Zur Startseite von ActualResearch English Français Deutsch
Online-ShopProdukteNewsForumKontakt
Produkte 
RegFreeze
Überblick
Online-Spyware-Scan
Artikel
Spyware-Datenbank
Liste: Spyware
Liste: Browser-Hilfsobjekte
Liste: AutoRun-Einträge
Download
Online-Shop
Web Activity Monitor
Überblick
Bilder
Live-Demo
Download
Online-Shop
IntelligentProfile
Überblick
Bilder
Onlinehilfe
Download
Online-Shop
Kostenlose Tools
Get Colouring!
CHTTPRequest DLL
3-DES DLL
Spyware Nowadays


Back to Articles

What is spyware?

Spyware is a collective name for program modules. This word is a hybrid of two English words: “spy” and “software”, and denotes any kind of software possessing spy (or, generally, unnecessary, undesirable, annoying) functions. This article doesn’t aim to classify all kinds of spyware, but you shouldn’t forget that spyware is a widely collective name for software in general. Thus, the classification may include quite harmless program modules. You can see the classification below.
Kostenloser System-Scan!
RegFreeze JETZT downloaden!
RegFreeze bietet zuverlässigen Schutz vor Adware, Spyware, Trojanern & Co.

RegFreeze downloaden!



Brief classification of spyware

Although it’s hardly possible to give the complete list, I’d like to single out the main types of spyware, which are the most common residents on computers.
  1. Adware
  2. Browser Hijacker
  3. Browser Plugin
  4. Dialer
  5. Malware
  6. Trojan
Let’s examine each of them closer.

Adware

This category includes software modules that display unwanted advertisements. It may be a page occasionally opened in your favorite browser, a pop-up window offering you to buy “a pair of Zimbabwe stockings made in China”, or a different home page in your browser pointing to the advertised site.

Browser Hijacker

This category includes modules that seriously interfere into the work of your browser and change its settings in any possible way. They cause such troubles as changing your home page (just like adware does), changing the search page of the browser, modifying its context menus and some other settings.

Browser Plugin

This category covers all modules build themselves into the browser (as you have already guessed, I’m talking about IE mostly, for this browser is very popular among spyware distributors) and get their dirty work done from inside. The examples are: BHO (Browser Helper Object), browser context menu extensions, toolbars and buttons that suddenly appear in the browser out of nowhere.

Dialer

To make the long story short, these modules are installed on your computer and make phone calls to distant countries like Zimbabwe or Mozambique. Your phone bills are huge as hell. :)

Malware

This is a collective category that includes various software modules performing unwanted actions. That’s all. I don’t know how to put it another way, but the fact is that it is more a collective category.

Trojan

Trojan horses are infamous ever since the times of Odysseus. Nowadays their goal is to collect confidential information and information that can potentially bring money. Besides logins/passwords to the ISP, it may be all sorts of statistical information, like the list of installed programs.
Kostenloser System-Scan!
RegFreeze JETZT downloaden!
RegFreeze bietet zuverlässigen Schutz vor Adware, Spyware, Trojanern & Co.

RegFreeze downloaden!

As you see from the description, these categories often overlap, and there is a certain reason for that. As a rule, even any most worthless piece of spyware falls simultaneously into a couple of categories. Evidently, the size of the article doesn’t give a chance to describe all types and categories of spyware and to go deeper into details. So, that's enough for classification for this information is more interesting than useful.

How, why and for what purpose?

To understand the problem of fighting spyware better, one should pose three questions: “How is it distributed?”, ”Who does it and for what purpose?”, and ”Why me?” I’ll try to answer this questions as informatively as possible.

How is it distributed?

Today I'd like to single out the following ways of distributing spyware among all known ways:
  1. Security breaches in operating systems
  2. Security breaches in browsers
  3. Mail clients
  4. Delivering it to a previously infected computer
  5. Usual means (however strange it may sound)
  6. Reading license agreements for some software carelessly


Infecting through security breaches in OS

This means of installing spyware on the computer is perhaps one of the most common ones. Its main idea is to use breaches in OS software. The well-known vulnerability of the RPC (Remote Procedure Call) service can serve as an example.

