Newbie Question: "Where Do I Begin???"

[Jeremy]

x-no-archive: yes

I just discovered this NG, and I only recently was introduced to spyware,
when my browser was hijacked by Xupiter.com. I was trying to download a
Java applet to enter a chatroom using my browser, and I got more than I
bargained for . . .

I have completely lost the ability to use MSN's search engine, by typing the
word "GO" followed by the browse subject, into my address bar. I don't know
how to de-install IE6 and then reinstall it (if that is even possible), so I
have learned to live with the situation.

Here is my question:

What anti-spyware or other software should I be running?

Right now I have McAfee Anti-Virus, updated every couple of days. I have
LavaSoft AdAware, and it has found and disinfected a number of spyware
items, I also run SpyBot daily. I also have Spyware Blaster, and I have
immunized every item on their list. Finally, I have Spyware Guard running
in the background.

I do a complete virus scan every couple of days, and I have it set to filter
internet downloads at other times (I don't keep it running in the
background, because it slows my system down to an unacceptable level.

I also have ZoneAlarm, latest freeware version, running at all times, and it
is set to its default settings. I have it set to go to Internet Lock after
15 minutes of inactivity.

I also use Anonymizer Private Surfing, and I always browse any unfamiliar
sites using it at maximum security, with encrypted URLs and SSH encryption
for downloaded pages.

Finally, I use PC Guardian encryption on a couple of sensitive directories.
I ordinarily leave the application turned off, except when I need to view or
work with an encrypted file.

I do keep seeing an Alexa URL ("Related.htm," I think), that keeps popping
up when I scan with SpyBot S&D. I clean it off, and a few days later it
reappears. I have no idea what it is that I am doing that enables this file
to keep coming back.

Have I covered all the bases? Is there anything else I should be doing?
Are there any web sites that offer information on this stuff? I'd
appreciate any information or suggestions.

Thanks.

[Chuck]

On Tue, 07 Oct 2003 17:41:23 GMT, "Jeremy" <jeremy@no-spam-thanks.com>
wrote:

>x-no-archive: yes
>
>I just discovered this NG, and I only recently was introduced to spyware,
>when my browser was hijacked by Xupiter.com. I was trying to download a
>Java applet to enter a chatroom using my browser, and I got more than I
>bargained for . . .
>
>I have completely lost the ability to use MSN's search engine, by typing the
>word "GO" followed by the browse subject, into my address bar. I don't know
>how to de-install IE6 and then reinstall it (if that is even possible), so I
>have learned to live with the situation.
>
>Here is my question:
>
>What anti-spyware or other software should I be running?
>
>Right now I have McAfee Anti-Virus, updated every couple of days. I have
>LavaSoft AdAware, and it has found and disinfected a number of spyware
>items, I also run SpyBot daily. I also have Spyware Blaster, and I have
>immunized every item on their list. Finally, I have Spyware Guard running
>in the background.
>
>I do a complete virus scan every couple of days, and I have it set to filter
>internet downloads at other times (I don't keep it running in the
>background, because it slows my system down to an unacceptable level.
>
>I also have ZoneAlarm, latest freeware version, running at all times, and it
>is set to its default settings. I have it set to go to Internet Lock after
>15 minutes of inactivity.
>
>I also use Anonymizer Private Surfing, and I always browse any unfamiliar
>sites using it at maximum security, with encrypted URLs and SSH encryption
>for downloaded pages.
>
>Finally, I use PC Guardian encryption on a couple of sensitive directories.
>I ordinarily leave the application turned off, except when I need to view or
>work with an encrypted file.
>
>I do keep seeing an Alexa URL ("Related.htm," I think), that keeps popping
>up when I scan with SpyBot S&D. I clean it off, and a few days later it
>reappears. I have no idea what it is that I am doing that enables this file
>to keep coming back.
>
>Have I covered all the bases? Is there anything else I should be doing?
>Are there any web sites that offer information on this stuff? I'd
>appreciate any information or suggestions.
>
>Thanks.

You could add HijackThis. HJT checks for spyware by looking for
traces, rather than obvious signatures like AA and SSD. I ran HJT a
couple months ago, and posted the log file at SWI Forums. Got the
reply "nothing interesting there". So occasionally I rerun HJT, and
compare the latest log against my clean log.

