External attacks on your computer come in many forms: viruses, worms, spyware, and Trojan horses are just a few of the mostcommon types. This malware, or malicious soft- ware, presents threats to your computer’s operation, the security of your data, your privacy, and your identity. If your computer is doing something strange for no apparent reason, a virus or spyware program could be to blame. Sometimes, though, there are no visible signs. For example, a virus could quietly fill up your hard drive with garbage data, or spyware could secretly capture your keystrokes and send them back to an attacker’s computer, where the attacker will search your text for account numbers and passwords. Besides the privacy issues, this stuff is inherently evil because it’s theft, plain and simple. Not only does it involve the unauthorized use of computer and network resources, but it also ties up processor cycles, memory, and network bandwidth without permission.

Protecting Your System

Because there are so many kinds of malware out there, and because they can do so much damage, it’s absolutely essential to do everything you can to pro- tect your computer. This protection should include prevention in the form of firewalls and filters as well as programs that can remove and repair attacks that might slip through your armor. At a minimum, your computer should have all of the following forms of protection in place: A hardware or software firewall (or both) to filter unwanted attempts to connect to and from your computer through the Internet. Windows XP SP2 includes an adequate firewall, but you might want to add at least one more layer of protection with a separate firewall program, or a firewall built into a network switch or router. An antivirus program to protect the computer from viruses that dupli- cate themselves and can interfere with the computer’s operation by reformatting a hard drive, deleting or altering program and data files, or loading unwanted programs. An antispyware program that filters and removes programs that gather information from your computer and sends that information to a dis- tant host. As an experienced computer user, you know that security is a problem. And you probably have firewalls, filters, and other security programs in place. But sometimes it’s easy to assume that those protective tools are doing their job and that a glitch in the computer’s performance must be caused by some other type of problem. In fact, the war between computer miscreants and the good guys who are trying to stop them seems to go on forever, so it’s always possible that a new type of attack has been successful. Therefore, scanning for embedded viruses, spyware, and other malware should be part of every troubleshooting routine. Even when your antivirus, antispyware, and firewall programs are all actively monitoring your system, you can’t rule out the possibility that something nasty has found a way into your system.

Viruses, Worms, and Trojan Horses

Computer intrusions can take several forms, including viruses, worms, and Trojan horses:

Viruses Viruses are snippets of software code that are usually delivered hidden inside another apparently innocuous program or data file. When you open the file that contains a virus, the virus program runs and does whatever damage it was designed to do. Many viruses also attach copies of themselves to other programs or data files so that they can spread to other computers, just like a biological virus spreads from person to person. An e-mail virus is embedded inside an e-mail message. When recipients open infected messages, the virus runs on their computers and also sends copies of itself to e-mail addresses in the recipients’ address books.

Worms A worm is software that is designed to take advantage of security problems in widely used programs (often e-mail programs). The worm distributes itself from computer to computer through the Internet and across other computer networks. Many worms also do other damage, such as replac- ing web pages on infected servers with content created by the worm’s originator. Worms can also direct massive attacks on specific computers (computers at the White House and Microsoft are popular targets) in order to overload and crash their Internet access.

Trojan horses A Trojan horse is a program in disguise. For example, it may be identified as a downloadable game or music file, but when it is opened, it’s actually something else entirely. That something else usually does some kind of damage, such as erasing the contents of a hard drive or forwarding data to another computer through the Internet.

Antivirus Programs Obviously, you don’t want to let any of these things into your system, but unfortunately, a virus may be secretly active on your computer, even if you don’t notice any symptoms. Therefore, you should always run a full-time virus monitor and perform periodic manual antivirus scans as part of your security routine. And just to be doubly sure that your computer is not infected, run an occasional scan of your system using a different antivirus package from the one you normally use.

NOTE: Some viruses target antivirus software and can shut it down without your knowledge.

