In this month's Ask the Engineer column we have again asked our Lead Engineer and V.P. of Technical Services, Bryan C. Gilliom, to step in and explain the mysteries of Spyware, Malware, Adware, and Grayware. What is it, where does it come from, and what can you do to protect yourself and your machine?
I sometimes think life was simpler when all we had to deal with was computer viruses. It's almost like the Old West clear-cut distinctions of the cowboys in the white and black hats. No one would argue that a virus is universally a bad thing. Virus writers don't have attorneys, lobbyists, and professional paid programming staffs. That is why I actually prefer the term Grayware, which I think captures the essence of this problem.
When Sony Music recently installed a nasty pernicious piece of Grayware on people's machines whenever they inserted a particular audio CD, they didn't think they were doing anything wrong.or illegal. This software, a so-called Root Kit, because it hides itself in the root or heart of the system where it cannot be detected or easily removed, was designed to watch your use of their CD and ensure that you weren't making unauthorized copies of it. The problem lies in the fact that it did not ask your permission to do this. It didn't offer a simple uninstall option from your add/remove programs list, and worse yet it had flaws in it that rapidly were exploited by hackers to attack and take control of machines it was installed on. It is difficult, if not impossible for users to react and patch software they don't even know they have.
This example is one of the most benign uses of this kind of software, but it establishes the basis for how we classify these kinds of applications. First, they are applications that install onto your system for some purpose beyond simply replicating themselves. Second, they either install on your system without your explicit permission or utilize confusing or misleading methods to convince users to install them. Third, once installed most do not provide any clean method of uninstalling them. Fourth, Grayware almost universally has a profit motive of some kind, as opposed to viruses that are often ego driven.
Some examples of Grayware applications are those that cause web browser pop ups, often despite the installation of pop up blocker solutions, or software that reports your browsing habits back to advertisers. Software like Sony's that endeavor to protect content from copying or abuse, or some game copy protection systems can be classified in this arena. Worse yet is a common trick being used on the Internet to cause an Internet pop up that mimics the look of a windows operating system dialog box warning you that you have Spyware. When you click the dialog box it initiates the download and installation of, you guessed it, more Spyware.
The first problem is that these applications are often sloppily written and the tricks they use to hide themselves and their activities represent exploits or uses of functions in the operating system that were never intended. This leads them, especially as multiple Grayware applications are installed that were never tested properly or tested together, to at best cause severe system slowdowns and at worst render a system so unusable that there is no reasonable option but to wipe the system clean and re-install. Grayware applications have replaced viruses as one of the most prevalent causes of desktop service calls at InLine.
So what can you do to protect yourself? The first choice as always is to block the software at the source. Investing in a Firewall or Firewall service with integrated Grayware protection like InLine's InControl Service or a Fortinet firewall stops all such identified software at the source before it ever reaches your machine. You should think twice when you install software on your machine, especially "free" software. Why is it free? Read the license agreement. You should seriously consider if you really need the screen saver off the latest music CD, or if you honestly need that Weatherbug in your system tray. It may come with a visitor you don't want. Never click pop up ads or dialog boxes. Ask a technology expert or do a Google search on that new "free" application and make sure it is certified Spyware free.
Finally, if you think you may have Spyware I can only recommend three pieces of software. First, the Internet Security Suite from Anti-Virus provider F-Secure also includes full Spyware protection, and I can strongly recommend it as one of the best anti-virus packages on the market. Second, if you have Windows XP, Microsoft has a very strong contender in its Microsoft Anti-Spyware application. Lastly, for other operating systems besides Windows XP or for a second opinion, Adaware from Lavasoft was one of the first anti-Grayware applications and is still considered by many to be one of the strongest. If you find you have a bad infection, be careful trying to clean it yourself, many of these programs do not give up easily and we recommend that you contact the InLine Help Desk and let us dispatch someone to help you clean your system.
For more information on the Sony DRM Root Kit see the following link from the Electronic Frontier Foundation: http://www.eff.org/deeplinks/archives/004144.php
For more information on F-Secure contact your account executive or visit http://www.f-secure.com
For Microsoft's Anti-Spyware application visit http://www.microsoft.com/athome/security/spyware/software/default.mspx
For Adaware visit http://www.lavasoft.com
If you have a question you would like to see answered in an upcoming Ask the Engineer, please send it to Newsletter@InLine.com. We will be picking the best questions for future columns.