Fairly Unbalanced (opal1159) wrote in lj_userdoc,
Fairly Unbalanced
opal1159
lj_userdoc

spyware/adware doc - SKELETAL DRAFT

This stuff is intimidating. Doc writing isn't up my alley, but I started on this anyway, and it quickly disintegrated into outline/notes form because I stopped knowing what to say and how to say it. Please discuss, maybe contribute, correct what I have, etc.

Just a bit of background note - this is heavily influenced by my job at school (user-end support for students having problems with their ResNet connections, which involves a lot of cleaning of infested machines, which is a whole lot more detailed than what LJ support or userdoc should be sharing).

"malware" - classification from a technical point of view

this is all Windows stuff...ideally we'd want to toss other OSes in, but I'm only familiar with Windows and Macintosh, and I've never heard of Mac spyware issues

This article discusses malware for machines running Windows. While malware on other platforms is not completely unheard of (?), most malware creators want to reach as many users as possible, so they naturally target the platform with the most market presence.

this is a topical organization, merits of FAQ-like organization? (e.g. "What is...?" with answer, "How do I get it?", "Can I get adware from LJ?")

OVERVIEW

"Adware" and "spyware" have become the umbrella terms for applications and processes on a computer that are unnecessary for a user's general computer needs but instead can even be detrimental to the system. Although they are closely related, by their inherent definitions, "adware" refers to software that causes ads to be displayed, and "spyware" refers to software that collects information about your computer and Internet usage and can send it to the creators of the spyware. This information could be "harmless" data about the types of sites you visit (so that adware can determine what kinds of advertisements to show you) or critically sensitive data - the keys you type, such as passwords, banking numbers, or other confidential information. Malware of the latter sort are commonly referred to as keyloggers.

INFECTION

Users seldom download adware or spyware knowingly and consciously. Their creators are two crafty to label their products as such. Instead, they might be called "browser helper objects" marketed to "add convenience to a user's surfing". They could also be bundled with the installation of other programs that you do willingly download but do not note the fine print that says...
e.g. KaZaA Media Desktop
-- browser security holes
-- automatic downloads
-- list common?

BIG/stressed note that you Do Not Get Adware/Spyware "From LiveJournal"

SYMPTOMS

Malware sometimes manifests itself as a handful of pop-up ads in your browser that you easily close. However, it can be more sinister or annoying, and if a process is collecting your keystrokes, you may never know.
better as a list?
-- changing your Internet Explorer settings
-- redirecting you to search sites
-- making your computer slow (because of extra processes running)
-- excessive porn that you don't know how got there
-- inserting websites into your profiles (LJ, AIM, ...)
-- causing certain words on webpages to be linked to [something] but not for everyone else

computer compromised by adware/spyware is also prime spot for worm/trojan infection (especially if it's on a network), which can cause similar symptoms

CLEANING

my school's resnet's procedure for cleaning infested machines is roughly:
-- scan with Ad-Aware
-- scan with Symantec Anti-Virus (we have a licensed copy "for all members of the university community") or client's own AV software if acceptable
-- scan with McAfee Stinger
-- go through registry (HKEY_LOCAL_MACHINE and HKEY_CURRENT_USERS > Microsoft > Windows > Software > CurrentVersion > Run, RunOnce, RunServices) for inappropriate items
-- check root directory and system folder for suspicious executables

this is obviously too much for our scope

PREVENTION
Subscribe
  • Post a new comment

    Error

    Comments allowed for members only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 22 comments