Parasite removal instructions

Bundling is one of the most common ways parasites are spread. It works like this: you install a piece of software you think looks good, and it invites some of its friends onto your computer behind your back.

When you run any piece of software, remember that it has the capability to do anything you can do—up to and including deleting all your files. Only install software from authors you trust, and look out for the warning signs of untrustworthy authors.

Some installers may have a screen giving notice of other (usually undesirable) programs they will be installing at the same time as the software you wanted. Sometimes there may even be an option not to install the software—an ‘opt-out’ install. (‘Opt-in’ installs are very uncommon.)

If you just click Next-Next-Next to get through the installer as quickly as possible, you will probably miss this and end up with unwanted software. Take your time.

Most software has an ‘End User Licence Agreement’ or ‘Terms of use’. Often this will be shown to you as you install the software. Read it. Often there will be some kind of warning there if the software plans to install parasites.

Look out for ‘agreements’ for other pieces of software, anything to do with ‘ad-supported’ components, installation of ‘third party’ software, ‘toolbars’, ‘enhancement technologies’ and so on. Saying you have to be at least 13 to use the software is a dead giveaway that it will be collecting privacy-sensitive information; saying you have to be 18 is an indicator that porn will likely be promoted.Understand the EULA

Don’t trust the EULA

Just because the licence agreement seems clean, that’s no proof the software isn’t going to stab you in the back anyway. You can opt out of all the options there are, and still get hit by other parasites they ‘forgot’ to mention; some installers start loading parasites before even reaching the EULA screen. A lot of parasitic software is installed without any notice whatsoever.

In many countries it remains untested whether ‘click-through’ licences have any legal weight at all anyway. (They are not a real contract, and it is unclear whether simply running a program constitutes ‘copying’, which would require some sort of licensing scheme under copyright law.)

Avoid heavily-promoted free software

Think about it: if a company wants you to use their software so much that they’re willing to spend money advertising it to you, they must get some kind of gain out of doing so.

In some cases, the software might be a freebie to promote the company and its other products. In many more cases, the software earns money by installing parasites.

Avoid junk software

Some of the most heavily-promoted software is trivial or pointless in nature, aimed at users too inexpert to recognise this. Very often such software—worthless in itself—is created solely as bait, to install the parasites that come with it.

For example: the many programs to correct the computer’s clock. Windows XP already has this feature built-in and turned on by default; for other operating systems there are a thousand other tiny programs to do it using the standard internet NTP protocol, none of which feel the need to install parasites. (And anyway correcting the small amount of drift in a modern computer’s hardware clock by hand every six months is not really much of a hardship.) Yet adverts all over the web are trying to convince you that your clock is probably wrong and desperately needs fixing.

Other common examples include weather monitors, smiley icons, IM avatars and mouse pointers, web form-filling and screensavers. Beware also ‘snake oil’ products making technically questionable claims, such as software to prevent crashes, increase memory size or network speed, or to speed up file-sharing programs.

(Peer-to-peer file-sharing programs are themselves very often infested with large quantities of the worst parasites—take care.)

Prefer “Free Software” to “FREE DOWNLOAD!!”

The Free Software and Open Source movements make the full source code of their software available. This makes it difficult to hide undesirable behaviour such as spying or advertising from its users. So Free and Open Source Software is generally more likely to be free of parasites.

Ensure you download from the software’s official project site. Some parasite-laden downloads have masqueraded as well-known open-source applications in the past, or implied they were open-source without actually being so (eg. openwares.org).

Be sceptical

A company’s own assertion that their software contains “no spyware” is next to worthless. Aside from the possibility that they are simply lying, there are many ways the definition of spyware can be twisted to exclude whichever parasites they want to install.

If you’re not sure, do some research. Do a search for the program’s name together with ‘spyware’, ‘adware’ or ‘parasite’. See what people are saying about it.

Browsing

In theory, browsing a web page should be safe; the web was deliberately designed not to include active content. In practice however, poor security and user interface design make web browsing potentially dangerous.

Installation through the web browser is the other major source of parasites, through both ‘security hole exploit’ bugs that let software install automatically and tricks that mislead the user into allowing a download they didn’t want.

