Microsoft Spyware preventer or Microsoft Anti SpyWare
What is Spyware
Spyware or some people say microsoft spyware (though there is no relationship with microsoft) is a general term used to describe software that
performs certain behaviors such as advertising, collecting personal
information, or changing the configuration of your computer,
generally without appropriately obtaining your consent first.
Microsoft spyware
-AntiSpyware/Windows Defender
Previously known as Microsoft AntiSpyware, this anti-spyware
software gets a new name and an official release (it's been in beta
through most of 2006). It works like any other spyware detector,
offering you the choice of either a Quick Scan or a slower Deep
Scan. Choose the Deep Scan and you can select specific folders to be
scanned, and/or your PC's memory. It offers optional real-time
protection, which activates various checkpoints throughout a PC's
system in order to prevent spyware being installed. Also optional is
integration with the SpyNet community. This means that any potential
spyware threats on your PC are sent to a central database, where the
results are analysed and signatures made available to protect you.
It runs a little slowly, and in a quick test against the popular
spyware tool Ad-Aware, it was beaten hands down. Things have been
improved in this release, but it is still a long way from being a
serious challenger to other anti-spyware tools (click here for a
short guide on anti-spyware tools). In order to download this
software you need to go through the Windows Genuine Advantage
validation procedure on your operating system. A little
annoying.
Spyware is often
associated with software that displays advertisements (called
adware) or software that tracks personal or sensitive information.
That does not mean all software that
provides ads or tracks your online activities is bad. For example,
you might sign up for a free music service, but you "pay" for the
service by agreeing to receive targeted ads. If you understand the
terms and agree to them, you may have decided that it is a fair
tradeoff. You might also agree to let the company track your online
activities to determine which ads to show you.
Other kinds of spyware make changes
to your computer that can be annoying and can cause your computer
slow down or crash.
These programs can change your Web browser's
home page or search page, or add additional components to your
browser you don't need or want. These programs also make it very
difficult for you to change your settings back to the way you
originally had them.
The key in all cases is whether or
not you (or someone who uses your computer) understand what the
software will do and have agreed to install the software on your
computer.
There are a number of ways spyware
or other unwanted software can get on your computer. A common trick
is to covertly install the software during the installation of other
software you want such as a music or video file sharing program.
Whenever you install something on
your computer, make sure you carefully read all disclosures,
including the license agreement and privacy statement. Sometimes the
inclusion of unwanted software in a given software installation is
documented, but it might appear at the end of a license agreement or
privacy statement
Signs of
spyware
If your
computer starts to behave strangely or displays any of the symptoms
listed below, you may have spyware or other unwanted software
installed on your computer.
I see pop-up advertisements
all the time. Some unwanted software will bombard you with
pop-up ads that aren't related to a particular Web site you're
visiting. These ads are often for adult or other Web sites you may
find objectionable. If you see pop-up ads as soon as you turn on
your computer or when you're not even browsing the Web, you may have
spyware or other unwanted software on your computer.
My settings have changed
and I can't change them back to the way they were. Some
unwanted software has the ability to change your home page or search
page settings. This means that the page that opens first when you
start your Internet browser or the page that appears when you select
"search" may be pages that you do not recognize. Even if you know
how to adjust these settings, you may find that they revert back
every time you restart your computer.
My Web browser contains
additional components that I don't remember downloading.
Spyware and other unwanted software can add additional toolbars to
your Web browser that you don't want or need. Even if you know how
to remove these toolbars, they may return each time you restart your
computer
My computer seems
sluggish. Spyware and other unwanted software are not
necessarily designed to be efficient. The resources these programs
use to track your activities and deliver advertisements can slow
down your computer and errors in the software can make your computer
crash.
If you notice a sudden increase in the number of times a
certain program crashes, or if your computer is slower than normal
at performing routine tasks, you may have spyware or other unwanted
software on your machine
SYMPTOMS
You may experience any one or more of
the following symptoms:
. When you start your computer, or
when your computer has been idle for many minutes, your Internet
browser opens to display Web site advertisements.
. When you
use your browser to view Web sites, other instances of your
browser open to display Web site advertisements.
. Your Web
browser's home page unexpectedly changes.
. Web pages are
unexpectedly added to your Favorites folder.
. New toolbars are
unexpectedly added to your Web browser.
. You cannot start a
program.
