Taking Out the Trashware

If you combine the increase in worms and trojans being circulated via e-mail and the "free" software being installed on PCs (often without the users' knowledge), it's no wonder the online forums are filled with complaints about slow PC performance.

These unwanted programs have been called by various names: spyware, adware, malware - but they're all just unwanted "trashware" to me. Users are enticed to install this so-called "free" software, like KaZaa, WeatherBug, Comet Cursor, or WebShots. They make money by installing software from other companies on your machine at the same time and setting this software to start automatically, so they can track your Internet usage and display ads based on this information. So while you didn't spend any money for the programs, the price you paid to install them is a slow computer, a loss of privacy, and maybe even more. Computers can become so bogged down that they become almost unusable, and many of the programs are so poorly written that they cause system crashes or prevent other programs from running properly.

Sometimes all that's necessary to restore your computer's performance is to uninstall these programs. Typical titles that bundle tracking software include Audio Galaxy, Bonzi Buddy, CometCursor, Downloadware, HotBar, iMesh, Lop Toolbar, Precision Time, and two of the worst - eAnthology and Gator. In the case of the eAnthology suite and its Stop Sign component (a purported virus scanner that cleans nothing in the free version), the normal uninstall procedure doesn't really remove the program at all, until every process is manually stopped, removed from startup, and the registry entries deleted. Fortunately, products like AdAware (www.lavasoftusa.com/) and Spybot Search and Destroy (download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button) are able to remove them for you easily.

Although the distinction between the types of trashware is not a clear one, I'll try to define them, in order of increasing invasiveness.

Spyware is software installed with no disclosure that gathers information about the user of the machine and sends it back to another server. Some adware programs fit this term.

Adware is software installed, usually with limited disclosure, to mainly deliver ads. Some adware programs would fit the definition of spyware if they also gather data about the user, either to sell to others or to make the advertising more relevant.

Malware can be like trojans that harm files on the disk, or attempt to log password and credit card number keystrokes or place control of the machine into the hands of whoever distributed the software.

Homepage Hijacker is a kind of advertising trojan, that changes homepage settings without permission and spawns lots of pop-up ads. Some edit the computer's registry to load themselves on restart, making it very difficult to change things back.

Drive-by-Downloads are programs that are downloaded automatically when the host site is visited, without informing the user, often in a flurry of pop-up windows that distract the user and keep them so busy clicking to close the windows that they don't notice the download activity.

Some trashware programs combine several of these attributes using ActiveX drive-by-download on pop-under ads misleadingly described and then they're able to edit registry keys, add a search bar to the bottom of the normal browser start page, send address bar searches or mistyped URLs to a specific web site, and even add pornographic bookmarks to the Favorites list. The link to the parent web site can start a pop-up loop that attempts to install premium-rate dialers, and before you know it, your free dialup connection is terminated and a new connection is initiated that will result in a charge on your telephone bill.

Intertwined with all this trashware are a barrage of worms, trojans and keylogging spybots, not to mention the malicious hacking at security holes in Microsoft code.

What can you do to protect your computer? First, be sure that you have some way to scan for viruses and malware. You can start by checking your PC at one of several free online scanners. The very best one for viruses is Trend Micro's HouseCall, which, in independent testing at AV-Test.org, detected 100% of the viruses in their evaluation. Other outstanding features include the creation of back-up copies of files before cleaning and a direct link to Trend Micro's virus information center and virus tracking map (wtc.trendmicro.com/wtc/), which allows visitors to their web site to track the spread of malicious code across the world in real-time. HouseCall, the Internet's first free online virus scanner, was introduced in May of 1997, and works with Windows 95, 98, 2000, ME, XP, and NT workstation.

You can use it at several web sites, including housecall.trendmicro.com/, housecall.antivirus.com, www.cymru1.net/extras/av, or www.cybertechhelp.com/html/misc/av.php. Trend Micro also provides the HALNet email virus-scanning service.

