Spyware Tactics and How to Protect Yourself

Introduction to Spyware and Adware

Spyware

A spyware program is one that usually installs itself without user consent or with consent obtained in a misleading manner. Spyware monitor user activity and report this information, confidential or not, back to its controller.

Adware

An adware program is similar to a spyware one, but its purpose is to force the display of advertisements on the infected computer. However, these definitions are loose as certain adware may go further by having spyware abilities and spywares may also display ads.

Symptoms of spware/ adware

  • Pop-up ads are appearing constantly.
  • Your brower's homepage changed unexpectly and cannot be changed.
  • New toolbars that you did not install appear in your browser and keep on reappearing even after uninstalling them.
  • Your computer may run significantly slower than what you are used to (so sluggish that the system produces errors and eventually crashes).

Spyware Tactics

Spyware and adware can infect a computer in many ways. They are often bundled with supposedly free software. Certain reputable freeware libraries have spyware/ adware-free policies but this is not always the case.

They can also infiltrate computers via a rigged website where the only mistake of the user is having visited the site. This usually occurs when the browser executes an embedded ActiveX controller that secretly installs the spyware/ adware. This technique is referred to as drive-by downloading.

At times, when a user visits a website they may suddenly receive a browser prompt requesting permission to install a piece of software that is needed to view the website. Many of these are actually attempts to introduce spyware into the system of the user. Users should always read the agreements before accepting the request.

Many spyware and adware programs are hard to detect and even harder to remove without dedicated antispyware software. Spyware use a variety of techniques to elude detection and removal:

  • Process injection is when a piece of adware/ spyware injects its code into a running program which allows it to bypass security restrictions, evade detection, make changes and self-regenerate even if its files are removed.
  • Watchdog processes monitor for any changes to the files of the spyware.  If the spyware/ adware is terminated or has its files deleted or altered, the watchdog will restore and restart the spyware/ adware.
  • File lock is a method used legitmately to prevent potential errors when multiple programs try to access the same resources or critical files.  This feature can be abused by spyware/ adware to block its own removal.
  • Automatic update allows spyware/ adware to change constantly to avoid detection.

Protection and PreventionIf you suspect that you have a spyware infection, launch Task Manager and mark down any suspicious processes you see. Perform a Google search on them. You will quickly find information on whether they are legitimate programs or not.

Install an antispyware program and run regular spyware scans with up-to-date signatures. Select an antispyware scanner carefully as some are not effective at all, or could possibly be spyware/ adware posing as legitimate antispyware software. You can find a list of questionable antispyware programs to avoid at http://www.2-spyware.com/corrupt-anti-spyware. Research products online before installing.

Read the license agreement prior to installing any software, especially free programs. Pay attention to sections related to "Sponsor Program", "Third Party Agreements", or collection of anonymous user statistics.

Keep your system up to date with the latest software patches. This prevents spyware from using security exploits to install itself.

Keep your antivirus program up to date with the latest virus definitions and run scans regularly. Some spyware are packaged with viruses, worms and trojans. Some are viruses themselves. The line separating malware grows grayer as technology advances.

Ensure that the firewall that comes with your operating system is running, or install a reputable firewall.

Configure your browser/ firewall to either block ActiveX components or to ask for your permission before running them.

Spyware detection and removal tools:


Published on  and maintained in Cascade CMS.