Embed Size (px)
DESCRIPTION
What is Spyware?. Where did it come from?. Adware. Originated from software called shareware Shareware did not work well, so as the internet became popular, it evolved into adware Adware was shareware that supported itself by displaying advertisements Gator Kazaa. Adware. - PowerPoint PPT Presentation
Citation preview
What is Spyware?What is Spyware?
Where did it come from?Where did it come from?
AdwareAdware
Originated from software called Originated from software called sharewareshareware
Shareware did not work well, so as the Shareware did not work well, so as the internet became popular, it evolved internet became popular, it evolved into adwareinto adware
Adware was shareware that supported Adware was shareware that supported itself by displaying advertisementsitself by displaying advertisements– GatorGator– KazaaKazaa
AdwareAdware
Advertisers wanted to better target ads to Advertisers wanted to better target ads to people using these programs, so they people using these programs, so they began to “collect” usage informationbegan to “collect” usage information– The term for this became “spyware”The term for this became “spyware”
Advertisers began devising more and more Advertisers began devising more and more intrusive ways to display advertisementsintrusive ways to display advertisements
Adware switched from programs Adware switched from programs supported by advertisements to supported by advertisements to advertisements supported by programsadvertisements supported by programs
SpywareSpyware
Instead of coming with a program that Instead of coming with a program that serves a useful purpose, most spyware serves a useful purpose, most spyware now seeks to merely get on your now seeks to merely get on your computer for the sole purpose of computer for the sole purpose of displaying advertismentsdisplaying advertisments
This includes displaying pop-ups when you This includes displaying pop-ups when you shouldn’t get them, your web browser shouldn’t get them, your web browser being “hijacked”, and many other things being “hijacked”, and many other things that shouldn’t happen.that shouldn’t happen.
SpywareSpyware
The official definition of spyware is: The official definition of spyware is:
Software that transmits information back to a Software that transmits information back to a third party without notifying the user. It is third party without notifying the user. It is also called malware, trackware, hijackware, also called malware, trackware, hijackware, scumware, snoopware or thiefware. Note: scumware, snoopware or thiefware. Note: Some privacy advocates also call legitimate Some privacy advocates also call legitimate access control, filtering, Internet monitoring, access control, filtering, Internet monitoring, password recovery, security or surveillance password recovery, security or surveillance software "Spyware" because it could be software "Spyware" because it could be used without notifying the users.used without notifying the users.
SpywareSpyware
It is believed that currently 9 out of It is believed that currently 9 out of 10 PCs that are connected to the 10 PCs that are connected to the internet are now infected by spywareinternet are now infected by spyware
An unpatched PC connected to the An unpatched PC connected to the internet can be infected in as little as internet can be infected in as little as 4 minutes4 minutes
So how can someone protect So how can someone protect themselves from spyware?themselves from spyware?
Basic MeasureBasic Measure
Updates, Virus Scanners, Updates, Virus Scanners, and Firewallsand Firewalls
Anti-VirusAnti-Virus
Everyone should have anti-virus software Everyone should have anti-virus software on their computer!on their computer!