. When you click a link in a program, the link does
not work.
. Your Web browser suddenly closes or stops
responding.
. It takes a much longer time to start or to resume
your computer.
. Components of Windows or other programs no
longer work.
How to help
prevent spyware
Spyware
and other unwanted software can invade your privacy, bombard you
with pop-up windows, slow down your computer, and even make your
computer crash. Here are several ways you can help protect your
computer against spyware and other unwanted software.
Step 1:
Use a firewall
While most spyware and other
unwanted software come bundled with other programs or originate from
unscrupulous Web sites, a small amount of spyware can actually be
placed on your computer remotely by hackers. Installing a firewall
or using the firewall that's built into Windows XP provides a
helpful defense against these hackers.
Step 2:
Update your software
If you use Windows XP, one
way to help prevent spyware and other unwanted software is to make
sure all your software is updated. Change your Automatic Updates
turned on and that you've downloaded all the latest critical and
security updates.
Step 3:
Adjust Internet Explorer security settings
You
can adjust your Internet Explorer Web browser's security settings to
determine how much-or how little-information you are willing to
accept from a Web site. Microsoft recommends that you set the
security settings for the Internet zone to Medium or higher.
To
view your current Internet Explorer security settings:
In
Internet Explorer, click Tools >Internet
Options>Security
If you're running Windows XP Service
Pack 2 (SP2) and you use Internet Explorer to browse the Web, your
browser security settings for the Internet zone are already set to
Medium by default. Internet Explorer in Windows XP SP2 also includes
a number of features to help protect against spyware and many other
kinds of deceptive or unwanted software.
Step 4: Download
and install antispyware protection
Windows
Defender protects your computer from spyware and other unwanted
software. Windows Defender comes with windows vista and you can
download it for no charge for Windows XP SP2.
Step 5:
Surf and download more safely
The best defense
against spyware and other unwanted software is not to download it in
the first place. Here are a few helpful tips that can protect you
from downloading software you don't want:
. Only download
programs from Web sites you trust. If you're not sure whether to
trust a program you are considering downloading, ask a knowledgeable
friend or enter the name of the program into your favorite search
engine to see if anyone else has reported that it contains
spyware.
. Read all security warnings, license agreements, and
privacy statements associated with any software you download
.
Never click "agree" or "OK" to close a window. Instead, click the
red "x" in the corner of the window or press the Alt + F4 buttons on
your keyboard to close a window
. Be wary of popular "free" music
and movie file-sharing programs, and be sure you clearly understand
all of the software packaged with those programs
Get rid of
spyware
Many kinds of
unwanted software, including spyware, are designed to be difficult
to remove. If you try to uninstall this software like any other
program, you might find that the program reappears as soon as you
restart your computer. If you're having trouble uninstalling
unwanted software, you may need to download a tool to do the job for
you. Several companies offer free and low-cost software that will
check your computer for spyware and other unwanted software and help
you remove it. Some Internet Service Providers (ISPs) include
antispyware software in their service packages. Check with your ISP
to see if they can recommend or provide a tool. If your ISP doesn't
offer a removal tool for spyware and other unwanted software, ask
people you trust to recommend one, or see the links in step 1 below.
Keep in mind that removing unwanted software with these tools may
mean you will no longer be able to use a free program that came with
the spyware.
To remove
spyware
Use Windows
Defender. Windows Defender comes with Windows Vista. If you use
Windows XP SP2, you can download Windows Defender for no
charge.
Run the tool to scan your computer for spyware and other
unwanted software.
Review the files discovered by the tool for
spyware and other unwanted software.
Select suspicious files for
removal by following the tool's instructions.
To try to identify and remove deceptive
software from your computer, use one or all the following
methods.
Note
: Because there are several
versions of Microsoft Windows, the following steps may be different
on your computer. If they are, see your product documentation to
complete these steps.
Note :
If you use an operating system that
has the System Restore feature such as Windows Millennium Edition
and Windows XP, set a valid restore point before you follow these
steps. You can use the restore point to restore to the computer
configuration that you had before you made the changes if you do not
want the changes.
Note : Deceptive software programs may
not follow standard practices for installation. Therefore, the
software may not be found in the locations that are described in the
following steps.
1. Click Start, and then click Control
Panel.