Infecting through security breaches in browsers

This way is not as widely spread as the previous one. First, it’s more difficult to implement. Second, not all types of spyware are distributed this way (for example, Trojans are more likely to get into the computer through breaches in operating systems). When this method is used, a special code is written (it can be HTML code or JS scripts) and sent to the client when the browser requests the web page.

My own experience shows that this method is rather dangerous and efficient. There is some trustworthy information that 20% of PCs working under Windows XP with all the service packs installed can be infected this way.

It becomes possible because even the most up-to-date service packs can’t remove all security breaches in the OS, and also due to the careless attitude of some users towards the OS configuration including the settings themselves along with ignoring the first means of protection: working under the system administrator account. The overlap of these factors gives us a total number of 20%. Although numbers may vary, it doesn’t matter much since there is always a way for spyware.


Infecting through mail clients

This method has been used everywhere for a considerable period of time. The client gets a letter that has an attachment and when it’s opened, the procedure of infecting is initiated.

Infecting through delivering to a previously infected computer

The method is used on infected computers. As a rule, a small dispatcher module is installed first. It possesses all the necessary functionality for infecting the computer further. This functionality includes the capability to download files from the Internet or other infected computers and start them on the client, as well as to execute some basic set of commands sent by the administrator of this spyware module.

In addition, I’d like to notice that this way is rather dangerous, but also presents the paradox of the snakes that bites its tail: sometimes the number of additionally installed spyware modules is so large that an average lifespan of such modules on the infected computer doesn’t exceed two or three days. In other words, it’s easier to re-install Windows (this is what most users do).

Infecting through usual means

“How is that?” - you may wonder. Quite easy. It’s all about psychology. The method uses standard tools offered by our good old Internet Explorer, namely – the installation of ActiveX modules with the help of INF scripts and cab files. Believe me, this is the way not only to register ActiveX in the system, but also to make a lot of trouble.

Now I’ll make a lyrical digression and add another two pence: respect the work of spyware developers. Today this “industry” is highly developed. It’s reflected by the fact that every modern spyware module is a complex solution, a software conglomeration having a lot of features. And it's in spite of small size (due to the requirement of fast delivery to the client computer).

The word “respect” here means that you should not underestimate the possible danger of this or that spyware. Sometimes you may face a quite tricky software solution aimed at preventing the user from deleting a spyware module.

Moreover, sometimes they buy certificates for such ActiveX (!) I do not know how, but it’s a true fact. What is better than lulling users’ vigilance? Perhaps, only double lulling :))



Reading license agreements for some software carelessly

During the discussion of this article among my colleagues, it was noticed that some freeware programs show ads (banners, for instance) using modules that fall into the group of spyware, although the program that uses them is quite harmless. But spyware remains spyware, no matter what you call it. I consider it quite fair that many spyware scanners delete such modules. Usually supporters of this method for promoting freeware mention the license agreement containing a phrase like ”The SOFTWARE PRODUCT is ad-sponsored software. You can use it for free” referring to the fact that showing advertisements in such software is automatically legal and if the author needs some cash, why not make it this way? Nothing of the kind! The presence of such a sentence in the agreement doesn’t imply your automatic consent to receiving ads on your computer. Moreover, a detailed examination can show that such a line has no legal power in the legislation of some countries. However, as I’m not a lawyer, I’ll simply notice that you may can take other freeware programs that don’t display ads as an alternative to such programs. And, finally, an ad channel is bi-directional: to your computer and from it. What will be sent from you? What information will you lose? Nobody knows that, except for the developers of the advertising spyware module.

Who needs it and for what purpose?

