Computer Problems & Malicious Software

Article by A.R.Fry. Oct 2004.

1. Introduction
If you are having problems with your PC - eg sluggish performance, odd behaviour, annoying popups, etc - the chances are that your PC has been infected with malicious software (sometimes known as "malware"), such as viruses, spyware, etc.

2. What is this "malicious software" ?
There are numerous types and variations, including viruses, adware, spyware, worms, Trojans, zombies, hijackers, diallers, keyloggers, data miners etc.
In fact, some of this - some adware (which can cause "popups") and some spyware - is not malicious but fairly harmless ... but even then it can be annoying, and it all uses up valuable system resources (eg memory, processor time). However, the majority of it is malicious.

3. Do I need to be concerned by it ?
Yes. There is a lot of it about, it is very easy to pick up, much of it can cause serious problems and some of it is difficult to detect and/or remove. If you think that you havent picked any up yet, the chances are that you are wrong (and are simply not aware of it). If you are sure that you haven't picked any up, then you can consider yourself extremely lucky!
It can... reduce the performance of your machine to the point where it is practically unsable ... interfere with the normal operation of your machine ... make it appear that you have hardware problems... alter system settings ... locate confidential information (eg account or credit card details) and send it to interested parties ... deliver advertising you did not ask for ... send spam from your machine and get you branded as a spammer ... drop your internet connection repeatedly... change your dial-up number to a premium-rate line ... take over your browser and change the home page, add toolbars, change the 'Favourites' list, redirect searched to an unfamiliar site ... read, write and delete files ... install other software (inc viruses and other spyware) on your machine ... let others gain (remote) control of your machine ... and lots more!!!

How widespread is the problem ? Very. A recent survey, carried out by the National CyberSecurity Alliance, found that 91% of users had some form of adware and spyware on their computers. In the US, The situation is so bad that Congress is considering a law banning stealthy software practices. In the case of Dell, the nation’s largest maker of personal computers, it is said to make up to 12 percent of all customer-support calls.
For myself, it is a big problem ... I find that I am spending more and more time trying to keep malicious software off the machines at work and home.

Installation and removal. It is often installed without the user’s knowledge or consent, the user has no control over its operation and what information it has access to and what it can do with it and some of it is very difficult to detect and/or remove (…even for those who know a lot about PCs). The worst are usually very aggressive and very clever … for instance, they sometimes make themselves look like legitimate system files (and use similar filenames), install themselves in several places (so that if you delete one, it can recreate itself).

4. Where does it come from ?
In most cases, via a network connection (eg the Internet). It can be deposited by hackers, picked up from certain websites, be deposited by (clicking on) pop-ups, be deposited by "spam" attached to emails, be bundled with some shareware/freeware programs, be bundled with and/or delivered by some file sharer programs (such as Kazaa), and so on.
Even if you dont have a network connection, it can still get into your machine via removeable media (eg CDs and floppy disks given to you by others).

5. What can I do to detect and remove it ?

Basically, five things...

Install and use certain types of products, these being:
a firewall; an anti-virus package; an anti-spyware utility (or two); a spam filter.
Keep these products, and any definition files they use, up-to-date.
Keep your operating system and applications up-to-date by applying the latest patches and updates.
Review and consider increasing your Internet security settings.
Consider replacing some products you use by alternative - more robust and secure - products.
Be more careful and cautious about how you use the Internet.

Products. Between them, these products will prevent unauthorised access to your machine(s), prevent malicious software from getting into your machine(s) and help you to detect and remove it.
The firewall prevents unauthorised access to a computer or private network. The antivirus package prevents, detects and removes viruses. The anti-spyware utility prevents, detects and removes spyware. The spam filter filters/separates good email and bad email (which may contain malicious software).
These are mainly software products, though the firewall can be a hardware device or a software product. (For most home users, it will be a software product).

Operating system and application patches and updates. These are (almost) always worth applying, because they can fix all kinds of problems (known bugs, including security problems) and introduce various improvements (eg in performance).

Alternative products. There are a number of arguments for considering alternatives to Microsoft products. First, the Windows XP firewall is reasonably good (and better with SP2), but it is still fairly basic - whereas some commercial offerings are much more robust and secure. Second, a significant number of hackers and virus/spyware writers target Microsoft products (and their weaknesses) specifically - either simply because they are Microsoft products (and, believe it or not, there are a significant number of people who do not like or approve of Microsoft and its practices!), and/or because Microsoft products are so widely used and security holes are well known. This applies not only to internet-related applications such as Internet Explorer, Outlook Express and Outlook, but also office applications such as Word, Excel, etc, and the operating systems themselves.

Being more careful and cautious...

