What is spyware and antispyware software

written by: Johnny Stenthal; article published: year 2007, month 02;


In: Categories » Computers and technology » Data security » What is spyware and antispyware software

Spyware has become the fastest growing concern among computer users today. It is uncommon to find a computer that has never been infected with some sort of a spyware application. Because of vulnerabilities discovered mostly in Internet Explorer and other software and the bundling of spyware with some common applications, spyware is often secretly installed on a user's machine. The first time most users notice an indication of the presence of spyware on their system is when, out of nowhere, an advertisement pops up relevant to something they are or had been doing on their computer. In other instances, the spyware may just record what is happening on your computer, such as the websites you visit, and never give any clues to you that it is there.

Because spyware is often very difficult to detect for the average user, using utilities to detect and remove spyware may be necessary. Currently there are dozens of spyware removing utilities. Ironically, some of them are spyware themselves. It seems that everyone wants to make some money from the use of spyware. Thankfully, there are a few utilities that are both free and also happen to be the best utilities to remove spyware from your computer and protect it from getting infected in the future.

Similar to anti-virus software, spyware utilities detect spyware based on their database of known spyware. Each utility has a database that is updated at different times. This makes it necessary to use a combination of utilities to make sure your computer is clean of all spyware. The utilities are getting much better, but quite often, when I do a scan with Ad-Aware and then do a scan with Spybot Search & Destroy after my computer is supposedly cleaned of all Spyware, spybot sometimes finds more. The reverse is also true. It is not that either of the utilities is better than the other; it is a matter of different spyware information in their databases.

LavaSoft Ad-Aware

LavaSoft Ad-Aware SE Personal Edition is the free version of the popular Ad-Aware spyware removal utility that can be downloaded from http://www.lavasoftusa.com. Ad-Aware SE Personal Edition is a great utility to search for spyware and clean your computer of it. To get started using Ad-Aware, make sure that you have a copy of Ad-Aware SE Personal Edition downloaded and installed, and then follow this procedure:

1.
Launch Ad-Aware and start downloading the latest version of the definitions database. Once the definitions are downloaded and automatically installed, the main application screen will be displayed. Because the definitions are now up to date, it is time to do a full system scan. Click on the Scan Now button.
2.
Now you will see the different types of scans that can be done with Ad-Aware. If this is your first time, it is best to do a full system scan. In the future, you can get away with doing a smart system scan, which only checks for spyware in the most common places instead of the entire hard drive. As you can imagine, that scanning method is much faster. But for now, select Perform full system scan and click Next to begin.
3.
Once the scan is complete, click the Next button to view the results. The Critical Objects tab displays any spyware found. To remove it, click on each of the entries or right-click on the list and click Select All Objects. Then, click Next to remove the spyware.
4.
A confirmation screen will pop up asking whether you are sure if you want to delete the spyware. Click OK and you are finished.

It is recommended that you manually check for spyware at least once a week to make sure that your personal information is safe and your computer is clear. Also, before each scan, make sure to get the latest spyware definitions.

Tip

The Ad-Aware SE Personal Edition spyware definitions can be updated by clicking on the globe icon on the main screen. Once the Web Update window pops-up, just click on the Connect button for Check For and Download New Updates.


Spybot Search & Destroy

SpybotSearch & Destroy, developed by Patrick Kolla, is another free and very popular spyware utility. Spybot operates in the same fashion of Ad-Aware but it also has the ability to configure Internet Explorer to automatically block some of the most well known spyware applications from ever getting a chance to tricking you into installing them.

Using Spybot is different than Ad-Aware but it just as easy. You can visit http://www.safernetworking.org to download and install a copy and then use the following procedure to scan and repair your computer with Spybot:

1.
Launch Spybot S&D Wizard from the Windows Start menu (or desktop icon). If this is the first use of Spybot Search & Destroy, the Spybot S&D Wizard will be loaded. The first screen gives you the option of creating a backup of your registry. This is very useful if, after you remove a spyware application, your computer stops working properly. In that situation, you can use the backup you made to restore any changes made to the registry. If you would like to create a backup, click Create registry backup. Otherwise, click Next to continue.
2.
On the next screen of the wizard, you have the option to check for updates before scanning your computer. Click Search for Updates to get the list of the latest program and definition updates available. If any updates are available, click the Download all available updates button.
3.
After the updates are installed, Spybot will restart itself and you will be shown the main screen. Click Check for problems to begin scanning your computer.
4.
When the search for spyware is completed, if anything is found, you will be shown a list of identified spyware. To remove all of the spyware on the list, click Fix Selected Problems. Spybot will first create a system restore point for backup and then will remove all instances of the spyware found. In certain situations, Spybot may not be able to remove all of the spyware files. Usually this occurs if the files are in use and Spybot cannot terminate the process that is making use of them. In these situations, Spybot will inform you that your computer needs to be restarted to remove the spyware. Once your computer restarts, right after you log on, Spybot S&D will launch again, automatically scan, and give you the option to fix all of the problems. However, this time, because it is the first application to run after the reboot and is holding up all startup items, no other processes, including spyware, will be able to start up, making it possible to remove any file needed.

