Expose those prying eyes

Steps and tools that can help you uncover spyware

The word “spyware” sends a chill down the spine of the most hardened Internet veterans, and for good reason.

But not all spyware is sinister. By definition, it is software that tracks what you do on a computer. Spyware includes technologies such as tracking cookies that let you pick up where you left off at a favorite Web site or the automatic update tools that ensure your applications have the latest patches and bug fixes.

Those spyware examples are on your side. But plenty of bad spyware exists, too. Some redirect your browser to Web sites you don’t want to visit. Some track where you go on the Internet and report the information back to...well...someone. And some spyware can record each keystroke you make. By using keystroke loggers, crooks can reconstruct e-mail messages you sent, figure out the password for your online banking site or record the credit card number you entered to make a purchase at an online store.

In addition, spyware can cause more problems than just the information it transmits. Spyware has a tendency to stress your computer, resulting in severely compromised performance or system crashes.

Spy varieties
Spyware is an ill-defined category of software that includes many programs. These programs work in ways that are hidden from the user.

Spyware often sneaks onto users’ computers as a component of downloaded freeware or shareware. In some cases, the user must agree to a license statement that allows a program to install spyware, although many users are unlikely to notice or understand the implications of this agreement. In other cases, spyware may be surreptitiously installed just by visiting a Web site. Finally, some employers, family members and other unauthorized parties may intentionally install spyware to collect information.

Spyware monitors your computer and transmits information to a third party. The collected information might be keystrokes, applications loaded, Web sites visited or other activity. Tracking cookies are another variety of spyware. Many Web sites write cookies to your hard drive. The small text files may include passwords or configuration information for that Web site. Cookies, however, may also record your visits to other Web sites and include personal information you entered at those sites.

Several other types of spyware focus on changing what your computer does rather than on collecting and transmitting information.

Adware, for example, causes advertising to pop up on your screen via a pop-up window or an advertising banner in your browser. Pop-up blockers don’t prevent this type of spyware because a downloaded application generates it rather than a visit to a Web site.

Hijackers may change a number of your browser settings. They often enter your computer via third-party browser toolbars or other browser extensions. Typically, hijackers change the default home page to a site specified by the spyware. Resetting your home page is generally not effective if you have a hijacker on your system.

Trojan horses are programs that download surreptitiously onto your computer within another program. Trojan horses may do a number of things, such as secretly using an unsuspecting victim’s PC to send spam e-mail messages.

How to catch a spy
Identifying spyware can be trickier than identifying viruses. That’s because a lot of spyware functions like legitimate programs do — it collects information. As a result, you can’t catch most spyware by simply looking for unusual activity on your computer.

The most common method of spyware identification, therefore, is through signatures — identifiable pieces of code or file names. That means you need to obtain frequent updates to your anti-spyware program to ensure protection. Even then, the newest pieces of spyware may slip past your defenses.

The best anti-spyware programs, however, employ a number of other techniques to flush out the spies.

A solid anti-spyware program will monitor changes in critical Windows configuration files, including the Startup folder, the Hosts file and the Windows registry. Likewise, the solution should monitor any changes to your browser home page.

A good anti-spyware program should also ensure that any downloaded ActiveX programs are screened before they get on your computer.

The most powerful anti-spyware programs monitor your computer to detect programs that record keystrokes. Because some applications do that for legitimate reasons, the program should allow specified programs to record keystrokes without interference.

Finally, similar to a good antivirus solution, a good anti-spyware solution needs to remove the burden from the user by scanning for suspicious behavior in real time and running scheduled, unattended scans. The solution should also provide automatic or scheduled updates of the signature database.

Selecting your solution
Anti-spyware software is rapidly developing. Dozens of products in the marketplace take a broad array of approaches to combating spyware. Generally, freeware and shareware solutions offer fewer features and less frequent updates of signature files.

