Spyware, Adware, Viruses and Malware

People talk about spyware and computer viruses all the time.  What are they?  Do I care?  How do I stop them?  Prime Insight is going to take a look at these for you, and offer some tips on how to keep your computer running in top form.

Malware Defined

When all is said and done, you can safely lump all kinds of things into the category of "malware."  Malware simply refers to software written with some form of malicious intent.  It isn't important to understand every aspect of various types of malware, or what each does.  I'll offer a brief overview of some forms here, but feel free to skip to the next section if you just want to find out how to make it stop.

Virus -- A virus is written to exploit a security hole on your computer and replicate itself to other computers.  Often times these do malicious things like corrupt your data.  For an individual, viruses are one of the biggest threats.

Spyware -- Spyware, as the name implies, is designed to spy on you.  It can be as simple as tracking your spending habits so companies can send better targeted ads at you, or it could be as bad as an ex-boyfriend trying to get access to your email. Spyware is often used for identity theft.

Adware -- Adware is a sub-category of spyware.  It is specifically aimed at giving you advertisements tailored to your tastes and spending habits.  Some people think of this as benign and, by definition, you had to agree to run it.  However, less than scrupulous developers can easily turn adware into more aggressive spyware.

Worms -- Worms are similar to viruses.  The distinction is irrelevant for the majority of people.

How do I GET infected with malware?

There are basically two common ways to get infected with malware.  The first way is email.  When you receive an email from an unknown sender, or even a friend who has been infected you need to be cautious.  Any attachments, no matter how benign they may look, could be used to infect your computer.  The second most common way to become infected is browsing websites with malicious code on them.  Or downloading software from sites with malware embedded in them.  There is a third method, which is being randomly attacked by simply being connected to the Internet.  This is not as common as most fear, but it is possible.

There is a general assumption that only pornographic websites spread malware.  While these types of sites can, and often do, spread malware they are not the only ones.  Be aware of any site, even if you visit it regularly.  The biggest source of trouble are the advertisements on the sites.  Often the ads are not 100% controlled by the site owner, and malware could be slipped in.

How do I prevent an infection?

This is where knowing about some of the various types of malware come into play.  Since, different types of malware infect computers in different ways.  However, I'll simplify it for you as much as possible.

1.  Antivirus software.  Some experts don't believe in antivirus software on their own computer since they can avoid viruses by controlling what they open.  This is a fallacy and is hubris.  I run antivirus software on ALL of my computers.

Prime Insight recommends the following antivirus software:
    Microsoft Security Essentials  or
    Free AVG

2. Antispyware software.  This works in a very similar way to antivirus software, but it is usually a separate piece of software.  Microsoft has made Windows Defender available as a free download for XP.  It was built into Windows Vista and is also available for Windows 7.  However, antispyware is also bundled into Microsoft Security Essentials referenced above.  

3. Firewall -- A firewall is a fancy term for something that blocks unwanted communication.  Usually the hardware used for your Internet connection will have a built-in firewall.  That is good, but is not sufficient.  It is important to run a firewall software on every single computer on your network also.  This will help protect you from being infected if another computer in your office or home is ever infected.  Windows XP Service Pack 3 and up have all included a built in firewall.  It is enabled by default, and should be left that way. 

4. Patches -- Over time exploits are discovered in every operating system.  Security patches are written to fix the exploit and prevent attacks.  Windows Update is configured, by default, to check for updates and apply them as needed.  I recommend you leave Windows Update on and let it automatically apply the latest critical security patches.  When updates like service packs or a new version of Internet Explorer are released, those should be applied with caution, and after testing their effect.  However, critical security updates should be applied as soon as possible.

5. Careful Browsing -- Do not trust pop-up ads.  If you are browsing a site, and a pop-up reports that it has detected a problem or a vulnerability with your computer do NOT click it.  Do not click anywhere inside it, find the red X to the FAR most upper right corner and close it.  Scare tactics are used to attack you.  Replicating very familiar looking dialog boxes are meant to fool you.  When you see a pop-up, even if it seems like a waste of time, read it.  Then think about it:  Is this your antivirus software giving you a warning?  Or a cleverly disguised pop-up?  If it's a cleverly disguised pop-up, it is almost guaranteed to be malicious.  Don't open unsolicited email from people you don't know.  Just delete it.

Optional:  Run a different web browser -- There is a concern that Internet Explorer is not secure.  It is the most commonly used browser, so most exploits are written to attack it, since the user base is extensive.  Despite this, it is a very secure browser, and there is no need to switch from it.  However, if you do use a different browser, here are a few tips:
    Firefox -- This is often thought of as the best alternative to IE for security reasons.  The truth is that Firefox is the most vulnerable browser available.  However, one way that Firefox can benefit you from a security standpoint is to block ads and pop-ups with available plug-ins for Firefox.  Since this is the root of a majority of malware, it can help fight it that way.
    Opera, Safari, Chrome -- Most malware is not written to exploit vulnerabilities of these browsers.  Chrome offers plug-ins for security also.

If one is good, more must be better

This is not always true, and when it comes to antimalware, this is the case.  Do not install more than one antivirus, antispyware and firewall.  (one of EACH, only.)

Windows comes with a built-in firewall and Microsoft Security Essentials is free antivirus and antispyware.  Add in regular updates of critical security patches and careful browsing and email use, and this is the combination I recommend to keep yourself safe.