The answer is quite evident: people who make money at your expense. What is their goal? To make money. How do they make money? Well, I am not a businessman (rather the contrary), but still I’ll try to recount what I know about it. Those readers, who use spyware to make money, please do not grin - I write as good as I can. So here is a short list of tricks used to swindle the users (it is not you who can be a victim here, but anyway it will be done with your help) by means of spyware.
  1. Promoting a resource. This is quite clear - a person who wants to enlarge the number those visiting his resource buys this service from a spyware distributor. The latter supplies him with visitors using spyware modules installed on infected computers. But this method is practically no longer used, as it doesn’t address target groups. The next section is about target groups.
  2. Advertising within target groups. This method is intuitively simple and clear: if you have some statistical data about user target groups, you can deliver advertising content directly to infected computers, as well as collect the data from them thus enlarging your statistical database.
  3. Redirecting traffic. Having quite a large number of visitors on a resource (received from infected computers), you can resell the incoming traffic to somebody else. So the essence of this method is simply redirecting from one resource to another according to certain rules.
  4. Pay per click. It’s a rather interesting way of “fair swindle”. It means substituting links to popular search engines, so that they point to another search engine where selling clicks on links takes place.
  5. Delivering software to the client computer. The idea is simple - to deliver the software to the client computer one way or another and thrust it on the user. Then it comes to the necessity to pay for services offered by this software. Without detailed explanations, I’ll just give a real-life example: when you click any link to a ZIP archive, a pop-up window appears. This window offers you to download and install a download manager for faster downloading content from the Internet. The window is annoying and cannot be removed with usual means. Sooner or later the user gives up and installs the software on the computer, but that doesn’t help. The annoying window turns out not only to remain where it was, but also to enhance its functions, and the fake download manager offers you to subscribe to xxx-net services every other time.
After having read this list, you may become confused: ”I can't see where I’m losing my money here!” Let me explain: read those paragraphs one more time. First, item 2 is the most clear one. As a representative of a target group, you get interested and persuaded into purchasing products or services. Second, you pay for the Internet, the cost of your working hours can be easily estimated based on the formula "money per month", sedatives cost money, etc. Take a deeper breath and get to the root: if they do not take your money, it does not mean they do not take your last pants.
Kostenloser System-Scan!
RegFreeze JETZT downloaden!
RegFreeze bietet zuverlässigen Schutz vor Adware, Spyware, Trojanern & Co.

RegFreeze downloaden!



Why me?

There are lots of reasons why it's your righteous computer that has got infected. But the main reason that I’d like to draw your attention to is that you are connected to the Internet. Nothing else is needed. Below I’ll tell you about some places on the Net where you can pick up an infection.

Spyware waits and wins.

So, we have agreed that your access to the Internet is the first check (or even mate - though the game has not started yet) that your computer gets from spyware. Let’s now take a trip around some places where spyware dwells. There are several places in my classification though it isn’t complete. The main places are:
  • Pornographic sites.
  • Sites - collections of serial numbers and warez.
  • Sites - collections of eDonkey links to films, music, etc.


Pornographic sites as a source of infection

People’s craving for the forbidden fruit is as old as the world itself and it is successfully used in the interests of those who own porno resources. They install dialers, advertising modules and other trash on your computer. So keep in mind that if you like it hot, be ready to face the consequences when along with a couple of "free" photos you’ll get five spyware modules. Sites of this kind (distributing malicious software) are numerous on the Net, and it’s impossible to enumerate all of them (and by the way why should I advertise them?)

Sites - collections of warez

I hope everyone knows that you can find free cheese only in a mousetrap. This is exactly the case: you “save” $10 purchasing some software, visit one of these sites in search of a serial number for it and immediately take the risk of losing much more money afterwards or at least shattering your nervous system (and today health costs a wealth) while cleaning out trash from your computer.

Sites - collections of eDonkey links

I introduced this category into the article only because of the recent ballyhoo about the P2P technology. Spyware developers couldn't wait to make use of it. Not long ago I came across spyware on one of such sites. It wasn’t as ingenious as that. But the fact that it was successfully downloaded onto my computer (though without further consequences as it was wiped out) shows us that we shouldn’t forget about this danger. And once again I emphasize that:

You can find free cheese only in a mousetrap.


