Learn about spyware, the types, and why you need to avoid getting them, removing them, and avoid having them transmit collected information over the internet.
Released: December 8, 2013
Last week, I talked about viruses, but this is not our only concern when using computers. We, also, have the issue with Spyware being installed in our computers. Today, learn what is Spyware, where it came from, what it does, and everything else you were ever curious about.
Spyware is any legitimate or malicious application installed in a computer without the complete awareness, or explicit consent of the user in the attempt to track usage information, record information, key strokes, etc... that is also made hard or impossible to remove, and is normally not known to be running. Spyware may, also, transmit such usage information without the explicit knowledge or permission of the user, or users to a third party for either legitimate or malicious use.
Spyware is typically one of fours types, such as system monitors, Trojans, adware, and tracking cookies. It normally gains entry as part of an application, a toolbar, BHOs, ActiveX, viruses, etc...
System monitoring can include a multitude of software solutions that are or act like Spyware, like those found in some printers in a few companies where usage is tracked and sent back to the company. Some malicious users, also, use keyloggers, screen capture software, session hijackers, etc...
Trojans are typically classified as viruses, and not Spyware, but usually contain many different pieces of software within to watch the target computer. This can contain system monitoring, toolbars, BHOs, even other valid applications, etc...
Adware, is advertisement based tracking, normally used to track internet usage, and display pop-ups in our faces. Many Shareware clients use this, and even though it is not technically illegal, any involuntary installation of such software constitutes a violation of user rights and privacy in many countries around the world.
Tracking Cookies are considered Spyware by many Anti-Spyware solutions, because it allows the user to be tracked over the Internet. No, even though this is technically true, and other forms of tracking is available to companies like Browser Fingerprinting, Anti-Spyware software does allow the user to delete the cookies, and remove any supposed risk.
The most common way of getting infected with Spyware is through using software of any kind. I'll be honest here, using the definition of Spyware even a bit loosely let's us understand just how often we are tracked in our daily lives. Most applications, including those on mobile, continuously request location tracking, and usage details. This may not constitute Spyware with malicious intent, though. If we refer to what most of us mean by Spyware, we are referring to specific types of code that track us without any form of a permission or legitimate intent. For example, this is no real valid reason why a legitimate software solution would track would you type, but malicious programs can use the data to hijack your accounts on the internet. Most applications don't do screen capture, but some malicious Spyware programs may want to steal other forms of information only accessible in this way. Some forms of industrial Espionage is done in just those fashions.
Is there a solution for dealing with Spyware?
Yes, there are several solutions possible to explicitly prevent systems from being infected, decontaminating some systems, and even preventing Spyware and other applications from talking to the outside world.
Let's talk about Anti-Spyware software itself. There are many different solutions out there, but one of the best I have ever used was always SpyBot - Search and Destroy. Works exactly like an anti-virus, but for Spyware. It, also, renders computers relatively immune to numerous known Spyware attacks by vaccinating the computer against many of these vulnerabilities. There is even a portable version of SpyBot that I use that does most of the same things. Having Spybot locally installed allows it to run pre-user to Windows allowing for better scanning, and decontamination because most of the Spyware infections haven't loaded yet by this point. It is, also, free.
You can, also, use a firewall solution like Zone Alarm, which doesn't just block incoming traffic, but can, also, be used to block outgoing, as well. It has a pop-up window that requests the right for a program to transmit the outside world. While, many programs may do this for the purposes of updating core code, some do connect to the internet to transmit usage data. It is basically up to you on how you want to deal with these kinds of communications, but it is technically possible to prevent applications from talking to the outside world. Please be warned, that blocking a browser, means the browser can not go online, however, feel free to block Internet Explorer, if you don't explicitly need it.
If you are infected with Spyware, and you can't remove it, or don't know what is infecting you, you may also use a program called HijackThis, which you take the results from and post on their forum, and others to allow experts to tell you how to deal with the infection. It is a really amazing program that allows you to see just how many applications are actually running in your computer at the point of the scan. Also, available as a portable application.
The last, and most final solution to dealing with a massive, unremovable Spyware infection is to simply backup all your data, format the drive, and reinstall your operating system. While, this is typically a last resort, and usually unwanted final outcome, like viruses, Spyware has now been able to deeply bind into Windows, to such a degree, that by removing some of the Spyware infections, we can brick our operating systems, once and for all. Don't fear the format, embrace it. And, if formatting is an issue for you because you have many settings in applications, use a disk imaging application like Acronis True Image, often available for free from some hard disk companies, to create an image of your hard drive, while it is still clean, and then you simply need to recover from that hard drive when you need to format. Not only does it save your settings, it allows for the entire process of formatting and getting back on your feet to be far faster. Acronis software does not need to be installed to be used, you may use it from outside Windows to create a backup of your computer.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions
It should remove all traces of the virus, provided the hard drive has no bad sectors on it. It it does, you the mentioned Spinrite to try to fix the hard drive then run DBAN after, but usually, DBAN can erase the entire drive without issue. I've used it on maximum and let it run almost 16 hours on my friends computer, that is why this episode exists.
Great! I am going to run 'autonuke' on a machine that has polymorphic malware, not sure if it is in the MBR or somewhere else on the machine. Assuming autonuke runs fully without any error, will it remove the malware from the computer with certainty?
Yes, it will wipe all data, including the master boot record on your hard drive. If you are unable to get DBAN to work correctly, consider using Spinrite to fix the drive so DBAN can work, rarely needed, good to have.