2. Double-click Add or Remove Programs.
3. In the
Currently installed programs list, find programs that you do not
recognize or are named similarly to the program that is causing the
unwanted behavior.
Note : Some programs that have
unfamiliar names may not be deceptive software. Some programs may
have come preinstalled on the computer from the manufacturer or may
be important components of other software that you have installed on
your computer. We recommend that you use caution when you remove
programs from your computer.
4. Click the program that you want
to remove, and then click Remove. To remove the component, follow
the instructions that appear on your screen. You may have to restart
your computer.
Use the built-in
program remover
If the program
that you want to remove is not listed in Add or Remove Programs, you
may be able to use the built-in program remover to remove the
program. To do this, follow these steps:
1. Click Start, point to
Programs, and then search for a folder with the name of the
program that you want to remove or the name of a program that may
have included the program that you want to remove.
2. Point to
the Program_Name folder, and then click the file to remove the
program if the file exists. For example, the file might be named
Unist.exe, Uninstall, or Uninstall Program_Name.
3. Follow the
instructions that appear on the screen to remove the
program.
Find the program folder with Windows
Explorer
Some programs do not register with Add
or Remove Programs and do not have a Start Menu folder. These
programs may have a folder on the hard disk drive where the program
that you want to remove is installed. This folder may contain a file
that you can use to automatically remove the program. To find the
program folder and remove the unwanted program, follow these steps:
1. Click Start, right-click My
Computer, and then click Explore.
2. Expand the folder tree to
look for a folder with the name of the program that you want to
remove or the name of a program that may have included the program
that you want to remove.
3. When you find the unwanted
program's folder, click the folder.
4. In the right-pane, if a
file to remove the program exists, double-click that file. For
example, the file may be named Unist.exe, Uninstall, or Uninstall
Program_Name.
5. Follow the instructions that appear on the
screen to remove the program.
Note If you find a folder for the
program that you want to remove, but you do not find a remove file
to remove the program, do not delete the folder or the contents of
the folder. If you delete the folder or the contents of the folder,
you may adversely affect your computer performance and operation.
For example, Windows may not start, programs may not start, or
programs may stop running.
Use antivirus
software
Some deceptive
software can be removed by some antivirus programs. However, not all
antivirus companies detect or remove this software because it is
different from viruses. Contact the manufacturer of your antivirus
program for more information about removing deceptive
software.
Anti-spyware
programs
Report on scan
of an infected system from Lavasoft's Ad-Aware
Many programmers
and some commercial firms have released products designed to remove
or block spyware. Steve Gibson's OptOut, mentioned above, pioneered
a growing category. Programs such as Lavasoft's Ad-Aware SE and
Patrick Kolla's Spybot - Search & Destroy rapidly gained
popularity as effective tools to remove, and in some cases
intercept, spyware programs. More recently Microsoft acquired the
GIANT AntiSpyware software, rebranding it as Windows AntiSpyware
beta and releasing it as a free download for Genuine Windows XP and
Windows 2003 users. In early spring, 2006, Microsoft renamed the
beta software to Windows Defender, and it was released as a free
download in October 2006. Microsoft currently ships the product for
free with Windows Vista. Other well-known anti-spyware products
include:
. PC Tools's Spyware Doctor
.
Sunbelt Software's Counterspy
. Trend Micro's HijackThis
.
Webroot Software's Spy Sweeper
. ParetoLogic's Anti-Spyware and
XoftSpy SE
Major anti-virus firms such as
Symantec, McAfee and Sophos have come later to the table, adding
anti-spyware features to their existing anti-virus products. Early
on, anti-virus firms expressed reluctance to add anti-spyware
functions, citing lawsuits brought by spyware authors against the
authors of web sites and programs which described their products as
"spyware". However, recent versions of these major firms' home and
business anti-virus products do include anti-spyware functions,
albeit treated differently from viruses. Symantec Anti-Virus, for
instance, categorizes spyware programs as "extended threats" and now
offers real-time protection from them (as it does for viruses).
Recently, the anti-virus company Grisoft, creator of AVG Anti-Virus,
acquired anti-spyware firm Ewido Networks, re-labeling their Ewido
anti-spyware program as AVG Anti-Spyware. This shows a trend by anti
virus companies to launch a dedicated solution to spyware and
malware. Zone Labs, creator of Zone Alarm firewall have also
released an anti spyware program.
