Factsheet: Protecting your PC against viruses and spyware
Spyware, trojans, dialers and viruses can cripple your PC's performance, destroy data and compromise your security. Find out how to identify if your PC is at risk and how to lock it down from attacks in the future by reading this factsheet.
Although this is not strictly a marketing subject, I am often asked how one can protect a PC against these nasties. This factsheet will help you keep your PC doing what it should be doing.
What is spyware?
Spyware is software which can track what you do on a computer and report it back to another computer. With the widespread use of broadband, spyware has an easy route back to its precipitator. Most spyware is quite benign - almost all applications will 'call home' to check for new versions, including your operating system. There are, however more advanced and aggressive spyware applications which can try to take over your PC, perhaps by forcing your web browser to another search engine page, or by displaying popups. Worse still, some spyware can store every keystroke on your computer, passing this back to its owner - this could include usernames and passwords, along with the websites that you may have entered them into. Still feel safe doing your banking online? Some applications will install a phone dialer which will change your dialup settings - instead of dialing your standard local rate number it'll dial a premium rate number, sometimes several Pounds per minute - you will only find out when you get your bill unless you notice the number's changed, and don't expect the phone company to reimburse you!
Where does spyware come from?
The main spread of spyware comes from the human weakness to get something for nothing. Free toolbars, wallpapers, smileys, application add-ons or 'cracked' software often contain spyware or viruses. So if you download ANYTHING, try to make sure it comes from a reputable source, scan it for viruses and perhaps do a google search to see if anyone else has had problems with this application. Note that some programs require the 'spyware' in order to run, so it's possible that the program will stop working, or work incorrectly after spyware removal, however I have never had this happen to any mainstream program, and this is a warning that most antispyware apps mention just to cover themselves.
What are viruses?
Viruses have been around for a long time, and have actually become less destructive (at least in my opinion). Going back 15 years it was not uncommon for a virus to wipe out the boot sector of the hard disc, similar to ripping out the index of a book. Nowadays viruses can corrupt files but most concentrate on their own propagation and stealth. They'll try to bypass or even disable your antivirus software and firewall, send themselves out to all of your address book and perhaps deliver another payload - some even turn your PC into a 'zombie' to perform predefined tasks. This might either be a spam attack or a DoS (Denial of Service) attack, where any infected PC sends out junk data to one specific server. If enough PCs do this it effectively swamps the server so that it cannot respond to legitimate traffic, bringing it down.
How do I know if I have spyware/viruses?
The symptoms can differ depending on the infection. I once cleaned a PC that had 700+ pieces of spyware/viruses on. Many of these were duplicates/mutations of the same one (MS Blaster), but nevertheless the effect was the same - a very lethargic PC that behaved erratically. It was incredibly slow, sometimes rebooted and would popup adverts for porn regularly. The start page was also configured to goto another search engine, and changing it within Internet Explorer settings made no difference.
Another useful tip is to open up Task Manager (right click on the taskbar and select it from the menu). Look at all of the processes that are running under your username login. Do a 'google' for the EXE filename - almost every application will have some writeup on its legitimacy and status so you can quickly determine applications that have a right to be running and those of a suspicious nature.
How can I get rid of spyware?
The best way to know if you are infected is to use one of the many excellent and free spyware detectors. The two best apps are LavaSoft Adaware and Spybot Search and Destroy, both of which are free.
Download BOTH applications and perform a full system scan. What one doesn't find the other invariably will. Both will flag up 'cookies' as a security risk, however do not delete these unless they are obviously dodgy (e.g. they mention sex, for example and you've not been frequenting porn sites!) Many cookies are useful, storing your online preferences (e.g. your Amazon preferences...)
At the time of writing Microsoft has a free beta of its antispyware software available, which may also catch some items that Adaware and Spybot miss. If something shows up in either app that cannot be removed then give it a try as initial reports show it to be very good.
LavaSoft AdAware can remove spyware for free
You should also run a complete virus scan, as antivirus software will remove trojans (pieces of code that are hidden inside other programs) just as successfully. AVG from Grisoft is an excellent free av program.
Once you've run all of the above applications several times and no more nasties are coming up recheck the Task Manager and ensure that no suspicious applications are still running. If there are any that a Google search shows as malicious, do another google for the name of the file and 'removal' - most of the big antivirus sites will have instructions on how to remove the tool, or may even provide free online tools to eradicate it from your system. Chances are that you will have to get your hands dirty and edit the Windows Registry. This is not as frightening as it sounds, as long as you a) take a backup of the registery and b) follow the instructions to the letter.
Sometimes using the System Restore feature in Windows can fix problems, so for the less technically experienced this might be the more painless route to go if the above scanning solutions don't work and you don't want to play around with the registry.
How do I prevent further attacks?
This is really down to common sense. There are a number of things you can do:
- Don't click on popup adverts or any suspicious 'error messages'. Some popups are disguised to look like error messages, saying 'Your computer is at risk from spyware - click here to fix the problem'. Quite ironic really...
- Install a popup blocker. Windows XP Service Pack 2 has one as standard. Alternativey the Google toolbar has one, with many other features besides
- Run regular scans with Adaware, Spybot and your chosen antivirus sofware. Free antivirus software such as AVG is pretty much as good as Norton and (in my opinion) will not slow your PC down as much!
- Don't open any attachments unless a) you know who sent them, b) you were expecting the email AND c) you've saved it to your hard disc and scanned it with up-to-date antivirus software. If in doubt email the source to confirm validity. Many viruses will replicate by sending an email addressed from you with a file attached renamed as one of your files.
- If you use P2P software be extra careful with what you download
- Ensure that your PC is patched and up-to-date. Ideally, set Windows Update to check for updates every day and install automatically. Do not leave your PC connected to the Internet while you are not there (either switch it off or switch off your modem/router)
- Ensure that you are running a firewall. This will stop people from hacking into your computer. Windows XP Service Pack 2 has a perfectly adequate one, although you might also consider ZoneAlarm, which is free. Check to see how vulnerable your PC is by running the 'Shields Up' online test