Signs that the computer is infected

If we examine someone who has a runny nose, we may discover hundreds of symptoms that do not seem to be connected with it directly. Vice versa - a serious disease may show no signs at all. This is also characteristic of spyware - there are no common indications. There are some standard sets of signs by which one can either detect the spyware at once or think seriously about it and have another check. Now I’ll try to enumerate the main signs that reveal the presence of spyware on the computer.

Non-standard behavior of the browser

If you notice that the home page of your browser has changed and entering a new address into the field does not help and the page still opens some www.xxx.zzz... Congratulations! You are now a happy owner of a personal limo... oops! An owner of a spyware copy. This also concerns such browser settings as the search page address, additional items in the Favorites, additional strange context menu items, new toolbars you haven't installed (or maybe you did some time ago but now it’s constantly annoying you), pop-ups opening at night and so on.
Kostenloser System-Scan!
RegFreeze JETZT downloaden!
RegFreeze bietet zuverlässigen Schutz vor Adware, Spyware, Trojanern & Co.

RegFreeze downloaden!

I advise you to pay special attention to the following: all of us use search engines and usually we choose one or two of them as our personal favorites. Now if you notice that clicking one of the links in search results opens another search engine; or some words on the results page are strangely coloured like never before; or some layers appears when you move the mouse over a link - sound the alarm, you are hosting spyware! Don’t even study the source of the page - there is nothing malicious in it. It not that easy here :)


The computer slows down

Some spyware modules can slow down your computer. If you are sure that your computer is a good one and has always been fast before, but is working too slowly now, it is a good reason to think carefully if it could be spyware?

The increased amount of Internet traffic

As a rule, the situation becomes clear post factum in this case. But if it’s possible, you should control your traffic from time to time and memorize average numbers per day. If the traffic increases greatly (100% and more) without any visible reason - cherchez la femme.

Strange tasks among running processes

Here it’s also quite clear - if a task with the proud name of “internet.exe” appears in the list, it is most likely to be a spyware module.

In this chapter I tried to describe the main signs of spyware on your computer. Unfortunately, there are so many indirect signs that it’s hardly possible to describe all of them. So take it as it is:

If you suspect that something is wrong, most probably it is. Take measures!


Where does it dwell?

Remember the poem called “The House That Jack Built”? That’s it! Uninvited guests often squat this house usually called the operating system. And it’s often very difficult to get them out of there, all because you have to know their hiding places. So grab your broom and get down to business!

The registry

The registry is such a tangled mess ("mess" is exactly what I mean) of information that there are a lot of places for spyware to reside in. I’ll try to name the main places, but first let’s agree on the abbreviations of registry key names (laziness is a great power, isn’t it? :)) The abbreviations are:
  • HKCR – the HKEY_CLASSES_ROOT key
  • HKCU – the HKEY_CURRENT_USER key
  • HKLM – the HKEY_LOCAL_MACHINE key
Note: the keys and entries in the register listed below may be absent on your computer. Don't worry - I have enumerated the main places based on the Windows XP registry.

So these are the places where spyware usually registers itself:

The HKCR key

Spyware modules created as COM objects most often register in this key. The CLSID subkey of the HKCR key is a mine of information :). You’ll be hardly able to remove spyware links manually from there, as the key contains too much information. To clean this branch out, you’d better use a spyware scanner (see Gentleman's Set).

It also happens that some spyware reassigns the registration of a well-known file type to itself. In this case double-clicking, say, the icon of a Word document will result in re-registering spyware in the system and starting troubles all over again. So be careful! The general concept of preventing it is below:

  1. Open the registry editor.
  2. Go to the HKCR\.ext key (.ext stands for the extension of the file type you need).
  3. Look at the default key value (e.g. “Word.Document”).
  4. Go to the HKCR\type key (type stands for the default key value you got at the previous step).
  5. Analyze the entries of the shell\open\command, shell\edit\command, shell\print\command subkeys.