HJT requires manual effort (by the SWI Forums experts), and manual
effort in the comparison, but it's one more line of defense.

You might want to verify the security settings in your browser:
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/index.php
https://testzone.secunia.com/browser_checker/

Paranoia comes from experience - and is not necessarily a bad thing.

Cheers,


Chuck
cacrollthespam@yahoo.com
Spam sucks - PLEASE get rid of the spam before emailing me!

[YK]

Jeremy wrote:
> x-no-archive: yes
>
> I just discovered this NG, and I only recently was introduced to
> spyware, when my browser was hijacked by Xupiter.com. I was trying
> to download a Java applet to enter a chatroom using my browser, and I
> got more than I bargained for . . .
>
> I have completely lost the ability to use MSN's search engine, by
> typing the word "GO" followed by the browse subject, into my address
> bar. I don't know how to de-install IE6 and then reinstall it (if
> that is even possible), so I have learned to live with the situation.
>
> Here is my question:
>
> What anti-spyware or other software should I be running?

I use and update regularly IE-SPYAD and a good HOSTS file.
http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD
http://asp.flaaten.dk/proxo/forum.asp?FORUM_ID=20

> Right now I have McAfee Anti-Virus, updated every couple of days. I
> have LavaSoft AdAware, and it has found and disinfected a number of
> spyware items, I also run SpyBot daily. I also have Spyware Blaster,
> and I have immunized every item on their list. Finally, I have
> Spyware Guard running in the background.
>
> I do a complete virus scan every couple of days, and I have it set to
> filter internet downloads at other times (I don't keep it running in
> the background, because it slows my system down to an unacceptable
> level.

I use AVG free from Grisoft on my AMD tower and my ancient 200MHZ MMX laptop
without any impact on performance.

> I also have ZoneAlarm, latest freeware version, running at all times,
> and it is set to its default settings. I have it set to go to
> Internet Lock after 15 minutes of inactivity.
>
> I also use Anonymizer Private Surfing, and I always browse any
> unfamiliar sites using it at maximum security, with encrypted URLs
> and SSH encryption for downloaded pages.
>
> Finally, I use PC Guardian encryption on a couple of sensitive
> directories. I ordinarily leave the application turned off, except
> when I need to view or work with an encrypted file.
>
> I do keep seeing an Alexa URL ("Related.htm," I think), that keeps
> popping up when I scan with SpyBot S&D. I clean it off, and a few
> days later it reappears. I have no idea what it is that I am doing
> that enables this file to keep coming back.

Read this:
http://www.imilly.com/alexa.htm

> Have I covered all the bases? Is there anything else I should be
> doing? Are there any web sites that offer information on this stuff?
> I'd appreciate any information or suggestions.

http://www.staff.uiuc.edu/~ehowes/main-nf.htm

[Jay T. Blocksom]

On Tue, 07 Oct 2003 17:41:23 GMT, in <alt.privacy.spyware>, "Jeremy"
<jeremy@no-spam-thanks.com> wrote:
>
> x-no-archive: yes
>
[snip]

Exactly what do you think you're accomplishing with that nonsense?

> I just discovered this NG, and I only recently was introduced to spyware,
> when my browser was hijacked by Xupiter.com. I was trying to download a
> Java applet to enter a chatroom using my browser, and I got more than I
> bargained for . . .
>
[snip]

Why on Earth did you think you needed "a Java applet" -- let alone an
apparently site-specific one -- to use a "chatroom"? That sort of thing
just *screams* "Trojan!"

> I have completely lost the ability to use MSN's search engine,
[snip]

Well, IMCO that's not much of a loss; but notwithstanding that...

> ...by typing
> the word "GO" followed by the browse subject, into my address bar.
[snip]

Bookmark this:

<http://www.google-watch.org/cgi-bin/proxy.htm>

....and keep it handy. I think you'll find it much more useful in the long
run.

> I don't know
> how to de-install IE6 and then reinstall it (if that is even possible),
[snip]

This will do the part that's worth doing:

<http://www.litepc.com/ieradicator.html>

> Here is my question:
>
> What anti-spyware or other software should I be running?
>
[snip]

Only that which you really *need* to run, and only when you really need to
run it. Yes, I realize that answer may seem cryptic to you, but bear with
me...

