Malware: it isn’t just viruses
“I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image.”
Dr Stephen Hawking
Viruses aren’t the only plague waiting to pounce on your PC. Spyware and adware are general terms for small programs that hackers and commercial interests slip into your PC to keep an eye on what you’re up to. They include:
- benign cookies which allow a website you often visit to recognise who you are. The website records your details in a cookie on your PC which the same site can read next time you visit. This saves you the bother of typing in your username and password to log in at websites where it’s a requirement. More about controlling your cookie security right here.
- not-so-benign cookies, whose aim is to track your habits and target you with unwanted advertising material like the dreaded spam.
- sinister creations like keyloggers which can record your keystrokes and send them to a crook whose intention is to do you (that is, your bank account) harm.
There are hundreds of bogus anti-malware programs floating around the Net. If you find a link to one which I haven’t mentioned on this page, or if a friend sends you a link, please check its credentials at the Spyware Warrior website. It’s probably a scam.
You should never install more than one antivirus program, but that restriction does not apply to antispyware software. Use Windows’ built-in Defender and install at least two programs to combat spyware and adware. None of these programs will catch 100% of the nasties, they use differing methods of search and destroy therefore you need belt and braces. The following programs are all free for personal use:
- SUPERAntispyware has a clunky name but it’s very good.
- The excellent Malwarebytes.
- Ad-Aware SE and Spybot are widely known and free for personal use. In the latest round of tests I saw, they didn’t do spectacularly well, but they are good extra insurance.
- Another excellent free program is SpywareGuard. This runs in your System Tray and monitors for spyware continuously. Get it here: Javacool Software
For Windows XP, Vista, and Windows 7 I recommend SUPERAntiSpyware and Malwarebytes along with the anti-virus program, Microsoft’s Security Essentials which combats spyware as well as viruses.
Windows 8 users
If you’re using Windows 8 you don’t need Microsoft Security Essentials, Windows Defender does the same job and it’s already built in.
If you’re considering using any antispyware products other than those I’ve listed, or those which are part of major AV product suites like Microsoft’s Security Essentials, Symantec’s Norton, Kaspersky, Avast!, NOD32 or BitDefender, check at the Spyware Warrior website first. They provide an invaluable service by listing the genuine products and the scores of bogus antispyware products that are out there waiting to do you mischief.
See the rogue and suspect Anti-Spyware products & web sites on this Spyware Warrior page.
Microsoft’s Defender anti-spyware program came with Windows 7 and Vista, and also with Internet Explorer updates to XP (if you’re still using Internet Explorer 7 or older, I recommend that you upgrade to version 9). If you’re using Microsoft Security Essentials as your anti-virus program, Defender is incorporated into it.
Unless you always leave your PC on overnight, you need to change Windows Defender’s settings if you wish to allow it to scan automatically. (I don’t do this, as explained below I just run one anti-spyware program manually every couple of days.) Defender is set up by default to automatically scan your PC at 2 a.m. when the machine is probably switched off. Go figure. Open the program and select Tools » Options. The settings are easy to interpret.
A lot of people expend a lot of time and energy creating and maintaining these free programs and they have families to feed, so please consider buying the commercial versions or at least make a small donation. If you’re using the computer for business purposes you must buy the commercial versions.
The major commercial vendors also supply Internet Security Suites which help protect against such problems as hackers, spyware, phishing and spam, as well as viruses and their close relations.
Updates – Don’t Delay!
As with viruses, new spyware is released continually. Each of the programs recommended regularly update their databases. You need to ensure that the programs are set to download these updated definition files regularly.
All of the programs recommended should do that automatically. With some that only works if you have your computer switched on at a preset time. In each of these programs there is a button or other type of link which allows you to update the definitions. I always do this before running the program.
If all else fails read the instructions! All programs have Help files which will tell you everything you need to know. Pressing the F1 key usually brings up the Help File. If you’re lost, send me a message or leave a comment on this page.
This is very important too
Free antispyware programs don’t usually run a scan automatically. You must run the programs to initiate a scan. I use 3 anti-spyware programs and I usually run them in sequence at two or three day intervals.
Often people have anti-malware programs installed but, through ignorance or absent mindedness, don’t run them. You should run your anti-virus and anti-spyware programs at least twice a week if you’ve been connected to the internet (that includes downloading email), and you should update their definitions at least once a week. It takes negligible time, but not to do so may eventually cost you a lot of time.
Microsoft labours valiantly to plug software holes and stem the tide of malware.
Keep Windows Updates up to date. The default setting for this in Windows XP SP2, Windows Vista and Windows 7 is “automatic download”, but some updates are very large so you may wish to change that to allow Microsoft to inform you when updates are available then download them at a convenient time. You change the setting through Start » Control Panel » Security Center (Windows XP with SP2 or Windows Vista).
With Vista or Windows 7 you can just click on the Start orb and type: security center (note US spelling).
If you have a dial-up internet connection you definitely don’t want downloads to occur automatically. Your phone could be tied up for days!
Go to Start » All Programs/Windows Update to initiate a check.
If you’re using Windows 98, or XP with the Classic Start Menu, go to Start » Windows Update.
Helping to Avoid Infection
As I mentioned in the page on anti-malware strategy, when surfing the internet, keep away from sites which specialise in giving away free stuff (particularly those which infringe copyright laws) or which publish stuff you wouldn’t want your grandma to see.
There are a lot of nasties waiting to pounce from such sites. If you visit pornography sites or indulge in the illicit file sharing of music and movies you’re asking for trouble. It’s just about guaranteed.
Internet Banking and Other Financial Transactions
Secure websites encrypt all their traffic. Unless users do something silly, internet banking is as safe as any other banking method.
Provided you keep on top of your Spyware!
- Before you carry out any transactions or give any personal information look for the secure padlock, like the one at right, which should appear at the bottom of your browser window. Don’t pass any information to anyone you’re not absolutely confident in.
- As well as the padlock, the address of a secure website will look like this: https://www.joes-bank.com, notice that there’s an ‘s’ for secure, after the http.
- Don’t access your bank account from anyone else’s computer, particularly a public access computer.
- Don’t access your bank account from your laptop when it’s connected to a public wireless network.
- Emails purporting to be from your bank and asking for details such as passwords are bogus. Some felon wants your money. Delete them—the emails—not the crooks, sadly. Never, ever, give your access details to any account unless you’re logging on to that account from your own computer.
- Unsolicited mails purporting to be from Microsoft are probably bogus. Someone else wants your money. Delete these too.
- Some phishing emails are convincingly realistic. Remember, banks and major companies don’t send unsolicited email. End of argument.
- You need a secure password.
Don’t open email attachments if you’re not sure about their source. Don’t open unsolicited emails, even if they appear to be from Microsoft or any legitimate enterprise. Delete them. Then empty your deleted items folder.
Microsoft doesn’t send you unsolicited emails.
Neither does your bank, nor do 99.9% of legitimate organizations.
Emails Soliciting Donations For Charity
Don’t respond to these, they can have an apparently legitimate Internet address which is a front for someone who’s robbing both you and the charity. Legitimate charities don’t solicit by email.
There are fools out there who use the Internet to cause harm to your software and to your data. There are tens of thousands of viruses and their cousins, trojans, worms, spyware and rootkits. The pathetic creations of juveniles who don’t have enough maturity to invest their time in creating something useful with their talent. You need protection.