The HKCU key

Among all the subkeys of this key the Software\Microsoft subkey is the most important for us. Here is the list of places in it that get attacked:
  • HKCU\Software\Microsoft\Internet Explorer, entry «SearchURL».
  • HKCU\Software\Microsoft\Internet Explorer\Main, entries «Default_Page_URL», «Default_Search_URL», «Local Page», «Search Bar», «Search Page», «Start Page».
  • All subkeys in the HKCU\Software\Microsoft\Internet Explorer\MenuExt key.
  • The HKCU\Software\Microsoft\Internet Explorer\Search key, entry «SearchAssistant».
  • The HKCU\Software\Microsoft\Internet Explorer\SearchUrl key, entry «provider».
  • All subkeys and entries in HKCU\Software\Microsoft\Internet Explorer\Toolbar (as you might have guessed, toolbars reside here).
  • All entries in the HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks key.
  • The HKCU\Software\Microsoft\Windows\CurrentVersion\Run key.
  • The HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce key.
  • The HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx key.
  • The HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices key.
  • The HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce key.
  • The HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell key.
  • The HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run key.
  • The HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows key, entry «Load»
  • The HKCU\Software\Policies\Microsoft\Windows\System\Scripts key.
  • The HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run key.


The HKLM key

Here you can find many hiding places for software. Some of them are:
  • All entries in the HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs key.
  • All entries in the HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions key.
  • The HKLM\SOFTWARE\Microsoft\Internet Explorer\Main key, entries «Default_Page_URL», «Default_Search_URL», «Local Page», «Search Page», «Start Page».
  • The HKLM\SOFTWARE\Microsoft\Internet Explorer\Search key, entries «CustomizeSearch», «SearchAssistant».
  • All entries in the HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar key.
  • All subkeys of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects key.
  • The HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key.
  • The HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce key.
  • The HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx key.
  • The HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices key.
  • The HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce key.
  • The HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad key.
  • The HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key, entry «AppInit_DLLs».
  • The HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon key, entry «Userinit»
  • The HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon key, entry «Shell»
  • The HKLM\Software\Policies\Microsoft\Windows\System\Scripts key
  • The HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run key.
As you understand, this list is far from complete. Unfortunately, nobody knows everything, so regard this part of the article as a starting point for your research.

Files and folders system

This part will probably be the shortest one because spyware can literally live anywhere in the file system. But I'll try to enumerate the main places anyway. So here we go:
  • %SystemRoot% folder.
  • %SystemRoot%\system folder.
  • %SystemRoot%\system32 folder.
  • %SystemRoot%\system32\drivers\etc folder, the file «hosts».
  • %SystemRoot% folder, the files «win.ini», «system.ini».
  • %SystemRoot%\Downloaded Program Files folder.
  • The «autoexec.bat» file.
  • And any other folder in the file system :)
As you see, there is no universal remedy for finding spyware. My advice is to pay attention to such file properties as the date, the name and ones on the “Version” tab. Of course, these methods of detecting spyware are rather inefficient because all the properties of a spyware file are usually tiptop, and you can easily take it for a “system file”. So the best advice here is to apply more imagination in your search!

Strictly speaking, there is a proper method of finding out whether a DLL named “XXX.DLL” is an enemy module. You should open the Google site (www.google.com) and enter the name of your DLL into the search field. Analysing the results will clarify the situation.


Right hook, left hook - knockdown

So well, I hope that the foregoing let you understood that spyware modules are crafty, spiteful little beasts devoid of compassion towards your human or computer recourses. Therefore, let's move on to the next section.
Kostenloser System-Scan!
RegFreeze JETZT downloaden!
RegFreeze bietet zuverlässigen Schutz vor Adware, Spyware, Trojanern & Co.

RegFreeze downloaden!



Means of protection

In our perilous times we have to protect ourselves here, there and everywhere. With your permission, I’ll arrange this part of the article as a list of warnings with short comments. Don’t get scared, this and the following sections will be a bit more colourful than the previous ones :). Here we go:

When using the Internet, don’t work under the administrator account!

If you use the Internet under the administrator account, you open it wide for spyware. It is connected with such a banal issue as security because the administrator account allows an enemy module to have more opportunities to cause troubles. If you can’t do without the administrator account, always use Gentleman's Set (described below) or, even better, work in the Internet using a virtual machine.