Microsoft Anti-Spyware,
in real-time protection blocks an instance of the AlwaysUpdateNews
from being installed.
Anti-spyware programs can combat
spyware in two ways:
. 1. They can provide real time
protection against the installation of spyware software on your
computer. This type of spyware protection works the same way as
that of anti-virus protection in that the anti-spyware software
scans all incoming network data for spyware software and blocks
any threats it comes across.
. 2. Anti-spyware software
programs can be used solely for detection and removal of spyware
software that has already been installed onto your computer. This
type of spyware protection is normally much easier to use and more
popular. With this spyware protection software you can schedule
weekly, daily, or monthly scans of your computer to detect and
remove any spyware software that has been installed on your
computer. This type of anti-spyware software scans the contents of
the windows registry, operating system files, and installed
programs on your computer and will provide a list of any threats
found, allowing you to choose what you want to delete and what you
want to keep.
Such programs inspect the contents of the
Windows registry, the operating system files, and installed
programs, and remove files and entries which match a list of known
spyware components. Real-time protection from spyware works
identically to real-time anti-virus protection: the software scans
disk files at download time, and blocks the activity of components
known to represent spyware. In some cases, it may also intercept
attempts to install start-up items or to modify browser settings.
Because many spyware and adware are installed as a result of
browser exploits or user error, using security software (some of
which are antispyware, though many are not) to sandbox browsers
can also be effective to help restrict any damage
done.
Earlier versions of anti-spyware
programs focused chiefly on detection and removal. Javacool
Software's SpywareBlaster, one of the first to offer real-time
protection, blocked the installation of ActiveX-based and other
spyware programs.
Like most anti-virus software, many
anti-spyware/adware tools require a frequently-updated database of
threats. As new spyware programs are released, anti-spyware
developers discover and evaluate them, making "signatures" or
"definitions" which allow the software to detect and remove the
spyware. As a result, anti-spyware software is of limited usefulness
without a regular source of updates. Some vendors provide a
subscription-based update service, while others provide updates
free. Updates may be installed automatically on a schedule or before
doing a scan, or may be done manually.
Not all programs rely on
updated definitions. Some programs rely partly (for instance many
antispyware programs such as Windows Defender, Spybot's TeaTimer and
Spysweeper) or fully (programs falling under the class of Hips such
as BillP's WinPatrol), on historical observation. They watch certain
configuration parameters (such as certain portions of the Windows
registry or browser configuration) and report any change to the
user, without judgment or recommendation. While they do not rely on
updated definitions, which may allow them to spot newer spyware,
they can offer no guidance. The user is left to determine "what did
I just do, and is this configuration change appropriate?"
Windows Defender's Spynet attempts
to alleviate this through offering a community to share information,
which helps guide both users, who can look at decisions made by
others, and analysts, who can spot fast-spreading spyware. A popular
generic spyware removal tool used by those with a certain degree of
expertise is HijackThis, which scans certain areas of the Windows OS
where spyware often resides and presents a list with items to delete
manually. As most of the items are legitimate windows files/registry
entries it is advised for those who are less knowledgeable on this
subject to post a HijackThis log on the numerous antispyware sites
and let the experts decide what to delete.
If a spyware program
is not blocked and manages to get itself installed, it may resist
attempts to terminate or uninstall it. Some programs work in pairs:
when an anti-spyware scanner (or the user) terminates one running
process, the other one respawns the killed program. Likewise, some
spyware will detect attempts to remove registry keys and immediately
add them again. Usually, booting the infected computer in safe mode
allows an anti-spyware program a better chance of removing
persistent spyware. Killing the process tree can also
work.
A new breed of spyware (Look2Me
spyware by NicTechNetworks is a good example) is starting to hide
inside system-critical processes and start up even in safe mode.
With no process to terminate they are harder to detect and remove.
Sometimes they do not even leave any on-disk signatures. Rootkit
technology is also seeing increasing use,[39] as is the use of NTFS
alternate data streams. Newer spyware programs also have specific
countermeasures against well known anti-malware products and may
prevent them from running or being installed, or even uninstall
them. An example of one that uses all three methods is Gromozon, a
new breed of malware. It uses alternate data streams to hide. A
rootkit hides it even from alternate data streams scanners and
actively stops popular rootkit scanners from
running.
