The web is a terrific place to find or do almost anything you can think of; from interacting with friends to entertainment. However, with all these great resources available – there is groups of people that want to give you and your computer a terrible day. This group known as scammers, will use spyware and viruses to compromise your computer for the following reasons:
- Data Mining for:
- Banking Information
- Identity Theft
- Social Networking Logins
- Email Logins
- Turn your computer into a Spambot – Spamming
- Advance-Fee Fraud (Nigerian scam)
- Storage of Illegal Materials
- Bot Networks / Zombie Computers
- Bot Networks (BotNets) are a large distributed group of computers that are infected with spyware that can be remotely controlled to perform many of the above actions against other computers or networks
Many people that first hear about the purpose of spyware asks “Why would anyone do that?” The primary reason for spyware is the same reason for many other scams in the real world – money. Scammers usually get paid large sums of money for the information they mine from individual’s computers, when sold on the open market. Now that you know what happens if you should be infected, lets move on to five tips to protect yourself.
Antivirus and Anti-Spyware
First of all, you need to have an antivirus suite installed on your computer. Your antivirus is your computer’s first line of defense against the evils of the web. Without an antivirus program you might as well put up a sign that states easy prey. If you do not have a antivirus suite I would highly recommend that you purchase one after your done reading this – unless your on a Mac. Below follows our recommendations on an antivirus suites (as of this writing):
- ESET SmartSecurity
- Kaspersky Antivirus
- Microsoft Security Essentials – Free (Windows Vista & Windows 7 Only)
AVG Free Antivirus– Free
If you already have an antivirus suite – good for you! Now you need to make sure your antivirus subscription is current and your antivirus is up-to-date with the latest definitions. You can setup an schedule with the antivirus suite to automatically download and update the definitions daily – this function is usually set by default – but you can check by looking under settings and schedules. After you have made sure that the virus definitions are being downloaded, you need to schedule a weekly scan of your computer. To setup a virus scan of your computer you will need to refer to your antivirus’ manual or help documentation.
Since your antivirus is your first line of defense you should consider a second line of defense. I recommend for your second level of defense, the use of a dedicated anti-spyware program. As of the time of this writing, the current favorite dedicated anti-spyware program is Malwarebytes. Malwarebytes Anti-Malware is one of the best dedicated anti-spyware programs, all you need to do is download, install, update and scan. I recommend for most users to run a weekly scan with Malwarebytes. The free version of Malwarebytes does not include scan scheduling, however the paid version does.
Moving on to the second level of your computer’s defenses – Microsoft Update (Formally Windows Update). Microsoft Update is Microsoft’s software update services for Windows Operating System and other software suites. On the second Tuesday of each month – known as Patch Tuesday – Microsoft releases security fixes and software improvements for the Windows Platform. These security fixes that Microsoft releases, are to resolved security exploits that are found after the release of a product. Some of the security fixes are to plug up security exploits that are found in the wild. So installing these updates are very important, because some spyware takes advantage of unpatched machines. Microsoft Update only updates first-party software, for example: Windows, Microsoft Office, and Silverlight. The best way to keep up with the latest patches from Microsoft Update is to configure the Automatic Updates feature of your Windows computer. To setup this feature;
Windows XP: Start > Control Panel > Automatic Updates and select the “Automatic (Recommend)” option to allow your computer to automatically download and install new updates.
Windows Vista/7: Start > Type “Windows Update” into the Start Menu Search bar > select the “Windows Update” result > in the Windows Update Window click “Change Settings” in the left task panel > In the drop down menu select the option “Install Updates Automatically (Recommend)” > click “OK”.
Please note: Some updates have prerequisites and others may cause your PC to fail in unforeseen ways if certain conditions exist on your computer.
Don’t Signup for Everything
Earlier in the month (April 2010) the UK base GameStation web site conducted an experiment on their web site’s terms. They changed their terms to include a “Immortal Soul Clause” that stated that by failing to click an opt out check mark at the checkout that GameStation would own your immortal soul. It turn out that 88% of the customers that checkout while this changes was in effect gave GameStation there souls. The funny thing was that if they tick that check mark at the checkout they would have save £5 that session. GameStation has since remove the “Immortal Soul Clause,” from their terms but not before demonstrating that nearly no one read web site agreements. Also, for the people that didn’t opt out of the soul clause, GameStation had contacted them to inform them that the company has nullifed any rights to the customer’s soul.
Source: Ars Technica and NewsLite.tv
The reason I bring this up is most users either don’t read or understand that these agreement on web site can and do have clauses that allow companies evermore rights over there customers. So before you uses a web site you need to review those agreements to make sure you are not going to a rotten deal – and doubly so if you plan give a company financial information.
Another reasons to review those agreements is to review how that services or company is going to treat your email address – are they going to keep it secret or are they going to sell it to everyone and they dog? Most respective companies will only share this vital piece of information with either no one or only other selected companies to preform a certain duty (e.g. a small site with an mailing list will need to either roll their own mailing list or out source it to a professional company – MailChimp). So if you worry about the amount of spam you get in your inbox on a daily basis, you need to know if that company that has that cool item for sell is going to sell your email. If you need to temporary sign up for a service that may spam your email, you may consider getting a secondary free email account at either Yahoo or Hotmail that you will use for spam only. By doing so, you keep your primary email off spam list and you have a valid email that you can sign up for what have you.
One would ask how does preventing spam in a inbox prevent spyware – well in short it helps your friends.
Don’t Install Software
What? Don’t install software? But How? That is not what I mean, most users will install anything that pops up on their computer if it will allow them to do whatever the task at hand is. However, most infections play off this thought process, so the best way to avoid getting infected by a drive by download is to carefully review what you are about to download and install.
Another way that spyware can get on your computer is through advertisements on certain web sites. Some spyware that come through advertisements will look like a window of the Windows Platform. One example is a “My Computer” window that claims that your computer is infected with viruses and urges you to download a free scanner – which the scanner is actually spyware. So avoiding advertisements on the web is another way to stay free of spyware on your computer.
Stay Away from the Dark Side
The last tip to stay safe from spyware is to avoid the dark corners of the web. Most of the web sites that you want to avoid on the web usually contain illegal or pornographic materials. The first type of sites to avoid are sites that offer free commercial software. These sites will offer you to download full programs or movies for free, however if you download this material you will be committing copyright infringement – so avoid at all cost. Most of these sites include spyware laded advertisement and drive by downloaders. The next place that you want to avoid is P2P networks such as LimeWire and Kazaa because most of these P2P networks include tons of viruses and spyware hidden as music or video files. The last place you want to avoid is an odd classification – pornographic web sites. The correlation of a visit to pornographic web sites and spyware infections is very strong from my experience in the field. To prevent an infection from these sites either run an antivirus/anti-spyware scans often or don’t visit them at all.
By following this simple advice, you can protect your computer and your data from the evil doers on the web and enjoy spyware free computing.
Using these tips may help protect your computer from spyware, virus, trojans, and worms – however nothing is ever 100% full proof. Your Results may very.