More than two dozen companies offer antivirus programs for Windows XP. For a current list of antivirus programs that Microsoft has tested, go to www.microsoft.com/athome/security/viruses/wsc/en-us/flist.mspx. Several companies offer free versions or free trials of their antivirus products, so you can test a few programs before you settle on one. Most antivirus programs are effective against all the common viruses, and they all provide frequent updates to add protection against newly discovered threats. The important differences among these programs are cost and ease of use. The antivirus programs that offer free versions for personal use, including Avast (www.avast.com) and AVG (http://free.grisoft.com), are entirely adequate for most home users. As a supplement to your installed antivirus program, you can also run a free online virus scan from Trend Micro (http://housecall.trendmicro.com), Panda Software (www.pandasoftware.com/activescan/activescan), or BitDefender (http://bitdefender.com/scan8/ie.html). You may need to turn off the installed virus scanner in order to avoid conflicts with an online virus scan. These websites download and run antivirus programs through the Internet to examine your computer and identify or repair infected files. (The online scans are free because the companies hope that you’ll like what they have to offer and buy their more extensive antivirus packages.)

Take Precautions

In addition to your antivirus utility, you must also take other precautions to keep viruses out of your computer:

Never open an attachment to an e-mail message unless you know what it contains and who sent it. Never open files attached to unsolicited e-mail. Keep your antivirus program up to date. New viruses and other threats appear all the time, so it’s essential to have the very latest protective soft- ware. Most good antivirus programs can automatically update themselves several times per week.

Spyware

As the name suggests, spyware is software that spies on you. It gathers infor- mation from your computer and relays it to another location. Spyware can capture keystrokes or screen images, identify the hardware and software installed on your computer, and hijack your browser’s home page, replacing it with one that displays pornography, advertising, or other messages. More malicious spyware can also collect account login names, passwords, and other personal information. Still other spyware tracks the websites you visit in order to send you targeted advertising. These programs are particularly insidious because they install themselves without your knowledge. They often hide inside another program that offers some kind of useful service, such as a “computer tune-up.” Many advertisers use spyware to distribute advertisements in pop-up windows and web page banners. Some of the worst offenders replace the messages and ads on web pages you visit with their own content, or even force offensive material onto computers where they are not wanted.

Where Did That Come From?

How does spyware make its way into your computer? In most cases, it loads as part of other programs that claim to offer some kind of useful service, such as an added toolbar for your web browser, a file sharing tool (such as those offered in Kazaa, Morpheus, and BearShare), or a file compression tool (such as DivX). Gator, one of the most common spyware programs, claims to help fill out forms and remember passwords, but it also tracks the websites that you visit and sells that information to advertisers; Comet Cursor, a program that can change the appearance of your mouse cursor, also collects marketing information about users; and Xupiter, a search engine toolbar, launches pop-ups and adds advertising links to your Favorites menu. There are dozens and

dozens of others. If your computer is connected to the Internet, and if you have ever down- loaded and installed programs from online sources, there’s an excellent chance that there are spyware programs lurking beneath the surface of your system. If you share your computer with children or college students, it’s even more likely that you’re harboring some kind of spyware. Many of the popular file sharing programs used for downloading music files are notorious as channels for distributing spyware.

Protecting Against Spyware

It seems as if some people will grab every possible opportunity to advertise their products or services, whether you want to hear about them or not. Highway billboards, telemarketers, junk faxes, e-mail spam, and spyware are all among the unfortunate forms that advertisers use to force themselves upon potential consumers. There is some debate about whether such marketers are a higher or lower life form than pond scum, but it’s a close thing. Either way, it’s in your interest to keep these creeps and their programs out of your computer. It’s essential to protect yourself and your computer against spyware. Protection is a three-step process:

1. Identify spyware programs that have already inflicted themselves upon your system. 2. Remove them. 3. Establish a barrier that protects your computer against future spyware infestations.

Like viruses, new spyware appears constantly, and existing programs change their names to escape detection. Because spyware is constantly evolving, you can’t just install a spyware filter and forget about it; you must keep it up to date. Even if you never venture over to the shady parts of the Internet, spyware will find you soon enough.

