Spyware and methods of combating it

Spyware is a class of programs receiving personal and confidential information on computer users without their knowledge. Such programs, for the most part, are not intended to damage the computer, though they slow down its work in a whole and speed of the Internet. The functions of spyware may vary from simple statistics on visits of sites to the total control over the userâ€™s actions. As a rule, spyware cannot duplicate its code, distribute itself, it is picked up on various commercial sites with dubious offers of free services. Spyware also is distributed like useful utilities, offering you to increase computer performance, improve speed of connection, and others. In fact, having installed such â€œuseful utilityâ€, the user gets a gap in his security system. But, legally, producers of such programs are always pure before the law, because, certainly, there was a warning about spyware in an agreement that nobody reads. According to the data of PandaLabs, in 2006 about 40% of all malicious codes in the Internet are advertising software and spyware. Statistics shows that 9 of 10 computers connected to the Internet are infected with programs of this kind. And the most users are not even have any idea about it. Adware. Programs developed for displaying advertisements. This occurs in pop-ups with certain intervals. Some programs put their advertisements in all sites visited by a user or redirect the user on their site. As you know, most advertisements today are designed with the help of animation, using Flash. Accordingly, showing of such banners could seriously hit a pocket. Keyboard spies. These programs record activity of Windows Explorer windows, keystrokes on the keyboard, and mouse clicks. Often, these programs are able to work in the background mode, not allowing you to identify them. Also some are able to send recorded logs to others. Just imagine if, for example, everything that you have typed for the past week, someone else will read. This can be addresses, passwords to get access to sites, to e-mail, credit card numbers, phone numbers, the history of conversations in Internet-pagers and others. Now such programs are equipped with many additional features: the record of mail messages, creating of screen shots, processes monitoring, etc. Dialers. They are small but very harmful computer programs that create new modem or ISDN connections, and also change the existing. Sometimes, programs of this kind can work in background mode, without your knowledge. Programs pose a real threat to those who use modem connection. The fact is that the user being not aware of it can connect to his â€œnativeâ€ provider but get to the modem pool somewhere in Uruguay or in some remote country. And now imagine the fantastic sum of money that youâ€™ll have to pay for common actions in the Internet, but connecting through another country. With such programs those are infected who believe in free cheese in the mousetrap. In the Internet can be found popup advertisement offering you free homing with answer variants like â€œYes, set upâ€ and â€œNo, not set upâ€. In fact, the choice is limited to one veriant, the first, and whichever button you push â€“ begins downloading and installing of malicious software. Such windows should be just closed. There are specialized programs for protection; they track changes in the modem network connections. â€œBrowserjackersâ€ One of the least dangerous functions of these programs is the changing of site homepage. Later on, some programs that donâ€™t contain complex code allow you to change the homepage to the necessary, but there are also such programs which donâ€™t make it possible. Also, these modules can install on the computer additional toolbars working in integration with Internet-browsers or which are single programs. Under the visible safety of appeared unknown panel may be hidden a real danger for computer privacy. These modules can not only reduce performance of the system in a whole and the work of the Internet, but also contain malicious codes of â€œtrojansâ€, worms, keyboard spies. The best way to avoid such programs is AntiSpyware-programs. Programs of remote administration. By now, software developers are actively involved in the production of programs that allow the remote control of the computers. There are hundreds of such programs and the use of any of them without your knowledge can create a serious threat. With the help of such programs they can track keystrokes on the keyboard, visited sites, talks in Internet-pagers such as ICQ and others, control launched processes, have access to files and many others. Remote administration programs are the most dangerous of all presented programs, which allow obtaining of the full control over userâ€™s actions. But they are used, mainly for legal purposes: control of employeesâ€™ actions and children. The majority of legal programs work without conceal mode, allowing finding them easily on notice bar. But there are also such programs that make it possible to carry out tracking in the background mode and are not even displayed in â€œProcesses tree of Windowsâ€. You shouldnâ€™t forget that Windows also have remote control function, by using of which plotters can obtain access to confidential information. As a matter of fact, there are much more types of programs and refinement with which they are working sometimes strikes. These are mainly integrated spyware applications performing several functions simultaneously. Counteraction to spyware programs. The appearance of stated below actions of the computer or their collection, probably says that the machine is infected by spyware and requires careful analysis by specialized programs. The periodic appearance of pop-ups, mostly of advertisement orientation. Redirection of Internet browser to pages which the user did not enter. Changing of browser's home page Addition to the main browser window the unnecessary toolbars. The emergence of unknown icons in the field of notice panel next to the Windows clock. The emergence of errors of the browser work and the whole system. The emergence of unknown network connections. The sharp increase in traffic volume. Drop in speed of Internet connection. The full struggle with spyware has started relatively recently. Heretofore, developers of anti-virus packages didnâ€™t include in their base Spyware signatures. The latest antiviruses have scanners of such programs. Besides, some Firewall-programs allow scanning and monitoring of the existence of active spyware applications. Of course, they struggle only with programs which signature is known to antispyware developer. The signature is a sequence of bytes which is peculiar only to definite program. Thereupon, there is one urgent problem. Programs that are developed legally for authorized use are not included to antispyware bases. But such programs also can work in conceal mode, with all functions of information espionage. Besides, especially â€œseriousâ€ programs are not displayed in the processes performing like information flows. Accordingly, the user to whom such software was installed will have the real problem of detection. As you can see, methods of signature analysis are not always effective. But there is another class of programs that can analyze the system by heuristic methods. Heuristic methods are such methods of search which check executable files, e-mail messages and their enclosures on the existence of suspicious commands. These methods are identifying the sequence of codes, unusual commands and patterns of conduct, commands which open email client directory without permission, making changes in the registry or opening network ports. Such heuristic algorithms can identify the unknown forms of spyware. But these algorithms a priori have disadvantages. The main thing is that the program operates with empirical assumptions, accordingly there is a possibility of â€œfalse alarmsâ€. The higher security level, the more â€œfalse alarmsâ€ the user would receive. The optimal solution for struggling with spyware is the presence of the complex of protecting programs. This complex should consist of the programs with signature analysis, heuristic algorithm and the presence of Firewall-applications. They are mustnâ€™t be single programs, many software developers offer integrated solutions in a single software product.