Tip

Spybot Search & Destroy should always be updated before every scan to make sure that you will find the latest spyware infecting the computer. Launch the application and click the Search for Updates button to automatically get the latest spyware definitions.


Now that you have finished using Spybot Search & Destroy to remove all of the spyware from your computer, you can use its advanced features to secure Internet Explorer by preventing the installation of known spyware in the first place.

To enable these advanced features of Spybot, launch Spybot and then click on the Immunize button on the left menu of the application. There are more than 2,000 different spyware applications that can be automatically blocked in Internet Explorer. Just click on the Immunize button with the big plus sign on it to enable the protections.

If you ever experience any problems in the future, such as web pages that you normally visit not working properly in Internet Explorer, I suggest you try undoing the Immunization Spybot applied to Internet Explorer. This can be done by clicking on the Undo button within the Immunize section of Spybot Search & Destroy.

Microsoft Windows AntiSpyware

Microsoft Windows AntiSpyware is Microsoft's answer to battling the growing amount of spyware affecting Windows. Originally developed by Giant Software before Microsoft acquired the company in 2004, AntiSpyware is a comprehensive package, offered for free, that not only removes spyware, but actively protects against it similar to the way Norton AntiVirus uses its Auto Protect feature to actively protect users from viruses.

When you are running Microsoft Windows AntiSpyware and visit a web page that attempts to secretly install anything, you are notified by a pop-up message and given the option to allow or disable the action. Similar notifications are also given when any application on your computer attempts to modify the startup programs and modify other Internet related settings. This has proven to be a very effective measure of instantly letting you know that your computer may be infected with spyware as well as preventing spyware from changing any settings on your computer.

Installing Microsoft Windows AntiSpyware is very simple; just visit http://www.microsoft.com to download a copy. Once you have AntiSpyware installed, click on the desktop icon to start the utility and follow these steps to set up AntiSpyware:

1.
When you start Microsoft Windows AntiSpyware, the Setup Assistant will be loaded to guide you through the steps of configuring your spyware protection. Click Next to continue.
2.
Step 1 of 3 will ask you whether you want to enable AutoUpdate. AutoUpdate automatically downloads the latest spyware definitions for you on a regular basis, unlike the other utilities mentioned earlier. It is highly recommended that you enable this option and click Next.
3.
The next step gives you an opportunity to enable or disable the real-time protection agents I mentioned earlier that require a response from you before any Internet settings can be changed. This is one of the best features of Microsoft Windows AntiSpyware and should definitely be left enabled. Click Next to continue to the final step.
4.
The final step gives you the opportunity to participate in what they call SpyNet. SpyNet is basically a method that allows you to report the results of your personal spyware scan back to Microsoft so they can use the information to update their definitions database. In general, it is best when everyone uses this feature because then the definitions will be better; however, some people concerned about their privacy may want to disable this feature. Either way, click Finish to close the Setup Assistant.
5.
The next screen gives you the opportunity to run a full system scan. I suggest you click Run Scan Later and update the definitions first.
6.
Once the main interface loads, click on the File menu bar item and select Check for Updates. If any updates are available, they will be automatically installed. Click on Close to continue.
7.
Now you are ready to do a scan for Spyware. Click the Run Quick Scan Now button to start the scan.
8.
After the scan is over, if anything is found, a summary of the results will be shown. Click View Report to view the details and to remove any spyware found.
9.
On the Scan Results screen, you will see a list of every item found with a drop-down box for the recommended action to be taken (Ignore, Quarantine, Remove, or Always Ignore). By default, Microsoft AntiSpyware selects what it believes is the appropriate action for the severity of the spyware. However, you can always override that selection by selecting a new option in the dropdown menu for the item on the left. Once you have all of the items actions selected, click Continue and then Yes on the confirmation screen to execute the actions.

Tip

Microsoft AntiSpyware has a lot of features that you would not expect to find in a spyware utility. Click on the Advanced Tools icon on the main program screen and explore the System and Privacy tools for some useful utilities.

Recovering from Browser Hijacks

For your convenience, spyware often automatically changes your home page in Internet Explorer as well as your default search page. This way, as soon as you open Internet Explorer or attempt to do a search, you are bombarded with even more opportunities to get spyware. While sometimes these incursions are innocuous, far too often they cross the line, motivating users to take control of their browsers again.

