PC Plus for You
Products
Technical Forums
Downloads
Support
FAQ
Latest Viruses
Spyware/Ad-ware
Security and privacy newsletter
Windows XP Tweaks
Just for fun
Get answers to your most asked questions

How to deal with Spyware/Adware

Info on blocking and removing
By Dugan Chen, revised by Jeff Pott

1. Introduction
If you're like most people, you want to your computer activities to be private unless you say otherwise. This is not because you have something to hide, but because you have a right to privacy. Corporations feel differently. They do all they can to gather information about you.

One of their information-gathering tools is spyware, which transmits information back to the corporations that run it. Generally, all “ad-supported” software is spyware, because ad servers get (at least) your IP address and the times you use the program. However, not all spyware displays ads.

Spyware is a problem I'm beginning to solve for myself. I, as any expert reading this page will tell you, do not know everything. However, I can get you started.

2. Using Spyware-Free Software
Adware/spyware programs often entice you with the offer of something free. Look past them. There's plenty of free software that doesn't come with strings attached. If you need P2P file sharing, then keep reading Zeropaid, which often announces and promotes spyware-free P2P clients. Need an instant messenger? Try Trillian. Read Doom9's MPEG-4 Codec Shoot-out and decide if you really want to use DivX5Pro or RealMedia instead of Xvid or Nandub. Consider that Xvid won the shootout. Refer, especially, to the Pricelessware list, which links to excellent free software (none of which is spyware). Read alt.comp.freeware, while you're at it; it's for promoting truly free software. Although you can disable ads in most programs that include them, it's better to live clean.

3. Disabling ActiveX
By far the most notorious and intrusive spyware programs are the kind that use your computer as advertising space. These can be planted on your computer by ActiveX controls on webpages. You surf to a site you've never been before, and a window pops up asking if you'd like to install something like Claria (formerly known as Gator) or a porn dialer. Perhaps the window claims that the program in question has been "signed" and is therefore safe to install...

Go to your "Internet Options," either through Internet Explorer (Tools -> Internet Options) or through Control Panel (Start -> Control Panel -> Internet Options). Then go to the "Security" tab, click on "Custom Level," and think very carefully about the extent to which you want to enable ActiveX. The most common use of ActiveX is to plant spyware on your computer. It is not supported by any browser other than Internet Explorer, and it's very likely that the only people who use it legitimately are Microsoft themselves. Unless you know you need it you should disable it entirely.

4. Blocking Ad Servers (with a HOSTS file)
A HOSTS file maps domain names to IP's that you specify. Want to disable an ad-server? Map its domain name to to 0.0.0.0 or 127.0.0.1 and it will never bother you again. Gorilla's Place has further information—which you should read—as well as a pre-configured HOSTS file that blocks almost every ad server in existence.

If you can't get the HOSTS file to work with Internet Explorer, try going to “Internet Options -> Security -> Connections -> LAN Settings” and clearing the checkbox next to “Automatically Detect settings.”

HOSTS software
There's a lot of HOSTS file–related software.

You may have heard, for example, of Spyblocker, which claims to deal with spyware (and which isn't free). It edits the HOSTS file for you, and does other things as well. You also may want to try Hostess, a graphical tool for editing this file. Perhaps you'll find eDexter useful, although I don't use it myself.

Finally, try DNSKong. It does all the work of a HOSTS file—only with a far, far smaller set of rules.

5. Cleaning Spyware From Your System
Get a copy of Lavasoft's Ad-Aware and use it! It cleans spyware out of your memory, registry and hard drive. Will ad-supported software stop working after you do this? That's why you'll replace them with non-ad-supported software.

Or try SpyBot, either as an alternative to, or along with, AdAware.

Some spyware will replace your winsock.dll file with their own. Clean them out, and you lose Internet access. If this happens to you then simply use the LSP-Fix from Cexx.org to fix that.

6. Installing A Firewall
Use a firewall to decide which software can access the Internet through which of your ports. Just tell the firewall to keep the spyware from connecting out, or to block the IP's of known ad servers.. The best resource for learning about firewalls is probably comp.security.firewalls.

William Milberry recommends the personal version of the Sygate Personal Firewall, which is free for personal use and which—importantly for those concerned about RealOne—can block specific IP's.

You could also try ZoneAlarm which provides one of the best free firewalls around and is highly recommended by sites like grc.com.

Remember, however, that a firewall is not to prevent software you choose to install from doing what it's designed to, but to keep intruders out. Therefore, you should know that spyware is one of the tools used by script kiddies to gain access to computers such, as, perhaps, yours. Keystroke loggers, for example, were used to steal the Half Life 2 source code from Valve Software. Be aware of this if you're looking at the side of computing that a firewall represents.

7. Hints for Specific Programs
DivX 5 Pro
The GAIN (Gator Advertising Information Network) ad-engine that comes with DivX 5 is an infamous piece of scumware. It hijacks the webpages in your browser, inserting its own ads as if they were put there by the webmaster. Gator has, in fact, has been in court over its practices. They were sued in late June of 2002, and the judge quickly ruled against them.

Since then, Gator and similar companies have been sued numerous times. In September, however, an American court ruled that their technology violates no law “Ultimately,” wrote judge Gerald Bruce Lee, “it is the computer user who controls the windows displayed on the computer desktop.” Some time aftwards, Gator succesfully sued PC Pitsop for referring to Gator's software as spyware.

When you finish installing DivX, it will immediatly start a program called “gain trickler,” which slowly downloads GAIN onto your hard drive. It will also put the trickler on your start list, so that it executes each time you reboot. Deal with that (you can use msconfig to edit your start list). Then run Ad-Aware and remove every trace of GAIN except for the

HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\

registry key. DivX 5 will still work. Doom9 has a great article on this.