Finding and Removing Spyware

As soon as you discover that your system has been taken over by a specific spyware program, you’re on your way to getting rid of it. For example, if you discover a suspect program in the System Configuration Utility’s Startup list (the program that runs when you enter the msconfig command from Start Run), you should immediately disable it in Startup and take steps to remove it completely. But deleting obvious spyware isn’t enough to be sure you have found and disabled all the spyware that has occupied your computer. Several excellent antispyware programs can scan your entire file system to find hidden spyware. Some of the best are free, and others are either try-before-you-buy shareware, or they are included in commercial products. Among others, Ad-Aware (www.lavasoft.com), Spybot Search and Destroy (www.safer-networking.org), Spy Sweeper (www.webroot.com), Trend Micro Anti-Spyware (www.trendmicro.com), SpyCop (www.spycop.com), and the Microsoft Windows AntiSpyware tool (www.microsoft.com) are all effective programs.

NOTE: The PC Hell Spyware Removal Help page (located at www.pchell/support/spyware.shtml) includes links to pages that explain how to remove many of the most common spyware programs. If you suspect that a program in the Startup list is spyware, but it’s not listed at PC Hell, look for it in the list at www.pacs-portal.co.uk/startup_content.htm.

Because each program takes a slightly different approach, you should install more than one of the freebies, even if you also use a commercial Internet security product. (Unlike antivirus programs, the spyware programs shouldn’t conflict with each other.) For example, SpyCop and Spybot Search and Destroy both seem equally effective in finding and removing known spyware, but sometimes a program will slip past one or the other (usually because you’re not using the most recent update). SpySubtract also scans cookies placed on your computer by websites that want to track your use of their services. Spy Sweeper seems to find more problems than other programs, including redirected web searches and unwanted additions to your Favorites and startup list. (Webroot’s subscription service supplies weekly updates to the Spy Sweeper shields.) Most antispyware programs will monitor your computer for new spyware infections. When the program detects active spyware, it either blocks it or displays an alert and advises you to remove the offending program. Some programs also run a system scan at Windows startup to make sure that no new spyware processes have loaded. All of the major antispyware packages should perform adequately as long as you keep them up to date. A program that runs an automatic scan during startup might increase the amount of time that Windows takes to load, but if you’re committed to keeping spyware out of your computer, that’s probably an acceptable trade-off.

NOTE: Several major software companies, including Symantec and McAfee, offer inclusive “Internet Security” products that bundle antivirus, antispyware, and firewall programs into a single package. They also include additional security features and functions, such as an e-mail spam filter and a program that deletes advertisements from web pages. If one or more of those added features is important to you, or if the convenience of a suite of programs that performs several jobs is attractive, then you might want to consider one of these combined packages instead of using separate programs.

Identifying Malware

If you’ve run your antivirus and antispyware cleaners, and you still suspect that you have a malware infection, use a systematic approach to identify the specific type of virus or spyware that might be affecting your system: Run complete scans with both an antivirus and antispyware program. Use the Windows Task Manager to identify all the programs and services that are currently running. To open the Task Manager, press the CTRL, ALT and DELETE keys at the same time. Look in the lists of programs and services listed in the Applications and Processes tabs to find items that don’t seem to belong there. If you don’t recognize the name of an item, look in an online list of startup programs such as www.pacs-portal.co.uk/ startup_content or www.answerthatwork.com/Tasklist_pages/tasklist.htm, or run an Internet search for the name of that item. If you find a suspect program or service and can’t figure out how to kill it, run a web search for its name. There is probably an online discussion of the program that offers instructions for removing it. If you see a pop-up window or a web page you didn’t expect, search for the name shown in the title bar at the top of the offending window. For example, if the browser’s title bar says “Fubar Spyware Redirector Microsoft Internet Explorer,” search for “Fubar Spy- ware Redirector.” Scan your computer with HijackThis (www.spywareinfo.com/~merijn/ downloads.html) to find many types of embedded spyware code. Most of the items listed in a HijackThis scan report are not spyware, but the program can often find embedded programs that other tools miss. If you find an item in the results list that you don’t recognize, use the Info On Selected Item button at the bottom of the window to see an explanation. To delete an item, check its name on the list and note the address in the listing. Click Fix Checked to delete the program from active memory, and then use Windows Explorer to delete the file itself. If the same program reappears in another HijackThis scan, run a web search on the filename to find more information. New malware appears all the time, so it’s not possible to offer anything like an exhaustive list of symptoms in a stable medium like this article, but the developers of antivirus and antispyware programs devote substantial resources to keeping up with them. Your best defense is to install and use those programs and keep them current.