linuxgeek
Rogue Scholar
- Joined
- Feb 1, 2004
- Posts
- 32,718
Spyware prevention:
[80s Surgeon General's voice] The best way to prevent spyware infection is to not use the web brower which the majority of spyware targets -- Internet Explorer.[/voice]
There are many alternative web browsers to Internet Explorer. Two I have the most familarity with are Firefox and Opera.
Firefox (http://www.mozilla.org/products/firefox/) will automatically ask if you wish to import your IE favorites the first time you run it. So far, I have not run into a web page that works under IE which Firefox cannot display correctly. The only downside to FF is as it gains popularity it to will become significant spyware target also.
Opera (http://www.opera.com/) provides menu options for importing IE & FF favorite. There is an auto import function, but I haven't used it so I'm not sure how it performs under the current version of Opera. I have run into some web pages which are IE specific which Opera has difficulty displaying. It is an issue the Opera team has improved on but they still have room to improve. The overall upsize to Opera is it has less than 10% of the marketshare, so the spyware programmers do not consider it worth their time to write spyware to specifically attack it.
Another method which will help prevent spyware is using an antispyware tool which will run as you browse looking for spyware like the anitvirus programs do. Two I have seen do this is the antispyware tool Microsoft currently has in beta after buying out the company which was originally providing it and Spybot.
Microsoft Antispyware (http://www.microsoft.com/athome/security/spyware/software/default.mspx) has showen to be decent tool for preventing spyware infection. However, with it being a Microsoft product, the spyware programmers in a few cases I've seen documented have written their spyware specifically to fool it. Currently, Microsoft is providing their antispyware tool free of charge. Do not know if that will continue once they release it as a stable product.
SpyBot (http://www.safer-networking.org/en/download/) has proven itself a useful too to me. The main thing I didn't like about the last version I ran with the realtime spyware detection tools was the number of time its tools alert on possible spyware incursions. One of the way Spybot looks for spyware is watching for changes to the registry. The downfall to do this the registry is accessed and changed often by many programs since it is where the majority of configuration information is saved.
The other primary source of spyware as well as viruses and trojan horses is software respository sites. Infections from user downloaded software is a separate issue from web browser target infections. Sites like Download.com, TuCows.com, Majorgeeks.com all make it convient for finding a tool which may make your live easier. They also, reguardless of how much they scan for them, are used as a means to put out versions of programs to infect users computers. Spyware, virus, & trojan horse program writers will go to great lengths to fake out a reposnsitories scanning tools because of the wealth of personal information they may be able to get from a persons home or work computer.
The best way to avoid these types of infections is to only download internet software from the site of the person or company writing the software. Download.com usually will provide a link to the providing website. If the software repository you are using does not, searching on the program name with Google, Yahoo, Dogpile, etc. will often provide the site URL in the first few links returned.
Spyware removal:
For spyware removal, one of the key items I have found is using multiple tools to do the job. While a spyware program may be written to fool one or two antispyware tools, since they each use slightly different methods to detect, it is difficult and not worth the time for spyware writers to try and fool them all. Also, like with antivirus tools, I have seen cases were two antispyware tools have been able to detect a piece of spyware, but only one was able to actually clean it off the computer.
The other key item is the mode your windows machine is in when you attempt cleaning spyware. The mode which will give you the best chance of removing spyware is known as Safe Mode. In safe mode, windows does not load all the programs it normally does so the files windows normally keeps locked while allowing the user to browse the internet, IM other people, etc., are available to be scanned and cleaned.
To enter Safe Mode, you press the F8 key before the windows splash screen comes up. You may need to press it multiple times or hold it down depending on your computer and the version of windows being run. If windows recognized the F8 key being pressed, a text screen will come up with different choices for continuing the boot process. The best one to select is Safe Mode without Networking. Once you use the arrow keys to select that option press enter and the boot process will continue. Once it is done loading into safe mode, a popup window comes up stating so.
Some antispyware tools to consider using along with the two already stated:
Ad-Aware (http://www.lavasoftusa.com/software/adaware/): free for use
Spy Sweeper (http://www.webroot.com/consumer/products/spysweeper): current version has a 30 day trial limit.
*goes off to summon other geeks to add their knowledge & experience to this thread*
[80s Surgeon General's voice] The best way to prevent spyware infection is to not use the web brower which the majority of spyware targets -- Internet Explorer.[/voice]
There are many alternative web browsers to Internet Explorer. Two I have the most familarity with are Firefox and Opera.
Firefox (http://www.mozilla.org/products/firefox/) will automatically ask if you wish to import your IE favorites the first time you run it. So far, I have not run into a web page that works under IE which Firefox cannot display correctly. The only downside to FF is as it gains popularity it to will become significant spyware target also.
Opera (http://www.opera.com/) provides menu options for importing IE & FF favorite. There is an auto import function, but I haven't used it so I'm not sure how it performs under the current version of Opera. I have run into some web pages which are IE specific which Opera has difficulty displaying. It is an issue the Opera team has improved on but they still have room to improve. The overall upsize to Opera is it has less than 10% of the marketshare, so the spyware programmers do not consider it worth their time to write spyware to specifically attack it.
Microsoft Antispyware (http://www.microsoft.com/athome/security/spyware/software/default.mspx) has showen to be decent tool for preventing spyware infection. However, with it being a Microsoft product, the spyware programmers in a few cases I've seen documented have written their spyware specifically to fool it. Currently, Microsoft is providing their antispyware tool free of charge. Do not know if that will continue once they release it as a stable product.
SpyBot (http://www.safer-networking.org/en/download/) has proven itself a useful too to me. The main thing I didn't like about the last version I ran with the realtime spyware detection tools was the number of time its tools alert on possible spyware incursions. One of the way Spybot looks for spyware is watching for changes to the registry. The downfall to do this the registry is accessed and changed often by many programs since it is where the majority of configuration information is saved.
The best way to avoid these types of infections is to only download internet software from the site of the person or company writing the software. Download.com usually will provide a link to the providing website. If the software repository you are using does not, searching on the program name with Google, Yahoo, Dogpile, etc. will often provide the site URL in the first few links returned.
Spyware removal:
For spyware removal, one of the key items I have found is using multiple tools to do the job. While a spyware program may be written to fool one or two antispyware tools, since they each use slightly different methods to detect, it is difficult and not worth the time for spyware writers to try and fool them all. Also, like with antivirus tools, I have seen cases were two antispyware tools have been able to detect a piece of spyware, but only one was able to actually clean it off the computer.
The other key item is the mode your windows machine is in when you attempt cleaning spyware. The mode which will give you the best chance of removing spyware is known as Safe Mode. In safe mode, windows does not load all the programs it normally does so the files windows normally keeps locked while allowing the user to browse the internet, IM other people, etc., are available to be scanned and cleaned.
To enter Safe Mode, you press the F8 key before the windows splash screen comes up. You may need to press it multiple times or hold it down depending on your computer and the version of windows being run. If windows recognized the F8 key being pressed, a text screen will come up with different choices for continuing the boot process. The best one to select is Safe Mode without Networking. Once you use the arrow keys to select that option press enter and the boot process will continue. Once it is done loading into safe mode, a popup window comes up stating so.
Some antispyware tools to consider using along with the two already stated:
Ad-Aware (http://www.lavasoftusa.com/software/adaware/): free for use
Spy Sweeper (http://www.webroot.com/consumer/products/spysweeper): current version has a 30 day trial limit.
*goes off to summon other geeks to add their knowledge & experience to this thread*
Attachments
Last edited:
