By: Chris Raudabaugh
Remember Episode 5 of Star Trek where there was an Evil Captain Kirk? I relate this to my counterparts out there in the world that write code for the purpose of evil. When I ventured out into the Computer Science industry with my first job (too many years back than I’d like to remember), about the only unethical things that programmers ever did was shaving that .000001 of penny off of millions of bank transactions and depositing it into their own accounts. Now, with the advent of the Internet and E-Commerce, new unethical schemes are developing exponentially every day, which keeps those evil Capt. Hackers very busy.
The first generation of evil code usually was some gag that would cause funny things to happen to your computer. As a natural progression, the severity of the attack became more severe, all the way to totally incapacitating a system to the point where it would need rebuilt from scratch. The most common means of transport was email, but has progressed to users allowing websites to download these little gremlins as they surf.
These kinds of attacks were mostly meaningless and did not profit the authors anything except maybe a secret society ‘medal’ for being listed on the sarc.com site as new virus. That brings us to the next generation of evil code, which is usually for profit.
The first type has been called ‘spy ware’. The sole purpose of this infestation is to ‘watch’ or to record the users internet habits either for marketing research, or worse, stealing user information (ala Identity Theft). This process can consume pieces of your systems resources, such as memory, processor time, and your network bandwidth.
Another type is ‘Spam ware’. This type of evil software is designed to use your machine resources for the propagation ads bombard the user of that machine with ads. Once again, the users computer system will ‘feel’ the effects of dwindling resources.
Tools to eradicate these little monsters are doing their best to keep up, however, the ‘evil’ developers are constantly finding ways to avoid the anti-[fill in the problem] software protection schemes. Here are some tools that seem to help when used together….
Adaware from Lavasoft: This tool does a decent job of removing various spy ware. The free version requires that you run it on a periodic basis. The retail version can be made resident on your system to actively prevent spy ware from infecting the system. Available via download.com. Make sure to always look for new updates to the definition files!!
Spybot Search & Destroy: Another tool that helps get rid of both spy ware and spam ware. This is maintained by ….. and is free. They do ask for donations if you think it saved you a bunch of time getting your system back up and running in a normal state. Avialable from download.com. Once again, make sure to look for updates before taking the time to search for problems on your system.
DSOExploit: www.nsclean.com has a freebie tool called DSOstop2. This looks at your Internet Explorer settings for the DSO Object exploit venerability. It will tell you if you are exposed, and it will close up the venerability for you. A lot of the more ‘meaner’ gremlins use this weak point in Internet Explorer so you can’t get rid of it.
Windows XP SP2: For those that use Xp, this service patch addresses a lot of security issues with this OS. However, I STRONGLY suggest that anyone applying this patch first read the details of this patch. It could disrupt your favorite applications, or wreak havoc on your current networking setup.
Hijack This: I leave this little jewel last for a reason. It is not for the weak at heart (read: technically challenged). You have to absolutely understand what this tool presents everything on your system as possible problems. Typically, 70 to 90 percent of the list presented by HiJackThis is legitimate. If you delete the wrong thing, it will cause something to fail on your system. You can also find this on download.com.
As with SPAM, governments are passing laws to fight spamware and spyware. However, the infrastructure of the internet and email puts up many roadblocks from tracking down those responsible. Restricting technology is another option, but highly unlikely. Finally, the responsibility is up to the end user to be extra careful when dealing with email and surfing websites, and make sure your system has as many safeguards as possible.
Beam me up Scotty!