> Right now I have McAfee Anti-Virus, updated every couple of days.
[snip]

Yuck.

McAfee is probably *the* worst "big name" anti-virus software extant (it's a
close race between them and Norton/Symantec for that most dubious
distinction). It has a long history of missing more virii than most others,
and being buggy and unstable to the point of being literally unhealthy for
the systems it is installed on -- not to mention that NAI are spammers, and
thus wholly undeserving of your money or your support.

> I have
> LavaSoft AdAware,
[snip]

OK. Make sure it is the latest "build" (6.181, I think), and keep the
reference files up-to-date.

> ...and it has found and disinfected a number of spyware
> items,
[snip]

But that is the telling part. What are you doing to get so many
"infections"? *That* is the core issue you really need to address.

> I also run SpyBot daily.
[snip]

Why? Not to denegrate SS&D in any way (it is a very useful tool, when
properly used); but if you have need to run it anywhere near that often,
you're repeatedly doing some *seriously* stupid things with your computer.

> I also have Spyware Blaster,
[snip]

An utterly pointless waste of bits, at least presuming that your system is
set up anywhere near properly to start with. (But then, given the above, I
highly doubt your system *is* set up "properly".)

> Finally, I have Spyware Guard running
> in the background.
>
[snip]

I don't much care for this, for several reasons (not the least of which
being that it is from the same Bozos who foisted SpywareBlaster onto the
world); but at least it has a *theoretical* basis for being.

> I do a complete virus scan every couple of days,
[snip]

If you're exercising anything even close to "safe computing" practices, you
*shouldn't* need to do it that often; but OTOH, it can't hurt beyond being a
waste of time.

> ...and I have it set to
> filter internet downloads at other times (I don't keep it running in the
> background, because it slows my system down to an unacceptable level.
>
[snip]

This appears to be an oxymoron. If it's not running in the background, how
does it "know" if/when you've downloaded something?

> I also have ZoneAlarm, latest freeware version, running at all times, and
> it is set to its default settings.
[snip]

Yuck, again.

First, read these:

<http://samspade.org/d/persfire.html>
<http://samspade.org/d/firewalls.html>

Then go get a *real* firewall. Since you appear to be on a dial-up (as
opposed to DSL or "cable modem"), I would suggest either of these two:

<http://www.netgear.com/products/prod_details.asp?prodID=157>
<http://www.dlink.com/products/?pid=59>

> I also use Anonymizer Private Surfing, and I always browse any unfamiliar
> sites using it at maximum security, with encrypted URLs and SSH
> encryption for downloaded pages.
>
[snip]

This is probably not getting you what you think it is (remember: there is NO
SUCH THING as true anonymity on the 'net); and there are near-certainly
better ways to get what it really *is* giving you. But this issue is not
directly relevant to the "spyware" issue, so I won't belabor the point.

> Finally, I use PC Guardian encryption on a couple of sensitive
> directories. I ordinarily leave the application turned off, except when I
> need to view or work with an encrypted file.
>
[snip]

Also not directly relevant.

> I do keep seeing an Alexa URL ("Related.htm," I think), that keeps
> popping up when I scan with SpyBot S&D. I clean it off, and a few days
> later it reappears. I have no idea what it is that I am doing that
> enables this file to keep coming back.
>
[snip]

The simple answer is that you're repeatedly using *THE* single-biggest
spyware (and virus, and worm, and trojan) magnet the world has ever known:
MSIE. And once again, the cure for this is:

<http://www.litepc.com/ieradicator.html>

> Have I covered all the bases? Is there anything else I should be doing?
[snip]

IMCO, yes, there is one thing you *definitely* should be doing: And that
is, seriously re-thinking your entire approach to these issues (and perhaps
the computer in general).

From your post, it is abundantly clear that you think the cure for having a
lot of crappy programs (which do things you don't want done) installed on
your system is to install still more crappy programs (which also do things
you don't want done, if you would but realize it).

The key to a secure and stable system is *not* to keep adding more and more
"stuff", but to *remove* those things which represent security risks and/or
destablize the system. Think about it: If an insecure service or
application is not installed or running, it *can't* present it's myriad
security holes to the world. And as I mentioned above, *the* single biggest
security risk on your system is MSIE (and it's ugly step-child, Outleak
Excuse). You absolutely need to remove that crapware from your system
entirely; until you do that, all other efforts at protecting yourself will
unavoidably be at least partially futile.

