Badware (and how to deal with it)

Gail Allinson gail@oncomputers.info

16 November 2003

Bob's Anti-Parasite Toolkit

We've been threatening to do this segment for a while and the time has come thanks to an e-mail from a regular On Computers newsgroup contributor, Robert Proffitt.  Bob offered this very sound advice:

Given that 99 out of 100 machines I see have parasites and that 1 out of 3 simply straighten up and fly straight when we eject the parasites, it would be nice if a single tool could incorporate all the following scans, tools and findings. Until then, here's a list of what I'm finding useful.

1. Adaware http://www.lavasoftusa.com/software/adaware/

2. Spybot http://spybot.eon.net.au/index.php?lang=en&page=download

3. Housecall http://housecall.trendmicro.com/housecall/start_corp.asp

4. CWshredder http://www.spychecker.com/program/cwshredder.html

5. Stinger http://vil.nai.com/vil/stinger/

I would have included HijackThis, but that tool is truly something I can't hand out since many people don't or won't read the instructions. The above tools have been proving themselves very safe to use to eject what they find.

Another tool you suspect some startup program or want to curb a startup program is at http://www.webattack.com/get/starter.html

Robert Proffitt

Gail's Note: if you have an older version of CWshredder or HijackThis you want to read this article Spyware Weekly Newsletter November 11, 2003. If you do not yet know what CoolWebSearch is, you can satisfy your curiosity by reading The CoolWebSearch Chronicles.

Thanks so much for that list, Robert! I was familiar with most of the above except for Stinger and Starter. Starter looks like a great, easy to use program. I use another popular program with a function similar to Starter called Startup Control Panel. You can find it at Mike Lin's Home Page. Starter or Startup Control Panel can be used very effectively in conjunction with the Startups Web page. I also use another anti-spyware tool called SpywareBlaster. It is preventive in nature.

I have a couple of Web sites I visit regularly for information about spyware/adware:

SpywareInfo Spyware and Hijackware Removal Specialists

Counterexploitation [cexx.org]

Bob's Advice for Helping End-Users

After writing to Bob about using his list for a tips segment, I received this reply and I wanted to share it with you.  It is geared to those of you out there in the field helping folks rid their computers of parasites. Bob really is a fount of wisdom on things computer:

Pan Galactic Gargle Blaster. (Explained in the PS.)

While one could end up with a very good tool list, a presentation rule I follow with great success is to limit any list to five items. There are at least a dozen good tools in each category of antivirus, web-based scans, spyware removal, spyware guards and more. Listing all 40 plus will have Joe and Jane  running away without a solution set. [Gail's note: Bob means Joe and Jane six-pack -- a common term for the average user, not our Joe and Jane]

The Anti-Parasite Suite is as concise a set I could fit in the top five category and still wipe out 99.99% of what "tech" and I encounter. Any item that this set doesn't detect or remove is worthy of deeper inspection.

Another rule is that the set be fairly "safe." The stock settings in the selected five tools have not resulted in machines that no longer boot or exhibit worsened conditions. Follow the physician's creed and do no harm. (Except to the parasites.)

You don't have to follow such rules, but my experience in group presentations led me to boil it down to these simple principles.

1. Five items.

2. Simple to use.

3. Do no harm.

4. Title it for easy reference.

5. Offer more support if these don't fix the issue.

As you can see, the five tools I listed meet the criteria and while we can discuss if Panda on-line scanner is better than Trend's Housecall, you have to just pick one and not lose the moment over such.

Hijackthis is a great tool, but suffers in that the user can be overwhelmed in the information and may just delete all that is reported. It falls off the list as not safe enough for general consumption.

-> In closing, it would be nice to GNU CopyLeft the phrase "Anti-Parasite Suite" before we see such a CD in stores near you.

-> Search http://www.google.com for "anti-parasite suite" and what do you find? [Gail's note: I did that and here is a link to the results: http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22anti%2Dparasite+suite%22 ]


PS. Regarding the title. It has nothing to do with anything except the following:

The Hitchhiker's Guide to the Galaxy also mentions alcohol. Its says that the best drink in existence is the Pan Galactic Gargle Blaster.

* It was invented by Zaphod Beeblebrox, although this is normally stated in another section (see page 97 of the actual Guide).

* The Guide says that the effect of drinking a Pan Galactic Gargle Blaster is like having your brains smashed out with a slice of lemon wrapped around a large gold brick.

* The Guide also tells you:

o On which planets the best Pan Galactic Gargle Blasters are brewed,

o How much you can expect to pay for one,

o Which voluntary organizations exist to help you recover afterwards.

* The Guide even tells you how you can mix one yourself.


One of the most ubiquitous pieces of ad-delivering software (we can't call it "spyware", they might sue us for libel!) is Gator.  Here are some links to the latest Gator news:

Spyware Weekly Newsletter Gator/Claria

Gator sinks teeth into new image CNET News.com

Gator sheds skin, renames itself CNET News.com

See you later, anti-Gators CNET News.com

This is some older  information, but concerning Claria/Gator's claims that people are informed of the nature of the software during the install of their software I offer this: SpywareInfo Support Forums - Did you willingly install Gator

While Claria/GAIN/Gator would like to silence their critics, we here at On Computers do not find their software to be a useful addition to our computers or to anyone else's computers. We recommend that it not be installed in the first place, and if it is installed we recommend that it be removed. This is strictly our opinion about a particular product and its usefulness. Our opinion is something we are still entitled to express no matter how much the Claria company would like to silence speech on the matter.

In closing, most of the parasites that we have covered today are not as destructive as viruses or worms. But as Robert said, parasites cause untold grief and lost productivity. They often install themselves by subterfuge and sometimes make themselves difficult to remove.  It is worth the time it takes to rid your machine, or the machines of your friend or clients, of these kinds of programs.

© 2003 Gail Allinson
© 2003 Robert Proffitt (his e-mails quoted as part of this article)

