A Layered Service Provider, or LSP, is a piece of software that is tightly woven into the networking services of a computer. In particular, when using the protocol of the internet, TCP/IP, the LSP integrates itself with the TCP/IP layer of your network. As such, the LSP has access to all TCP/IP traffic coming into and leaving a computer. If the LSP is from a "good" author, then the communication can be enhanced and protected in many helpful ways. However, when spyware authors use an LSP, it can be used to spy on the habits and data of the user. Also, because the computer will not see any of the data until the LSP lets it through, it is possible to change information so that the spyware vendor benefits. Recent examples of this include replacing the top Google search results with links to paid advertisers. These links are indistinguishable from real search results.
Worse still, because the LSP is very tightly woven into the TCP/IP layer, trying to remove it without the proper precautions may cause your computer to be unable to reconnect to the internet. In such cases, the only solution is a complete reinstallation of the operating system. For this reason, use of automated spyware removal tools is highly recommended.
Drive-by downloads are downloads that are accomplished by providing a misleading dialogue box or other stealth installation. Many times users have no idea they have installed an application.
Recent security exploits within Internet Explorer make it possible to install software without the users' knowledge by simply visiting a website. Good spyware removal products will include software that actively monitors your computer memory to prevent drive-by downloads from succeeding.
A keylogger is a program that records keystrokes the user types in on the keyboard. Keyloggers record this information in a log and then usually send that log to a server with your information. Keyloggers can record information such as passwords, credit card information, and personal identification numbers if entered into the keyboard while these programs are running.
Keyloggers are highly invasive and are a major threat on the internet today.
Retrospy software is software that actively attacks anti-spyware programs in an effort to not be detected. They may also use disguise themselves by using common system file names. Retrospies are malicious and usually use many types of deception in order to avoid detection.
"Scumware" is a slang word for unwanted software that has been installed on your computer by unscrupulous companies without permission.
Adware or advertising-supported software is any software application in which advertisements are displayed while the program is running. These applications include additional code that displays the ads in pop-up windows or through a bar that appears on a computer screen. Adware helps recover programming development costs, and helps to hold down the price of the application for the user (even making it free of charge)and, of course, it can give programmers a profit, which helps to motivate them to write, maintain, and upgrade valuable software.
Some adware is also shareware, in that users are given the option to pay for a "registered" or "licensed" copy, which typically does away with the advertisements.
Some adware programs have been criticized for occasionally including code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. This practice has been dubbed spyware and has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center [1] (http://www.epic.org). Other adware programs do not track a user's personal information.
A number of software applications are available to help computer users search for and modify adware programs to block the presentation of advertisements and to remove spyware modules. To avoid a backlash, as with the advertising industry in general, creators of adware must balance their attempts to generate revenue with users' desire to be left alone.
EudoraEmail client
OperaWeb browser
DivXVideo codec
KazaaFilesharing program, also contains spyware
iMeshFilesharing program, also contains spyware
The most common adware currently found on the net as of August 2004 are:
1. Gain
2. Claria
3. Game Spy Arcade
4. Hotbar
5. Ezula
6. BonziBuddy
7. WeatherCast
8. LinkGrabber 99
9. TopPicks
10. Cydoor
The easiest and most reliable method for blocking unwanted ads is to install a worthy adware removal tool. Adware Report tests and reviews popular tools every month (click here for a side-by-side spyware removal chart).
Next, if you're already using an adware removal tool, you should ensure that you have the latest update. Adware companies are very active right now and are releasing new versions constantly. If your product is more than a week or two out of date, you likely have new adware installed on your computer.
The next method is a bit more advanced. It involves editing an important system file and also requires some technical know-how. If that's you, read on.
Adware companies make their money by distributing thousands upon thousands of ads on the internet. It's a fair amount of work to put advertising on the net, so to do it with any kind of volume whatsoever, most companies rely on "Ad Servers". The adware on your computer usually pulls ads from these ad servers. If it doesn't find any, it won't work. So one technique for blocking adware is to block your computer from accessing the ad server. By doing so, you block adware companies from transferring their ads to your computer...!
Unfortunately, this is not a perfect solution. The Adware still exists on your computer, and so it will continue to consume memory, disk storage, and time. However, you won't be seeing those ads anymore, so if other methods don't work, this is a good failsafe.
Here's how it works. The hosts file on your computer contains a list of domain names (for example, www.doubleclick.com) and IP addresses. Normally, your browser will first check the hosts file to resolve a domain name. If it doesn't find it on the local list (99.9% of the time), it will then resolve it using something called DNS lookup. The trick here is to first figure out the domain name of the ad server you want to block, and then map it to your local computer. Because your computer doesn't have an ad server, the adware installed won't work!