There's more. But until you've covered these basics, there's really no
point in going through all the details.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Richard Steinfeld]

Jay, would you please get some manners! There's no reason
for you to be so condescending.

Richard

"Jay T. Blocksom"
<not.deliverable+USENET@appropriate-tech.net> wrote in
message
news:sbcoovsk4b8s6509iavmg2tgdom88k90ag@news.rcn.c om...
> On Tue, 07 Oct 2003 17:41:23 GMT, in
<alt.privacy.spyware>, "Jeremy"
> <jeremy@no-spam-thanks.com> wrote:
> >
> > x-no-archive: yes
> >
> [snip]
>
> Exactly what do you think you're accomplishing with that
nonsense?
>
> > I just discovered this NG, and I only recently was
introduced to spyware,
> > when my browser was hijacked by Xupiter.com. I was
trying to download a
> > Java applet to enter a chatroom using my browser, and I
got more than I
> > bargained for . . .
> >
> [snip]
>
> Why on Earth did you think you needed "a Java applet" --
let alone an
> apparently site-specific one -- to use a "chatroom"? That
sort of thing
> just *screams* "Trojan!"
>
> > I have completely lost the ability to use MSN's search
engine,
> [snip]
>
> Well, IMCO that's not much of a loss; but notwithstanding
that...
>
> > ...by typing
> > the word "GO" followed by the browse subject, into my
address bar.
> [snip]
>
> Bookmark this:
>
> <http://www.google-watch.org/cgi-bin/proxy.htm>
>
> ...and keep it handy. I think you'll find it much more
useful in the long
> run.
>
> > I don't know
> > how to de-install IE6 and then reinstall it (if that is
even possible),
> [snip]
>
> This will do the part that's worth doing:
>
> <http://www.litepc.com/ieradicator.html>
>
> > Here is my question:
> >
> > What anti-spyware or other software should I be
running?
> >
> [snip]
>
> Only that which you really *need* to run, and only when
you really need to
> run it. Yes, I realize that answer may seem cryptic to
you, but bear with
> me...
>
> > Right now I have McAfee Anti-Virus, updated every
couple of days.
> [snip]
>
> Yuck.
>
> McAfee is probably *the* worst "big name" anti-virus
software extant (it's a
> close race between them and Norton/Symantec for that most
dubious
> distinction). It has a long history of missing more virii
than most others,
> and being buggy and unstable to the point of being
literally unhealthy for
> the systems it is installed on -- not to mention that NAI
are spammers, and
> thus wholly undeserving of your money or your support.
>
> > I have
> > LavaSoft AdAware,
> [snip]
>
> OK. Make sure it is the latest "build" (6.181, I think),
and keep the
> reference files up-to-date.
>
> > ...and it has found and disinfected a number of spyware
> > items,
> [snip]
>
> But that is the telling part. What are you doing to get
so many
> "infections"? *That* is the core issue you really need to
address.
>
> > I also run SpyBot daily.
> [snip]
>
> Why? Not to denegrate SS&D in any way (it is a very
useful tool, when
> properly used); but if you have need to run it anywhere
near that often,
> you're repeatedly doing some *seriously* stupid things
with your computer.
>
> > I also have Spyware Blaster,
> [snip]
>
> An utterly pointless waste of bits, at least presuming
that your system is
> set up anywhere near properly to start with. (But then,
given the above, I
> highly doubt your system *is* set up "properly".)
>
> > Finally, I have Spyware Guard running
> > in the background.
> >
> [snip]
>
> I don't much care for this, for several reasons (not the
least of which
> being that it is from the same Bozos who foisted
SpywareBlaster onto the
> world); but at least it has a *theoretical* basis for
being.
>
> > I do a complete virus scan every couple of days,
> [snip]
>
> If you're exercising anything even close to "safe
computing" practices, you
> *shouldn't* need to do it that often; but OTOH, it can't
hurt beyond being a
> waste of time.
>
> > ...and I have it set to
> > filter internet downloads at other times (I don't keep
it running in the
> > background, because it slows my system down to an
unacceptable level.
> >
> [snip]
>
> This appears to be an oxymoron. If it's not running in
the background, how
> does it "know" if/when you've downloaded something?
>
> > I also have ZoneAlarm, latest freeware version, running
