Internet Sleuths for Hire: Defeating Spyware
NEWSFACTOR SPECIAL REPORT
way to go Java.....way to go
By Vincent Ryan
NewsFactor Network
October 07, 2003

There are more than 350 different surveillance-software products available. We're focused totally on catching the software that says it's uncatchable, says Grey McKenzie, founder of SpyCop.

If there is anything more disturbing on the Internet than spyware? Spyware programs record every keystroke and Web page a user visits, as well as every e-mail and chat session. Some do things like browser hijacking -- attempting to alter homepage, searchpage and other browser settings -- or drive-by downloading, in which programs silently load themselves on an Internet surfer's computer or pose as a legitimate program to get the user to download them.

An end-user can be a victim of these programs and not even know it. Pages of private information culled by these programs may be leaking out of a user's computer onto the Internet before the user has any notion that something is wrong.

To date, the large antivirus vendors have ignored this space, so many end-users have little knowledge of the software that spots and removes spyware and other malicious code. Following is an introduction to some of the products available.

ActiveX Blocker

If protection from rogue Internet downloads is of primary concern, Spyware Blaster, a freeware program from Javacool Software, is a good choice. Spyware Blaster's specialty is preventing the installation of spyware ActiveX controls from a Web page and disabling malicious ActiveX controls that are already present.

It does not have to be running in the background to provide this protection. Spyware Blaster does this by setting a kill bit for spyware, adware, dialer, browser hijacker and other ActiveX controls, said Javacool, the developer of Spyware Blaster. (Javacool declined to provide his real name.) and we here at Computer Cops won't tell either!

The kill bits act as a global block of sorts, Javacool told NewsFactor. The spyware ActiveX controls cannot be installed and in many cases will be disabled if they are already present on the user's system. Once Spyware Blaster sets a kill bit, the Yes/No installation dialog box that displays when an ActiveX control tries to install will not display, Javacool said. Legitimate ActiveX controls, such as those used in Windows Update, are not affected.

Spyware Blaster's current database contains 822 items that Spyware Blaster protects against. About 100 or so are tracking cookies used by some advertisers. Spyware Blaster also boasts such features as Hosts Safe, which stores encrypted back-up copies of a user's host file, the local file that translates Web addresses.

Flash Killer, another capability, enables Internet users to block the installation of distracting Macromedia Flash content. Custom blocking enables the user to create a custom list of ActiveX controls that they want to block, such as search-engine toolbars and browser plug-ins, Javacool said.

Spyware Blaster's System Snapshot function allows users to restore a system to a clean slate after a spyware installation. The program provides a list of system areas that the spyware has changed, such as Internet Explorer settings. The snapshot function only targets spyware and browser hijackers; other system changes are not affected.

Detection and Removal

Ad-aware 6 is a spyware-detection tool that also has removal capabilities in its Plus and Professional versions. The product was designed in response to the need for something that detects adware -- programs or unique identifiers that are surreptitiously installed on a user's computer with the intent of harvesting the user's e-mail address and other private information for transmission to a third party. Adware can be bundled with free applications on the Internet and stay in a user's PC even when the user has uninstalled the freeware.

The main problem has not been advertising itself, but the fact that users are not given a choice, said Michael A. Wood, a spokesperson for Lavasoft, the makers of Ad-aware 6. When these [programs] are being pushed onto computers without the user's knowledge, there's no choice there, Wood said.

Many of these [adware programs] did not come with uninstallers or were hidden, Wood told NewsFactor. We wanted an easy way to get these programs off a machine without needing an IT specialist.

Ad-aware, a Windows-based program, detects more than 13,624 unique signatures of spyware, including Trojans, dialers, browser hijacks, some keyloggers and drive-by downloaders. Ad-aware also can scan a host file to determine if content has been added that redirects a browser to another site, and it can lock start-up settings so that spyware programs cannot alter them. Executable file extensions also can be locked so that viruses and other malicious software cannot insinuate themselves into the associations of executable files.

Although the freeware version of Ad-aware is a detection tool, the Plus and Professional versions include Adwatch, a resident scanner that alerts the user when spyware is trying to infiltrate their system. The Plus and Professional versions also allow for automated scanning and removal of spyware, content blocking, additional analysis tools, and pop-up blocking. Wood said the pop-up blocker is a little cumbersome to use but that the company is working to improve it.

An upgrade to Ad-aware is due in October and will enable Ad-aware users to update their current version without having to reinstall the entire program. The standard edition of Ad-aware is free, and the Plus and Professional Editions sell for US$26.95 and $39.95, respectively.

Spy vs. Spy

SpyCop takes another tack altogether. It targets stand-alone computer surveillance software -- such as URL recorders, keyloggers, chat monitors and screen recorders -- that is usually installed by an employer or another person that wants to monitor computer usage without being detected.

There are more than 350 different surveillance-software products available, said Grey McKenzie, founder of SpyCop. We're focused totally on catching the software that says it's uncatchable, McKenzie told NewsFactor. We're not against surveillance software, but a lot of people use it for non-legitimate purposes.

SpyCop does a brute force scan of a computer's hard drive, much like what virus scanners do, McKenzie said. The scan looks for components of programs and compares them to what is in SpyCop's database. When a program is detected, the user has the option of renaming the files so that the software no longer works, or contacting the surveillance software vendor to obtain an uninstall program. Formerly, SpyCop deleted spyware files, but many of the files were intertwined with nonspyware programs, causing havoc with systems, McKenzie.

SpyCop comes in a consumer version and a corporate version. The consumer version is regularly $69.95 but usually is on sale for $49.95. The corporate version sells for $89.95 but it too often comes with a $20 discount.

Up to the User

Too often, the approach of the IT department is to keep its head in the sand or have no time to follow up when a user is victimized by spyware, experts say. Indeed, employers that secretly are recording an employee's activities do not want end-users to find out.

Spyware stoppers and detectors can be of great assistance in detecting and removing these stealthy programs. But so far, they have not penetrated the mainstream. As more and more users become victims, however, it is a smart bet they will rise to the surface.

NewsFactor


way to go Java.....way to go