• Home »
• Self-Help Resources »
• Preventing Unauthorized Access »
• Your Privacy At Risk

Your Privacy At Risk

Everyone is Collecting Information - What is Spyware? - Spyware Removal

Everyone is Collecting Information

Your privacy is at risk like it has never been before. Learn how to avoid giving information away and how to remove spyware (hidden software on your computer that reveals information about your surfing habits).

Cookies Report on Your Web Habits

People have become more aware of the amount of information that is collected about them while they are on the Internet using such devices as cookies. You can deal with cookies using some of the many utilities available on the Net or by using the tools provided by modern browsers (I suggest using the most recent version of Mozilla Firefox).

Governments Collecting More Personal Information

Governments are collecting more about you and your Internet activities. You can find out more about this issue at Privacy International including related news, issues and resources.

View the privacy profiles for:

• Canada.
• USA.

Digital Copyright Management

Sony Plays Big Brother

Sony BMG has placed a secret program (rootkit) on your computer to deny your ability to copy CDs and DVDs. The rootkit hides the software that Sony places there to prevent copying, but this cannot be easily removed and has the potential for releasing user information or otherwise acting like malware/spyware.

The rootkit and the legal agreements that Sony included with it have some serious side-effects, described in The Sony BMG Rootkit Scandal by Natali Helberger at IvIR, Amsterdam (a European university Faculty of Law).

Essentially, XCP interferes with the computer memory, crashes Windows applications and/or the complete operating system and can provide a safe-haven for viruses and worms. If the user tries to remove the rootkit, the system may malfunction or disable the CD-ROM drive and potentially disable Windows. It affects only Windows 2000, XP and 2003 Server.

The original research on the BMG rootkit is found on Mark's Sysinternals Blog—your best source for more information on this topic.

Your Choice of Browser Matters

Internet Explorer Simply Too Vulnerable

Internet Explorer is a major security vulnerability within Windows and therefore should not be used as your primary browser when surfing the Internet. You need to use Internet Explorer (IE) to connect to Windows Update and may need it to configure some wireless devices (I have never found this to be necessary).

• It is easier to hijack Internet Explorer's start page, something that many unreputable sites and spyware programs like CoolWebSearch use to your detriment (many current antivirus programs now provide protection).
• The fact that Windows Update doesn't work with any browser but Internet Explorer should tell you something about the risks of using it on unknown sites on the Web.

Use A More Secure Browser for Viewing the Web

Use another browser to minimize the security risks, particularly if you are using Windows. Firefox is my recommendation. Not only is it more secure, but it more closely follows Web standards, making your experience a better one with current Web content trends.

Internet Explorer 7 & 8

Microsoft has incorporated more Web standards in Internet Explorer 7 and has included most of the currently accepted standards in IE 8, working more closely with Web designers than in any previous version. It is the last major browser to add support for CSS tables, providing the opening for table-based layout techniques without misusing HTML table markup.

Security risks are not unique to Internet Explorer but IE's reach is deep into the Windows operating system, making it more vulnerable to security issues than any other browser. This is the reason I recommend a current version of Firefox as your primary browser.

Symantec requires IE 5.5 or better to run its on-line AutoFix Tool.

Opt-Out Cookies

Another option is to use the services of a site such as the Network Advertising Initiative which offers to place an "opt-out" cookie on your computer for certain ad servers such as DoubleClick.

Clear Private Data

You should clear your privacy data (cookies, saved form information, cache and authenticated sessions) before and after on-line banking (or similar sites where there is the risk of revealing personal information of greater value).

Current versions of Firefox make this easy. Click on Tools then Options. Click on the Privacy tab and check Always clear my private data when I close Firefox. You can change which items get removed in the settings. I'd also suggest checking Ask me before clearing private data as that will allow you to uncheck items you want to retain from the current session (but this is unnecessary if you don't want to be bothered by the reminder every time you close Firefox).

Return to top

Spyware/Malware

Your Personal Information For Sale

However, it may shock many to know that some companies have even placed secret software (spyware) in their otherwise useful "free" computer programs or on their Websites to retrieve personal information for sale to other companies.

What is their Privacy Policy?

You need to protect yourself from such installations. You should always read and understand the privacy policy of any site before you choose to give personal information. You need to check this policy from time-to-time as the privacy policy might change for a number of reasons including purchase of the company or a new business plan.

This site maintains a privacy policy. You need to assume that sites without a privacy policy do not have your best interests at heart.

Big Names Don't Necessarily Mean Safety

Some of the software and sites that have been known to collect such information are listed on Gibson Research Corporation's Suspected Spyware page. The extent of this secret information collection may shock you. It includes such programs as Real Player, Go!Zilla, CuteFTP and Comet Cursor.

Even if some of the incidents that have been reported were either oversights or have been corrected, it doesn't mean that you can relax. Company policies change and often do change. In many cases, short-term profits have proven to be more appealing than long-term loyalty to these companies.