Run at least once per week, along with Run at least once per week, along with other measures to keep your computer other measures to keep your computer safe and working correctlysafe and working correctly
Anti-Spyware tools (covered later)Anti-Spyware tools (covered later) Hiram College provides anti-virus software Hiram College provides anti-virus software
for youfor you E-Trust software E-Trust software http://http://
home.hiram.edu/eTrust/download.htmlhome.hiram.edu/eTrust/download.html
Windows UpdatesWindows Updates
What it does: Updates software What it does: Updates software on your computer to plug up on your computer to plug up security holes in Windows security holes in Windows productsproducts
Select it from the start menuSelect it from the start menu Automatic updatingAutomatic updating Should be run as often as anti-Should be run as often as anti-
virus software is usedvirus software is used Service Pack 2Service Pack 2
What you need to know about What you need to know about Service Pack 2Service Pack 2
Windows Security Center, which Windows Security Center, which includes:includes:
Quick-and-easy automatic updates Quick-and-easy automatic updates optionsoptions
Pop-up blockerPop-up blocker Monitoring of anti-virus protectionMonitoring of anti-virus protection Software firewallSoftware firewall
FirewallsFirewalls
Keeps Keeps unauthorized users unauthorized users from entering your from entering your systemsystem
Hardware and Hardware and Software based Software based firewallsfirewalls
More on FirewallsMore on Firewalls
No need to worry if you’re on the No need to worry if you’re on the Hiram networkHiram network
Should be used otherwise – easy to Should be used otherwise – easy to use and you can work around them if use and you can work around them if you need toyou need to
Anti-Spyware ToolsAnti-Spyware Tools
AdAware, Spybot, and MS AdAware, Spybot, and MS AntiSpywareAntiSpyware
Anti-Spyware ToolsAnti-Spyware Tools
AdAware, Spybot, and MS AdAware, Spybot, and MS AntiSpyware are all free tools that AntiSpyware are all free tools that scan for and remove spywarescan for and remove spyware
These three are also the most These three are also the most powerfulpowerful
We will show you how to use these We will show you how to use these tools in this sectiontools in this section
AdAwareAdAware
http://www.lavasoftusa.com/http://www.lavasoftusa.com/ Free version available (AdAware SE Free version available (AdAware SE
Personal)Personal) Professional version also available Professional version also available
SpybotSpybot
http://www.spybot.info/http://www.spybot.info/ Completely Free of ChargeCompletely Free of Charge
Microsoft AntiSpywareMicrosoft AntiSpyware
http://www.microsoft.com/athome/securithttp://www.microsoft.com/athome/security/spyware/software/default.mspxy/spyware/software/default.mspx
Formerly Giant AntiSpywareFormerly Giant AntiSpyware Free of chargeFree of charge
Other toolsOther tools
Noteworthy commercial products:Noteworthy commercial products:– AdAware SE ProfessionalAdAware SE Professional– Webroot SpySweeperWebroot SpySweeper
Trusted sources of information (and Trusted sources of information (and updated software):updated software):– http://www.download.com/http://www.download.com/– http://www.spychecker.com/http://www.spychecker.com/
Advanced RemovalAdvanced Removal
Safe Mode, Regedit, and Safe Mode, Regedit, and BazookaBazooka
Advanced Spyware RemovalAdvanced Spyware Removal
Windows Safe ModeWindows Safe Mode
The Windows RegistryThe Windows Registry
Manual Spyware Removal (with Manual Spyware Removal (with Bazooka)Bazooka)
Windows Safe ModeWindows Safe Mode
Safe Mode – what is it?Safe Mode – what is it?– Only loads minimal Windows functions Only loads minimal Windows functions
for Windows to run.for Windows to run.– User must manually start any programs User must manually start any programs
they wish to use.they wish to use.– Allows anti-spyware scanners to remove Allows anti-spyware scanners to remove
spyware more effectively.spyware more effectively. Our instructions are for Windows XPOur instructions are for Windows XP
How to Access Windows Safe How to Access Windows Safe ModeMode
1. Update all anti-spyware scanners with current definitions.
2. Turn off System Restore. (Instructions coming next!)
3. Reboot the computer.
4. Tap the F8 key about twice per second as the computer reboots.
Accessing Windows Safe Mode Accessing Windows Safe Mode continuedcontinued
5.5. Select the first option, Safe Mode, and press Select the first option, Safe Mode, and press enter.enter.
6.6. When Windows starts, run anti-spyware When Windows starts, run anti-spyware scanners.scanners.
Turning off System RestoreTurning off System Restore
The Windows RegistryThe Windows Registry Windows Registry – what is it?Windows Registry – what is it?
