October 15, 2018 Contact Us At (559) 733-1940       Login   
  
 
ResourcesSpy vs. SpyWare – The Battle for Control of your C    

Torian Group, Inc. - Live Support

 

 
Newsletter Sign-Up
 
 
Spy vs. SpyWare – The Battle for Control of your Computer

Spy vs. SpyWare – The Battle for Control of your Computer
Technology with Integrity

By Tim Torian, Torian Group, Inc.

 

One of the biggest problems our clients are facing these days is adware and spyware. Once you get it, it can be very hard to get rid of.

Adware is software or changes to your computer settings that allow advertisers to redirect your web browser to their site in some way, or pop up additional windows with their advertising. Often this results in downloading additional malicious software from the site your browser goes to. Spyware is software that sends information about what you are doing to someone. This can be used to gather information about where you browse to, or in the worst cases allow someone to track your keystrokes in order to gather passwords, credit card numbers and other personal information.  Trojan software goes a step further and grants a remote user full control of your computer. They can then use it as a launching point for further illegal activities.

The underlying reason that adware has compromised the entire Internet is that there's big money to be made. The best analysis of this I've seen is by Benjamin Edelman, a Harvard Law School student. He's documented almost $140 million in recent investments by Silicon Valley venture capitalists in just four of the largest adware makers. (See www.benedelman.org%2Fspyware%2Finvestors%2F for a list of adware investors.)

In the last couple of month the number of adware patterns scanned by webroot has more than doubled, now over 50,000. That’s 50,000 different malicious software programs on the internet trying to take control of your computer, not counting viruses.

You get adware and spyware in much the same way you get viruses - by installing cute utilities and toolbars, clicking on hyperlinks in email, and by visiting malicious web sites (called drive-by infection).

A memory resident adware detector has become a necessity in addition to anti-virus software.

You can reduce your vulnerability by switching to a less vulnerable browser, such as Firefox or Netscape. However, many web sites are optimized for IE, and you may find that you need to use it anyway. Many of the vulnerabilities caused by IE are there if it is installed, even if it is not your primary browser.

Recently, detailed testing was done on the effectiveness of anti-adware programs. (http://spywarewarrior.com/asw-test-guide.htm )  We have been recommending a combination of Spybot S&D and ad-aware. We have some new recommendations based on these tests. It is still a good idea to run multiple anti-spyware products, and both Spybot and ad-aware got very good ratings.

The most effective product available, catching about 63% of spyware is Giant AntiSpyware. This product was just purchased by Microsoft, and is being offered as a free “Beta” product. Because it is in Beta, they are changing the version every few weeks, and you will need to uninstall and reinstall when this happens. It is not clear yet whether Microsoft plans to charge for it. It can be downloaded at www.microsoft.com/downloads .  This software is incompatible with MS Media Center extender, and may have other compatibility issues. It may be safer to wait for the official release if you have an unusual computer setup, or don’t want to watch for version updates.

In the following table, the Adware Fixed column represents the percentage of critical components successfully removed, not just detected, by each product (higher percentages are better). The False Positives column shows the number of benign Windows files that were incorrectly reported by a product as adware (lower numbers are better):

 

Product

Adware Fixed

 

False Pos.

 

 

Giant AntiSpyware

63%

 

0

 

 

Webroot Spy Sweeper

48%

 

0

 

 

Ad-Aware SE Personal

47%

 

0

 

 

Pest Patrol

41%

 

10

 

 

SpywareStormer

35%

 

0

 

 

Intermute SpySubtract Pro

34%

 

0

 

 

PC Tools Spyware Doctor

33%

 

0

 

 

Spybot Search & Destroy

33%

 

0

 

 

McAfee AntiSpyware

33%

 

9

 

 

Xblock X-Cleaner Deluxe

31%

 

1

 

 

XoftSpy

27%

 

3

 

 

NoAdware

24%

 

0

 

 

Aluria Spyware Eliminator

23%

 

3

 

 

OmniQuad AntiSpy

16%

 

1

 

 

Spyware COP

15%

 

0

 

 

SpyHunter

15%

 

1

 

 

SpyKiller 2005

15%

 

2

 

 

Giant/Microsoft and WebRoot Spysweeper combined seems to be the best choice at present, catching about 70% of the tested adware. No other combination of 2 products did as well. Giant combined with Ad-Aware SE Caught 69%, so if you have purchased Ad-Aware, consider using it with Giant.  Ad-Aware combined with Spybot S&D caught 54%.

Also, be aware that Ad-aware no longer provides updates for their older version. You must have Ad-Aware SE. Uninstall the old version before installing the new one. Ad-Aware SE updates now require a paid subscription.

None of these products will detect Coolwebsearch infections. This requires a separate product called Cwshredder, which was recently bought by Intermute. It can be downloaded at: www.intermute.com/products/cwshredder.html . Because the spyware changes so often, you must download and use the latest version – it is updated every few days.  You should use it at least monthly as preventative maintenance.

Another way to protect your computer is to add the malicious sites to your blocked sites list in Internet Explorer. SpyAd is a program that updates your settings with a list of sites to block. Since they are constantly changing, you need to uninstall and reinstall this on a regular basis if you use it. https://netfiles.uiuc.edu/ehowes/www/resource.htm . Read the instructions on the web site before installing.  Some spyware protection products block sites by creating a HOSTS file which redirects a list of malicious sites to your own computer, effectively blocking IE from connecting.

Also, keep in mind that newer anti-virus software sometimes includes some sort of adware/spyware protection. Be careful with installing multiple products which perform real time or memory resident protection. They can conflict.

Additional tools:
Spyware Blaster
is a free memory resident program that blocks spyware in real time. Use it if you decide not to purchase a product that has real time protection. www.javacoolsoftware.com
Hijack This
– For in depth analysis of applications running on your pc. Use with caution. www.spywareinfo.com/~merijn/downloads.html  (scroll down the page a bit)

The spyware vs computer user battle will probably not end soon. Unfortunately, you are a participant as soon as you connect to the internet. Just like we got used to the need for anti-virus software, we will adapt and overcome this new threat.


Tim Torian has taught computer networking at the College of Sequoias. He has a BS in Computer Science, and has been consulting on computer networks for the past 20 Years. His industry certifications include: Cisco CCNA and CCNI, Microsoft MCSE, and Novell CNE.  He is president of Torian Group, Inc. which provides a full range of Technology Consulting services to local business, including computer services, networking, and custom software development. They can be reached at (559) 733-1940 or on the web at http://www.toriangroup.com

     
 

Torian Group, Inc. Phone: (559) 733-1940  Fax: (559) 532-0207  Contact us