Protect Yourself: Viruses and Spyware
This is the third in a series of bulletins for National Cybersecurity
Awareness Month. Each bulletin will address a topic in computer security that
will help you keep your computer and your personal information safe. This
week’s topic covers how to help protect yourself from viruses and spyware. The
advice in this bulletin is not specific to any one operating system, but rather is
advice that every user should heed.
One of the easiest ways for viruses to spread is to trick you into clicking
on it. The most famous example of this is the “I Love You” virus from 2000. This
virus arrived via email and included an attachment named “Love-letter-foryou.
txt.vbs”. If a user opened the attachment, the virus infected the computer
and then sent out copies of itself to email addresses in the user’s address book,
pretending to come from the user. It is estimated that this virus, which required
users to click on it, affected over 45 million computers worldwide, and is
estimated to have caused almost $10 billion dollars worth of damage.
Most of the people who clicked on the email and were affected were
running antivirus software with up to date virus definitions. However, it is
important to realize that antivirus software is reactive, and does not work against
new viruses. When a new virus is released, antivirus vendors obtain a sample of
the virus, and write up virus definitions to allow their software to identify it. Until
your computer has updated virus definitions, your antivirus software will not
protect you. So you have to be careful about what files you click on.
If you receive an unexpected file or website link from someone over email
or an instant messenger, simply send the message back and ask the user if they
sent it. This simple step requires little effort, and greatly decreases the odds that
you will be tricked by programs that pretend to send messages from your friends
that are actually from a virus or spyware program.
The most common way for spyware to spread is to bundle itself with free
software that you want. For instance, if you download Kazaa, a popular filesharing
application, it comes bundled with numerous spyware and adware
applications. These applications will report back information about your web
surfing habits, pop up unwanted advertisement windows, and noticeably slow
down the speed of your computer. As a general rule of thumb, there are three
types of free software available on the Internet. The first is open source software,
which the author has intentionally provided for no charge. The second is
shareware software, which the author has provided a limited or trial version for
no charge with the hope of getting you to purchase the full version. The third is
software bundled with spyware, where the author makes money not from selling
software, but from selling information gathered from your computer to advertisers.
If you can’t clearly identify a piece of software as being open source or
shareware, odds are that it is bundled with spyware.
If you have additional questions, you may want to check out Loyola’s
Information Security website at
http://www.luc.edu/is/security/protect_yourself.shtml or send your questions to
InfoSecurity@luc.edu. Next week’s bulletin will be about protecting yourself from
phishing and other online scams.
Recommended processes to prevent virus problems:
• Always run the Corporate standard, supported anti-virus software is available from the corporate
download site. Download and run the current version; download and install anti-virus software
updates as they become available.
• NEVER open any files or macros attached to an email from an unknown, suspicious or
untrustworthy source. Delete these attachments immediately, then "double delete" them by
emptying your Trash.
• Delete spam, chain, and other junk email without forwarding, in with
Acceptable Use Policy.
• Never download files from unknown or suspicious sources.
• Avoid direct disk sharing with read/write access unless there is absolutely a business requirement
to do so.
• Always scan a floppy diskette from an unknown source for viruses before using it.
• Back-up critical data and system configurations on a regular basis and store the data in a safe
place.
• If lab testing conflicts with anti-virus software, run the anti-virus utility to ensure a clean machine,
disable the software, then run the lab test. After the lab test, enable the anti-virus software. When
the anti-virus software is disabled, do not run any applications that could transfer a virus, e.g.,
email or file sharing.
• New viruses are discovered almost every day. Periodically check the Lab Anti-Virus Policy and
this Recommended Processes list for updates.
Who Is Spying?
Observation and analysis of collected malware reveals the types of data commonly extracted
from systems. This gives insight into the motives and classes of people involved in the activities.
In many cases, the perpetrators fall into one or more of the following categories:
· online attackers and organized crime
· marketing organizations
· trusted insiders
Membership in a single group is not exclusive and often, members from various groups can be
found working together to accomplish their common objectives, often at the public’s expense. As
previously stated, motivation varies but with few exceptions, is focused on collecting
information that can be leveraged for financial gain.
Overview of Spyware
Spyware is a class of malware that collects information from a computing system without the
data owner’s consent. This data often includes keystrokes, screenshots, authentication
credentials, personal email addresses, web form field data, Internet usage habits, and other
personal information. Often, the data is delivered to online attackers who sell it to others or use it
themselves to execute financial crimes, identity theft, or use it for marketing or spam.
For a program to qualify as spyware it must collect data without the data owner’s knowledge or
consent and must deliver or make it available in some way to an unauthorized party. Software
installed after the user has viewed and agreed to a clear privacy policy or to an EndUser
License
Agreement (EULA) that describes the data collection activities does not meet the definition of
spyware described in this paper.
Examples of this kind of legitimate software are applications that track online shopping trends
for delivery to a marketing company so that the user can receive targeted coupons or shopping
suggestions. Some users may be receptive to this kind of service, so depending upon whether the
software’s activity is legally disclosed to the affected users, it may or may not qualify as
spyware. If software fully and clearly states its operations, the decision to accept the terms and
install the software typically constitutes an acceptance of personal responsibility for any software
operations.
Reading and understanding these policies and agreements can be difficult. Agreements can be
intentionally vague, difficult to understand, or so lengthy that users eventually agree from sheer
frustration [Edelman 2005]. In some instances, these practices represent a form of social
engineering because the intent is to persuade the user to agree to terms that they might not agree
to if the agreement was clear. Users need to be educated about this point so that instead of
defaulting to agreement, they would instead not agree to terms they don’t understand, no matter
how strong their desire to use a given software application.
Because one of the keys to classifying software as spyware is the lack of knowledge and consent
from the owner of the data collected, multiuser
systems or systems in networked environments
make interesting cases for study. In these situations, software that one user agrees to may collect
data on other system users. One user might agree to the terms, but if another user is logged on
and the software collects data on their usage or other activities, it would meet the definition of
spyware.