| |
Learn More about Spyware
Aliases
Many different terms are often used interchangeably to refer to spyware-like
software. They include:
|
Adware |
|
Spybot |
|
Malware |
|
Spyware |
|
Scareware |
|
Thiefware |
|
Scumware |
|
Tracking software |
|
Sneakware |
|
Trackware |
|
Snoopware |
|
|
Who should be concerned with spyware?
If you're online, you should be concerned about spyware (particularly
if you are using Microsoft Internet Explorer). Spyware predominantly
targets Windows systems but increasingly there are reports of spyware
that targets Mac OS and OS X, Safari, Quicktime and even iTunes.
Spyware is becoming increasingly worrisome for companies as well. According
to Computer Associates (CU-Boulder uses their antivirus product eTrust,
a.k.a. CUantivirus), spyware has been Dell's number one tech support
issue since December 2003 and is currently Microsoft's number one cause
of system failure.
How does spyware get into your computer?
Spyware often arrives attached to other software you intentionally install.
Many "freeware" and "shareware" programs you download
over the Internet include at least one, but up to several, parasite programs
that will silently install themselves on your computer as you install
the software that you actually wanted.
Some may also arrive in e-mail messages. Unlike viruses, these pieces
of spyware usually announce themselves. Clicking on and opening the attachment
then serves to download this software onto your computer.
Spyware can be installed on your system by simply visiting a web site.
In this case, the web site might ask you to allow the software. In some
malicious cases, the web site will take advantage of flaws in your web
browser to install the software with out your permission. If you surf
the web, particularly with older versions of Microsoft Internet Explorer,
even if you are careful, you can pick up adware and other forms of spyware.
Any media-supported web site often attaches a tracking cookie.
And, if you share music, files, or photos with other computer users,
your risk also increases. For example, KaZaa often comes with spyware
that is installed along with that program.
Your chances for picking up spyware also rise when you install software
applications (especially if you don't full read the license agreements
- i.e. the "fine print.") Voluntary downloads account for a
large portion of the privacy-infringing software. You may not realize
a free screensaver or computer game or toolbar also reports back your
private information.
What are some of the symptoms of
spyware?
If your computer is exhibiting some of the following symptoms, it is
very likely that it has become infected with spyware.
|
Unusually slow performance and/or Internet connection |
|
You are subjected to endless pop-up advertisements, even when you're
not on the web |
|
Strange hard drive behavior |
|
Your web browser's homepage or settings have changed, seemingly
on their own |
|
There is a new toolbar in your web browser that is difficult to
get rid of |
|
New, unexpected icons appear in the task tray at the bottom of
your screen |
|
Frequent computer crashes |
|
You are redirected to web sites other than the one you requested |
|
The search engine your browser opens to when you click "search" has
been changed |
|
Certain keys fail to work in your browser |
|
Random Windows error messages begin to appear |
How do you remove spyware?
There are a number of low cost and free solutions on the market currently,
and many more under development by software companies such as Microsoft
and popular antivirus vendors.
CERT (www.us-cert.gov/cas/tips/ST04-016.html)
recommends that you first run a full scan on your computer with your
antivirus software. (CU-Boulder uses CUantivirus, or eTrust from Computer
Associates www.colorado.edu/its/security/antivirus).
Some antivirus software will find and remove spyware, but it may not
find the spyware when it is monitoring your computer in real time.
Run a legitimate product specifically designed to remove spyware. Many
vendors offer products hat will scan your computer for spyware and remove
any it finds. However, many security experts recommend that you run a
few of these products, as none currently find all of the spyware typically
infecting your computer.
While ITS doesn't endorse any specific brands, popular products used
by BugBusters on walk-in cases include:
How do you prevent spyware?
ITS and industry experts recommend that you:
|
Install and run anti-spyware software. |
|
Be smart about what you surf and download online.
 |
Do not click "agree" or "OK" to
close a window. Instead, click the red "x" in
the corner of the window or press the Alt + F4 buttons
on your keyboard to close a window. |
|
Be more cautious when downloading free
software, especially "free" file-sharing applications,
which are often bundled with spyware. |
|
Remember, if software looks too good to
be true, it probably is. (i.e. a web advertisement tells
you you've just won something so click here). Don't
click anything, just close out the window. |
|
Do not download or run e-mail attachments
unless you know what they are. |
|
Only download from Web sites and people
you trust. |
|
|
Adjust your Web browser's security settings or use a more secure
Web browser. Adjust your browser preferences to limit pop-up windows
and cookies: pop-up windows are often generated by some kind of scripting
or active content. Adjusting the settings within your browser to
reduce or prevent scripting or active content may reduce the number
of pop-up windows. Certain types of cookies are sometimes considered
spyware because they reveal what web pages you have visited. You
can adjust your privacy setting to only allow cookies for the web
site you are visiting.
|
Microsoft Internet Explorer
(directions from www.microsoft.com) |
|
Other Web browsers, such as Mozilla Firefox
offer more security settings than Internet Explorer. |
|
Note: These new browsers may not be compatible
with some University enterprise systems, but are appropriate
for general day-to-day browsing. |
|
|
Use a firewall. The newest versions of both Microsoft Windows XP
and Apple's Mac OS X operating system include built-in firewall software. |
|
Use caution when clicking on agreements while you are using a Web-based
service. Read the agreements before clicking them. Because most people
do not take the time to read these agreements, you may be agreeing
to let spyware be loaded on your PC. If you're not sure whether to
trust a program you are considering downloading, ask the IT Service
Center or enter the name of the program in your favorite search engine
to see if anyone else has reported that it contains spyware. And,
always read all security warnings, license agreements, and privacy
statements associated with any software you download. You should
also consider avoiding some of the known spyware carriers, such as:
|
CoolWebSearch |
|
Kazaa |
|
Grokster |
|
Snood |
|
Weatherbug (the free version is considered
adware and it is recommended that it not be installed on
your computer) |
|
|
Don't follow e-mail links claiming to offer anti-spyware software:
Like e-mail viruses, the links may serve the opposite purpose and
actually install the spyware it claims to be eliminating. |
|
Use caution if you receive online messages, scareware, that your
system is vulnerable or has "known" viruses and offering
software to download to correct the problem. Many times these links
are actually installing spyware. |
|
Beware of peer-to-peer file-sharing services. Many of the most
popular services include spyware in their installation procedures.
Never download an executable file from a P2P. In general, you should
only download executable files from known vendors or trusted sites. |
|
Watch out for cookies. Though not the worst form of spyware, they
do gather information about your browsing habits and can supply the
gathered information elsewhere. |
|
Stop web bugs. These are spies that are activated when you open
contaminated HTML e-mail. Get rid of unsolicited e-mail without reading
it by turning off the preview pane. Also do the following in Outlook
2003 if you are using it: Tools | Options, click on the Security
tab and select Change Automatic Download Settings. Make sure Don't
download pictures or other content automatically in HTML e-mail is
checked. |
What's on the horizon for fighting spyware?
Antivirus software companies like Symantec, McAfee, and Sophos all plan
to announce new technology to fight spyware and Microsoft has a product
called Windows Defender. (www.microsoft.com/spyware)
Get Help
IT Service Center
303-735-4357 (5-HELP)
security@colorado.edu
|
|
|