Recovering from a browser hijack caused by spyware is often a very annoying event. Quite often you run a spyware utility to clean the spyware off of your computer only to find it returns when you open up your web browser because the utility isn't necessarily capable of detecting hacks to your browser. Spyware designers are usually clever in their work, and they design software that doesn't always go away without a fight. Thankfully, with the help of Microsoft Windows AntiSpyware, it is very easy to reset all of Internet Explorer's settings back to the default settings, so you can reset everything that spyware may have modified. Of course, you may lose some of your own browser tweaks in the process.

The feature that can help you with this is buried within the application. Launch Microsoft Windows AntiSpyware and then click on the Advanced Tools icon in the upper-right corner of the screen and follow this procedure:

1.
Locate and click on the Browser Restore icon located under System Tools.
2.
Click on the Check all text button.
3.
Next, just click the Restore button and everything will be reset back to the factory default.

Now recovering from a browser hijack has never been easier.

What to Do When the Automated Utilities Fail

Spyware is constantly evolving to try to get ahead of the spyware removal utilities. One of the biggest problems with the spyware removal industry is that it relies very heavily on known definitions. While this passive approach can be effective and is far better than nothing, it means that new malware must cause damage for it to become known in the first place. To get rid of spyware that just wont go away, it may take someone who is very well experienced with removing spyware to help you out.

To help the countless spyware victims, various websites have dedicated support for fighting spyware. Most of these sites use the popular diagnosis software called HijackThis. HijackThis is a great little utility that examines various parts of the system configuration and Internet Explorer settings and displays their current values. The software allows a user to save a copy of the results, which can then be posted on one of the various websites dedicated to this utility. Dedicated individuals who volunteer their time are available at a variety of these sites to take a look at your log and help you figure out what entry is causing the problem. Then, using HijackThis again, you can easily check that entry and have it removed to solve your problem.

To get started, visit http://www.merijn.org to download the latest copy of HijackThis. Then, follow this procedure to generate your log:

1.
Once you have HijackThis downloaded, launch the application (it doesn't require an installation).
2.
Click on the Scan button to reveal your log.
3.
Next, click the Save Log button to save a text file with the contents of the scan on your computer.

Now that you have your log generated, post it on one of these popular websites that are known for their dedicated HijackThis support:

Once you have posted your HijackThis log on one or a few of the websites, you will most likely get a response within a day. When the culprit is identified, just open up HijackThis again and check the box next to the line you want to be removed and click Fix Checked. You will be asked to confirm the delete and then the operation will be completed. After a reboot, the problem should now be solved

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. Securing Multiple Servers and Domains with SSL
As organizations and service providers enhance their Web sites and extranets with newer technology to reach larger audiences, server configurations have become increasingly complex. They must now accommodate: Redundant server backups that allow Web sites and extranets to maximize site performance by balancing traffic loads among multiple servers Organizations running multiple servers to support multiple site names Organizations running multiple servers to support a s...

2. How to protect against Unexpected Inputs
When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page. A static Web page is really nothing more than a brochure or advertisement, and does not allow the true power of the Internet to be expressed. However, a static page is relatively safe from hackers....

3. What are Buffer Overflows
Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer ...

4. Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathemati...

5. Why Is Authenticated SSL Necessary
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between ...

6. Virus Prevention ~ How to protect against Internet Viruses
There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be. For example, the Melissa virus reproduced through email and sent copies of itself to every one in the victim's address book. Because of this, relatives and friends of the victim were soon infected as ...

7. How to protect against Hostile Web Pages and Scripting
The dangers of Trojans and viruses are well known. However, many computer users are completely unaware of the dangers involved in viewing Web pages. Through scripting languages, Web page operators can upload and download files to your device (PC/PDA). They can also install mini-programs or grab information from you that can be used to destroy or take over your computer. Every time you go to a Web page, you actually download the full document to your computer. This includes all text, pictures, and even any code that is r...

8. Features of Windows Encrypting File System (EFS)
• Only available on Windows 2000 and Windows XP operating systems using NTFS partitions and volumes. (NTFS v5). • Encryption is transparent to the user. • Uses public-key encryption. Using a public key from the user’s certificate encrypts keys that are used to encrypt the file. The list of encrypted fileencryption keys is kept with the encrypted file and is unique to it. When decrypting the file encryption keys, the file owner provides a private key that only he has. ...

9. What are Denial of Service Attacks (DOS attacks) and how to protect against them
Hackers can wreak havoc without ever penetrating your system. For example, a hacker can effectively shut down your computer by flooding you with obnoxious signals or malicious code. This technique is known as a denial-of-service attack. Hackers execute a denial-of-service attack by using one of two possible methods. The first method is to flood the target computer or hardware device with information so that it becomes overwhelmed. The alternative method is to send a well-crafted command or piece of erroneous data that crash...