Newbie Question: "Where Do I Begin???"

Discussion in 'Spyware' started by Jeremy, Oct 7, 2003.

  1. Jeremy

    Jeremy Guest

    x-no-archive: yes

    I just discovered this NG, and I only recently was introduced to spyware,
    when my browser was hijacked by Xupiter.com. I was trying to download a
    Java applet to enter a chatroom using my browser, and I got more than I
    bargained for . . .

    I have completely lost the ability to use MSN's search engine, by typing the
    word "GO" followed by the browse subject, into my address bar. I don't know
    how to de-install IE6 and then reinstall it (if that is even possible), so I
    have learned to live with the situation.

    Here is my question:

    What anti-spyware or other software should I be running?

    Right now I have McAfee Anti-Virus, updated every couple of days. I have
    LavaSoft AdAware, and it has found and disinfected a number of spyware
    items, I also run SpyBot daily. I also have Spyware Blaster, and I have
    immunized every item on their list. Finally, I have Spyware Guard running
    in the background.

    I do a complete virus scan every couple of days, and I have it set to filter
    internet downloads at other times (I don't keep it running in the
    background, because it slows my system down to an unacceptable level.

    I also have ZoneAlarm, latest freeware version, running at all times, and it
    is set to its default settings. I have it set to go to Internet Lock after
    15 minutes of inactivity.

    I also use Anonymizer Private Surfing, and I always browse any unfamiliar
    sites using it at maximum security, with encrypted URLs and SSH encryption
    for downloaded pages.

    Finally, I use PC Guardian encryption on a couple of sensitive directories.
    I ordinarily leave the application turned off, except when I need to view or
    work with an encrypted file.

    I do keep seeing an Alexa URL ("Related.htm," I think), that keeps popping
    up when I scan with SpyBot S&D. I clean it off, and a few days later it
    reappears. I have no idea what it is that I am doing that enables this file
    to keep coming back.

    Have I covered all the bases? Is there anything else I should be doing?
    Are there any web sites that offer information on this stuff? I'd
    appreciate any information or suggestions.

    Thanks.
     
    Jeremy, Oct 7, 2003
    #1
    1. Advertisements

  2. Jeremy

    Chuck Guest

    You could add HijackThis. HJT checks for spyware by looking for
    traces, rather than obvious signatures like AA and SSD. I ran HJT a
    couple months ago, and posted the log file at SWI Forums. Got the
    reply "nothing interesting there". So occasionally I rerun HJT, and
    compare the latest log against my clean log.

    HJT requires manual effort (by the SWI Forums experts), and manual
    effort in the comparison, but it's one more line of defense.

    You might want to verify the security settings in your browser:
    http://www.jasons-toolbox.com/BrowserSecurity/
    http://bcheck.scanit.be/bcheck/index.php
    https://testzone.secunia.com/browser_checker/

    Paranoia comes from experience - and is not necessarily a bad thing.

    Cheers,


    Chuck

    Spam sucks - PLEASE get rid of the spam before emailing me!
     
    Chuck, Oct 8, 2003
    #2
    1. Advertisements

  3. Jeremy

    YK Guest

    I use and update regularly IE-SPYAD and a good HOSTS file.
    http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD
    http://asp.flaaten.dk/proxo/forum.asp?FORUM_ID=20
    I use AVG free from Grisoft on my AMD tower and my ancient 200MHZ MMX laptop
    without any impact on performance.
    Read this:
    http://www.imilly.com/alexa.htm
    http://www.staff.uiuc.edu/~ehowes/main-nf.htm
     
    YK, Oct 8, 2003
    #3
  4. [snip]

    Exactly what do you think you're accomplishing with that nonsense?
    [snip]

    Why on Earth did you think you needed "a Java applet" -- let alone an
    apparently site-specific one -- to use a "chatroom"? That sort of thing
    just *screams* "Trojan!"
    [snip]

    Well, IMCO that's not much of a loss; but notwithstanding that...
    [snip]

    Bookmark this:

    <http://www.google-watch.org/cgi-bin/proxy.htm>

    ....and keep it handy. I think you'll find it much more useful in the long
    run.
    [snip]

    This will do the part that's worth doing:

    [snip]

    Only that which you really *need* to run, and only when you really need to
    run it. Yes, I realize that answer may seem cryptic to you, but bear with
    me...
    [snip]

    Yuck.

