Someone commented on my prior article about:blank hijacked my
homepage – how do I fix it?:
|
After spending about $29.00 a shot for 5 or 6 different spyware |
It is frustrating. But there are several possible reasons you’d get
reinfected.
It’s not necessarily a losing battle, but it is a constant one.
Become a Patron of Ask Leo! and go ad-free!
Tip #1: Don’t spend any money on anti-spyware. It’s
currently not worth it.
For what it’s worth, I’ve never spent a dime on spyware removers/checkers
and actually don’t recommend that anyone do so. The free packages seem to be
the best right now anyway even if none of them get you 100% coverage.
Tip #2: Run the right tools for the job.
Now, to the list of tools you mention that you’re running, you should be
aware that firewalls and most anti-virus programs give you no protection
against spyware. None. So the fact that you’re running with a firewall and are
running Norton (Anti-Virus, I assume) is great, but for other
reasons.
The only tool you’ve mentioned that would apply is Spysweeper by Webroot.
The good news there is that it has a fairly good reputation.
Tip #3: Keep your tools up to date.
Even the right tool will not work properly if it doesn’t have the
latest and greatest definition of what spyware is. Spyware, like
viruses, is a race. New spyware is being generated every day, and that means
all the spyware scanners need to be updated regularly. Usually that’s as simple
as telling the scanner to update itself. Microsoft’s even automates that
process.
Tip #4: Use the tool’s advanced features.
Spybot Search and Destroy and Microsoft’s Anti-Spyware both have a feature
called “inoculation” or “immunization”. Other tools may have something similar.
These features cause the tools to monitor for spyware-like behavior and either
prevent it, or at least ask you about it, before it takes place. For
example with either, you can prevent your Internet Explorer homepage from being
changed by anyone. Hence, homepage hijacking is a thing of the past. Both keep
an eye on registry changes as well. Look for these features in whatever
anti-spyware program you choose, and turn these features on.
Tip #5: Don’t be part of the problem.
All the protection in the world won’t help if you engage in risky behavior.
Download and install software only from places you trust. One of the
largest sources of spyware anywhere are the peer-to-peer file sharing
programs like Kazaa. They come loaded with spyware. Check out the reputation of
a package before you install it. Don’t open email attachments unless you
know it’s safe and legitimate.
Leo- It seems that if this guy is really getting sick of the Spyware he should consider a Mac. Right? (I understand that you were just answering his question. You do a great job in helping people.)
Leo,
Your advice is very good, but I didn’t see any mention of going to http://windowsupdate.microsoft.com and downloading all of the latest security updates for Internet Explorer. To the best of my knowledge, most if not all of these browser hijackers exploit known vulnerabilities in IE that can easily be patched.
I especially like your “risky behavior” tip, but I think you should have mentioned that a primary source of these nasties is “questionable” sites, such as porn, warez (pirated software for those who don’t know), hacking, etc. I’ve visited my fair share of these sites in IE and I didn’t catch anything because I had IE updated.
Finally, I think it’s fair to mention that the easiest way to avoid catching malware from malicious websites is to use a different, often more secure browser, such as Mozilla Firefox:
http://www.mozilla.org/products/firefox/
I’ve been using Firefox instead of IE since last summer, and in my experience very few sites don’t work properly with it.
Statistically today an unprotected PC with a fast (ADSL/T1/cable connection to the Internet will be hit with Malware within 40 seconds, an unorotected PC on Dial-up will be hit within 5 minutes of being on the Internet.
I believe that today you DO need good Security Software, and some are much better than others.
Good Free Security software I recommend:
1. Microsoft Antispyware Beta (ex Giant)24/7 + daily scan
2. Spyware Blaster (Javacool) 24/7
3. Spyware Guard (Javacool) 24/7
4. Spybot S & D (Kolla) weekly scan
5. Spybot S & D TeaTimer = part 4.above(Kolla)24/7 = weekly scan
6. Adaware SE Personal (Lavasoft) weekly scan
7. AVG Free v7 +++Antivirus (Grisoft) 24/7 + daily scan
8. System Security Suite (www.igorshpak.net> weekly scan
9. ZoneAlarm Free Firewall(ZoneAlarm)24/7
10. Internet Sweeper (Emory) 24/7 autosweep
11. Pegasus Email as Email Client(Pegasus.com) (don’t use Outlook or Outlook Express)
I have tested most Free security applications and these appear to be a very good combination.
