What are Computer Parasites?
Parasites, so called because of the strong biological analogy, is a shorthand term for unsolicited commercial software. It is a program that gets installed on your computer which you never asked for and which does something you probably don't want it to, for someone else's profit.
The parasite problem has grown enormously recently, and many millions of computers are affected. Unsolicited commercial software can typically:
- plague you with unwanted advertising (adware);
- watch everything you do on-line and send information back to marketing companies (spyware);
- add advertising links to web pages, for which the author does not get paid, and redirect the payments from affiliate-fee schemes to the makers of the software (such software is sometimes called scumware);
- set browser home page and search settings to point to the makers sites (generally loaded with advertising), and prevent you changing it back (homepage hijackers);
- make your modem call premium-rate phone numbers (diallers);
- leave security holes allowing the makers of the software or, in particularly bad cases, anyone at all, to download and run software on your machine;
- degrade system performance and cause errors thanks to being badly-written;
- provide no uninstall feature, and put its code in unexpected and hidden places to make it difficult to remove.
How do they get here?
There are three major ways unsolicited commercial software can make its way on to your machine:
- Some freeware programs are bundled with parasites which are installed at the same time. The peer-to-peer (P2P) file-sharing programs are notorious for this; in particular, Kazaa, iMesh and Grokster come with countless unwanted add-ons. Often the small print when you install the software will warn you about this and it is occasionally possible to opt out. So always skim the licence agreement when you install and don't just click Next-Next-Next... but you still can't be sure they'll tell you.
- Many parasites load using Internet Explorers ActiveX installation option. When a web page includes a link to an ActiveX program, a window will appear asking the user if he wishes to execute it. If Yes is clicked (or if IE security settings are set lower than normal so that it never even asks), the software is allowed to run and can do anything at all it likes on your computer, including installing parasites. For this reason, you should never click Yes to a "Do you wish to download and install..." prompt unless you are 100% sure you trust the publisher of the software, which might not be the publisher of the web site you are viewing - read the dialogue box very carefully. Sometimes sites (or pop-up ads) try to fool you into clicking Yes by stating that the software is necessary to view the site or by opening endless error windows if you click No or by claiming that the digital certificate on the code means it's safe. It means no such thing. Microsoft Authenticode, signed by companies like Verisign, means only that the company that wrote the software is the same as the company whose name appears on the download prompt - nothing more.
- Some of the really sleazy parasites, particularly homepage-hijackers and diallers, execute by exploiting security holes in Internet Explorer; ways of getting code to run that are not supposed to be possible but are due to mistakes in the browser code. You can do your best to guard against this by ensuring you have the latest updates and patches from Microsoft. Still, there are usually a handful of security holes that have not yet been corrected, so you can never be 100% sure you are safe. A solution for the last two problems is just to use a different web browser for everyday browsing, and Internet Explorer only for sites you trust and that stubbornly refuse to work with other browsers.
How can I get rid of them?
The sad fact is that if you browse the internet, it is almost impossible to stop parasites arriving. The only hope you have is to attack them once they've arrived.
Technically, most unsolicited commercial software isn't viral: it doesnt spread from computer to computer, it just installs and runs on one system. That doesnt mean its not harmful but it does mean that anti-virus software does not attempt to detect it.
Some anti-virus programs do detect some parasites but not nearly all and not all versions of them. Parasites that install using Internet Explorer security holes are more likely to be targeted by the anti-virus software vendors but the selection of targets seems for the most part to be pretty arbitrary. For this reason there are now a number of anti-parasite packages around that work as a complement to anti-virus software
Several programs exist which can be downloaded for free and help to identify and remove parasites, although they all require a solid understanding of the issues involved in order to avoid removing useful system components! A good search engine such as Google will be in heavy use as you find out which entries are the parasites.
- SpywareTerminator (www.spywareterminator.com) continually monitors your computer for the attempted arrival and tries to intercept such spyware before it gets installed.
- LavaSoft Ad-Aware (www.lavasoft.com) is the original anti-adware tool. It has a good database of adware and spyware.
- Spybot Search & Destroy (www.safer-networking.org) is an impressive one-man effort from PepiMK Software. Its large database targets premium-rate diallers as well as adware and spyware; it can also remove usage records and keyloggers.
- SpywareBlaster by JavaCool (www.wilderssecurity.com) takes a different, complementary approach. Instead of detecting or removing its targets, it inoculates your computer by telling it never to execute certain software. This stops you downloading some types of parasite, and stops others from working. However it can only target ActiveX controls, so it is not a complete solution.
- HijackThis! (www.merijn.org) can list and fix many problems relating to homepage- and search-hijackers, however it does require a lot of understanding to use it correctly and misuse could cause you computer to stop working properly!