    McAfee is probably *the* worst "big name" anti-virus software extant (it's a
    close race between them and Norton/Symantec for that most dubious
    distinction). It has a long history of missing more virii than most others,
    and being buggy and unstable to the point of being literally unhealthy for
    the systems it is installed on -- not to mention that NAI are spammers, and
    thus wholly undeserving of your money or your support.
    [snip]

    OK. Make sure it is the latest "build" (6.181, I think), and keep the
    reference files up-to-date.
    [snip]

    But that is the telling part. What are you doing to get so many
    "infections"? *That* is the core issue you really need to address.
    [snip]

    Why? Not to denegrate SS&D in any way (it is a very useful tool, when
    properly used); but if you have need to run it anywhere near that often,
    you're repeatedly doing some *seriously* stupid things with your computer.
    [snip]

    An utterly pointless waste of bits, at least presuming that your system is
    set up anywhere near properly to start with. (But then, given the above, I
    highly doubt your system *is* set up "properly".)
    [snip]

    I don't much care for this, for several reasons (not the least of which
    being that it is from the same Bozos who foisted SpywareBlaster onto the
    world); but at least it has a *theoretical* basis for being.
    [snip]

    If you're exercising anything even close to "safe computing" practices, you
    *shouldn't* need to do it that often; but OTOH, it can't hurt beyond being a
    waste of time.
    [snip]

    This appears to be an oxymoron. If it's not running in the background, how
    does it "know" if/when you've downloaded something?
    [snip]

    Yuck, again.

    First, read these:

    <http://samspade.org/d/persfire.html>
    <http://samspade.org/d/firewalls.html>

    Then go get a *real* firewall. Since you appear to be on a dial-up (as
    opposed to DSL or "cable modem"), I would suggest either of these two:

    <http://www.netgear.com/products/prod_details.asp?prodID=157>
    [snip]

    This is probably not getting you what you think it is (remember: there is NO
    SUCH THING as true anonymity on the 'net); and there are near-certainly
    better ways to get what it really *is* giving you. But this issue is not
    directly relevant to the "spyware" issue, so I won't belabor the point.
    [snip]

    Also not directly relevant.
    [snip]

    The simple answer is that you're repeatedly using *THE* single-biggest
    spyware (and virus, and worm, and trojan) magnet the world has ever known:
    MSIE. And once again, the cure for this is:

    [snip]

    IMCO, yes, there is one thing you *definitely* should be doing: And that
    is, seriously re-thinking your entire approach to these issues (and perhaps
    the computer in general).

    From your post, it is abundantly clear that you think the cure for having a
    lot of crappy programs (which do things you don't want done) installed on
    your system is to install still more crappy programs (which also do things
    you don't want done, if you would but realize it).

    The key to a secure and stable system is *not* to keep adding more and more
    "stuff", but to *remove* those things which represent security risks and/or
    destablize the system. Think about it: If an insecure service or
    application is not installed or running, it *can't* present it's myriad
    security holes to the world. And as I mentioned above, *the* single biggest
    security risk on your system is MSIE (and it's ugly step-child, Outleak
    Excuse). You absolutely need to remove that crapware from your system
    entirely; until you do that, all other efforts at protecting yourself will
    unavoidably be at least partially futile.

    There's more. But until you've covered these basics, there's really no
    point in going through all the details.

    --

    Jay T. Blocksom
    --------------------------------
    Appropriate Technology, Inc.
    usenet01[at]appropriate-tech.net


    "They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety."
    -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Unsolicited advertising sent to this E-Mail address is expressly prohibited
    under USC Title 47, Section 227. Violators are subject to charge of up to
    $1,500 per incident or treble actual costs, whichever is greater.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     
    Jay T. Blocksom, Oct 14, 2003
    #4
  5. Jay, would you please get some manners! There's no reason
    for you to be so condescending.

    Richard

    "Jay T. Blocksom"
    message
    - - - - - - - - -
     
    Richard Steinfeld, Oct 18, 2003
    #5
  6. [snip]

    This, from a top-posting/full-quoting twit who likes to get virii and worms.

    Furrfu!

    --

    Jay T. Blocksom
    --------------------------------
    Appropriate Technology, Inc.
    usenet01[at]appropriate-tech.net


    "They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety."
    -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Unsolicited advertising sent to this E-Mail address is expressly prohibited
    under USC Title 47, Section 227. Violators are subject to charge of up to
    $1,500 per incident or treble actual costs, whichever is greater.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     
    Jay T. Blocksom, Oct 23, 2003
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.