Spyware Prevention Strategies, Part 2: Offense And Defense

Did You Read Your EULA?
Okay, be honest — when was the last time you read the End User License Agreement (EULA) before clicking "Okay" and proceeding with installation? You're not the only one — almost nobody reads those dense paragraphs full of legalese. Typical license agreements run to 20,000 words or more.

In 2004, my company tried an experiment with the EULA for one of our software products. Buried in the license was a clause that offered "financial compensation" for sending feedback to a particular e-mail address. It took four months and nearly 3,000 downloads before we finally got our first e-mail asking about that clause.

EULAs can be weapons of mass deception for spyware makers. For example, many of these agreements say that the software maker can install new software without notice, collect extensive data about the system configuration, record information that the user types into Web forms, and even change the license terms at any time without notifying users. Some EULAs include links to online Web pages that are supposedly part of the legal agreement. Users would need to regularly visit these Web pages to find out what new conditions they have to endure while the software is on their systems.

There are tools to help you evaluate the risks. JavaCool Software has written a utility named EULAlyzer that searches lengthy EULA documents and roots out words that can mean trouble. It's a good idea

Spyware Sentinels
Even a well-patched PC with an astute user can still be at risk of being infected with spyware or other unwanted software. That's where the prevention and inoculation features of anti-spyware software can provide even more protection. Using a variety of strategies, such as lists of known threats and threat signatures, detecting attempts to install applets, or through other means, anti-spyware can block the software from installing on the system.

This real-time protection is offered in the free Spybot Search & Destroy and Microsoft Antispyware products. It is also available in the paid versions of Ad-Aware and Spy Sweeper, and in the spyware protection offered by Symantec, McAfee, Panda, and Computer Associates, among others.

The free SpywareBlaster application from JavaCool Software can offer another layer of safety. Unlike the real-time protection of anti-spyware programs, SpywareBlaster doesn't actually run any software in the background. Instead, it manages a "blacklist" of software that Internet Explorer is told that it should not run.

Why Prevention Matters
Spyware and unwanted software installations pose many dangers, including the risk of data loss or information theft. Although several good tools exist to identify and fix spyware problems, cleanup is tedious and time-consuming. Plus, most users act to clean up spyware only after they detect a problem with the computer; as spyware becomes more sophisticated those outward signs become harder to detect.

Prevention is a much better way to address the problem. With the right preparation, education, and policies, it's possible for users and administrators to minimize the problem of recurring spyware infestations.

Dave Methvin is Chief Technical Officer at PC Pitstop, a security Web site.