Want more advice for
locking down your network? Stay on top of the latest security issues and
industry trends by automatically
signing up for our free Internet Security Focus newsletter
, delivered each

Regardless of how well-protected and maintained your computer
systems are, chances are good that—at some point in time—something installed on
your computer without your knowledge. Better known as spyware or malware (the
more inclusive term), these secretly installed programs are becoming an
increasing concern for organizations—even surpassing the annoyance of spam. In
fact, IT managers and security firms have pegged spyware as 2005’s biggest
threat to networks.

Recognizing the problem

While the U.S. government currently debates the growing
problem of spyware, the rest of us have to deal with it on our own terms.
Hundreds of different malware variants are on the loose, comprising spyware,
adware, keystroke loggers, and anything else that attempts to collect or track
your activities on the Internet.

Legislation isn’t going to fix the issue of spyware and
other malicious software lurking on your PC anymore than it’s solved the spam
problem. Rather than waiting for a legislative answer that may not even be a
solution, it’s time to take some action yourself.

By its very nature, malware doesn’t want to reveal itself,
so users typically have no idea anything has changed on their computers. And
average computer users aren’t the only ones who fall victim to malware.

Like antivirus-disabling worms and viruses, malware is
proving more difficult to remove. Because of consumers’ growing awareness about
spyware and other malicious code, the people writing malware are starting to
behave much like the criminals that write viruses and worms.

In fact, malware in the form of Browser Helper Objects
(BHOs) show up installed in Internet Explorer, even on otherwise secured
computers. One malware called WinTools even manages to repair itself if it
detects someone is trying to remove it.

Getting rid of malware

Dozens of Windows tools are available to help identify and
remove spyware, adware, and other malicious code from computers. However, the
most powerful ones are not for the faint of heart. Some of my personal favorites—mostly
because they’re free—are HijackThis,
Spybot Search &
, and BHODemon.
In addition, there are many commercial alternatives, including Ad-Aware, Giant
AntiSpyware, and Microsoft’s Windows AntiSpyware beta.

HijackThis is an excellent tool to identify and remove malware
from Windows computers. When used properly, HijackThis can rid a computer of
malware, but in my experience, it works best in combination with other tools
specifically designed to remove malware. HijackThis quickly scans and displays
the various startup programs and services for a Windows system, as well as BHOs
and areas of Internet Explorer typically used by malware.

This tool has been around for quite a few years, and most
seasoned Windows administrators are already familiar with it. While I generally
don’t recommend HijackThis to average computer users, it can help a more
seasoned administrator determine what’s going on with a malware-infested
Windows PC. One typical use of HijackThis is to disable BHOs and startup items
that it identifies as malware and reboot the Windows machine.

Keeping malware from coming back

After disabling malware, cleaning it up and taking steps to keep
it from coming back are the next steps, and this is a job for Spybot Search
& Destroy and BHODemon. Similar to commercial adware and spyware tools,
Spybot also includes features that allow it to “immunize” a computer
from malware. After running Spybot Search & Destroy and removing malware
from a computer, I use the “immunize” feature, reboot the Windows
computer, and scan it again to see if the malware came back.

Teatimer is a companion program to Spybot Search & Destroy,
which you can use to stop malware that attempts to resurrect itself by monitoring
running processes and registry changes. However, in my experience, Teatimer is
generally not as useful once you’ve completely removed the malware.

To get rid of and prevent malicious Internet Explorer BHOs,
I use BHODemon. While Windows XP Service Pack 2’s Internet Explorer includes a
similar offering under its Manage Add-ons feature, I prefer BHODemon. Not
everyone uses Windows XP, and, more important, BHODemon prevents BHOs from
installing and activating.

BHODemon displays whatever Spybot Search & Destroy doesn’t
remove, and you can choose which BHOs to enable or disable. After installation,
BHODemon starts up automatically, preventing hostile BHOs from installing in
real time and closing the door on adware and spyware code that might have piggybacked
onto other software installations.

These three tools can help you close the door on dangerous
malware. However, keep in mind that they’re also quite powerful, capable of
causing extensive damage if used improperly. Because of this, I don’t recommend
offering these tools to a novice user who doesn’t understand a computer’s inner
workings. Some malware requires expert surgery to remove, and these are
powerful tools to clean malware from Windows systems.

Jonathan Yarden is the
senior UNIX system administrator, network security manager, and senior software
architect for a regional ISP.