President's Corner:  Spyware and Its Consequences

      by Bill James, President OKCPCUG        August 2004

 

 

Did you know that anyone with access to your PC (either in person, or over the Internet) can install spyware programs on your system without your knowledge? The reasons behind this intrusion: showing advertisements can generate business and learning usage information can help with marketing. It is an easy way to make money, but unfortunately it is at the expense of jeopardizing your system’s stability and usability. Spyware programs record your every move and gather personal information about you, such as which Web sites you visit, which ads you click on, the duration of your visits, your name, age, gender, credit card numbers, passwords, email addresses and your online buying habits.

 

Spyware programs are easy to install and usually install behind the scenes. However, once installed they are virtually impossible to detect without anti-spyware software. Spyware threats are becoming more commonplace, and have even outpaced viruses as the number one on-going danger facing online PC users today. In the past, spyware was easily found and removed, but that has all changed. Makers of anti-spyware are now challenged to ferret out sophisticated methods designed to foil their products. What makes it difficult to remove spyware today is that the authors now exploit some of the harshest methods seen in this field just to keep spyware on systems even after multiple removal attempts. Some even take advantage of sections of the Microsoft Windows Operating System designed to keep systems stable, such as the VX2 variants that are not removable without specific software. After all, it does the advertisers’ sponsors no good if the programs are easily removed.

 

The most common technique used to detect and remove spyware is file signatures. Many spyware have rotating filenames, or rotating registry information. A file signature is used because it identifies the file, regardless of the filename. While file signatures remain a great method of finding spyware, that’s not enough anymore. New versions of spyware, called variants, appear everyday. A variant is something that does the same thing as something seen before, but files are changed such that their file signature is different. This difference is enough to cause current file signatures to not work from variant to variant, and therefore the signatures must be updated with the new variant information.  Long gone are the days of surfing the Internet without worry of infection. Spyware authors utilize holes in Web browsers, allowing the spyware to enter and install itself often without any sign of activity until it is too late and you are fully infected. Some spyware even downloads and installs other spyware, compounding the problem.

 

To solve the problem, computer users must install software patches. If you are still running Microsoft Explorer 5 and you have not installed the latest security patches, then you are at risk not only from spyware, but from viruses, Trojan worms, and hackers looking for an entry way to your system. Another myth is just to use a different browser and you will be fine. Not so, while using another browser may avoid security holes versus another browser, how can you be sure that the new browser does not have its own security holes that also need to be patched?

 

Some spyware utilizes a method called ‘hitching a ride’. You should be careful in downloading those ‘helpful’ toolbars and other additional features that look cool. This also applies to helpers that are add-ons for e-mail clients. You are only asking for trouble because some of these neat features monitor surfing habits or cause popup advertisement. Also these features in most cases will bypass some firewalls.

 

This article is not written to discourage anyone from using the Internet. There are tons of great information to be found on the Web. You just need to be aware that there are also pitfalls that you can easily overcome by keeping your system updated with the latest security patches. Using products like Ad-aware, Spybot and anti-virus software that are updatable with the current definitions to detect viruses and monitor spyware will give you the edge in protecting your system.  Failure to do so could results in consequences that could cost you time and money. Happy computing!

 

Bill James is President of the Computer Club of OKC. Bill can be reached at james@qns.com