Your computer may not be as secure as you think, thanks to 'spyware'

Stars and Stripes ^ | October 29, 2002 | Rick Chernitzer

[Nachum]

YOKOSUKA NAVAL BASE, Japan — Spies could be lurking through the corridors of your computer, taking note of what you type, where you surf and with whom you talk online.

They could be reporting this information to numerous companies and individuals, amassing huge secret files about you and your family.

And possibly the most galling thing about this is that you may have given them permission to be there.

“Spyware,” as they’re called in computer jargon, are tiny programs that bury themselves deep in the recesses of your computer, not taking up much space but playing Big Brother to everything you do online.

Kevin Monis, a network administrator at Yokosuka Naval Base, Japan, said these programs, supposedly used for market research, can be utilized for darker purposes.

“The potential is there,” he said. “From the standpoint of a terrorist looking for information, if they were able to easily break into something, they could see what measures the base is taking to respond to a specific attack.

“If you disrupt the base communications … while at the same time maybe physically attacking the base, it could just be a catastrophe.”

Monis said the base network takes “very strong protective measures” to ward off such intrusive programs. He declined to specify but said the measures are “along the lines of what every company should be doing.”

But for the most part, Monis said, programmers tend to be more interested in information they can market to others, selling it to companies that have interest in your Web-surfing habits.

“I call it dishonest,” he said. “You think you’re getting this, but in reality, you’re getting that and some other things you didn’t want.”

Spyware’s advent really took hold when computer users began demanding more from Internet sites they visited, Monis said.

“The users have demanded whiz-bang interfaces … nice gee-whiz kind of screens like you might see on CNN.com … people want to see real-time information on their screens,” he said.

Among the easiest ways to do this is to create programs that interact with the Web browser or software that allows users to access the Internet.

Programs are downloaded that tell the browser what to do. They also can instruct other parts of your computer to do things, such as keep a log of your keystrokes, access records of Web sites you’ve visited and send that information through your modem or other Internet connection to specific Web sites.

“So I give permission for this program to be installed, but I didn’t read the fine print where it says I said it was OK to track my demographics,” he said.

The programs also use your Internet connection to transmit the information back to whomever is asking for it. This transfer takes up your bandwidth, which can slow Internet access.

“That’s the most insulting part of it,” Monis said.

He said it doesn’t usually happen on computers with network firewalls, which restrict access by allowing only certain information to pass and only through particular portals, or electronic routes that allow access, either to Web sites or individual computers.

“You got a much better situation when you’re behind the firewall,” Monis added.

But breaching a firewall does happen occasionally, he admitted, adding that many computer users are unaware of the dangers these programs can present.

“The average person takes no precautions whatsoever,” he said. “They don’t know there are ways to protect themselves against some forms of these programs.”

The simplest is to adjust your browser’s security level, he said: “When you go to the Web sites that have this type of spyware, because your security is closed tighter, it won’t be able to get into your computer.”

Another defense mechanism, if you use high-speed access such as DSL, is a network router, Monis said. It masks your computer’s “IP address,” an identifying number every computer must have to be recognized and allowed to connect to the Internet.

“It’s not foolproof but far and away one of the easiest ways to cut down your exposure to malicious attack,” he said.

Users also can delete the tiny bits of information some sites leave on your computer to remember you, called “cookies.”

On the surface, they are very convenient, Monis admits: They remember certain settings, or your name, thus speeding time needed to get what you want from the site — but the information also could be used to target you.

“I’m guilty of it myself … I hate like heck to dump my cookies, even though it’s a good idea to dump them every one or two weeks,” he said.

“If people used just a little bit of caution, they wouldn’t have all these problems,” he added. “There are lots of bright people out there who are trying to crash through your front door.”

[goodnesswins]

Gator....what IS Gator? LOL....no I don't think I would care.

[PFKEY]

Start with explorer.exe and go from there.

I bought a laptop earlier i the year, one that came with a few months or Norton AV. The license expired and I waited a bit for the price to come down on a suite of Norton products.

Upon getting said suite or products and running them guess what shows up as a Trojan?

Ding!!!

iexplorer.exe.

had to delete the file under DOS as Windows and Norton would not remove it because it was protected.

[martin_fierro]

According to Google.com,

lsas.exe might be an FTP program?

csrss.exe = Win32 subsystem server process

and

smss.exe (and csrss.exe) are filenames commonly found in the %SystemRoot%\System32 directory. Presence of these 2 files in the System32 directory is not an indication of infection.

[martin_fierro]

Gator is a utility that purports to remember all your passwords for you -- so when you visit a site that requires you to enter your password, Gator does it for you.

Sounds great, but Gator is notorious for 1) putting lots of Spyware on your PC; and 2) bugging you with those popup ads.

