What is a virus?
A virus is a self-replicating piece of software which usually
sends itself to other computers via email or the Internet. It does not require
human intervention. Its purpose is to either replicate, cause computer damage,
or both. It typically comes from infected emails or documents and can either do
its damage right away, or be like a ticking time bomb waiting for the special
day to activate.
Examples of viruses:
Boot viruses such as Michelangelo and Disk Killer load
when the computer reads the disk. This type of virus is extremely difficult to
get rid of.
Program viruses attach themselves to
the executable programs on the computer and replicate themselves to all
executables on the hard drive. Again, these are very difficult to remove.
Examples include the Sunday Virus and Cascade Virus.
Stealth viruses manipulate file sizes
to avoid detection. Examples include the Whale virus and the Frodo virus.
Polymorphic viruses change when they
replicate so they don't look the same to antivirus software or humans
attempting to find them. Examples include the Stimulate virus and Virus 101.
Macro Viruses infect Microsoft Office documents (and
others) and infects the normal.dot file (the template that opens with Word when
you don't open a file). These viruses infect every document that is opened in
the program, and replicates itself to other computers when infected files are
shared. Examples include the DMV and Nuclear viruses.
Viruses also got really good at doing something else: disabling
anti-virus software. Not only could this particular virus do its dirty deeds
after this event, but other malware could also infect the computer without fear
of being caught. As a matter of fact, on many routine service calls I would
observe that the little anti-virus software icon near the clock disappeared,
and the computer user never even noticed the difference (at least until I
pointed it out!).
What is Spyware?
Spyware is a general term for malware that is installed on a
computer by infected pages on the Internet, or comes from software and other
packages that was installed on the computer by the user. Incorrectly labeled as
viruses, spyware has proliferated over the last 8-10 years (since about 2000)
and has caused many computer users to have major headaches, causing computer
reformats and file loss. This type of software is what this document is going
to concentrate on.
Spyware can come in the form of Ad-ware, Hijackers, tracking
cookies (although not all tracking cookies are bad), rogue security software,
ransom-ware (an advanced rogue security software), and keyloggers. New types of
spyware include rootkits which can be very difficult, if not impossible to
remove from a computer system. I will speak more on that later. The primary
point of spyware, however, is that it is a piece of software installed on a
computer system without the user's consent or knowledge, and is typically very
difficult (or seemingly difficult) to remove.
Many spyware programs are installed by way of Trojans where a
piece of software is installed on the computer from the Internet. The spyware
is installed unknowingly by the user at the same time as the
"software" giving the malware free reign of the computer. Software that
installs this way includes free screensavers, free games, programs from
torrents, programs from file sharing (such as Limewire), and other rogue
software.
Other spyware programs are installed by way of infected web pages.
If you see a page with a popup that comes up and says something like
"Warning: Your computer is infected with 99999 viruses. Click here to
perform a scan of your computer," you are witnessing an infected web page
and rogue software that is trying to get on your computer.
Ad-ware includes pop-ups, pop-unders, and other advertisements that
appear on a computer by way of software that is unknowingly installed on the
system. The primary purpose of adware is to get users to click on
advertisements which earn money for the person that made the software.
Hijackers (browser hijackers) literally hijack a web
browser and take the user to places other than where the user wanted to go.
Most of the time even the homepage gets hijacked. Again, the purpose of a
hijacker is money - when users click on the links on the hijacked page, the
malware maker receives a payout. Hijackers operate technically at several
different levels including registry changes, Hosts file changes, browser add-on
changes, LSP (Layered Service Protocol) Hijacks, and homepage changes. Removing
browser hijackers can result in browser connectivity loss which requires
additional (and more experienced) diagnostics and cleaning.
Keyloggers can determine what the user is doing on
the computer and record the keystrokes of the user while logging into banking
pages, eBay, Paypal, and other websites important to the user. The keylogger
software then transmits this information to the "Home" server (also
known as "calling home") where the bad guys can decipher the information
and use it to gain user credit card, banking, and other identity stealing
information.
Rogue security software and their more
dangerous cousins, ransom-ware, are the latest types of malware to cause
problems for computer users. The rogue security software pretends to be useful
security software, and is generally installed by way of infected web pages in
the form of a popup that states the computer is infected with so many thousands
of viruses (also known as drive-by download). This scares the user into
clicking on Scan Now or OK, which really just installs the malware. The
software doesn't actually detect anything at all, even though it says it does.
It then offers to clean the computer for the price of the software. Paying for
the software just changes the routine a bit, with the software stating it
cleaned all of the infections. Examples of this malware include Spy Sheriff
(one of the originals), Antivirus 2009, Antivirus 2010, Security Tool, and
Security Essentials 2010.