at all times, and
> > it is set to its default settings.
> [snip]
>
> Yuck, again.
>
> First, read these:
>
> <http://samspade.org/d/persfire.html>
> <http://samspade.org/d/firewalls.html>
>
> Then go get a *real* firewall. Since you appear to be on
a dial-up (as
> opposed to DSL or "cable modem"), I would suggest either
of these two:
>
>
<http://www.netgear.com/products/prod...asp?prodID=157
>
> <http://www.dlink.com/products/?pid=59>
>
> > I also use Anonymizer Private Surfing, and I always
browse any unfamiliar
> > sites using it at maximum security, with encrypted URLs
and SSH
> > encryption for downloaded pages.
> >
> [snip]
>
> This is probably not getting you what you think it is
(remember: there is NO
> SUCH THING as true anonymity on the 'net); and there are
near-certainly
> better ways to get what it really *is* giving you. But
this issue is not
> directly relevant to the "spyware" issue, so I won't
belabor the point.
>
> > Finally, I use PC Guardian encryption on a couple of
sensitive
> > directories. I ordinarily leave the application turned
off, except when I
> > need to view or work with an encrypted file.
> >
> [snip]
>
> Also not directly relevant.
>
> > I do keep seeing an Alexa URL ("Related.htm," I think),
that keeps
> > popping up when I scan with SpyBot S&D. I clean it
off, and a few days
> > later it reappears. I have no idea what it is that I
am doing that
> > enables this file to keep coming back.
> >
> [snip]
>
> The simple answer is that you're repeatedly using *THE*
single-biggest
> spyware (and virus, and worm, and trojan) magnet the world
has ever known:
> MSIE. And once again, the cure for this is:
>
> <http://www.litepc.com/ieradicator.html>
>
> > Have I covered all the bases? Is there anything else I
should be doing?
> [snip]
>
> IMCO, yes, there is one thing you *definitely* should be
doing: And that
> is, seriously re-thinking your entire approach to these
issues (and perhaps
> the computer in general).
>
> From your post, it is abundantly clear that you think the
cure for having a
> lot of crappy programs (which do things you don't want
done) installed on
> your system is to install still more crappy programs
(which also do things
> you don't want done, if you would but realize it).
>
> The key to a secure and stable system is *not* to keep
adding more and more
> "stuff", but to *remove* those things which represent
security risks and/or
> destablize the system. Think about it: If an insecure
service or
> application is not installed or running, it *can't*
present it's myriad
> security holes to the world. And as I mentioned above,
*the* single biggest
> security risk on your system is MSIE (and it's ugly
step-child, Outleak
> Excuse). You absolutely need to remove that crapware from
your system
> entirely; until you do that, all other efforts at
protecting yourself will
> unavoidably be at least partially futile.
>
> There's more. But until you've covered these basics,
there's really no
> point in going through all the details.
>
> --
>
> Jay T. Blocksom
> --------------------------------
> Appropriate Technology, Inc.
> usenet01[at]appropriate-tech.net
>
>
> "They that can give up essential liberty to obtain a
little temporary
> safety deserve neither liberty nor safety."
> -- Benjamin Franklin, Historical Review of
Pennsylvania, 1759.
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -
> NOTE: E-Mail address in "From:" line is INVALID! Remove
+SPAMBLOCK to mail.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -
> Unsolicited advertising sent to this E-Mail address is
expressly prohibited
> under USC Title 47, Section 227. Violators are subject to
charge of up to
> $1,500 per incident or treble actual costs, whichever is
greater.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

[Jay T. Blocksom]

On Sat, 18 Oct 2003 22:36:01 GMT, in <alt.privacy.spyware>, "Richard
Steinfeld" <rgsteinBUTREMOVETHIS@sonic.net> wrote:
>
> Lines: 301
> X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>
[snip]

> Jay, would you please get some manners! There's no reason
> for you to be so condescending.
>
[snip]

This, from a top-posting/full-quoting twit who likes to get virii and worms.

Furrfu!

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -