Hi-Tech 101: Scary computer stories

Welcome to the world of ‘scareware,’ the fastest-growing segment of the rogue software population out there.

Once, girls were girls and men were men; you knew who you were then. And you knew who the bad guys and the good guys were; the viruses the former, and the virus-fighting programs the latter. No more, though. Nowadays, the very programs you were counting on to fight viruses might be nothing more than viruses themselves. Time to learn a new word. You’ve heard of malware, spyware and virusware? Now welcome to the world of “scareware,” the fastest-growing segment of the rogue software population out there.
Disguising itself as a solution, scareware actually creates a problem, prompting you to voluntarily install it by scaring you into believing that you’re “infected.” It’s happened to anyone who’s surfed the Internet – especially Windows users, who are most vulnerable – at one time or another. You’re checking out a site when all of the sudden, a message flashes on the screen. “Security scan in progress! Your system could be infected with bad viruses!” And as the scan progresses, the list of infections on your PC gets longer.
To solve the problem, says a notice at the end of the scan, you need XYZ Virus Killer, which you can install by clicking on a button. Naturally, you do so – but are then told that the program will only actually remove those viruses if you pay them $49.95, right now. That’s how scareware works; shocking and scaring you with identifiable threats, scareware is basically a shakedown.
But it gets even worse; you may have installed not just an annoyance, but a rogue application that will hijack your computer for use as a spam forwarder (a popular function of viruses today), for example. Remember, a virus is just another application, as far as your computer is concerned, and you probably have anti-virus programs installed to keep out rogue programs, preventing them from installing themselves without your permission. How much easier it is for the hackers if you do the installation work voluntarily.
Because it appears legitimate – and because you need to consciously fight it in order to prevent it from taking over your machine – you need to form a strategy to fight scareware. It’s not enough to rely on anti-virus applications you may have installed on your machine, because, as mentioned, with scareware you’re basically giving permission for the application to install itself. What’s needed is a two-fold approach; one, gaining a knowledge of what to avoid, and two, developing a way to identify and avoid installing these bad guys.
The lists
An interesting place to start is at the Bad List – the Spyware Warrior list of Rogue/Suspect Anti-Spyware Products, which you can see at http://tinyurl.com/yslol. Although a few years old (meaning that more recent applications are not included), the list is a useful guide to the many scareware applications that are still floating around. The names of many of the programs – AlertSpy, Dr. Adware, Privacy Defender – cleverly mock the names of legitimate anti-virus and anti-spyware applications, making your clicking on the install button more likely in a moment of pressured crisis (like when you think you have a dozen viruses on your computer).
A related, more up to date list of problematic software of all types (not just scareware) can be seen at http://tinyurl.com/2sjb, which lists 2,346 pieces of spyware, adware, malware, keyloggers, trojans, dialers and other rogue programs. To really make sure you’re not getting duped, check out the list of legitimate anti-virus programs at http://www.virustotal.com/sobre.html, which is run by (legitimate) file scan site Virustotal.
One way to avoid problematic installs of any kind is to avoid sites that are known to install them, and users of Internet Explorer 8 have an edge with Smartscreen Filter (http://tinyurl.com/yebnme8), which maintains a thorough and constantly updating blacklist of sites to avoid, known to attempt to install things like scareware. When the filter is turned on, IE8 will warn you that the site is unhealthy, giving you the opportunity to avoid surfing there. Firefox has a similar function, but it’s more limited than IE8’s.
However, Firefox users have what is perhaps an even more effective tool. NoScript (http://noscript.net/) is a Firefox extension that will basically prevent any executable from running off a Web page, unless you okay it. Instead of a blacklist, banning only certain sites, NoScript considers all Web sites suspect, and to access JavaScript, Java and Flash and other plugins, you have to approve sites to a whitelist. How do you know what to approve? Easy – if a site you know and trust doesn’t work properly, you can probably feel safe approving script activity; if the site isn’t so “kosher” (like a torrent download site), you might want to take a more conservative stance.
Another program you’ll find indispensable is Winpatrol(http://www.winpatrol.com/), a free program (upgradeable to a paypremium version) that will alert you when something tries to installitself on your PC, whether you’re aware of the installation or not. Inthe world of Windows, “installation” means that your computer’sregistry is adjusted to utilize an executable, and Winpatrol, when itgets installed, examines your registry and takes a snapshot of it.
Anything you try to install henceforth will set off alarm bells(actually, Winpatrol’s mascot, Scotty the Dog, will bark). You can thendecide whether or not you want to continue with the installation. If aninstallation shows up when you surf to a Web site, then you know you’rein the wrong place (file scans, which many scareware sites claim to berunning, do not require you to install anything, so if you get aninstall alert, run). With Winpatrol, the tools for IE8 and Firefox Imentioned, and a little common sense, we don’t have to be scared ofscareware anymore.