How To: Stop Sleazeware

Sleazeware" is my term for spyware, adware, malware, trackware, foistware, trojans, and other programs that sleaze into your computer, either as a hidden component or by tricking you into downloading them. Once in your machine, the program phones home for purposes ranging from simply reporting where you browse to downloading keyloggers. Keyloggers record keystrokes, including passwords and credit card numbers, and then send them to another computer. Here's how to stop sleazeware before it filthies your computer:

Only use pop-up blockers from reputable companies or Internet Service Providers. Google, Yahoo, Earthlink, and AOL have free blockers. Test your pop-up blocker thoroughly; www.kephyr.com/popupkillertest is a good test. Don't download a pop-up blocking program from an unknown source (e.g., coolfunkeenwebdoodles.com), or you may be downloading sleazeware.

Read the End User Licensing Agreement (EULA), any notes about the product on the download site, and any readme files downloaded with the program before installing it. SpyBan, a now infamous Trojan horse, made itself available through a very reputable download site which carefully posted an editor's note warning that SpyBan bundled other programs with it, including a notorious product called Look2Me. Look2Me's EULA reads, in part:

"I UNDERSTAND AND AGREE THE SOFTWARE PRODUCT WILL MODIFY, REMOVE, AND ADD ENTRIES TO MY COMPUTER OPERATING SYSTEM, NETWORK PARAMETERS, AND OTHER INSTALLED FILES THAT WILL CHANGE THE PRIOR DEFAULT SETTINGS, AND/OR INSTALL SOFTWARE FROM THIRD PARTIES WITHOUT USER INTERVENTION, AND/OR INSTALL SOFTWARE TO DISPLAY ELECTRONIC ADVERTISEMENTS AND THIRD PARTY WEB PAGES OF EVERY KIND AND NATURE AND/OR MONITOR MY ACTIONS AND REPORT THEM TO THE COMPANY AND/OR UNDISCLOSED THIRD PARTIES, WITHOUT USER INTERVENTION."

Approving this EULA allows unprecedented privacy invasions and computer control. Just say "No!"

Avoid free software with cute names. "Cool," "fun," "better," "look," and "keen" are danger signs for sleazeware. If you're tempted to download free smilies or animated cursors, first do a Web search on the product name followed by a space and "spyware." Example: "coolfunkeenwebdoodles spyware."

If you know your computer is clean of sleaze, install SpywareBlaster. This free program prevents bad ActiveX controls from executing on your machine. ActiveX controls are a major source of sleazeware. An alternative to SpywareBlaster is turning your Internet Explorer security to high or disabling all ActiveX controls, but when I did that, I could no longer read Adobe Acrobat files (I got a blank screen). ActiveX serves helpful purposes in education, so filtering out bad controls is a better move. As with any program that uses a database, remember to look for updates about once a week.

Use the Windows Update button. Microsoft finally understands security. Updates to Windows and Internet Explorer are available, and Microsoft has recently released Windows XP Service Pack 2, which has a pop-up blocker and can make your computer's local zone more restrictive than the Internet zone, thus shutting down many malicious programs. Updates take a while to download over a dial-up connection, but you can order them on a CD for the cost of shipping from Microsoft. It's worth it. Today (12/28/04), SP2 blocked Open Site, spyware that has only one mention on Google.

You can stop sleazeware by researching before you download, reading the fine print, and doing what you do best-educating others. Pass this article on to friends, colleagues, and students.

Ben Reynolds is the senior program coordinator for distance education at the Center for Talented Youth, The Johns Hopkins University.

Tags