Tech Team Newsletter - Volume 5 Issue 2

Tech Team: In the Trenches

April 2007 Volume 5 Issue 2

Table of Contents

A Look at Spyware

Q. What is spyware?
A. The term spyware is generally used to describe any program installed on your PC that sends information (with or without your permission) to someone else for the purpose of monitoring your online (browsing, shopping, etc.) habits as well as your personal information. In addition to being an invasion of your privacy, spyware applications can also cause your computer and/or Internet connection to function slower than normal or sometimes in extreme cases it may fail to function at all.

Q. How does spyware get on my computer?
A. The two most common ways that spyware gets placed on your computer is 1) by installing freeware/shareware/demoware software that installs spyware applications during installation of the main program or 2) by visiting web sites which attempt to install applications on your PC using exploitable web technologies like Microsoft ActiveX.

Q. What tools can proactively monitor my system as well as help remove existing Spyware?
A. It is recommended to use Ad-Aware SE Personal Edition from LavaSoft (http://www.lavasoft.de). This application will search your system for spyware and will inform you of any questionable programs or processes that it finds. It will also stay up to date like most virus scanners do by connecting to the developers site and downloading regular update so that it will always be able to identify the latest types of spyware applications and techniques. Another highly recommended removal tool is AVG Anti-Spyware developed by GRISOFT for home use (http://free.grisoft.com/doc/20/lng/us/tpl/v5). Version 7.5.446 of this application is also free of cost and has proven to be one of the most effective of its kind.

Q. What web browser software should I use in order to be the least vulnerable to spyware?
A. It is recommended to use a web browser such as Mozilla or Firefox (both available at http://www.mozilla.org/) for general web browsing use. These browsers are less exploitable than Internet Explorer and may leave you less vulnerable to spyware when visiting web sites. You may find that some sites you use frequently require Internet Explorer in order to function (online banking for example) and if this is the case you can still use Internet Explorer for these types of sites. For all other general browsing you will be less vulnerable to spyware if you stick to a browser like Mozilla or Firefox.

Q. How should my ActiveX options for Internet Explorer be configured in order to be the least vulnerable?
A. Open Internet Explorer, click the "Tools" menu and select "Options". Select the "Security" tab and make sure that it is set for at least "Medium" or higher security. Then click on the "Custom Level" button and adjust the following options to these indicated values: Download signed ActiveX controls: Prompt; Download unsigned ActiveX controls: Disable; Initialize and script ActiveX controls not marked as safe: Disable; Run ActiveX controls and plug-ins: Prompt; Script ActiveX controls marked safe for scripting: Prompt.

Q. My computer has been so badly damaged by spyware that I can no longer get it online. How can I troubleshoot the problem?
A. Microsoft has an article that describes many steps that can be taken to identify and fix this sort of problem (http://support.microsoft.com/default.aspx?kbid=811259) but it can be complicated and requires at least some level of expertise. There is also a third party software tool called LSP-Fix which will attempt to identify these problems and fix them for you (http://www.cexx.org/lspfix.htm). If neither of these resources seems to help your specific problem then it might be a good idea to contact the Tech Helpline or your computer manufacturer for advanced support.

Q. Neither Ad-Aware SE Personal Edition or Spybot S&D have been successful in fixing my spyware problems. Is there a more advanced free tool available?
A.There is an advanced spyware removal tool called HiJackThis (http://www.spywareinfo.com/~merijn/downloads.html) which has been reported to be extremely powerful and effective. This tool will aggressively search your system for web browser parasites and other spyware related applications. It shows you everything on your system that has any connection to your web browser and leaves it up to you to decide if it should be there or not. Extreme caution should be used with this tool because along with its powerful capabilities comes the ability to further damage your system. If you are not able to decipher the true spyware components and make a decision about what should be on your machine or not, contact the Tech Helpline and let a technology expert help you.

Q. I can't reboot my computer normally or gain enough access to it to download or install any of these spyware removal/detection applications. What should I do?
A. It may be necessary to reboot Windows into "safe mode" in order to install and run these applications if your computer cannot boot normally. Most versions of Windows can be started in "safe mode" by pressing the F8 key during the initial stages of Windows startup. You will not have access to the Internet while in safe mode so it also might be necessary to place files needed for installation on recordable CD-Rs or floppy disks.

Q. Are there any online spyware scanners?
A. DoxDesk has a nice online spyware/parasite scanner that will perform a quick search for the most commonly found spyware applications (http://doxdesk.com/parasite/).