blog

Blogs Of The Past: The Spyware & Adware Problem

This little gem was written in January of 2003 on my web page (when it was on the domain calwell.ca). The article was more of a response to the large number of infections I had to clean from customer’s PCs. These things were a big problem then, because many of the Anti-Virus programs of the time did not detect Spyware or Adware. That was bad enough, but even worse, the line between what was Spyware and what was legit was extremely gray. The more common scenario was software slowing a user’s computer to a crawl. Here’s a look at a Blog from The Past –  The Spyware/Adware problem… As always, my comments of today are included in red.

Spyware or Adware is a term that relates to software applications that install themselves on a computer in some sort of stealth manner and, in the background, gather information about the computer, usage details, address books, etc. that can be sent on to companies that sell advertising space or demographic information (even at the time, personal information was being gathered by these apps). Examples of these types of applications include “FriendGreetings” and “GatorWare” (Gator, or Claria is now long gone, but that stuff was a real pain).

The Problem
Spyware/Adware applications bring with them all sorts of problems and generally nasty side-effects on computers. Not the least of which is the obvious use of CPU cycles on your computer when the software is running (it probably would have been better just to say that “it slowed your computer down). Some of the problems with this kind of software include:
– Collecting personal or private information about the user or users
– Tracking computer, Internet or other usage related to your habits without consent
– Installation and Installation Persistence without consent (a little confusing, but this was about the app’s ability to keep running at all times)
– Running in the background without user consent
– Transmission of personal information in an insecure fashion, without user consent
– Instability of Spyware/Adware application, other applications, or Operating System
– Easy target for propagation of viruses

Preventing or Removing Spyware/Adware applications
While many of the applications that can be called Spyware or Adware are detectable by virus scanners and can be stopped or removed, your best defense against Spyware/Adware is to be very selective when installing free software. Other methods of removal are Manual Removal and Software Based Removal. (I don’t think the word removal needed to be said that many times) The manual option can also be quite tedious if you know little about the applications or the nature of these applications.

Prevention
Preventing the installation of spyware has to be the easiest way of avoiding Spyware/Adware. The lure of free software is the ultimate way to get Spyware/Adware on your computer – so watching for applications that use this ploy is key. When you download and use free applications such as Kaazza, Morpheous, Bearshare – be sure to use the custom installation option so you can opt out of the installation of everything but the application itself. Many applications can also be run without installation, if you have the chance to copy all of the required files for an application to your computer (without the installer), this may be a way to avoid Spyware/Adware.

Manual Removal
Manual removal can be trickier. You need to understand the methods that Spyware/Adware use to ensure they run on your computer. For example, the most common method of operation is by way of some startup facility on the computer. To see the kids of applications that run at startup, you can download an amazing utility from Systems Internals Called Autoruns (Then called Sysinternals was purchased by Microsoft – they sit provide the gold standard for Windows utilities). This utility will allow you to see all of the locations where an application might try to load itself when you start your computer. Then, you must be able to separate the good applications from Spyware/Adware. When looking into possible Spyware/Adware, you should research into any line that looks suspicious. One other method of stopping Spyware/Adware is to block the servers that many of these applications try to connect too. By adding too, or creating a “hosts” file in your Windows directory you can stop the applications. A great source of information for your “hosts” file can be found at yoyo.org (they are still out there!) .

Software Based Removal
Also becoming more prevalent is the application designed to remove Spyware/Adware programs. Two such applications that are freely available are Ad-Aware (This appears to be a freemium application provided by Lavasoft), Spy-Bot (Still out there and very useful!), and JunkBuster (The JunkBuster site is no longer maintained). I have personally used Ad-Aware and found it to be quite thorough and worth a look of you are short on time.

If you have any experience in removing Spyware/Adware or would like more information about what I have written here, please let me know. (But I won’t tell you how to find me)

So, that’s the end of this article. Looking back, I’m sure I could have written much more than I actually did. One of the things I would know at the time  – and even now – that really getting into this topic would turn into a large article on it’s own. There are many examples fo places we can find today that help us with removing malicious software, which has evolved over the years into more sophisticated software. The more common attacks now include Cloud-Based email services, faking Anti-Virus software, and getting onto a computer for the purposes of running keyloggers and screen grabbers.