Newbie Question: "Where Do I Begin???"

[Jay T. Blocksom]

On Tue, 07 Oct 2003 17:41:23 GMT, in <alt.privacy.spyware>, "Jeremy"
<jeremy@no-spam-thanks.com> wrote:
>
> x-no-archive: yes
>
[snip]

Exactly what do you think you're accomplishing with that nonsense?

> I just discovered this NG, and I only recently was introduced to spyware,
> when my browser was hijacked by Xupiter.com. I was trying to download a
> Java applet to enter a chatroom using my browser, and I got more than I
> bargained for . . .
>
[snip]

Why on Earth did you think you needed "a Java applet" -- let alone an
apparently site-specific one -- to use a "chatroom"? That sort of thing
just *screams* "Trojan!"

> I have completely lost the ability to use MSN's search engine,
[snip]

Well, IMCO that's not much of a loss; but notwithstanding that...

> ...by typing
> the word "GO" followed by the browse subject, into my address bar.
[snip]

Bookmark this:

<http://www.google-watch.org/cgi-bin/proxy.htm>

....and keep it handy. I think you'll find it much more useful in the long
run.

> I don't know
> how to de-install IE6 and then reinstall it (if that is even possible),
[snip]

This will do the part that's worth doing:

<http://www.litepc.com/ieradicator.html>

> Here is my question:
>
> What anti-spyware or other software should I be running?
>
[snip]

Only that which you really *need* to run, and only when you really need to
run it. Yes, I realize that answer may seem cryptic to you, but bear with
me...

> Right now I have McAfee Anti-Virus, updated every couple of days.
[snip]

Yuck.

McAfee is probably *the* worst "big name" anti-virus software extant (it's a
close race between them and Norton/Symantec for that most dubious
distinction). It has a long history of missing more virii than most others,
and being buggy and unstable to the point of being literally unhealthy for
the systems it is installed on -- not to mention that NAI are spammers, and
thus wholly undeserving of your money or your support.

> I have
> LavaSoft AdAware,
[snip]

OK. Make sure it is the latest "build" (6.181, I think), and keep the
reference files up-to-date.

> ...and it has found and disinfected a number of spyware
> items,
[snip]

But that is the telling part. What are you doing to get so many
"infections"? *That* is the core issue you really need to address.

> I also run SpyBot daily.
[snip]

Why? Not to denegrate SS&D in any way (it is a very useful tool, when
properly used); but if you have need to run it anywhere near that often,
you're repeatedly doing some *seriously* stupid things with your computer.

> I also have Spyware Blaster,
[snip]

An utterly pointless waste of bits, at least presuming that your system is
set up anywhere near properly to start with. (But then, given the above, I
highly doubt your system *is* set up "properly".)

> Finally, I have Spyware Guard running
> in the background.
>
[snip]

I don't much care for this, for several reasons (not the least of which
being that it is from the same Bozos who foisted SpywareBlaster onto the
world); but at least it has a *theoretical* basis for being.

> I do a complete virus scan every couple of days,
[snip]

If you're exercising anything even close to "safe computing" practices, you
*shouldn't* need to do it that often; but OTOH, it can't hurt beyond being a
waste of time.

> ...and I have it set to
> filter internet downloads at other times (I don't keep it running in the
> background, because it slows my system down to an unacceptable level.
>
[snip]

This appears to be an oxymoron. If it's not running in the background, how
does it "know" if/when you've downloaded something?

> I also have ZoneAlarm, latest freeware version, running at all times, and
> it is set to its default settings.
[snip]

Yuck, again.

First, read these:

<http://samspade.org/d/persfire.html>
<http://samspade.org/d/firewalls.html>

Then go get a *real* firewall. Since you appear to be on a dial-up (as
opposed to DSL or "cable modem"), I would suggest either of these two:

<http://www.netgear.com/products/prod_details.asp?prodID=157>
<http://www.dlink.com/products/?pid=59>

> I also use Anonymizer Private Surfing, and I always browse any unfamiliar
> sites using it at maximum security, with encrypted URLs and SSH
> encryption for downloaded pages.
>
[snip]

This is probably not getting you what you think it is (remember: there is NO
SUCH THING as true anonymity on the 'net); and there are near-certainly
better ways to get what it really *is* giving you. But this issue is not
directly relevant to the "spyware" issue, so I won't belabor the point.

> Finally, I use PC Guardian encryption on a couple of sensitive
> directories. I ordinarily leave the application turned off, except when I
> need to view or work with an encrypted file.
>
[snip]

Also not directly relevant.

> I do keep seeing an Alexa URL ("Related.htm," I think), that keeps
> popping up when I scan with SpyBot S&D. I clean it off, and a few days
> later it reappears. I have no idea what it is that I am doing that
> enables this file to keep coming back.
>
[snip]

The simple answer is that you're repeatedly using *THE* single-biggest
spyware (and virus, and worm, and trojan) magnet the world has ever known:
MSIE. And once again, the cure for this is:

<http://www.litepc.com/ieradicator.html>

> Have I covered all the bases? Is there anything else I should be doing?
[snip]

IMCO, yes, there is one thing you *definitely* should be doing: And that
is, seriously re-thinking your entire approach to these issues (and perhaps
the computer in general).

From your post, it is abundantly clear that you think the cure for having a
lot of crappy programs (which do things you don't want done) installed on
your system is to install still more crappy programs (which also do things
you don't want done, if you would but realize it).

The key to a secure and stable system is *not* to keep adding more and more
"stuff", but to *remove* those things which represent security risks and/or
destablize the system. Think about it: If an insecure service or
application is not installed or running, it *can't* present it's myriad
security holes to the world. And as I mentioned above, *the* single biggest
security risk on your system is MSIE (and it's ugly step-child, Outleak
Excuse). You absolutely need to remove that crapware from your system
entirely; until you do that, all other efforts at protecting yourself will
unavoidably be at least partially futile.

There's more. But until you've covered these basics, there's really no
point in going through all the details.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -