OIT Help Desk

Fighting Malware

Protecting your computer from Spyware, Adware and Viruses

Malware (short for malicious software) is a term coined to describe programs which are ultimately detrimental to the computing experience. Viruses are the most visible and publicized malware but there are other types, specifically adware and spyware, which are less obviously a threat but perhaps even more of a nuisance. This page will describe the various types of malware and what steps should be taken to remove them or, if possible, prevent their installation.

Viruses and Worms

A virus is a computer program designed to install itself on a computer without the user’s knowledge and then perform some task. Most commonly viruses will try to infect other machines, open up the infected machine to outside access or cause damage to files. A worm typically is installed when a user launches an infected e-mail attachment. The worm then uses the mail system (and address books) of the infected computer to send infected e-mails to other users.

This type of malware is very high-profile with several companies such as Network Associates (McAfee) and Symantec (Norton) actively working to combat it. Using a virus-scan product and keeping current with Windows Updates are the best methods available to prevent infections. Users should also be wary of unexpected e-mail attachments, even if they come from someone they know.

More information on viruses and methods of prevention can be found at the OIT Virus and Security Alerts website.

Adware and Spyware

Adware is software which is free to the user or available at a reduced cost because it displays advertisements either in the software window itself or in separate pop-up windows. By itself adware is merely irritating as the user must contend with unwanted pop-up windows while running the ad-supported software.

Spyware is any software which utilizes the bandwidth of the machine on which it is installed to communicate with the parent company. Statistics about one’s browsing habits, installed software and other information are collected by these companies and then either sold as market research or used by the company itself to target ads at the user.

Together (often a program works as both adware and spyware) they represent a serious invasion of the user’s privacy and could use up considerable bandwidth and processor resources communicating with the developer and downloading ad content.

It is often difficult to identify this software without a thorough reading of the end user license agreement. Companies which distribute this software use many tricks to entice users to install their programs. Two common channels by which malware is installed are pop-ups which look like a security warning and opt-out installers. Users should familiarize themselves with these methods and use discretion when agreeing to anything on the web.

Spoofed Security Warnings – Some malware installation requests are designed to look like a typical security request from the browser. The tendency is for people to accept anything that pops up which they feel is restricting them from viewing a particular page. When a user clicks yes, thinking they are accepting a security certificate, they actually are giving permission to install whatever software the distributor wishes to push to their computer. To prevent these installations one only has to read carefully any requests that pop-up while browsing and make sure they are indeed required. If you are unsure, answer no and then if you have problems with that particular web page, go back and answer yes when the request appears.

Opt-out Installers – Some web-sites which require a user registration include opt-out installers for various pieces of adware and spyware. An opt-out installer is one such that if you do not explicitly decline whatever software they are offering, it will be installed by default once you complete your registration for the site. The tools to decline the installation are often deliberately inconspicuous and typically the installation happens without the user’s knowledge. Opt-out installers are also seen quite often in the installation packages for “free” software such as screen-savers, download managers, games, shopping assistants and web accelerators.

Prevention/Removal

Users are not often aware that their machine is host to malware until it begins to affect performance. Excessive pop-ups or slow network access may be the only indication that the computer has been “infected”.

As the old saw goes, an ounce of prevention is worth a pound of cure. Users should take the following steps to be sure their machines are as secure as possible:
• Keep Windows up to date – Use the Windows Update feature of your operating system to be sure you have all of the most recent security and functionality updates.
• Keep anti-virus software current – Users should be running an anti-virus package such as McAfee VirusScan which continually scans the computer for viruses and other threats. It is vital that the virus information be kept up to date; otherwise its effectiveness will be greatly diminished.
• Install and configure a firewall – Install a personal firewall product such as ZoneAlarm or enable Internet Connection Firewall under Windows XP to monitor and block internet traffic.

For the removal of spyware, OIT recommends and uses a program called SpyBot Search and Destroy. Freely available from http://security.kolla.de, users may install and run this software which scans their machine for known spyware, adware and tracking information. It works similarly to a virus scanner and will recognize and eliminate the vast majority of spyware programs.

Other Resources

New malware threats appear almost daily so it is important that users take the time to become familiar with the information and tools which are available to combat the problem. Below is a list of links to many resources related to the problem of malware.

http://malwarebytes.org
At this site, you can obtain a free version of a malware removal tool.

http://www.nai.com
The official website for McAfee VirusScan carries alerts about current threats, a virus information library and many other tools and articles which will assist one in fighting viruses.

Please see the Common Malware Programs page for a partial list of software which is known to include spyware elements. A comprehensive list would not be possible to produce as new spyware is produced almost daily. Users should view this list as a warning of the prevalence of this problem and take steps to keep their machines free from this latest threat to privacy and productivity.