[goodnesswins]

What I'd like to get rid of are the emails that are porno comeons about pictures of musicians (Brittney, et al) and their sex lives.....anyone got any ideas for that....my Eudora only allows me to dump them in my trash.

[martin_fierro]

I don't know if your ISP or e-mail setup allows for it, but try Mailwasher.

Mailwasher (free) looks at the e-mail waiting for you on your server and helps you "pre-delete" SPAM before you download it to your computer.

[RebelTex]

Spyware can be embedded in a program that you downloaded yourself (such as RealPlayer) or program you gave permission to download & install, or just a cookie that activates when you hit a certain website. All of these come through the http internet port 80, so a firewall doesn't block them (unless you blocked access to the internet.

Computers have hundreds of ports that can be used to communicate various things & that's what a firewall is designed to manage & close. For example, your e-mail program most likely uses the standard pop3 & smpt ports of 25 & 110.

If you configure your firewall to close those ports (in this example), then you would not be able to send/receive e-mail with that program.

Goodnesswins, Ad Aware runs fine on Win98 & all versions of Windows.

FlyVet, you don't have to delete all of your cookies to get rid of spyware, but you should periodically examine them & delete all except those you need (like FreeRepublic).

A good web site to check out for info on spyware & internet privacy issues is: http://www.grc.com/

FReegards,
RebelTex

[45semi]

Norton Firewall...works like a charm for me running W2K





45semi

[agitator]

lsass.exe is the Local Security Authority process and is a standard system process. Don't mess with it. :)

[FlyVet]

Thanks for your rational response. Like I said, I run AdAware daily and almost always find spyware on my system. But I still wonder why it's legal. I don't have a problem with cookies that provide a "memory" to such sites as TV listings or e-mail, since it's a convenience not having to input info every time you visit the site. Spyware, monitoring your surfing activities, uninvited, I don't understand that. Shouldn't be legal. I think it was the Sun Microsystems CEO that was quoted a few years ago, "There is no privacy, get over it."

[goodnesswins]

Thank YOU ALL.....very helpful.

[Bloody Sam Roberts]

Remove Spyware with AdAware

And make sure you install the Ref Update program to go with it to get updates to the signature file. New spyware comes out everyday...just like viruses. Without an updated signature file, you're not getting Zestfully clean!

[Bloody Sam Roberts]

Often running Zonealarm (it's been a little flakey under XP - anyone have anything better?)

What version of ZA are you running? I have a copy of ZA version 2.1.44 that might help. I've heard that earlier versions of ZA run better on ME and XP than newer versions. If you want to download it I can put it on my server for you.

[Bloody Sam Roberts]

I have a HARDWIRED firewall and router....do I really need Adware?

Yes. A firewall will do nothing to stop spyware. A firewall is for port control only. Spyware comes in with regularly allowed traffic. Get it and run it. Win 98 won't care. You'll be fine.

[Bloody Sam Roberts]

but try Mailwasher.

Wow. You and I must be config'd almost identically. I use Mailwasher all the time and love it. I don't open the mail client unless I've run Mailwasher.

[RebelTex]

Of course, you're right. Spyware should be illegal. That's why lavasoft created their Ad Aware program & gives it away. They don't like it either & are doing something about it.

Steve Gibson, whose website is http://grc.com , is a great source of info on how to counteract privacy invading software & protecting your system.

These folks & others are working to help make the internet safer & more enjoyable. However, everyone is ultimately responsible for learning all they can about managing, maintaining, & protecting their own systems - then following through with proper actions.

Have fun but stay safe. Happy surfing.

FReegards,
RebelTex

[FlyVet]

Thanks, I've known of grc.com for a few years and also have run ZA for several years. The self-tests at GRC are quite eye-opening. The more people that are aware, the better. BUMP.

[altair]

I assume you allow NO cookies onto your machine.

Usually, I don't. I make exceptions for sites I really, really want to get information from, like FreeRepublic. I never run Java or Javascript off of web sites. Nor do I tend to run any software that I don't have in source.

[FlyVet]

Good enough. Do you run AdAware, and if you do, do you never find unwanted cookies on your machine? My only point was that I shouldn't have to put up with spyware from unwanted sources. I don't invite it, so it shouldn't be legal for them to stick it on my computer. I have the same opinion about junk mail (except for local sales papers), telemarketing, and spam. I didn't ask for it, don't send it to me. If I am looking for ads, I'll look for it myself, either in the local newspaper or the internet or my telephone. Injecting spyware onto my computer is BS.

[altair]

Do you run AdAware

No.

Injecting spyware onto my computer is BS.

True, but it sounds like you have a perfectly acceptable technological solution to the problem. Do you really need politicians involved?