PAID (Registered versions):
If you can afford it, the following are all really good, when used in combination:
1. Norton Antivirus (Symantec) 24/7 + daily scan
2. Trojan Hunter (Mischel) 24/7 + weekly scan
3. a-squared guard/scanner (Emsisoft) 24/7 + weekly scan
4. ZoneAlarmPro – replaces free ZA (Zonelabs) 24/7
5. Spyblocker (Kurland) 24/7
6. Digital Patrol (Protoantivirus) weekly scan
7. Spyware Doctor (PC Tools) 24/7 + daily scan
8. MailwasherPro + First Alert (FireTrust) 24/7
9. Evidence Eliminator (Robin Hood) weekly
10. Anon2004 (Anonymizer) on Internet
Update daily all above (takes around 15 minutes)
You might think that there is a lot running simultaneously, but at leat the PC is as secure as possible.
I have a special interest in Computer Security
Wow. That seems WAY overkill. IMO: a hardware firewall (router) + a good spyware and a good av program, run *and updated* regularly, + windows update either auromatically or regularly, + some common sense (don’t open attachments you aren’t 100% certain of) is the best combination.
In response to Lofty’s post: I am an Internet security researcher, and in my opinion Lofty’s list is only slight overkill, and Leo’s list is slight underkill.
#1) Leo, the short answer is that I would add a two-way, application level software firewall like Zone Alarm to your list. Lofty is right about this: An adequate firewall of some sort is an absolute necessity for any computer connected to the Internet and is the first level of protection. I don’t consider a basic NAT router to be an adequate firewall.
As to why, well, that gets a little involved, so I posted it to my blog at: http://internet-insecurity.com/blog/2005/04/12/is-a-router-an-adequate-firewall/
2) Leo, I also think it is wise to have a backup anti-spyware application or two, because none find and clean all of the huge amount of malware that is out there. I will put in a specific recommendation for MS Antispyware or it’s cousin, Sunbelt Antispyware as the primary means of protection from spyware. These applications are very good, especially if Real-Time protection is enabled. I would add the immunization features of Spybot and Spyware Blaster, and occasional scans with Spybot. Ad-Aware is also a good antispyware application for use as a backup scanner, but it lacks real-time protection and immunization features.
Lofty is offering a pretty comprehensive solution. He doesn’t explain all the reasons why feels all that protection is important, but I thinks he probably has some good reasons.
I would add the following to Lofty’s list for certain users: A good, workable encryption system for any documents and information the user would prefer to keep private, like tax and other financial records and confidential letters and such.
I am using Spyware Nuker. What do you think of that program. I seem to have to run hijack this every day still.
I don;t know anything about Spyware Nuker. I recommend Microsoft’s Anti Spyware: http://ask-leo.com/recommendation_microsoft_antispyware.html
I would recommend using Mozilla Firefox as your browser rather than frequently updating IE for browser exploit patches. I admit Firefox isn’t bulletproof, but at least the majority of internet attacks that specifically exploit a vulnerability in IE won’t affect you. Adjusting your preferences (“trusted sites”, disabling cookies, etc.) in Firefox has kept my system clean.
Coupled with Adaware and Spybot weekly updates and scans, the only other precaution you need to follow is Tip #5 – use your head!
SpyWareNuker is dangereus!!!!!!!! This program might include spyware/adaware hazzard… Check: http://camtech2000.net/Newsletters/a_new_spyware_tactic.htm …for more information!
Also check:
http://www.symantec.com/avcenter/venc/data/adware.spywarenuker.html
http://news.com.com/2100-1032_3-5157358.html
http://www.felgall.com/secspy03.htm
http://www.safer-networking.org/en/compatibility/spywarenuker.html
http://forums.datamation.com/showthread.php?t=213
I totally agree with what you’re saying. I wish more people felt this way and took the time to express themselves.
Keep up the great work.
David Jefferson
http.www.spywaresoftwarehouse.com