However, I should point out that online scanning of entire drives usually requires the enabling of insecure browser settings, and it is unlikely that online scanners will be able to clean infected files that are in use. However, some single file scanners don't require insecure browser settings and can be very useful for a "second opinion" scan of suspect files. Symantec's Security Check scans for both virus threats and exposure to hackers (security.symantec.com/sscv6/default.asp?langid=ie&venid=sym&plfid=22&pkj=OFXDJMR), Panda Software's Active Scan (www.pandasoftware.com/activescan/com/activescan_principal.htm) looks for viruses without requiring any downloaded files, and another customizable virus scanner is available at BitDefender Scan Online (www.bitdefender.com/scan/Msie/index.php).

In addition to using free online virus scanners, it's important to also install a computer-resident anti-virus software to keep your computer free of problems and running well. Sometimes the process of removing multiple problems can be frustrating, but with a combination of online and installed tools, it can be done.

Good instructions to rid your computer of hard-to-remove Internet programs is at www.pchell.com/support/spyware.shtml and a list of known problem software can be found at www.parasiteware.com/. They trademarked and describe "ParasiteWare"T as technology that includes, but is not restricted to, browser helpers, browser plug-ins, toolbars and pop ups/sliders, that knowingly or unknowingly undermines or removes another affiliate's ability to compete by changing, intercepting or redirecting an affiliate link. ParasitewareT may be installed knowingly or unknowingly by the end user, altering their normal web browser functions and/or installing a third party application that works through the altered browser.

You can download free software from swatit.org/review.html to remove and prevent the prolific outbreaks of Karma Worm infections by many different variants across IRC (Internet Relay Chat), and Pest Patrol's PestScan (at www.pestscan.com/) is an ActiveX-based scanner that runs right from the website, downloading a few small components to your computer. Like many of the online scanner programs, the first time you use PestScan you'll see several "Security Warning" windows telling you that PestScan is a 'signed', or 'certified', ActiveX application. That means you can trust it to behave properly on your PC. After you click "Yes" to download the PestScan components needed to run the scanner, it will take up to several minutes to complete the download, depending on your connection speed.

While I've told you about suppliers who provide free tools to scan computers for viruses, trojans or security problems, please remember that this service can't substitute for a full virus scanner or other security mechanisms, such as a firewall, etc., because no memory resident scanner is provided. But they do provide an opportunity for users who have no antivirus scanner at all installed to check their PCs easily. And remember, too, that in many cases a Java applet must be downloaded to enable the appropriate function in your browser configuration.

Spyware Guide (www.spywareguide.com/txt_onlinescan.html) provides a free online scanner and one of the largest databases of known spyware and adware applications for you to search and become more informed. There are also tips to get rid of "Messenger Spam" popup ads with "Messenger Service" in the title bar. At www.pcpitstop.com/welcome.asp (associated with CompUSA.com) there are forums, online scanners, and Frequently Asked Questions about spyware, adware, and other growing threats to PC security and stability. Kaspersky Lab allows you to check a single file a day up to 1 MB in size online at www.kaspersky.com/remoteviruschk.html. If you have several files to check, you should create a single archive file containing those files. Sygate Online Services offers a free port scan at scan.sygate.com/. At www.commandondemand.com/eval/index.cfm, authentium Command Software provides a free web-based on-demand anti-virus scanner.

There's an online PC-Cillin scanner at www.viruscheck.com.au, and www.trojanscan.com/trojanscan/trojanscan.htm is maintained by GFI, a worldwide developer since 1992 of messaging, content security and network security software for Windows NT/2000/XP administrators.

There are more than 58,000 known viruses and related security threats lurking on the Internet and the number is increasing. You might want to sign up to receive an email alert from Symantec Security Response (nct.digitalriver.com/virusalert/) whenever there is a high-level outbreak or Internet security threat. You need to continually be sure that hackers can't get unauthorized access to your PC through the Internet, and that you're safe from Trojan horses and any new viruses and worms that are circulating.

The latest reported Microsoft Windows vulnerability is a buffer overrun in the RPC interface that could allow any attacker's code execution. New patches are available at (www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp), including one for Windows 2000 (microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en) and Windows XP Home (microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en).

Fortunately, they're about the size of a floppy or less, so it won't take too long to download them. But you'll need the right level of Windows service pack in order for the patch to work. So now a combination of antivirus protection, security safeguards, a never-ending stream of updated software patches, and constant vigilance are required to retain your privacy and keep your files safe.