|
Prevention methods with antispyware software:
- A disk scan mode, which you can run manually or schedule. This looks for known spyware on the disk, in the registry, and basically everywhere that software can hid. It also tends to remove tracking cookies, which aren't technically spyware but are a privacy invasion nevertheless. It also checks the hooks, see below
- Process analyst. Spyware, being 'legit', or at least pretending to be so, often has standard names and doesn't hid itself in the process list. Ergo, a fairly simple way of getting rid of it is to simply watch the running processes and immediately kill anything with the name of known spyware, and then remove it from disk. Certain registry keys where spyware puts information may also be tracked.
- A real-time interception mode. Windows, like all modern OSes, has a concept called 'hooks', whereas certain programs can intercept what other programs do inside your computer. For example, a firewall uses various hooks to watch network traffic by all programs. Spyware use these hooks to spy on you. Antispyware programs cleverly spy on the hooks themselves, so can inform you that something is watching your keystrokes or network traffic or analyzing everything written to disk. This is akin to heurisitic scanning in antivirus software, with the exception that it works fairly well, as little software has a legitimate reason to spy on you.
- IE interception. The same as above, but operates within IE, to prompt for ActiveX controls and plugins. Not as needed with IE7, but still useful.
- Immunization, which takes places that spyware installs itself and makes them unusable. It can consist of making directories and write-protecting them, making registry entries that indicate the spyware is already installed, and all sorts of things that break specific pieces of spyware. This is falling out of favor except in emergency situtations.
|
Spyware