One sign of maturity in the anti-spyware marketplace is that classic stand-alone solutions, such as Lavasoft’s Ad-Aware and CA’s Pest Patrol, are now available in enterprise versions that allow administrators to manage the program’s distribution and maintenance on clients without user involvement.

We are also seeing a number of antivirus solutions — including products from Symantec and McAfee — that offer anti-spyware tools. Generally, we find that those solutions offer basic protection against the most prevalent spyware, but they lack the sophisticated reporting tools and some detection methods of specialized programs.

In the future, anti-spyware solutions will likely be marketed as part of a unified security solution. In the meantime, users must consider several factors when they choose a solution, and many will adopt more than one.

No solution we tested was capable of catching every piece of spyware we threw at it. Anti-spyware solutions are always aiming at moving targets. The solutions may take days or weeks to learn of new pieces of spyware and issue updates to deal with them.

Accordingly, whether you’re looking for an enterprise-level solution or a stand-alone product, you should look for one that provides frequent updates of signature databases. All of the solutions we tested had databases updated within a week of our testing.

For this article, we tested three of the biggest names in traditional anti-spyware solutions: Acronis Privacy Expert Suite, Lavasoft Ad-Aware and PC Tools’ Spyware Doctor. In addition, we examined — but did not score — the beta version of Microsoft’s anti-spyware product.

We wanted to include several other products. McAfee was unable to provide its anti-spyware solution to us in time for this review. Two other solution providers — Symantec and CA have implemented anti-spyware as an integrated part of their antivirus solutions. We tried both solutions and found them to be generally effective, but their inflexibility and modest reporting tools made them inappropriate for review alongside the other anti-spyware tools.

Lavasoft’s Ad-Aware: Not keeping up with the times
Lavasoft’s Ad-Aware Professional is one of the old-timers among anti-spyware programs, and it hasn’t kept up with the youngsters.

For starters, Ad-Aware didn’t do as well as the other programs in detecting and neutralizing our test set of spyware. Specifically, the program failed to find either the Acme or SupremeSpy key loggers.

Ad-Aware’s interface was a tad confusing. We were looking at logs, for example, and wanted to move to the configuration menu using the icon at the top of the program. Nothing happened. After some time, we noticed that we had to click Next to move through the log before leaving it. Likewise, when in the Configuration module, we can’t reach the Help module without closing the Configuration module.

Ad-Aware also has limited configuration options. You can, for example, schedule Ad-Aware to scan and look for updates automatically, but only on start-up, and you can’t specify daily or weekly scans and updates.

Besides those oversights, we found Ad-Aware to be customizable. And Lavasoft offers an enterprise version that facilitates centralized control of your anti-spyware program.

Acronis Privacy Expert Suite: Nabbing culprits
Acronis Privacy Expert Suite did a respectable job of nabbing culprits, snagging all but one of the spyware pieces we tested with it. And with its nearly daily updates, Privacy Expert provides strong assurance to users.

The program also offers exceptional control over operations, letting you schedule nearly any task separately, from simple cookie cleaning to URL histories, password cleanups and complete system scans. We found the program easy to configure, but we were a bit put off because it uses a wizard to configure everything. Once users are familiar with the program, they can configure it more efficiently without using wizards.

Privacy Expert provides a customizable log that, though lacking Spyware Doctor’s level of detail, offers the kind of information most users will find helpful. However, we were disappointed to find that it did not include a list of the spyware signatures it searches.

On the plus side, we liked that Privacy Expert’s browser support — which provides cookies monitoring and protection in addition to Internet cache cleanup and home page protection — includes Internet Explorer and Mozilla Firefox.

In addition to Privacy Expert’s anti-spyware tools, the program includes a number of useful features aimed at protecting data on your computer from prying eyes. For example, it features a file shredder and a disk wiper. Another utility can clean traces of applications loaded and wipe your Windows paging file. Although those capabilities weren’t part of our tests, they add value to the product.

