Downloads
When you download a file to install from the Internet, that piece of software always has a license agreement that can be viewed at sometime during the installation process. This EULA (End User License Agreement) is included to take care of issues with copyright and liability laws. They include permissions of what the end user can and can’t do with the software, as well as inform the end user of what the software does and doesn’t do. You will be hard pressed to find someone who actually reads those license agreements on their own free time. Most users simply click “I agree to these terms”. Included in the terms of agreement can be notices that forms of spyware may be installed with the main software package, albeit often hidden within complex legal jargon.
Cutesy applications are a huge success for spyware vendors/manufactures in that they are often laced with spyware that is installed along side the main package as an extra feature that does users no good. These “cutesy applications” can be screen savers, IM emoticon packages, desktop buddies, and so on. A few good examples are Bonzi Buddy, Comet Cursor, and Smiley Central. Whether or not the main purpose of the package is entertainment or data harvesting, it is hard to tell. They do a good job with both tasks. The amazing thing is that users sometimes pay for these applications in order to get “special” or “extra” services.
Cutesy applications aside, there are additional freeware packages that offer themselves as so-called legitimate and useful software, but actually do more harm to you as a user, rather than good. Such applications can include any Gator products, DashBar, PrecisionTime, DateManager, eWallet, eAcceleration, and, yes, even the seeming popular WeatherBug. Make sure you do your research on freeware that you may want to install. There’s a relatively small portion of free applications that are intentionally malicious, if all freeware is taken as a whole. There is a great many more legitimate freeware applications available for use, so don’t let these few malicious applications deter you from taking advantage of all the freeware that’s available. A simple Google search of the application’s name and the word “spyware” will usually turn up a significant number of results if the freeware package is indeed malicious.
Search Toolbars are another set of applications that have become quite popular. They are also a large source of data harvesting by collecting search string information, as well as browsing habits, and can even act as a keylogger.
Another source of adware, spyware and malware that gets installed on a user’s system without their consent is referred to as a drive-by download. Drive-by downloads are either embedded within a webpage, installed as a result of clicking on a deceptive ad or pop-up, or just bouncing around the Internet dropping into whatever unsecured computer they happen to run across. Older browsers and un-patched security flaws, in both browsers and Operation Systems, can allow drive-by downloads to take advantage of your unprotected system. The lack of a firewall can also be a big contributing factor, which can be compounded with the lack of up-to-date security patches, making for a good double whammy.
This is why it is dangerous to go poking around and following phishing links and ad links. Note that not all ads hide a page loaded with spyware. A good portion of ads on legitimate websites are in fact, not ill intended and will not install spyware on a user’s system. Just be aware of deceptive pop-ups and ads because after all, they do exist.
Prevention Techniques
Tightening up system security, keeping up to date with security patches, and engaging in safe Internet usage are the three main ways to prevent spyware from entering your computer system. Many of these techniques rely on each other to maintain overall good system security. Don’t rely on just one or two. Use most, if not all, of these techniques. You will end up with a much healthier computer.
Administrator Accounts
It is wise to password protect all your administrator accounts as well as the administrator user account named “Administrator”. There are some forms of spyware and malware that have been spread through these accounts thanks to blank password fields. It is recommended that you use at least an 8-letter/number combination.
You can access user account information in Windows XP by going into the Control Panel > User Accounts. Select a user account and click “Change my password”. Follow the onscreen instructions. In order to change the Administrator account’s password, you will have to boot up into safe mode. Restart the machine and before the windows loading screen appears, press F8. You should then be given a menu of choices. Choose “Safe Mode”. Make sure that you do not allow a system restore if you should be prompted. Next, proceed to the User Accounts as before to change the password.
In Windows 2000, go to Control Panel > Users and Passwords, select the user account and click “Set Password”. Enter the new password in the dialog box that appears, hit ok after you’re done, and hit ok on the “Users and Passwords” window.