From Pinon PC to you:
I am thinking about starting up a newsletter to you, my clients, using email to broadcast it. Why? I have noticed that I am saying the same things to almost all of you so it seems logical that these information bits should be put into writing and distributed. I can't promise that this will be a very regular occurrence, but then I might just have enough to say to keep this going semi-regularly !
If you wish to NOT receive this, please drop me an email at email@example.com .
Potential future topics include: backups, firewalls, surge protectors & upses, ... and other topics suggested by you.
As I have told many of you, cleaning up spyware compromises about 80% of my work this year. I have broadcast a letter about this once before - but the spyware world has changed and I think it bears repeating. The prior letter (dated April 2004) can be read at: http://www.pinonpc.com/spyware.htm .
SPYWARE - MALWARE
How do you get spyware:
From browsing the web. That is, from web sites. Not from email or attachments.
When you go to a web site that has an agreement with the distributors, they silently push down to your machine the installer for the spyware. It then runs, silently, and installs itself onto your pc and begins to do what it is designed to do. That can include: keystroke logging, password stealing, spying on purchases, creating spam, bringing in other spyware programs, ... ouch!
Which web sites? NOT the major chain stores of other companies you know as being legit: Sears, Lands End, ... But if you go to Joe's hardware store in Montana to buy something, you could be exposed to spyware. Joe could have found that having a web store front is expensive and has made a deal with marketers. For each program he successfully pushes to a pc, he gets paid! The other very common means of getting spyware is from those sites teens love: chat groups, file sharing programs, instant messengers, ....
Prevention / Cure:
There are free remover tools and commercial tools.
The free ones that are effective are: (These can be downloaded from www.download.com .)
Microsoft's Spy Ware Remover www.microsoft.com
The commercial ones that I use in the shop to augment those above are:
Pest Patrol http://www.pestpatrol.com/
Panda Software http://www.pandasoftware.com/
PC Tools Spyware Doctor http://www.pctools.com/
Norton Anti-Virus 2006 http://www.symantec.com
Free online tools provided by the commercial products:
Trend-Micro's House Call http://us.trendmicro-europe.com/housecall/v6.5/?us=2en/start_corp.asp?id=scan
Trend-Micro's House call v1 http://housecall.trendmicro.com/
Bitdefender online scan http://www.bitdefender.com/scan8/ie.html
Panda online scan http://www.pandasoftware.com/products/activescan.htm
Pest Patrol http://www.pestpatrol.com/prescan.htm
Now, no single removal tool is effective enough. Each has their strengths and weaknesses. (ie Ad-Aware got hauled into court by Gator and now will NOT remove their products. bad bad Ad-Aware! However, it removes some spyware programs that others still don't.) For most light to moderate infestations, the free tools work very well. Microsoft's tool is still in Beta testing but works well. It runs continuously, like Norton does, and actively watches for incoming programs. The rest of the free tools must be run manually. For all these tools mentioned - DONT QUESTION whatever they find, let them remove.
There are MANY OTHER spyware removers on the market. I do not list them here because many of them are not quite legit or are just not very good. They either (1) remove competitors programs but put their own malware back in (2) they are of such limited effective scope that other programs make them redundant (3) they will provide false positives and potentially break legitimate programs you have installed. I have gleaned lots of useful information from http://spywarewarrior.com/ , go ahead, it could be quite shocking!
Warning - some spyware programs are designed to break your windows as you remove them !! I haven't successfully made a list of who are the culprits, but I do see that about 25% of badly infested pcs NEED a rebuild.
When I return a cleaned up pc to a client, I have installed those free programs and web links to the free scans. I advise people to run those tools on a regular basis to prevent another infestation. If you can catch these bad programs before they get much of a foothold into your pc, GREAT! That means less work for me and fewer bills for you !!! :-)
(1) if you are on high speed internet, get a router with NAT technology in it. This is just my theory but so far it is holding up. Qwest's DSL modems contain a router with NAT technology in them. Comcast users however, NEED to add a NAT enabled router. As for Earthlink DSL, well there isn't much we can do, their technology prevents us from putting a router in place, so keep up on your manual removal tools.
(2) If you are running Windows XP, most likely you are running with the default account that was created at first power up. This account is a fully enabled Administrator type account - meaning among other things - that the user can install programs. In houses with kids and in businesses, I recommend that in addition to the first account, another account is created that is a Limited account. In the limited account, the user can not install software, purposefully or not! That means - no spyware will successfully install as they surf. Of course for this to work, the users have to be unable to use the administrator (main) account, therefore it must be password locked by a responsible party. There are other limitations to a limited account - I will discuss them with interested parties.
I will post this entire document on my web site at www.pinonpc.com/newsletter-1-spyware.htm