Spyware Doctor: A real spy catcher
Spyware Doctor is unsurpassed in its ability to catch spyware and protect your system against unauthorized changes. In our tests, Spyware Doctor caught every culprit we threw at it and a few tracking cookies we didn’t even know about. And Spyware Doctor is also effective at protecting against attacks on the Windows environment, including Hosts file protection, Layered Service Provider protection, Domain Name System protection and Messenger service restriction.

We also liked that Spyware Doctor provides links to a searchable database of all spyware signatures monitored by the program.

In addition, we found its interface easy to navigate. The program is also customizable. You can selectively toggle nearly every protective feature in the program, and you can separately schedule full scans, quick scans and program updates. We were disappointed to find that one such update required a reboot of the computer. However, the security afforded by the extreme frequency of updates delivered by PC Tools more than makes up for that inconvenience.

The only other issue is that Spyware Doctor only provides full browser support for Internet Explorer. The program provides protection against tracking cookies for Internet Explorer, Firefox, Mozilla and Opera. But other features, including home page protection and blocking of spyware and phishing sites, are only available for Explorer.

Microsoft Windows Defender beta: One easy interfaceMicrosoft will soon be putting pressure on anti-spyware vendors to provide better performance and more valuable features. Once Microsoft releases its anti-spyware program for Windows, other vendors will have a harder sell. The software is free to legitimate owners of the Windows operating system.

We took a look at the beta version of the program, which is currently called Windows Defender and available for download here. And we were generally impressed.

The program’s interface is one of the easiest to use. Automatic scans are simple to configure, and if you have a constant Internet connection, you can also specify that the program check for updates before scanning.

The program also monitors your wireless network and alerts you if someone else is using it. It tracks and notifies you to changes in many Windows configuration settings, including TCP/IP settings, the Hosts file, Winsock Layered Service Providers and the Messenger service. In addition to scanning for spyware signatures, Windows Defender monitors more than 50 Windows and Web browser components that spyware often targets. The program also gives a detailed profile of all programs and services running on your computer.

One major limitation of Windows Defender — at least in this beta version — is that it doesn’t integrate with browsers other than Internet Explorer. If you use a different browser, you’ll still have general protection against spyware, but you won’t have nice features such as monitoring of changes to your browser. Also, note that the program’s protection against malicious ActiveX controls only works through Internet Explorer.

Also, the beta version of the software does not monitor cookies.

Finally, although Windows Defender did a great job of alerting us to suspicious behavior, the beta program failed to catch two of the key loggers we had installed on our test system. Hopefully, Microsoft will fix that weakness before releasing the program to the public.

Steps to protect yourselfIn addition to installing an anti-spyware solution, you should take several steps to protect your computer against spyware.
  • Be cautious about visiting Web sites and downloading software. Most spyware arrives on computers from Web sites that offer downloadable freeware or shareware. Don’t download anything from a site unless you trust it. Close any windows that pop up by using the “X” in the corner of the window instead of clicking on any buttons in the window.

  • Use a firewall. Firewalls can prevent hackers from directly planting spyware on your computer.

  • Check security settings in your Web browser. Most Web browsers allow you to prevent scripts and ActiveX applets from downloading. Browsers also let you control whether your computer stores cookies.

  • Update your operating system software. Spyware often exploits vulnerabilities in your operating system, so keep current with system patches to provide significant protection.
Symptoms of spyware infection
  • Pop-up advertisements. If you have advertisements pop up when your browser is not running, you may have inadvertently installed adware. These pop ups cannot be prevented by pop-up blockers, which only block advertisements triggered by visiting a Web site.

  • Configuration changes. If your home page has been changed and you can’t change it back, you are probably the victim of a piece of hijacker spyware. Spyware may also change other configuration settings on your computer and may install toolbars to your browser or other applications.

  • Sluggish performance or system crashes. Spyware designers don’t put much effort into making sure their programs work efficiently. If you notice a sudden drop in performance during routine tasks or an increase in system crashes, you may have recently been infected with spyware.

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above