– A database of configuration files needed A database of configuration files needed to run Windows and programsto run Windows and programs
– Some spyware must manually be Some spyware must manually be removed from the registry removed from the registry
– Use Google to search for instructions on Use Google to search for instructions on how to remove the spywarehow to remove the spyware
**A word of caution when using the registry!****A word of caution when using the registry!**
How to Access the Windows How to Access the Windows RegistryRegistry
1.1. Click on ‘Start’, and Click on ‘Start’, and then click on ‘Run’.then click on ‘Run’.
2.2. Type ‘regedit’ and Type ‘regedit’ and click ‘Ok’.click ‘Ok’.
3.3. Follow the Follow the instructions for instructions for removing the removing the spyware by spyware by expanding the expanding the hierarchical folders hierarchical folders in the left column.in the left column.
Bazooka Removal ToolBazooka Removal Tool
Free softwareFree software http://www.kephyr.com/http://www.kephyr.com/ Advanced removal tool (often Advanced removal tool (often
requires using regedit)requires using regedit)
Sample of Bazooka InstructionsSample of Bazooka Instructions
Additional MeasuresAdditional Measures
Other things to keep you Other things to keep you safesafe
1: Use a pop-up blocker1: Use a pop-up blocker
Pop-up blockers stop pop-up ads Pop-up blockers stop pop-up ads from being displayed on your screen.from being displayed on your screen.
Windows XP Service Pack 2 adds a Windows XP Service Pack 2 adds a pop-up blocker to Internet Explorer.pop-up blocker to Internet Explorer.
If you are not using Windows XP, If you are not using Windows XP, Google makes a pop-up blocker too. Google makes a pop-up blocker too. You can download it at You can download it at http://www.google.com/downloads/http://www.google.com/downloads/
2: Turn off dangerous features2: Turn off dangerous features
Internet Explorer allows the use of Active X Internet Explorer allows the use of Active X for displaying certain contentfor displaying certain content– Unfortunately Active X can be very dangerous Unfortunately Active X can be very dangerous
if used for malicious purposesif used for malicious purposes– You can disable Active X in the security You can disable Active X in the security
settings of Internet Explorersettings of Internet Explorer You may wish to disable other features as You may wish to disable other features as
wellwell There is a better option than crippling your There is a better option than crippling your
featuresfeatures
3: Use a different Web Browser3: Use a different Web Browser
Internet Explorer is currently the most Internet Explorer is currently the most commonly used web browsercommonly used web browser
That means it is the ideal target for That means it is the ideal target for spyware manufacturersspyware manufacturers
If they can find an exploit in it, they can If they can find an exploit in it, they can target the most number of peopletarget the most number of people
3: Use a different Web Browser3: Use a different Web Browser
By using a different web browser you By using a different web browser you avoid most of these mainstream exploits avoid most of these mainstream exploits
Firefox is an example of a browser Firefox is an example of a browser alternative that an individual can usealternative that an individual can use
It is free from http://www.mozilla.org It is free from http://www.mozilla.org Another free browser is Opera Another free browser is Opera
(http://www.opera.com)(http://www.opera.com)
3: Use a different Web Browser3: Use a different Web Browser
Alternate browsers also include other Alternate browsers also include other features you may find usefulfeatures you may find useful– Most web browser alternatives include Most web browser alternatives include
pop-up blockerspop-up blockers– Some even have features for removing Some even have features for removing
advertisements all together advertisements all together
4. Be Alert4. Be Alert
Many virus writers use simple tricks Many virus writers use simple tricks like misdirectionlike misdirection
http://cs.hiram.edu/http://cs.hiram.edu/ Double check your sources and Double check your sources and
make sure that the link is going make sure that the link is going where you think it iswhere you think it is
Questions?Questions?
See this information (and more) atSee this information (and more) at
http://cs.hiram.edu/http://cs.hiram.edu/ Feel Free to contact us at Feel Free to contact us at
[email protected]@hiram.edu