How to block over 1,100 internet advertisers, step-by-step
Step 1: find your hosts file:
Windows 3.x, 95, 98, Me: windows\hosts
Windows NT, 2000, XP: WINNT\system32\drivers\etc\hosts
Macintosh: Mac System Folder or Preferences folder. (eg., Macintosh HD:System Folder:Preferences:Hosts)
Linux, Unix: /etc/hosts
Step 2: Backup your hosts file, just in case you make a mistake. If you can't access the internet after making changes to the host file, just restore the old version.
Step 3: Update your hosts file by pointing unwanted ad servers to your local machine. This is done by adding lines to your hosts file in the following format:
127.0.0.1 www.EvilAdwareCompany.com
Here is a ready-made hosts list with over 1,100 advertisers. You can copy its contents into your hosts file and immediately start blocking advertisers!
Step 4: Try visiting the site of one of the entries in your hosts file. You should get a "page not found" error. If not, try rebooting your PC and then try again.
The following links are valuable and provide further information about Adware:
Andrew Raff's introductory article about Adware.
Cexx.org - large list of Adware, spyware, and other parasites. Includes removal instructions for many of them. Large list, but doesn't appear to have been updated in awhile.
Introduction to Homepage hijacking programs, one of the leading sources of computer frustrations.
DoxDesk - another nice source of adware and spyware descriptions, along with common adware blocking instructions.
ScumWare.com - this site tracks "scumware" applications.
Search Hijackers take control over your default search engine. When you mistype something, a targeted search page will pop-up rather than the search engine you prefer. The targeted search page will generally include many advertisements and will deliver mostly advertising content rather then relevant search results.
Related to homepage hijackers are browser hijackers, which kick in when you type a bad URL (usually as the result of a misspelling) or visit a targeted website (see Thiefware). Browser hijackers will then redirect your page to a search engine or sometimes simply just a page of ads.
Hijackers may also route all of your website requests through an unknown third-party for tracking. Aside from being an invasion of privacy, this can dramatically slow down your browser.
Surveillance Software (also known as Activity Monitoring Software) is a potentially greater and more dangerous threat than spyware and viruses because it can record your keystrokes, history, passwords, and other confidential and private information and then send that information to the creator or the person who installed it. This type of software is often sold as a spouse monitor, child monitor, surveillance tool or a tool to spy on users trying to gain unauthorized access. Surveillance Software covertly gathers user information and monitors activity without the user's knowledge. You do not have to be connected to the Internet to be spied on. Some software will save logs to be transmitted later. Current surveillance Software includes the use of e-mail to mail out user activity or posting information on the web where the creator can view the information at their leisure. Some Surveillance Software vendors go as far as using "stealth routines" and "polymorphic" techniques to avoid detection and removal by popular anti-spy software. In conclusion, Surveillance Software is a program that monitors all activity on your computer and then sends that information to another user on the internet.
Thiefware causes visitors to certain sites to be redirected to a search engine or other web page of the author's choosing. This practice is not illegal although it is highly unethical.
Trojans or Trojan Horses are programs that appear to be innocuous even beneficial, but are actually harmful. They get this name from the Trojan Horse that was used in a war by the Greeks to gain access to the city of Troy. It looked like a gift of a giant wooden horse, but actually concealed soldiers inside. Much like that horse, these programs appear to benefit you but, turn out to be harmful. The harmful contents could be anything from a virus to a tool which allows outside users to take over full control of your computer. Trojans are designed to cause loss or theft of computer data, or even to destroy the system. Trojans can also be distributed as email attachments, or bundled with other software programs.
A Browser Helper Object is a small program that is installed on your PC and runs within your browser. Usually, a BHO is installed on your system by another software program. BHOs are typically installed by toolbar accessories and can track your internet usage and collect other information that is used on the internet.
Dialers are software that install themselves to your dial-up settings and dials numbers without your knowledge. Once dialer software is downloaded the user is disconnected from their Internet service provider and another phone number is dialed and the user is billed for the time used. They are malicious in nature and can rack up expensive and unwanted bills.
One of the most common symptoms of spyware infection is homepage hijacking, or when your default browser homepage has been forcibly changed to a new website without your permission.
Most current spyware programs will also prevent you from changing your homepage back either by disabling the functionality in your options menu setting or by installing some type of program that will regularly switch it back to the rogue website. Even if you can reset your homepage, upon reboot it will be reset to the Homepage Hijacker setting.
Hijackers may also route all of your website requests through an unknown third-party for tracking. Aside from being an invasion of privacy, this can dramatically slow down your browser.
These programs are more than just annoying. They can cost you your job, your relationship, or your reputation should somebody use your PC and be led to believe that you are spending a good portion of your time surfing pornographic or even criminal websites.
Here are a list of some of the more common browser and homepage hijacking programs out there:
AutoSearch
IGetNet
CommonName
NewDotNet
Our top picks recognize homepage hijackers and are constantly updated with the latest signatures to ensure that you remain protected.