(Of course, paying for Divx 5 will also get you a spyware-free version.) Also, be aware that the for-profit version of the DivX 5 codec, whether paid for by ads or by direct payment, offers no advantages for people who only want to watch movies. All you need to watch Divx-encoded video is the basic version, which does not come with spyware. Or choose the better option: install the ffdshow DirectShow filter (the latest version, regardless of whether or not its “alpha”) and then watch video using the media player of your choice.

Kazaa
If you're still using Kazaa, uninstall it right now.

Kazaa is evil. They have signed a well-publicized contract with Brilliant Digital to use your bandwith and your CPU cycles for their own ends. How would you like your hard drive used as online storage for their ads? It sickens me that Kazaa has actually defended this. Since then, they've made news with even more transparent greed.

There is only one thing to do: uninstall Kazaa. Run Ad-Aware and the B3DKiller to burn it out.

It's worth noting that the FTC has issued an advisory about the potential dangers of file-sharing. Its warnings apply to all P2P software, not just Kazaa. Everyone who installs this type of software should be aware of the risks.

You will find numerous “spyware-free” Kazaa-based hacks, including Diet K and Kazaa-Lite. Of these, only Diet K possesses a permanent website. Sharman Networks (who holds the copyright on Kazaa) filed a DMCA-based complaint against Kazaa Lite on August 11th, 2003, and is now trying to chase it off the edge of the Earth.

Realnetworks Products
Realnetworks practically invented spyware. They were sued for their privacy violations. They were sued again. Their spying drew the attention of the FTC. By now, the activities of RealDownload are well-known, as are those of RealJukebox. Would you trust a company with this record?

Set Realplayer up carefully.
Choose “custom install” and don't install components you don't need. Hunt down checkboxes that authorize Realplayer to send out data, and clear them. Disable the “evntsvc” that comes with RealOne. If you're still using Realplayer 8, then Krellan's advice might help.

Get rid of Realplayer.
You can uninstall Realplayer and play Real-content with something else! From the 01/28/2001 issue of Lockergnome:

We've talked about we how really don't want Real on our systems. A few third-party players were developed to bypass the RealBeast, but they still require the Real codecs to be installed... In the C:\Program Files\Common Files\Real hierarchy, grab the contents of \Codecs, \Common, and \Plugins. In the C:\Windows\System (or System32) folder, grab pncrt.dll. Now, navigate to the machine's registry: HKEY_CLASSES_ROOT\Software\RealNetworks\Preferences. Be sure to export three of its subkeys: \DT_Plugins, \DT_Codecs, and \DT_Common. In each case, they should point to the appropriate folder hierarchy (the ones you just copied from the Program Files folder). Copy the three folders and the DLL file back to their original locations (on your primary machine this time). Double-click the REG file to merge its contents into the Registry. Now any third-party player that requires the RealStuff should play your RealMedia without a RealHeadache.

You could then use Media Player Classic to play your realmedia. However, you will no longer be able to play most streaming video (which require Realplayer's browser integration).

Microsoft Windows
Should we begin with the Windows 95 registration wizard, which sends Microsoft a list of applications on your hard drive? No, the newer versions of Windows have not abandoned this practice. According to tecChannel, Microsoft Windows Update currently does the exact same thing.

How about Windows XP's “activation process”, which sends Microsoft the details of your hardware as part of the copy protection scheme? “Jgaa,” maker of WarFTP, has decided not to support Windows XP for precisely this reason.

Or should we be more worried about the kind of information that Windows Media Player gathers and sends back to Microsoft?

Those with an eye to the future worry about Microsoft's Palladium, most infamous of the in-development “Digital Rights Management” technologies. DRM assume that those who hold the copyright to your software—which includes your CD's and DVD's—have as much right to your computer as you do. Richard Stallman has written an editorial against this. Cambridge Professor Ross Anderson, as well, has written a FAQ on Palladium.

So what can you do to protect yourself from your operating system? If you use Windows XP, then XP-AntiSpy and BJK Research's “Take Back Window XP” article will prove useful. Or use Windows 2000, which conceals far less spyware than XP does.

Autonomation Access has written an editorial, E-029 2003 And Beyond, which details Microsoft's plans for the future of the world. It also lists the hazards of living in that world—a world which has already fallen upon us.

To Microsoft's credit, however, it claims that Windows contains no back doors for the CIA to eavesdrop through.

8. Final Words
The final word about spyware comes from one of the writers of AudioGalaxy:

Towards the end of my time there, online advertising budgets fell through the floor and we were forced to find other methods of income. Sometime around then we began bundling... spyware into the satellite installer, simply because they paid good money and nobody else was... the satellite always gave you either the option of not installing the spyware, or told you quite clearly what it was doing in all caps at the top of the readme that was automatically displayed (yet usually ignored). We all disliked having other software go along with the satellite, but we had to make money somehow.

9. Resources
General Information
Yahoo's spyware category
Counterexploitation [cexx.org]

Articles
alt.privacy.spyware FAQ
Salon.com Technology | The Parasite Economy
PC invaders camp out in hard drives
TIME Digital -- Special Report: Privacy

Truly Free (No Ads) Software
Pricelessware List

Spyware Removers
Ad-Aware
SpyBot

Windows XP
ITworld.com – Microsoft Media Player logs users' DVD picks
MS' Media Player Tracks You
XP AntiSpy
Take Back Windows XP

Newsgroups
alt.privacy.spyware

 
Copyright 2004. PC Plus, LLC. All rights reserved