Radsoft
	`About \| Buy \| News \| Products \| Rants \| Search \| Security`

Home » Security

Spyware

It's the ultimate affront, the ultimate insult. It's also fairly legible writing on the wall.

Get It

Try It

Fighting programming errors (bugs) is easy: write better code. If users experience errors in the programs they use, report them; support groups analyse what they've been sent, pass it on to development teams, the errors are traced and the code is fixed. Piece of cake.

Fighting worms is easy too: as most rely on social engineering, educate people to not be so gullible and to take their personal security seriously. Worms exploit programming errors too, but when social engineering is involved, the user has a chance to say no to the worm and prevent it from infecting the machine.

Even fighting viruses is trivial: add some halfway decent antivirus software to your system and watch carefully what you upload and download. Viruses attach themselves to running programs. They pack themselves into executable files and then change the starting addresses in these files so their own code gets to run first before the actual application starts to run. Before 'secure' systems like NTx so called boot sector viruses were also common: they switch out your loader code from your hard drive and put themselves there in its place. Today it's much more common with ordinary 'executable' viruses but with halfway decent antivirus software and a use policy of caution they're not much of an issue for the most part.

But when it comes to spyware, all bets are off. Spyware is the combination of all that is bad with viruses and worms and trojans. Spyware is code that's been successful in penetrating your system and in taking up residence on your hard drive and in enabling its automatic startup every time you boot your computer.

From the get-go the best and most reliable tool to fight spyware has been Ad-Aware. It still is the best and most reliable tool. Working from signature lists as do antivirus products, Ad-Aware can isolate most (but not all) spyware programs on your hard drive.

But even here it's far too little far too late. No self-respecting system would ever:

Let the spyware on your hard drive in the first place, with or without social engineering;
Allow the spyware to reach sensitive 'system' areas where it's decided what gets to run and what does not;
Allow the wanton proliferation (cloning) of spyware modules almost anywhere imaginable on your hard drive.

Spyware programs are not kind. However they get onto your system, they assume that if you find them you'd want to get rid of them. So they make it as difficult as possible to do that. They often copy themselves to different locations and give these copies different names and then sit and monitor each other.

If one copy suddenly disappears the other copies rush to put it back. An admin trying to remove spyware but unaware how it works might be in for a bit of a surprise. Even tools like Ad-Aware will have difficulties with spyware that is this sophisticated.

Likewise with your Registry. To effect a restart, the spyware has to be listed to be run in your Registry. If a tool like Ad-Aware discovers a Registry entry and removes it, the spyware clones have to immediately put it back - and they do this with roughly the same technique as above.

For a look at how these programming techniques are used for a benign purpose, click here.

But if you'd had any generous frame of reference at all you'd ask yourself why all this is possible. And there are spyware and worm programs today - such as Sasser - that do not rely on social engineering. Merely being connected to the Internet is enough to get clobbered. Isn't your operating system supposed to protect you from things like this?

Of course it is. But the situation is so hopelessly out of hand today on Windows that entire websites have been constructed to list all possible files found on Windows systems, research who made them and what they're good for, and identify spyware in the lot and find references to how they're removed. The lists are long - incredibly long - and no user could ever be expected to go through a single list like that every time the computer is connected to the Internet.

Earthlink and the BBC estimate that 90% of all Windows computers are infected with an average of 30 spyware trojans each. That's a lot of infection - and a good indication the situation has long been out of hand. Add to that the fact that no tool - not even Ad-Aware - can get at them all and you see how hopeless it really is.

But of course no self-respecting system would have allowed the penetration in the first place. But Windows is a wide open system with no security checks and no defences. Service Pack 2 for XP is somewhat of an improvement but the system still has no security model.

If all you've ever run is Windows, this is hard to see, but a system should not let just anyone put any file anywhere they please. Files and directories are supposed to be protected and permission to read, write to, or much in general with them is supposed to be strictly controlled. But it's just not that way with Windows.

To get a rough idea of what Microsoft are doing with Windows, imagine a second crew on board Titanic, convinced the boat can yet be saved. Imagine the schemes they come up with. No matter what they do, no matter what temporary progress they make, sooner or later that boat's going to go down and you know it. It's inevitable.

When the odd boot sector or executable virus was all Microsoft users had to worry about, things were still fairly calm. Viruses were still creepy, but you could defeat them.

When the first major worm hit in the year 2000, most people saw the writing on the wall and correctly assessed where the blame had to be put (Microsoft).

But since then spyware has turned into big business and it's no longer a laughing matter. The proliferation of spyware is not cause for you to invest in further defence tools for your Windows system but for you to finally see the writing on the wall.

No Windows system, not now, not ever, will be secure against spyware attacks - no matter what Microsoft come up with, no matter what they say about Longhorn. It's only schemes to keep Titanic afloat a little bit longer at best.

Sooner or later that boat's going to go down and you know it.

Do yourself a favour and stop playing the urban guerilla. There are no bonus points for battle scars or for winning scrapes you were too foolish to avoid.

Get yourself out to the suburbs instead. Try a flavour of Unix or Linux or Apple's OS X. You'll find life very much goes on in the provinces.