Spyware is Profitable

Unlike viruses, spyware is extremely profitable. By redirecting your browser to "shopping guides" or porn sites without your knowledge they can take advantage of increased advertising rates for the ads on those sites because of increased, albeit unwarranted, traffic.

Return to top

Spyware Removal

Getting Rid of Spyware

Beware of Fake Spyware-removers

There is a disturbing trend of placing ads on Websites that appear to "find" spyware on your system. They offer to remove it if you purchase their product. Don't fall for these tactics. Most, if not all, are rip-offs or fakes. Eric Howes maintains a list of these on his Rogue/Suspect Anti-Spyware Products & Web Sites page.

Legitimate (Helpful) Spyware Removal Products

I recommend the following products for removing spyware from your system and keeping it clean:

• Lavasoft's Ad-Aware will do a deep scan of your system to check for spyware. There is a built-in updater and this program will safely remove spyware from your system. There are Free (not for commercial use), Plus and Pro versions. If you're using an older version, you should upgrade (uninstall the old version first).
• Gibson Research Corporation projects include Opt Out and ShieldsUP! in Steve Gibson's goal to protect privacy in his It's MY Computer! campaign.
• XP-AntiSpy is a freeware application that will disable some of the suspect built-in update and authentication 'features' in Windows XP. If the page appears in German, simply click on either the British flag or English version link.
• Spybot - Search & Destroy is another program that checks for spyware. It also requires installation.
• Counterexploitation provides information about privacy and other issues and includes a solution for removing WebHancer if Ad-Aware or the Add-Remove Programs doesn't do it for you (or if you can't get access to the Web afterwards).
• SpyCop is designed to find computer monitoring spy programs, and is the most powerful solution available anywhere for doing so, looking for 310 possible spy programs. US$49.95.
• MooSoft The Cleaner will detect and remove Trojan Horses that other programs can miss. Registration is US$29.95.

Obtaining More Information About Spyware Removal

The following links will tell you more about spyware and direct you to legitimate spyware removal resources:

• Gibson Research Corporation offers some excellent information about this issue and documents how a download assistant was able to track information that included his name, e-mail address and the GUID code from his computer (a Microsoft identifier that is unique to each computer in the world).
• SpywareInfo speaks of such issues as browser start-page hijacking and provides a fix.
• Home Office: Keep Web Snoops at Bay from PC-World is an excellent resource.

Hardware Keyloggers

You may also want to check for the presence of a hardware keylogger - a small device about the size of a AA battery that is plugged in-line with your keyboard in order to record your keystrokes. Since keyloggers are hardware their operation is not detectable using software.

Detecting Keyloggers

Note: this device looks similar to a keyboard adapter used to connect an older keyboard to a new computer or a newer keyboard to an older computer. Such an adapter would have a different connector on each end and would be a legitimate device on your computer. If the connectors look the same it may be a keystroke logger.

These devices may be installed by your employer. Courts have recognized the right of your employer to monitor the use of a company-owned computer.

Software Keyloggers

There are also software keyloggers like the one used by a New York man to gather over 450 bank account passwords in Kinko's stores while people used the computers to log into their bank accounts. He created new accounts and transferred money into the false accounts. There is software that will detect these like Advanced Anti Keylogger.

Public Access Computers

You need to be very careful about using public-access computers (like the ones at Kinko's or in an Internet Café). Assume that your computer activities are being monitored, and avoid providing usernames/passwords or credit card information on these connections.

You might wish to ensure that you can clear the cache before you use these to enter usernames and passwords. Virtually all will use Internet Explorer, which leaves you open to those vulnerabilities. You cannot ensure there is no keylogger device, so you may wish to reconsider the need to access banking or other sensitive information.

Some systems offer a way that doesn't use the keyboard. You can see an example in the login page for Islandnet.com. Look for the little virtual keyboards beside the username and password entry.

Return to top

More About Security Issues

The following related pages offer more information about security:

• Security Basics—Preventing Unauthorized Access
• Firewalls—Your First Line of Defense
• ZoneAlarm Security— Recommended Firewall Products
• Passwords and Encryption—Protecting Your Electronic Signature
• Internet Security Vulnerabilities—Weaknesses in Windows & Internet Software
• Anti-Virus Protection—Current Alerts, Strategies, Hoaxes & Software
• Avoiding Spam & Copyright Abuses—Promote Responsible Net Commerce

PDF Documents

Several documents on this Website are labelled as PDF. You will need the free Acrobat® Reader® to view and print the PDF documents. Get the free Acrobat® Reader®.

Return to top

www.RussHarvey.bc.ca/resources/privacy.html
Updated: October 2, 2009

[an error occurred while processing this directive]

Skip Navigation

• Site Home
• Web Design »
• Writing & Editing
• Computer Services »
• Self-Help Resources
• Personal Pages
• Contact
• Site Map & Navigation
• Site Search

» Click for sub-menu.