Just using the Internet without the administrator account won’t save you from getting spyware!

Above, I described various ways for spyware to get to your computer. When you use an account with limited permissions to access the Internet, you just reduce the number of ways for spyware, but don’t close all of them.

Stay away from dubious sites!

I’ve mentioned free cheese more than once already. Take this on trust.

Always refuse the offer to install any kind of ActiveX on your computer!

It will be even better if switch off starting and downloading ActiveX in your browser settings. You can easily do without them. In my humble opinion 99% of them are totally useless.

Perhaps, the only ActiveX component you really need is the Macromedia Flash module. Install it and reject all others! Or, if you are anxious to install and try some doubtful AxtiveX, it is time to make use of a virtual machine!

Be careful with programs you “took on trial” from some other source!

You'd better try such programs on a virtual machine, for you don’t know for sure (but rather speculate judging from a scant description) what this program does. So it is better to take precautions, isn't it?

Don’t believe the Task Manager!

The standard Windows Task Manager is a rather poor tool. You shouldn’t regard it as a know-all who is aware of all processes in the system. Besides, it offers a very limited set of operations for managing those processes. For example, some spyware modules use a technology when two processes watch each other. With the Task Manager, the task to kill both processes is hardly possible to fulfill (sorry for the pun). So you’d better choose some other tool to monitor processes.

Use alternative browsers!

There are browsers and browsers nowadays. If you’re so scared of spyware by now that you are ready to throw your computer away, cut your network cord into small pieces and disassemble your mouse to the last screw, don’t do it right away. Try a different browser first (when I say 'different', I mean 'not IE'). It's not because it is so bad, the problem is that most home users use IE. And it makes spyware developers direct their attention to it in the first place.

Update your operating system in good time!

I think there’s no need to explain that the newer some OS is the more breaches there are in its security. But our task when we update it is to patch old breaches that are well known and used by spyware. One spyware module is better than 100, right?

Set the security policies of the system properly!

It is no good when everyone messes with the system catalog. And, generally, prevent anyone from writing anything anywhere :)! Remember it as well as that you are the only user that can set up your system the way you like it. So take your time to make your system as secure as possible. Or try to find a system administrator among your acquaintances and ask him to help you, if you find one.

Right after you install the OS and the software you need, create a disk image!

Evidently, such an image will help you restore the operating system faster than by re-installing all your software for several hours. Take care of the pence, the pounds will take care of themselves, as the proverb goes. That is, the cost of a DVD where the disk image is stored is far less than the cost of your time spent on re-installing your system and software from scratch.

Gentleman's Set

In this part of the article I’d like to give you a list of software you need to resist spyware. I’d like to do it, but I can’t :) and I’ll just name the categories of such software with a couple of the most popular examples. It’s up to you to decide which program to choose within each category.

Remember that there is no combination of antispyware software that can give you 100% protection. So I recommend that you should use the so-called software “chains”, i.e. several programs belonging to the same category. However, it is not quite like that with firewalls, as a rule, each user chooses only one that meets his requirements.

So, Gentleman's Set includes:

Firewall

I think there is no need to explain that a firewall is essential on the computer. Briefly, the firewall is the main thing that guarantees the protection of your computer against spyware. Very often it can detect and prevent spyware from being installed on your computer.

Don’t delude youself that your firewall will take care of everything. It's not a universal remedy. For example, it is helpless if a spyware module has already penetrated your computer. Many spyware modules are designed in the form of DLLs and you know that DLLs are launched in the address space of some process. Needless to say that if you set up your firewall so that the Internet Explorer can access the Net, all you need is a single spyware module that is started by IE itself (like a Browser Helper Object), to for all the advantages of your firewall to come to nought.

As a rule, a firewall cannot protect you from spyware getting in through the breaches in your browser (you allow you donkey named IE to access the Internet, don’t you?) So, a firewall is no remedy, but it is a very useful aid. No more, no less.

