it's dangerous. It's certainly affecting productivity, and it could also be recording the keystrokes of everyone in your office right now, discovering logins, passwords, company secrets. Long story short, you need to get rid of it. Now.
Most of us have come to believe that as long as we keep our anti-virus libraries up to date, our PC population is fairly safe, but obviously the old protections aren't adequate against spyware. Once you start to investigate an infection, the first step is to try to discover just what's crept into the affected computers.
If you're running Windows 2000 or XP, a quick way to do this is to see what processes are running, particularly if the computer you're investigating seems to be running all too slowly.
Check for processes that eat up CPU cycles and don't seem to be valid system programs. Click for full screen.
To make sure these are not valid Windows processes, do an online search for the names that appear in the Image Name column using Google or your favorite search engine -- you'll get immediate feedback. If the processes are spies, simply click the End Process button for each of them. Of course this will only terminate them temporarily. Any self-respecting spyware will reinitiate itself when you reboot the PC, if not sooner.
While you still have the search on-screen, click through to one of the explanations and "fixes." You'll probably see two things. The first is a very long list of manual steps including Windows registry changes, file deletions and amazingly long file location strings. Once you read through the list, you'll decide that the manual approach isn't really a viable solution, especially if you're trying to clean up multiple PCs. The second thing you're likely to see is an offer to download a fix. Don't do it. The download may or may not fix the problem, but it will almost certainly replace what it fixed with its own little surprise package.
The good news is that some good fixes do exist. The bad news is that because there are very intelligent and dedicated programmers being paid good money to create very complex and ingenious spyware every day, spyware changes all the time. Only anti-spyware with as much activity devoted to discovering and dealing with the problem has any chance of keeping up. So the first thing you should do is download a spyware application you know to be legitimate.
There are several reputable and serious companies that track and actually fix spyware infestations. Lavasoft's Ad-Aware, Spybot Search & Destroy, and Hijack-This are probably the most familiar names to date for dealing with spyware. These programs are widely used and your results may vary with each one.
It seems that every removal tool catches different spies, so until (or if) there is a single reliable solution, you'll want to download at least two of these tools and run them sequentially. The fact that one tool finds a higher number of infection points than another doesn't necessarily mean the tool is better, since different programs report infections differently. It's more important that the combination of tools you use detects and removes all instances of all the spies on your infected computers.
Ad-Aware at work. Click for full screen.
Two other companies have products that are worth looking at. The first is AluriaSoftware's Spyware Eliminator, which is the software behind AOL's anti-spyware efforts. The software is already running on millions of AOL users' computer systems, and that gives the company a track record as well as resources to continue updating its product.
The second is Giant Company Software. Its Giant AntiSpyware is the best solution I've found to date. Giant takes a lesson from the open-source community and uses the combined activity of its users to keep itself and its definitions library current. When AntiSpyware scans your PC, it connects to its SpyNet online community to check for recent library entries and then to report any new activity it found during its scan of your computer. This takes the reporting out of the hands of users who may or may not even understand what to report.
Update, Jan. 6, 2005:
Giant Company Software was purchased by Microsoft in December. In early January, Microsoft debuted a beta anti-spyware product, dubbed Microsoft AntiSpyware, that is based on Giant's technology and relies on input from the SpyNet community. The free beta, available for Windows 2000 and later OSs, can be downloaded from Microsoft's site.
Back To Work
Sadly, even with the latest spyware detection and removal tools, you're likely not to be completely successful in ridding your users' computers of spyware. The best defense at the moment seems to be the twofold strategy of educating users and installing, updating, and regularly running anti-spyware software.
User Education Tips|
|Microsoft Discusses Anti-Spyware Plans|
Microsoft acquired Giant Company Software because it was the quickest way to put anti-spyware technology into users' hands, an executive says.
|Corporate Computers Plagued By Spyware|
Corporate desktops pack almost as much spying software as do consumers' machines, an anti-spyware vendor reported.
|What's The Difference Between Spyware And Viruses?|
They're both infections that can damage your computer, but the goals of the authors, techniques and damage they can do are very different. Learn how to tell them apart.
|Got Spyware? Integrated Approach Is Key|
As spyware continues to plague consumers and business networks, security vendors are moving to incorporate anti-spyware capabilities into their integrated gateway appliances.
|Perfect Storm: Phishing, Hacking, Spyware, Viruses Merge|
Phishing scams again surged last month, as tech-savvy crooks increasingly took up the tools of the hacker trade to steal consumers' personal and financial identities.
|The Threats To Come|
You're busy protecting your applications and systems against today's attacks, but you need to think about how you'll protect them against tomorrow's threats as well.