Refuse unrequested downloads

Distrust Authenticode

Authenticode is Microsoft’s mechanism for code-signing. A company can put its name on a piece of software using unforgeable cryptographic techniques. When ActiveX download windows appear, this company name is then shown to the user.

Unfortunately in practice Authenticode is almost completely worthless. The companies in charge of distributing certificates for code-signing (the ‘roots’, such as Thawte) routinely give out certificates with misleading company names like ‘CLICK YES TO CONTINUE’ or ‘MSN Technologies’ (not connected to Microsoft’s MSN), and in the case where companies are caught exploiting security holes or signing trojan code, they refuse either to revoke the certificates or to reveal the real contact details of the company in question. In one memorable occasion, the Verisign root was lax enough to accidentally release Microsoft’s own code-signing certificates.

Many downloader pages insist that the Authenticode popup means that the software is ‘safe’ or ‘approved by Microsoft’; in reality all it means is that the company that produced the software has enough money to buy a certificate.

Secure your browser

Make sure you’re up-to-date on browser patches. For Internet Explorer, this can be done through the (alas often unreliable) interface at Windows Update; if you are using Windows XP this can be done automatically using ‘Automatic Updates’, which is on by default, if you trust it.

Use a different browser

The vast majority of security hole exploits are aimed at Internet Explorer. This is partly because IE is (currently) the most widely-used browser, but, more than that, because its record of security holes is so very poor.

No web browser is 100% free of security problems, but the basic design of Internet Explorer, combined with Windows integration, make IE considerably riskier than most other browsers. Microsoft’s speed in fixing bugs has also been disappointing at times, some security-sensitive bugs going unfixed for several months. XP Service Pack 2 is a definite improvement, but no panacea.

You might still need to keep Internet Explorer around, for the occasional poorly-written site that only works on one browser (most notably Windows Update), but using an alternative browser for everyday web use reduces risk significantly; IE exploits can now be found all over the web, even on mainstream sites .

Secure other browser-accessible software

If you have plug-ins like Sun Java or Flash installed, make sure they are also the latest versions. If you do not use them, uninstall them.

If you use Internet Explorer, installed ActiveX plug-ins can also be a rich source of security vulnerabilities. Some of them you will be able to see in the Downloaded Program Files folder (inside the Windows folder); delete any you don’t need.

Look out for other people

If your computer is to be used by others—particularly children—who are naive about computer security, limit their risk.

Lock down IE security settings, or, better, give them an alternative browser and hide IE. Give them a limited User account of their own so that any spyware they install can only compromise their account and not yours—if it will install under a restricted account at all.

Consider other alternatives

It’s a bit of a drastic change to make just for the sake of avoiding parasites, but alternative operating systems are worth investigating if you are unsatisfied with Windows for other reasons too.

There are currently no parasites affecting the Mac, Linux or other Unix-derived operating systems. This is mostly because of the larger Windows user-base, but the other OSs do in general fare slightly better on desktop security, mostly because they don’t require that the user be logged in as an administrator at all times. Malicious code could still run, but shouldn’t be able to compromise the system as completely.

And when all else fails...

Our Overview

This is an overview of what an end user can do to protect their security and privacy when connected to the Internet. Layers of security are your best bet. Each step can be relatively simple and not too technical but taken together can provide significant security and privacy.

You do not need to take all of these steps all at once. Most people reading this article already have a computer, software and an Internet service provider. So some of the layers of defense may not apply to you right now. But a over a period of time as you face some of these choices you should keep these other options in mind.

New System Alert! A brand new computer may not have the latest "critical updates" for Microsoft Windows XP installed. Before connecting a new Windows XP based computer to the Internet, TURN ON the XP firewall (or install another firewall) for protection from new worms and go to the Windows update web page and download and install any "critical updates". DO NOT set up email accounts or download email until after you install and/or update anti-virus software and virus definitions. Note: These files may be big and take quite a while to download with a dial-up connection. Dial-up users should consider having their computer store download and install these updates before they take delivery of their new system.

