PC Hacks 100 Industrial-Strength Tips and Tools

< Day Day Up >

Hack 98 Protect Your PC from Malware

Rid your PC of dozens of performance-robbing pop-up and search bar annoyances with a few free programs.

Viruses and malicious hackers are bad, but you may find yourself under considerably more threat from software that has a way of sneaking onto your computer, such as:

Adware

Software that pops up advertisements while you are using your computer.

Spyware

Software that gathers data on what you do with your computer and reports that information back to its maker.

Malware

Software that is designed to cripple your computer or open a back door for malicious attackers. Often used as a catch-all term for adware, spyware, and any other bad software you didn't knowingly install.

Such "badware" gets onto your system in many ways:

• Through browser plug-ins that you agree to install despite a security warning from Windows.

• By installing applications that promise to "speed up and enhance your web experience."

• By installing free versions of popular software applications (often file-sharing programs) that include accompanying adware or spyware.

• By installing some programs that claim to prevent infestation from such malware!

The long-standing adage, "If it sounds too good to be true, it probably is" definitely applies here. Certain types of freeware, particularly file-sharing applications and free games, are actually "paid for" by companies that provide advertisement and search-enhancement add-ins and who in turn get paid by advertisers. Those advertisers get their ads distributed in the form of pop-ups from ad services like GAIN/Gator/Claria and DoubleClick.

Figure 10-5 shows a signed ActiveX program permission screen from Internet Explorer 6 under Windows XP. (This is the pre-Windows XP Service Pack 2 warning. See [Hack #99] for more information on Service Pack 2.) If you select the "Always trust" checkbox and then click Yes to trust this vendor you will never be asked permission to trust or install their applications again, no matter how they try to get onto your system. This is the only such warning you will receive if you download directly from the software publisher. It is best to never select the "Always trust" checkbox. Instead, you should verify downloads on a case-by-case basis.

Figure 10-5. Downloading and installing a GAIN program asks for your permission to trust them for all future installations

If you install a piece of ad-sponsored software, such as one of the many versions of the popular DivX media player (http://www.divx.com), you may be presented with a dialog revealing that you will be getting ad software, shown in Figure 10-6. You may also see a dialog with a lengthy license agreement, as in Figure 10-7, amidst the installation of the program you really wanted to use. This particular installation, and many like it, do not tell you exactly which pieces of software will be installed along with the product you want. In this case, two different pieces of GAIN/Gator software get installed.

Figure 10-6. Some software installations will tell you that adware comes with the product

Figure 10-7. You must be patient and have good eyes to read through the entire license agreement for GAIN software

Read the fine print. It might not be so bad if you got just one easily identifiable piece of spyware, but these things tend to propagate like weeds throughout your system; start with one piece of spyware today and in a week or two, your system could be overwhelmed with 10 or 20 of their "friends." The End-User License Agreement (EULA), or installation dialogs, for some freeware may contain either obvious or subtle indications that software from partners will be installed along with the software you really want to use. Some software requires the presence of the tag-along spyware as a condition of using the program for free. For example, the popular file-sharing program Kazaa (see http://www.kazaa.com/us/privacy/index.htm) requires the presence of Cydoor (displays ads, records which were viewed and for how long) and GAIN (displays ads based on your web surfing habits). Unless you really need the specific spyware-laden version you downloaded, stop the installation and search for a friendlier alternative. I find it preferable to pay $30 for spyware-free software than to have to spend hours cleaning up the pop-up, executable, and DLL mess many insidious spyware programs leave behind. For example, the makers of Kazaa offer an ad-free version for $29.95.

In reality, most of the generic search-assistant programs have nothing to do with the top search engines such as Google, Yahoo!, Lycos, MSN, or AltaVista and using them doesn't do you any good at all. Those selective "targeted" ads that supposedly focus on your personal interests seem to be the same ads everyone else gets regardless of preferences, needs, or buying habits. The search bars or toolbars provided by Google and Yahoo! are legitimate and safe, and both come with pop-up-blocking features. You may be wondering where the other search assistants came from. Perhaps you or someone using your computer clicked OK or Yes when a security alert appeared. It's very difficult for these applications to get on your computer without someone's consent, but the request for consent is often sneakily worded.

The sinister aspect to badware is that you really have no idea what the programs are doing, what information they are sniffing for or sending out across the Internet, or how they affect you other than hogging the performance of your system, altering your browser settings (Netscape 4.x and Internet Explorer mostly; Opera and Netscape 7 seem to be left alone for now), and delivering more mind-numbing pop-ups than any 100 people can tolerate.

Using personal/desktop firewall software [Hack #99] can help you identify and block spyware that attempts to make outbound connections to the Internet, although most spyware program use the features and identity of Windows or IE and get a free ride through the firewalls. If you wish to use a personal firewall to block spyware programs from making connections back to their "mother ship," you will have to configure your firewall to block zones of domains and URLs, many of which change IP addresses often to foil this blocking technique.

These free programs available on the Web, each of them operating a bit differently, are a good combination to sniff out, clean up, and "immunize" your system from badware:

• Definitive Solutions's BHODemon (http://www.definitivesolutions.com)

• Patrick Kolla's Spybot Search & Destroy (http://www.spybot.info)

• Javacool Software's SpywareBlaster (http://www.javacoolsoftware.com)

• Lavasoft's Ad-Aware, (http://www.lavasoft.de)

BHODemon, shown in Figure 10-8, is a "quick and dirty" application that shows you which Browser Helper Objects, otherwise known as ActiveX controls, are automatically loaded with Internet Explorer (and thus Windows Explorer).

Figure 10-8. BHODemon provides details about installed ActiveX controls

BHODemon allows you to disable any of the programs it finds. You can perform a similar task by investigating all of the files in the C:\Windows\Downloaded Program Files folder, which is the ActiveX program cache, and you may have to look into that folder from time to time to see if there are files that BHODemon does not show. If you right-click on any of the files and then select Properties, you will see the originator of the file and can determine if the file is legitimate or not. In fact, you could delete all of the files found as needed, and in theory, the critical ones for the operating system will be replaced.

Spybot Search & Destroy, shown in Figure 10-9, performs four critical functions. First, it can scan your system for existing spyware. Second, it allows you to remove the bad programs it finds, digging deep into the Windows Registry to unearth stubborn files. Third, it provides an "immunization" function, installing its own ActiveX application to watch for and stop the installation of spyware programs. Fourth, it allows you to disable the ability of other programs to change your browser settings. Covering over 12,400 different variations of spyware, this is a very handy and robust tool to use.

Figure 10-9. Spybot Search & Destroy blocks spyware

SpywareBlaster, shown in Figure 10-10, does not scan for the presence of spyware or remove it, but it offers myriad techniques to block badware from getting your browsers, acting as a very specific firewall against dozens of known spyware sites. It also provides a way to block the installation of Macromedia's Flash ActiveX control so you can avoid many of those annoying animated ads that never seem to stop. (Unfortunately, blocking Flash also robs you of being able to take advantage of many web sites that insist on forcing you into Flash-enabled pages instead of good old HTML content.)

Figure 10-10. SpywareBlaster blocks the installation of spyware cookies

< Day Day Up >