Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday.
Regardless of how well-protected and maintained your computer systems are, chances are good that—at some point in time—something installed on your computer without your knowledge. Better known as spyware or malware (the more inclusive term), these secretly installed programs are becoming an increasing concern for organizations—even surpassing the annoyance of spam. In fact, IT managers and security firms have pegged spyware as 2005's biggest threat to networks.
Recognizing the problem
While the U.S. government currently debates the growing problem of spyware, the rest of us have to deal with it on our own terms. Hundreds of different malware variants are on the loose, comprising spyware, adware, keystroke loggers, and anything else that attempts to collect or track your activities on the Internet.
Legislation isn't going to fix the issue of spyware and other malicious software lurking on your PC anymore than it's solved the spam problem. Rather than waiting for a legislative answer that may not even be a solution, it's time to take some action yourself.
By its very nature, malware doesn't want to reveal itself, so users typically have no idea anything has changed on their computers. And average computer users aren't the only ones who fall victim to malware.
Like antivirus-disabling worms and viruses, malware is proving more difficult to remove. Because of consumers' growing awareness about spyware and other malicious code, the people writing malware are starting to behave much like the criminals that write viruses and worms.
In fact, malware in the form of Browser Helper Objects (BHOs) show up installed in Internet Explorer, even on otherwise secured computers. One malware called WinTools even manages to repair itself if it detects someone is trying to remove it.
Getting rid of malware
Dozens of Windows tools are available to help identify and remove spyware, adware, and other malicious code from computers. However, the most powerful ones are not for the faint of heart. Some of my personal favorites—mostly because they're free—are HijackThis, Spybot Search & Destroy, and BHODemon. In addition, there are many commercial alternatives, including Ad-Aware, Giant AntiSpyware, and Microsoft's Windows AntiSpyware beta.
HijackThis is an excellent tool to identify and remove malware from Windows computers. When used properly, HijackThis can rid a computer of malware, but in my experience, it works best in combination with other tools specifically designed to remove malware. HijackThis quickly scans and displays the various startup programs and services for a Windows system, as well as BHOs and areas of Internet Explorer typically used by malware.
This tool has been around for quite a few years, and most seasoned Windows administrators are already familiar with it. While I generally don't recommend HijackThis to average computer users, it can help a more seasoned administrator determine what's going on with a malware-infested Windows PC. One typical use of HijackThis is to disable BHOs and startup items that it identifies as malware and reboot the Windows machine.
Keeping malware from coming back
After disabling malware, cleaning it up and taking steps to keep it from coming back are the next steps, and this is a job for Spybot Search & Destroy and BHODemon. Similar to commercial adware and spyware tools, Spybot also includes features that allow it to "immunize" a computer from malware. After running Spybot Search & Destroy and removing malware from a computer, I use the "immunize" feature, reboot the Windows computer, and scan it again to see if the malware came back.
Teatimer is a companion program to Spybot Search & Destroy, which you can use to stop malware that attempts to resurrect itself by monitoring running processes and registry changes. However, in my experience, Teatimer is generally not as useful once you've completely removed the malware.
To get rid of and prevent malicious Internet Explorer BHOs, I use BHODemon. While Windows XP Service Pack 2's Internet Explorer includes a similar offering under its Manage Add-ons feature, I prefer BHODemon. Not everyone uses Windows XP, and, more important, BHODemon prevents BHOs from installing and activating.
BHODemon displays whatever Spybot Search & Destroy doesn't remove, and you can choose which BHOs to enable or disable. After installation, BHODemon starts up automatically, preventing hostile BHOs from installing in real time and closing the door on adware and spyware code that might have piggybacked onto other software installations.
These three tools can help you close the door on dangerous malware. However, keep in mind that they're also quite powerful, capable of causing extensive damage if used improperly. Because of this, I don't recommend offering these tools to a novice user who doesn't understand a computer's inner workings. Some malware requires expert surgery to remove, and these are powerful tools to clean malware from Windows systems.
Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.