Malware, Spyware, Adware

With the birth of the Internet there are new ways to communicate, send data from one part of the world to another, explore places to shop, share your stories, and even play games.

The more that we use the Internet, the more likely we are to forget to do the things necessary to keep our data, ourselves, and our family safe online. It is this complacency that we must struggle with every time we sign online.

But as with many good things, the Internet has its dark side. There are a plethora of cyber-risks that you face anytime that you go online, from malware to hackers to Denial of Service Attacks.

Malware

Malware, also known as malicious software, is software designed to infiltrate or damage a computer system without the owner's informed consent.
Malware includes computer viruses, worms, Trojan horses, most rootkits, spyware, dishonest adware, and other malicious and unwanted software.
For a malicious program to accomplish its goals, it must be able to do so without being shut down, or deleted by the user or administrator of the computer it's running on. Concealment can also help get the malware installed in the first place. When a malicious program is disguised as something innocuous or desirable, users may be tempted to install it without knowing what it does. This is the technique of the Trojan horse or Trojan.
Users are warned only to open attachments they trust, and to be wary of items received from untrusted sources.

Malware is used as a tool by hackers to remotely access computers as well as corrupt or destroy important data.

Malware is short for malicious software and is usually used as a catch-all term to refer to any software which causes damage to a single computer, server, or computer network.
Some of the most common types of malware are:

• Viruses: Self-replicating malware requiring a host file, that depends on human action to spread it
• Worms: Self-contained malware, needing no host file, that spreads automatically through networks
• Trojan horses: An apparently useful and innocent application containing a hidden malicious program
• Spyware: A program that secretly monitors your online activity and sends the data back to the programmer
• Rootkits: A malicious program that hides itself by convincing the operating system that it isn't there

While many of these dangers can render a computer or the data on it useless, there are ways to mitigate the damage, and in many cases to stop the attack before it becomes a problem at all.

It is important to be aware of all of the risks that you face online so that you can be safe and still take advantage of the Internet.

Spyware

The term "spyware" refers to any computer technology that gathers and redistributes personal information about a person or organization without their knowledge or consent. Most commonly, it installs itself on a computer to secretly gather information about the user that is then sent to advertisers and other interested parties. Spyware can be installed on a computer any number of ways — as part of a new software application, a "drive-by" Web site, or even a computer virus.

Spyware is software that installs components on a computer for the purpose of recording Web surfing habits (primarily for marketing purposes). Spyware sends this information to its author or to other interested parties when the computer is online. Spyware often downloads with items identified as "free downloads" and does not notify the user of its existence or ask for permission to install the components. Spyware – by design ‐ exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes.

The malicious nature of spyware is somewhat subversive. Some will send advertisers a report on all the sites you visit, while others will send information about your computing or online purchasing habits. Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing Web sites blindly that will cause more harmful viruses, and displaying pop-up advertisements. Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.
Most spyware is installed without users' knowledge.

The most effective tool against spyware is common sense. For instance, you should read the End User License Agreement (EULA) attached to any software that you install. In the EULA, many programs indicate that they include spyware components. Nearly all peer-to-peer file sharing clients come bundled with adware or spyware.

Another way you can protect against spyware is to run an application that can identify and remove it.

Recently, programs have appeared on the Internet that claim to remove spyware infections, but in fact, contain spyware. The best defense against this type of program is Due Diligence. Do your homework, and fully research any program you may potentially download and install.

In the end, the best spyware-stopper is an informed computer user.

Adware

Adware is software that displays advertising banners on Web browsers. Adware programs are typically installed as separate programs that are bundled with certain free software. Many users inadvertently agree to installing adware by accepting the End User License Agreement (EULA) on the free software. Adware are also often installed in tandem with spyware programs. Both programs feed off of each other' functionalities — spyware programs profile users' Internet behavior, while adware programs display targeted ads that correspond to the gathered user profile.
Adware programs often create unwanted effects on a system, most commonly in the form of pop-up advertisements. Most adware is spyware in a different sense than "advertising-supported software," for a different reason: it displays advertisements related to what it finds from spying on you.

Protection

Like most anti-virus software, many anti-spyware/adware tools require a frequently-updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, making "signatures" or "definitions" which allow the software to detect and remove the spyware. As a result, anti-spyware software is of limited usefulness without a regular source of updates. Some vendors provide a subscription-based update service, while others provide updates free. Updates may be installed automatically on a schedule or before doing a scan, or may be done manually.

Tips to Avoid Malware, Spyware and Adware

• Use security software to provide spyware protection and proactively protect from other security risks
• Configure your firewall to block unsolicited requests for outbound communication
• Do not accept or open suspicious error dialogs from within the browser
• Spyware may come as part of a "free deal" offer – do not accept free deals
• Always read carefully the End User License Agreement (EULA) at install time and cancel if other "programs" are being installed as part of the desired program
• Keep software and security patches up to date
• Only open e-mail or instant message attachments that come from a trusted source and that are expected
• Have e-mail attachments scanned by security software prior to opening
• Delete all unwanted messages without opening
• Do not click on Web links sent by someone you do not know
• If a person on your buddy list is sending strange messages, files, or Web site links, terminate your IM session
• Scan all files with security software before transferring them to your system
• Only transfer files from a well known source
• Use security software to block all unsolicited outbound communication
• Keep security patches up to date

Viruses

Viruses

A virus is a computer program that can attach itself to host files and replicate itself repeatedly, usually without user knowledge or permission. Viruses attach to files in such a way that when the infected file executes, the virus also executes. Other viruses can sit in a computer's memory and infect files as the computer opens, modifies, or creates new files.

A computer system infected with a virus can display various symptoms. Some viruses damage files and operating systems, but neither symptoms nor damage are definite indicators to the presence of a virus or essential virus components.

Virus Hoaxes

Virus hoaxes are either deliberate or unintentional e-mail messages warning people about a phony virus or other malicious software program. They will sometimes instruct you to install a phony program to "remove the virus", which may contain malware that can damage your computer.

Virus Detection and Prevention Tips

Get protected. If you don't already have virus protection software on your machine, you should. You should install the latest anti-virus software on your personal computer.

Scan your system regularly. If you're loading anti-virus software for the first time, it's a good idea to let it scan your entire system. Often, the anti-virus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background ("real time") while you are connected to the Internet. Make it a regular habit to scan for viruses.

Don't open attachments. One of the best ways to prevent virus infections is not to open attachments, especially when dangerous viruses are being actively circulated. In fact, e-mail attachments are the number one attack vector for infection from viruses. Even if the e-mail is from a known source, be careful. Many viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the unexpected attachments for viruses.

Stay informed. There are new virus and security alerts almost every day. Keep up-to-date on breaking viruses and solutions. Remember that the bad guys are going to try to use social engineering to exploit you. Staying informed is the perfect countermeasure against that.

Update your anti-virus software. Once you have virus protection software installed, make sure it's up to date. Most anti-virus programs have a feature that will automatically link to the Internet and add new virus detection definitions whenever the software vendor discovers a new threat.

Carnegie Mellon University's CERT® Program has useful information on how to install and use anti-virus programs.

McAfee's Virus Detection and Prevention Tips