There are lots of freeware and shareware firewalls. I’ll single out only one requirement any firewall must meet: a powerful and flexible system of filters. It should be not just a number of modes (“for beginners”, “for advanced users”, etc.), but a really powerful system of filters. Such a system allows its users to arrange all applications - who is allowed to access the network, and who is not, who can visit certain addresses only, etc.

The following are among the most popular and widely spread firewalls:

  • ZoneAlarm (www.zonelabs.com)
  • Outpost (www.agnitum.com)
  • The built-in firewall of Windows XP
  • Norton Internet Security (www.symantec.com/sabu/nis/nis_pe/)
Though it’s not quite correct to call Norton Internet Security a real firewall, still I dared to include it into the list as well as to dismiss a dozen good programs. I’m not very good at reviewing software, so after all it’s up to you to choose it. If you ask me, I prefer ZoneAlarm, though it does not suit me 100%.


Process management utility

It can be very useful if you want to find out what’s going on in the list of processes at the moment (in order to detect spyware). It should allow you to do the following:
  • View all processes started in the system.
  • View all modules loaded by processes.
  • Get detailed information about processes and modules.
  • Pause/end several processes at a time.

Unfortunately, there is nothing special that I can recommend, perhaps, only Process Explorer (http://www.sysinternals.com/ntw2k/freeware/procexp.shtml).

Registry editor

A good registry editor helps a lot in removing spyware. I guess the main feature such an editor should have is advanced search through the registry (that is what standard Regedit really lacks).

Let me mention here only one link www.snapfiles.com/freeware/system/fwregtools.html and the program RegSeeker (http://www.hoverdesk.net/freeware.htm).

Spyware scanner

Be sure to install one of the utilities for finding and removing spyware. As a rule, they come together with vast databases containing definitions of known spyware modules. Besides, those databases are regularly updated allowing you to fight spyware more efficiently.

I should notice that I don’t mention antivirus programs among antispyware tools on purpose. First, the overwhelming majority of people use them. Second, terminologically spyware doesn’t belong to the category of viruses and we shouldn't shift the task of detecting and removing spyware to antivirus software as soon as there are special utilities for that purpose. However, antivirus software is more an aid than a hindrance.

Here some software from this category:

  • RegFreeze (http://www.actualresearch.com/)
  • LavaSoft Ad-Aware (www.lavasoft.de)
  • SpywareBlaster (www.javacoolsoftware.com/spywareblaster.html)
  • Spybot – S&D (http://www.safer-networking.org/)
  • HijackThis (http://www.spywareinfo.com/~merijn/)
'Woe to wit' or "Service Pack 1 Setup Cancelled"

It’s worth mentioning that the removing all spyware detected by the scanner can have side effects. For example, Ad-aware and Xp-AntiSpy used to unregister Windows licdll.dll and Regwizc.dll taking them for spyware for some reason. After that, users couldn’t install SP1 on XP until they re-registered those dll (see Q329261).



Spyware monitor

It often comes together with a scanner. It should be able to prevent spyware from getting into the computer. At least, it should yell and squall when a spyware module makes an attempt to register itself in the known registry keys.

The list of software from this category overlaps with that from the “Spyware scanner” category, so there is no point to repeat it here. For example, Ad-Aware contains a built-in utility called Ad-Watch used for monitoring. RegFreeze was initially developed as a spyware monitor which makes it the best choice for the purpose.

Virtual machine

The advantages of a virtual machine as a tool of protection are indisputable. It is something like a "sandpit" out of which nothing can “slip”. So if you are itching to explore spyware, a virtual machine is your friend and aid. Besides, I’ve already mentioned some cases when the use of virtual machines is quite appropriate.

To finish it up, I’ll just add a link to Vmware (http://www.vmware.com/). I advise it to everyone.

To be continued?..

Our brief acquaintance with the world of spyware has finally come to an end. I'm really sorry I don’t have the opportunity to describe all the interesting events that happened to me in my struggle with spyware. There would not be enough space on my disk for such an article :)

Respectfully yours, Porokhnya Dmitry.  



Gesponserte Links


Back to Articles


ShopProdukteNews & EventsKontaktDatenschutzrichtlinie    ©2001-2008, ActualResearch.com