Security Overview Part 2: Spyware

According to the Wikipedia, spyware is a broad category of malicious software intended to intercept or take partial control of a computer's operation without the user's informed consent. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party. That is, spyware will monitor your activity on the Internet and transmit that information in the background to someone else. Spyware is potentially dangerous because it can record your keystrokes, history, passwords, and other confidential and private information. Some software that you use may act like spyware although is actually (and innocently) communicating with its developer to do things as check for program updates or provide the developer with error information (for future development). Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. So, spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else (Webopedia, 2005). Although there is no guarantee that you’ll always be free from spyware, there are some things you can do to seriously lower your risk. First and foremost, you need to use an anti-spyware program that detects and prevents spyware from installing itself on your computer (and removes it). Anti-spyware software can also periodically scan your computer for spyware that may get through and remove it. Following are several of the most popular free anti-spyware programs: • Spyware Blaster • Ad-Aware SE Personal Edition • Microsoft Windows AntiSpyware • Spybot Search & Destroy Personally, I use two of the above programs (Ad-Aware and Microsoft AntiSpyware) because no one anti-spyware program is known to catch 100% of all spyware. The two together seem to do a fantastic job of keeping me spyware free. Remember, your anti-spyware software needs to stay updated, on a daily basis, to stay effective at catching all the newly developed spyware. And, your anti-spyware program should automatically run system scans on your computer at least once per day. Ad-Aware SE Personal Edition does not do either of these automatically (you have to do it manually) although Ad-Aware SE Professional edition does (this will cost you about $40). Microsoft’s AntiSpyware software does scan and update itself automatically. Also, here are some other steps to consider to reduce your risk of being infected by spyware : 1. If you use Windows XP, one way to help prevent spyware and other unwanted software is to make sure all your software is updated. Visit Microsoft Update to confirm that you have Automatic Updates turned on and that you've downloaded all the latest critical and security updates. 2. While most spyware and other unwanted software come bundled with other programs or originate from unscrupulous Web sites, a small amount of spyware can actually be placed on your computer remotely by hackers. Installing a firewall or using the firewall that's built into Windows XP provides a helpful defense against these hackers. 3. Don’t click on links in e-mail spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware. 4. Surf and download more safely. The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want: a. Only download programs from Web sites you trust. If you're not sure whether to trust a program you are considering downloading, ask a knowledgeable friend or enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware. b. Read all security warnings, license agreements, and privacy statements associated with any software you download. c. Never click "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press the Alt + F4 buttons on your keyboard to close a window. d. Be wary of popular "free" music and movie file-sharing programs, and be sure you clearly understand all of the software packaged with those programs. (Source: Microsoft Corporation)

Foreign journalists in China targeted by malware attacks

BEIJING (Reuters) - Foreign journalists in Beijing have been targeted by two very similar malware attacks in just over two weeks in the lead-up to China's once-in-a-decade leadership transition. The emails - one appearing to come from a Beijing-based foreign correspondent and the other from a Washington-based think tank - both contained an attachment with the same type of malware, according to independent cyber security expert Greg Walton who reviewed the files. Malware attacks on foreign correspondents in China, Chinese dissidents or academics researching China tend to spike in the periods leading up to politically sensitive events for China. Previous spikes occurred ahead of the Beijing Olympics in 2008 and the 60th anniversary of Communist Party rule in 2009. A government spokesman warned against jumping to conclusions about who was responsible. "China manages the Internet according to law and has engaged in cooperation with the international community to promote Internet security. Internet security is a complicated issue," Foreign Ministry spokesman Hong Lei said when asked about the emails. "China is also a victim of Internet attacks. The source of these Internet attacks is very difficult to determine. Reaching conclusions without sufficient evidence or fair and thorough investigations, it's just not serious." Both of the emails referred to the upcoming handover of power in the top ranks of the ruling Communist Party. The attachment, if opened, would have installed malware that sent encrypted information from the user's computer to an external server. That server is hosted in Britain. It has often proven difficult to prove who is behind malicious hacking attacks related to China. "The Chinese government often gives blanket denials that this happens, and in some cases the left arm may not know what the right arm is doing," said Duncan Clark, chairman of technology consultancy BDA in Beijing. The Communist Party will hold its party congress some time in coming weeks in Beijing, although the date has not yet been announced. At the congress, the top positions in the party are expected to be transferred to a new generation of leaders.