Adware / Spyware Best Practice Guide |
NOT for users of the Staff Desktop Service
Introduction
This Guide is intended for users of Loughborough University’s McAfee Antivirus Software and that are not members of the Computing Services Staff Desktop Service. If you are a member of the staff desktop service then this software has been provided automatically.
What is Adware / Spyware?
Adware and Spyware are collectively known as malware.
"(mal´wãr) (n.) Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse."
Webopedia definition of malware www.webopedia.com/TERM/M/malware.html.
In an effort to understand and log our shopping and browsing habits and to use information that we type into a computer in a way to exploit us, Adware / Spyware can be used to track our computer use and send this information back to interested parties. It can show up as annoying pop-ups and change your home page to something you do not recognize.
Constant patching of Operating Systems and Applications is required due to new versions of malware which find new exploits the Operating System / Applications or their components. They can then can use the infected machine as a Spam Relay or perform a Denial of Service attack and many other malicious activities.
"Customised malware attacks are becoming more commonplace with virus-laden e-mails up 50 per cent in the first half of 2005 despite a decrease in volumes of spam and simple computer viruses, according to an IBM security report. The industry giant said that targeted attacks against specific organisations and industries - apparently geared towards stealing critical data, identities or extorting money - are on the rise. Government, financial services, manufacturing and healthcare industries are all in the firing line."
The Register Malware Report www.theregister.co.uk/2005/08/02/ibm_malware_report/.
Phishing and Identity theft are also now commonplace with e-mail and programs that silently install on an infected computer which can log keystrokes. This could collect anything from your PC, for example, confidential and personnel information, Credit card numbers etc., in which an attacker could use to steal your identity and use it maliciously to purchase items of great expense or hold information to ransom.
How do I know if I have Adware / Spyware on my PC?
If you have annoying pop-ups or if your home page has been changed, your web browser constantly freezes or your PC freezes, then you may be infected with malware. It may also be possible to be infected without any signs.
What to do next!
It is now not enough to just have antivirus software running on your PC It is recommended you have an Anti-spyware program also installed as a preventative measure to stop Malware being installed as well as to remove it.
There are many programs available that claim to remove all Malware and protect your PC. Though it has been proved that one solution will not keep your machine 100% free from Malware.
Computing Services undertook a project to determine which Anti-spyware product fulfilled the needs of its service. From 29 readily available products, a single product was chosen and is now available to purchase.
The product that was chosen was McAfee’s Antispyware program. This fulfilled Computing Services criteria as being the most effective program to prevent and remove Adware / Spyware.
As a member of the University (staff or student), you are eligible to use McAfee VirusScan Enterprise 8 program. The Antispyware program costs just £4 and is an all in one solution for Virus and Malware detection (Please note that we only accept I.TV.s for £25 or more). If you are a member of staff and are on the Computing Services Staff Desktop Service this is a free addition to your University PC.
How do I get McAfee's Antispyware program?
The McAfee Antispyware program is available to purchase from Computing Services.
If you require a single copy of this then it is available form the helpdesk costing £4. If you require more licences they are sold in bundles of 10 and are £30. (minimum order of 10 by departments). If you require a pack of licences or require any more licensing information please contact Computing Services by e-mail at Computing.Services@lboro.ac.uk or contact the Computing Services helpdesk
What else can I do to prevent Adware / Spyware from infecting my PC?
There are a few things that you can do to help prevent Malware being installed on your PC:
-
Logon to your PC as a standard user for day to day tasks. This means that you will be unable to install any programs while logged as this user. Then use a separate Administrator account for installing programs. (If you can't install programs, some Malware will not be able to install either).
-
Be careful when browsing the Internet. If you can only use sites that are well known. Type the full address in the address bar and avoid where possible links from e-mails.
-
Regularly delete Temporary Internet Files (also known as 'cache') and cookies from your browser.
-
Never open attachments from e-mails or received files from any instant messaging program unless you are sure they are intended for you.
-
Keep your operating system up to date. Microsoft Windows and Apple Macintosh have simple ways to search for critical updates.
Now I have the CD, what do I do?
Please Note: Before installing the Antispy program it is recommended that all other Anti-Spyware and Antivirus programs that are installed on the PC, to be uninstalled!
-
Place the CD in your CD or DVD drive in your PC. Open My Computer and double click the CD or DVD drive in which you entered the CD.
-
On the CD will be the file called McAfeeSolution.exe <Cdrom drive>\McAfeeSolution.exe
-
Double-click the McAfeeSolution.exe icon.
-
You will then see a License agreement to which you must agree, before installing the software. Once you have agreed and clicked Next the installation will continue with a progress bar until the installation has completed.
-
It is then recommended that you restart your PC.
-
Once your PC is rebooted then you can do a full system scan in the same way you scan for viruses.
How do I scan my PC?
The McAfee Antivirus and Antispy addition are configured to scan in the background and when you access files and browse the web. You can also do a full scan of your hard disk or disks if you have more than one.
To initiate a scan right click on the McAfee V shield.
And choose VirusScan console.