Do not open any suspicious email attachments! (If you don’t know the sender, or there is no “subject” or the subject says something general* or the message contains an attachment without saying exactly what it is … BEWARE!).
*eg Here is your file… / Message / Details / Response
Do not install anything from the net unless you know exactly what it is.
Do not click on and/or follow popup windows.
Do not install and use file sharers (eg Kazaa, Grokster, Imesh).
Be careful about what websites you visit. Remember, you seldom get something for nothing!
If you are on broadband but still have a dial-up modem attached, unplug it or (if you can) turn it off. If you use dial-up, phone the operator and bar premium-rate calls.
To minimize the amount of spam you receive, do not reply to spam emails (this just confirms that your address is a valid one, and you will receive more!), and be careful about where you display/post your email address (if you put it on a public web page, it can be "harvested" by software which hunts for email addresses).

Finally, if you are familiar with the workings of your operating system, you can also keep any eye on installed programs and applications (especially under C:\Program Files, C:\Windows and C:\Windows\System32) and running processes ... if there is anything which looks unfamiliar and suspicious, it may be malicious software. (But dont delete or stop anything unless you are sure!).

6. What products are available ?

The following table lists a number oif the better-known products available. Some are commercial, some are commercial but also available in a free-for-personal-use form, and some are free.

Product type	Products	Notes
Firewall	ZoneAlarm; Norton Personal Firewall; McAfee Personal Firewall; PC-cillin; Outpost; BlackIce; Panda; Kerio; Sygate; F-Secure; Tiny	WinXP has own
Antivirus	Norton Antivirus; McAfee; AVG; Kaspersky; Panda; PC-cillin; F-Secure.
Antispyware	Ad-aware; Spybot; SpyCop; SpyBlaster, PestPatrol, SpySweeper. (More specific) AboutBuster; CWShredder; HijackThis.
Spam Filter	InBoxer; SpamBully; SpamNet; MailFrontier.

Which of these products are the "best" ? This is a difficult one to answer, partly because reviews and tests vary, and partly because each has its own supporters and critics ... and so, to some extent, it comes down to personal preference. However, when buying anything, it is often useful look at tests, reviews and comparisons in magazines, and listen to the experiences of others. In Section 9, I have listed a number of recommendations I have come across.

Which ones do I use ? Norton Antivirus (as part of Norton SystemWorks), Ad-aware, SpyBot, InBoxer, SpamBully. I also use the following occasionally: AboutBuster, CWShredder, HijackThis.

Notes on specific products...
Norton SystemWorks & Antivirus: These are often recommended and have won many awards. However, I have have come across a considerable number of complaints about these (in various technical magazines, on the Internet, and in the Sunday Times), and have recently had some considerable problems with them myself ... and so I cannot recommend them. Bizarrely, Personal Computer World (UK) awarded SystemWorks 2004 top marks without mentioning or taking account of any of the (well known) complaints about the products!
Ad-aware & SpyBot: These are widely recommended (and have just won a Gold Award in PC Advisor).
InBoxer: Outlook only.
SpamBully: Outlook or Outlook Express. However, I have discovered that it works on administrator accounts only (not limited user accounts)!

7. Windows XP

Firewall. XP comes with its own firewall. Prior to SP2, the firewall was fairly basic and the default state was "off" (meaning that it had to be enabled explicitly). SP2 brought a new and much better firewall, and the defaut state is "on".
To check if your firewall is enabled, or to enable it, locate your network connection details – by using Start/Connect To/Show all connections or Start/Control Panel/Network Connections – then right-click, then select Properties and then select the Advanced tab … and then look at the Internet Connection Firewall setting).

8. Things to be aware and beware of...

Knowledge and Understanding. Most of the actions and products described in this document require some knowledge and understanding of PCs, but are reasonable straightforward and safe for use by novice users. However, some require considerably more experience and knowledge and can be dangerous if used improperly. For instance...

Increasing security settings can prevent legitimate applications from running, or prevent certain websites from functioning properly.
The utlity HijackThis is very powerful, and very useful if used properly. If used improperly, you can easily remove or disable legitimate system files!

The basic rule is this : if you feel confident that you know what you are doing, go ahead and do it. If you are in any doubt whatsoever, go seek the advice of a family member or friend who knows a lot about PCs.

Windows XP SP2. WinXP SP2 is a major upgrade and contains all sorts of security fixes and improvements. Unfortunately, it can "break" some applications and games. In general, this applies to older applications and games, but in some cases, patches are now available to fix the problem (incompatability).

Spyware. Be aware that some spyware products masquerade as anti-spyware utilities. The basic rule is this: stick to known products and download them from their official websites.

Spam filters. Modern spam filters are very clever at determining what is spam and what is not ... but no spam filter is 100% accurate. They occasionally get things wrong, so that a good message is considered as spam and put in the 'spam' folder or a spam message is considered as good and left in the 'inbox' folder. Most allow training, so that the user can correct mistakes and thereby improve the accuracy of the filter.

9. Independent Reviews and Recommendations

Source	Firewall	AntiSpyware	SpamFilter
PC World (US)	PC-cillin, ZoneAlarm		SpamNet
PC Magazine (US)	ZoneAlarm, Norton	SpySweeper*, SpyBot	MailFrontier
PCW (UK)	Norton*, OutPost, Kerio
Wired			Ad-aware, SpyBot
cnet			SpyBot*
Review Centre

(* Editors Choice).

10. Links and Further Information