Windows Critical Updates -- These are also known as patches. Use the update feature of Windows to download "critical updates" from Microsoft. These are updates that are needed to fix holes in Windows to protect your security and privacy. Go to Start > Control Panel > Windows Update; allow download of system checker; click on Scan for updates; if any Critical Updates or Service Packs are listed, download them. Automatic Updates -- After your first update session, this is the best way to go. Go to Start > My Computer > View System Information > Automatic Updates.

The Big 3 -- Personal Firewall, Anti-Virus and Anti-Spyware Software -- These are the must have Internet security software products. See our Privacy, Firewall, Anti-Virus and Anti-Spyware pages for choices and reviews. Also consider an Internet security suite that includes a firewall, anti-virus and other security and privacy features, see our Suites page for choices and reviews. A suite may be easier to install, use, update, and get support for than individual products.

Personal firewalls have two basic functions. They protect your system from unsolicited scans coming from the Internet. Secondly, they usually offer outbound control. An inbound scan may be looking for a Trojan horse on you system. Outbound controls watch for a Trojan horse or spyware trying to call out from your system. See Firewall page.

Important Firewall Notes: If you are using Windows XP, it has a built in firewall that is incoming only. If you decide to use another firewall, be sure to turn off the one in XP. If you decide to try out several firewalls, be sure to fully uninstall one before installing another. Running two software firewalls on the same computer may cause problems. After installing a firewall, test it with an online security service to make sure that it is working correctly, see our Test page. Testing your firewall is the only sure way to tell that your computer is really being protected.

Anti-Virus software scans your hard disk to find and remove viruses. To some extent these products can also scan and may be able to remove worms and Trojan horses. To be effective, you should update the virus definitions using a vendor's automatic update service. Since most infections get into your system via email, be sure that the product you pick includes an email scanner and that it is compatible with your email software. Your friends and associates will appreciate it if you use a product that also checks your outgoing email for viruses. See our Anti-Virus page.

Important Anti-Virus Notes: Running two anti-virus programs on the same computer may cause problems. Be sure to fully uninstall one before installing another. Look for software that has an automatic update feature and that filters incoming and outgoing email. Outdated virus definitions are useless for new viruses. Unless you want to send your friends infected email, turn on the outgoing scanner too.

Anti-Spyware removes commercial Trojan horses often included with or hidden inside of freeware products and services. Unlike personal firewall and anti-virus software, it is ok two use two or more anti-spyware programs at the same time. In fact, many experts recommend doing it because no existing product can remove 100% of spyware currently in circulation. See our Anti-Spyware page for more information.

Your Internet service provider (ISP) should be your first line of defense. If you have a choice, choose an ISP that offers online virus, spam and content filters. This will reduce, but not eliminate, the amount of spam and the number of infected emails that you receive. The content filter is to protect your kids. If you do not have a choice or want to keep your current ISP, consider using an online email service that offers virus and spam filters.

Anti-Trojan software should be used in addition to, but not instead of, anti-virus software. Anti-Trojan products can identify and remove more Trojans than anti-virus software. For more information, see our Anti-Trojan page.

A variety of Privacy Software is available to clean your browser, stop spam, trip up phishing, filter content for kids, catch web bugs, manage cookies, and block banner, pop-up and pop-under ads. For more information, see our Privacy, Anti-Spam and Anti-Phishing pages.

If you are connecting two or more computers to the Internet, you should use a low-cost hardware router with firewall features. The firewall features come in two flavors. Most use network address translation (NAT) which hides your small computer network. From the Internet, a hacker sees your router not your computers. Routers with stateful packet inspection (SPI) check the data going though the router as well providing additional protection. If you have or want a wireless router, be sure to use its security features; even if you do, they are less secure than wired versions. Another option is a wired or wireless router with a built in DSL or cable modem. For more information, see our Wireless page. After installing a router, test it's firewall with an online security service to make sure that it is working correctly, see our Test page. Testing your firewall is the only sure way to tell that your computer is really being protected.

Important Router Notes: The best way to have two firewalls for two layers of protection is by using a hardware firewall between your modem and computer or small network plus a software firewall on each computer. As noted above, running two software firewalls on the same computer is not a good idea.