Highlight Scan All Fixed Disks and press the green Start triangle at the top of the console to initiate the scan.
Scanning has finished but it has not found anything on my PC
When the scanning has completed on your hard disk(s) and it has not found anything you can be assured that there is a good probability that your PC is clean from known viruses and Malware.
Scanning has completed and it has found 1 or more item on my PC
When the scanning has completed anything that has been detected can be seen under the Name column to tell you what has been detected. Along side that it should also tell you the status of the detected items and they will usually say deleted. If it does not say deleted please refer to Frequently Asked Questions www.lboro.ac.uk/computing/security/naifaq.html. If that does not resolve this issue please e-mail Computing.Services@lboro.ac.uk or contact the Computing Services helpdesk.
How do I keep the software up to date with the latest DAT files?
Computing Services have pre-configured the software so that the updates are run automatically, however you can update the files yourself manually by right clicking the McAfee V shield and clicking on Update Now.
How do I know what is the latest version?
We provide a mailing list to notify you when a new DAT file has been released by McAfee. This list usually has at least one message a day, sometimes more.
There will be about a 12 hour delay from the DAT file being released by McAfee until it is available on campus. This is to allow for testing and the transfer of the files.
To subscribe to the DAT file list, you should send an e-mail message to Majordomo@lists.lboro.ac.uk containing the single line:
subscribe dat-update
in the main body of the message.
Further details regarding mailing-list subscription are available at http://lists.lboro.ac.uk/subscribing.html.
If you have any problems, please contact the Computing Services help desk who will be happy to advise further.
So what does the Antispy product do?
The McAfee Antispy Module adds two distinctive additions to the On Demand Scan Properties section. To view the new options, follow these instructions:
-
Right click on the McAfee V shield and select VirusScan Console.
-
Right click Scan All Fixed Disks and then select Properties and you are presented with the following screen:
-
From this screen you can see that the new additions are to scan in the Registry and Cookies (Temporary Internet Files). These will also be monitored in the On-Access Scanner so if you are browsing the web and spyware is detected you will be informed and given a status of its removal.
I have a Mac, what do I do?
The majority of the Adware & Spyware industry is focused on developing their "malware" to target PC users through ActiveX controls and DLLs that only work on Windows-based computers but this does not completely rule out the emergence of such software on the Mac. Mac OS X is a Unix-based system and is before, as such, as susceptible to Ad/Spyware as any such system. As under Mac OS X the Mac platform is gaining a larger market share of desktops, it may well become an inviting new market for the Unix-savvy phisher or Ad-master to target.
Provided that an up-to-date Anti-Virus tool is installed and no peer-to-peer software is being used and safe-computing is practised (never just open up unexpected e-mail attachments, check a URL e-mailed to you before visiting a site, use the pop-up block in Safari or other browser, never enter personal information into insecure web pages etc) we believe that the risk of such infection on Mac OS X is very low.
It is important for Mac users to follow much the same levels of good practice as any Unix user would if using the Command Line Interface (CLI), such as not running general programs as 'root' or logging in as 'root' user. Furthermore it is imperative that Mac OS X Security updates are installed promptly and correctly as these are often pre-emptive responses to potential vulnerabilities. Previous versions of Mac OS 8 and 9 are highly unlikely to be of any significance as they become increasingly more obsolete and the capability of the system for remote users is minimal.
A recent article on ZDNet (www.zdnet.com) tech news did recently highlight the danger of complacency...
"Apple Macintosh users believe they are immune [from security problems] and need to wake up to the potential of attack - before they are rudely awoken by a destructive piece of malware."
Just as in Anti-Virus provision Mac users need to be pro-active in ensuring that their systems are secure and thus minimise the risk of any problems.
This situation will be monitored by Computing Services and, should any change arise, users will be notified.
I have Linux, What do I do?
At the time of this project, there has been one recorded instance of Spyware on Linux ('Linux-sniff' - which requires root privileges), but this does not mean that users of the Linux platform can be complacent in day to day usage of their systems. [Please note that many powerful diagnostic tools, which are capable of extracting information from network communications, are often found in default Linux installations].
Whilst users are required to run an anti-virus tool (e.g. ClamAV) which will prevent all known Linux viruses and the aforementioned Linux-sniff, good practice - never running general programs as the 'root' user, never login as root (always use 'su / sudo', or admin taskbar methods in modern distributions, to perform higher privileged functions) will aid in preventing adware / Spyware / malware infection. Safe browsing habits (turn off cookies, enable pop-up blocker in recent browsers, always check the real URL before clicking links in e-mails, never enter private data in non-https forms etc) will also help.
This situation will be monitored by Computing Services and, should any change occur, information will be disseminated.
ePolicy Orchestrator (ePO)
Users on the Staff Desktop Service will automatically be managed by Computing Services ePO management service, which manages the Antivirus / Antispy solution and provide us with useful information regarding updates and virus alerts and other management information.
If you are not a member of the Staff Desktop Service and wish to use the ePO management system to manage your Antivirus please speak to Computing Services or e-mail for more information.