Jump to content


Are some programs using new tricks to install?

  • Please log in to reply
1 reply to this topic

#1 aduncan



  • Full Member
  • Pip
  • 11 posts

Posted 10 June 2004 - 10:53 AM

I've had a question that I haven't found a good answer to yet. I hope that it hasn't been answered on some other part of this site that I've overlooked. Anyways, the question is about where spyware and other parasites come from. I do computer work and a large portion of what I do is cleaning spyware. Once finished, I tell people what to look out for: to read the user agreement (especially if it's a free program), to say "No" to the Microsoft Security warning window (Do you want to run and install the following trash . . .?) with very few exceptions, and to avoid suscpicious websites. I also frequently suggest and install Mozilla and Sun Java and show the customer how to update and run a scan with Spybot. I also make sure to immunize with S&Dand to set IE back to it's default security settings (they are frequently lowered) in case they need to use that instead of Mozilla. I even sometimes remove the desktop shortcut for IE and then move the Start Menu shortcut in deeper so that people will be more inclined to stick with Mozilla. I also stress keeping up with Windows Updates. If the client does not have a router, then I suggest a software firewall, which most people agree with.

But I still get calls back to the same client. Things work great for a month, maybe more, and then . . . New parasites. And this doesn't happen all the time and not to all of my clients. It's actually only a few, but it's a decent number that get reinfected after a period of time - enough to concern me. The clients are usually embarassed and firmly insist that they have followed my instructions. Some people I have doubts about, and others have children that could account for new problems. However, others are old couples that only check email from the grand kids and book flights with Expedia; so I'm baffled as to how some get infected again.

People ask me how it gets back into the system when they haven't downloaded anything, and I honestly tell them that I'm not entirely sure. I can only make the assumption that code is built into webpages or ads that will install it if the computer, for whatever reason, allows it to. But this is only an assumption on my part. There have also been rare anomolies like the toolbar I had posted about that tried to add itself into my system merely by looking at and deleting a file that was taken off an infected computer or one case where a client would have new parasites every day and then discovered a trojan horse on his machine.

So, other than the software bundles and ActiveX downloads (the one that uses the familiar MS Security Warning pop-up - I don't know if I'm referring to it with the proper name), how else can parasites get into a computer? I'm asking because I have great sucess getting systems clean, but I feel that my preventative measures need some work, that or my clients are really dense and not very honest. And by the way, don't hestitate to use technical language if you need to - the more detail, the better. I am really curious as to how these things can install themselves.


#2 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 10 June 2004 - 12:02 PM

Most of the problem comes from using Microsoft software (Outlook Express, IE, et cetera). Firefox is better for web browsing, and Eudora or Thunderbird for mail. They don't execute code with administrator privileges, unlike IE and OE.

Also, if the OS is NT-based, set the customers up with a Power Users/User level account for Internet use. Tell them to _NEVER_ use _ANY_ Administrator-level account for Internet access. _EVER_. If you don't have privileges, you can't affect the shell/kernel, and honestly, who wants to do that?

Also, you may want to set the people who just browse the web and check mail up with Linux instead of IE. If that's all they're doing, they wouldn't need gaming or anything, and Linux is a hell of a lot more secure than Windows in every respect - as long as you follow the cardinal rule of not running as root for daily work.

I'd also recommend SpywareBlaster, Ad-Aware (more frequent reference updates than Spybot), and Linux.

If they want to try Linux without formatting, toss them a copy of Knoppix.

Edited by Tuxedo Jack, 10 June 2004 - 12:04 PM.

Signature file is under revision. This will be back shortly.

Member of UNITE
Support SpywareInfo Forum - click the button