|
|
|
Tips and tricks: Beware of Spyware
With the launch of MS AntiSpyware, Microsoft, for the first time, has given its users a free tool to detect, remove and protect against online threats, including Spyware, adware, browser hijacking and other online woes. Today we are going to briefly look at this tool and how it can help users in safeguarding their PCs.
The system summary tells you the last scan date, its results, scan schedule, status of real-time protection, auto-update and Spyware definition date. Using the panel on the right, you can start the scanner, manage real-time protection or go to advanced tools.
Scanner
This searches your system for malicious programs. The scan can be set to start in the quick intelligent mode or as a full system scan with options of scanning memory, selective folders and deep scan. There is also an option of scheduled scanning and taking default actions. The scan displays the progress with basic details like scanned memory processes and files, registry keys, etc. When the scan is over, threats are listed along with details like full name, type, threat level and author. This helps newbies in increasing their knowledge about Spyware tools. For example, Search Squire details reveal it is an adware with the threat level “elevated” and authored by New Media Properties, LLC. Its description reads “SearchSquire is an Internet Explorer sidebar containing paid links that open when you use search engines.” Registry entries responsible for threat deployment are also displayed, thus letting you know about the general trends among adware writers. For every detected threat, options of Ignore, Quarantine, Remove and Always Ignore are provided. Also, an option of creating a restore point is present just in case you took a wrong decision. Using Spyware Scan History, complete details of scans performed, results and description of individual threats can be viewed. Quarantined items are placed in Spyware Quarantine.
Real-time protection
This considers the activities typical of a malware without any particular identity-based signature. It relies on three agents — Internet Agent, System Agent and Application Agent. Each agent has a list of checkpoints, which are the events the agent looks for and takes appropriate action when one of these events is about to occur. For example, the list of checkpoints in Internet Agent includes the abuse of Windows Messaging Services, Winsock LSP additions, monitoring for spam zombies, unauthorized changes to proxy settings in IE, prevention of DNS and TCP/IP settings change, etc. Then there’s System Agent which prevents changes to system settings. There are 25 critical checkpoints, which are often used to exploit a system. The System agent is responsible for keeping an eye on running processes in memory, registry modifications, Active X installations, installed components and other settings.
Again, this is a good starting point in learning Spyware tactics. For example, the Internet Agent details tell us that Tcpip.sys implements standard TCP/IP protocol and that there’s a file in Windows\INF folder named iereset.inf which is used to read settings when a user resets the settings to default. The System Agent details tell you that Shell entry in System.ini can be altered by Spyware: “Shell=explorer.exe spyware.exe … will make both programs start when Windows loads” and “Any programs listed after the run= or load= in the win.ini file will load when Windows starts.”
Advanced tools
1. System explorers: This is your key to finding those hidden programs and their settings, which are otherwise hard to detect and change. Under the headings of Applications, IE, Networking and System, there is a lot of information about your system’s internal settings.
2. Browser hijack restore: Check the current settings against the real settings to see how many of IE’s settings have been hijacked.
3. Tracks eraser: Remove the tracks of recently accessed files, temporary files, history, cookies, menu access, temp files, searches and more with a single click.
MS AntiSpyware is a great effort by the software giant to counter the increasing threat of malware distribution on the internet. It not only aims at providing a one-stop solution to Spyware, but also makes learning a key component of using this tool.
The writer’s email address is nizar.ali@gmail.com
|
|
|
|
