SECURITY FOR THE MIDMARKET
Spyware and malware not always caught by tools
Ed Tittel, Contributor
02.23.2006
Rating: -3.92- (out of 5)
|
Freeware or commercial antispyware tools often tag elements as suspicious, malign or unidentifiable. Sometimes they label items as "tracking cookies." Although there's often little doubt that cleanup and removal is warranted for identifiable malware, things get interesting when you must decide what to do about the other stuff that's not known to be malicious but might not be safe.
If you find you are debating whether to keep or remove questionable items that are tagged by antispyware software, follow the basic guidelines of "Just say no" or "When in doubt, throw it out." And be sure to follow these steps:
Identify the potential (or actual) culprit. Invariably, antispyware programs or forensic tools such as HijackThis will provide the name of a cookie, an executable file, a DLL or some other specific file or data object on your PC. Record that name in an accessible place, perhaps by cutting it from a spyware report and pasting it into a small text file.
If you use antispyware software to pick up these names, look for a hyperlink somewhere in the information page or window pane associated with individual items. Though placement and terminology differ from tool to tool, you'll usually find a link to the vendor's Web site where you can glean information about the items a tool can detect from the company's spyware and malware databases. Visit your favorite search engine and use that name to look for more information about the item of concern. Often this will lead you directly to technical descriptions or threat assessments; sometimes it will lead you to cleanup and removal instructions. If you use a forensic tool such as HijackThis, be sure to work through the log analysis programs and consult free tools such as Help2Go Detective or HijackThis Analysis to help you determine what's been found on any given PC. These tools also provide pointers to places where you can go for more information about suspect items as well. Uniblue System's WinTasks Pro is a neat tool. Even more impressive is the maker's online database, the WinTasks Process Library. This database contains a comprehensive and up-to-date collection of known Windows process names, along with threat ratings for each one. This is quite useful when trying to determine if running processes could pose potential problems. Other good sources of general spyware information and assistance may be found at SpywareInfo.com and MajorGeeks.com. The latter's HijackThis Area also includes some great forums and tutorials, as well as a good spyware tools listing.
It's OK to stop your research (unless you're just plain curious) as soon as you feel you have enough information for a thumbs-up or thumbs-down evaluation. The next step, of course, is removal and cleanup (which is also covered in some detail in Check IT List: How to detect spyware on PCs. It's a real learning adventure to figure out what's lurking on your users' PCs. But as troubling as it can be to observe how pervasive and tenacious spyware is, it's also satisfying to make it go away.
Ed Tittel is a full-time freelance writer and trainer based in Austin, Texas, who specializes in markup languages, information security and IT certifications.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchCIO-Midmarket.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