Fake anti-spyware
programs
Malicious
programmers have released a large number of fake anti-spyware
programs, and widely distributed Web banner ads now spuriously warn
users that their computers have been infected with spyware,
directing them to purchase programs which do not actually remove
spyware - or worse, may add more spyware of their own.
The recent
proliferation of fake or spoofed antivirus products has occasioned
some concern. Such products often bill themselves as antispyware,
antivirus, or registry cleaners, and sometimes feature popups
prompting users to install them. They are called rogue
software.
Known offenders include:
. errorsafe (AKA system
doctor)
. Pest Trap
. SpyAxe
. AntiVirus Gold
.
SpywareStrike
. Spyware Quake
. WorldAntiSpy
. Spylocked
. SpyShredder
. SysProtect
. Spy Sheriff
. Spy Wiper
. PAL Spyware Remover
. PSGuard
. Malware
.
WinAntiVirus Pro 2006
. WinFixer
. Spydawn
. ContraVirus
. UltimateCleaner
. MagicAntiSpy
. AV System Care
.
Registrycleanerxp.com
. SecurePCcleaner
. PCSecuresystem
Notable programs
distributed with spyware
. Bonzi
Buddy
. Dope Wars
. ErrorGuard
. Grokster
. Kazaa
.
Morpheus
. RadLight
. WeatherBug
. EDonkey2000
. Sony's
Extended Copy Protection involved the installation of spyware from
audio compact discs through autorun. This practice sparked
considerable controversy when it was discovered.
. WildTangent
The antispyware program CounterSpy used to say that it's okay to
keep WildTangent, but it now says that the spyware Winpipe is
"possibly distributed with the adware bundler WildTangent or from a
threat included in that bundler
Examples of
spyware
These common spyware programs illustrate the
diversity of behaviors found in these attacks. Note that as with
computer viruses, researchers give names to spyware programs which
may not be used by their creators. Programs may be grouped into
"families" based not on shared program code, but on common
behaviors, or by "following the money" of apparent financial or
business connections. For instance, a number of the spyware programs
distributed by Claria are collectively known as "Gator". Likewise,
programs which are frequently installed together may be described as
parts of the same spyware package, even if they function
separately.
CoolWebSearch, a group
of programs, takes advantage of Internet Explorer vulnerabilities.
The package directs traffic to advertisements on Web sites including
coolwebsearch.com. It displays pop-up ads, rewrites search engine
results, and alters the infected computer's hosts file to direct DNS
lookups to these sites.
Internet Optimizer, also known as DyFuCa,
redirects Internet Explorer error pages to advertising. When users
follow a broken link or enter an erroneous URL, they see a page of
advertisements. However, because password-protected Web sites (HTTP
Basic authentication) use the same mechanism as HTTP errors,
Internet Optimizer makes it impossible for the user to access
password-protected sites.
Zango (formerly
180 Solutions) transmits detailed information to advertisers about
the Web sites which users visit. It also alters HTTP requests for
affiliate advertisements linked from a Web site, so that the
advertisements make unearned profit for the 180 Solutions company.
It opens pop-up ads that cover over the Web sites of competing
companies.
HuntBar, aka
WinTools or Adware.Websearch, was installed by an ActiveX drive-by
download at affiliate Web sites, or by advertisements displayed by
other spyware programs - an example of how spyware can install more
spyware. These programs add toolbars to IE, track aggregate browsing
behavior, redirect affiliate references, and display
advertisements.
Movieland, also
known as Moviepass.tv or Popcorn.net, is a movie download service
that has been the subject of thousands of complaints to the Federal
Trade Commission (FTC), the Washington State Attorney General's
Office, the Better Business Bureau, and others by consumers claiming
they were held hostage by its repeated pop-up windows and demands
for payment. The FTC has filed a complaint against Movieland.com and
eleven other defendants (list), charging them with having "engaged
in a nationwide scheme to use deception and coercion to extract
payments from consumers." The complaint alleges that the software
repeatedly opened oversized pop-up windows that could not be closed
or minimized, accompanied by music that lasted nearly a minute,
demanding payment of at least $29.95 to end the pop-up cycle; and
claiming that consumers had signed up for a three-day free trial but
did not cancel their membership before the trial period was over,
and were thus obligated to pay.
Click
here for more about windows defender- microsoft spyware but anti :-)
More Items coming soon...
|
