With the proliferation of adware, spyware and keyloggers new approached are being designed to deal with this problem. However, as more anti-spyware products are introduced, the level of spyware sophistication increases. This translates into more unusual means of infecting computers. An example of this can be found in spyware code that enables it to reinstall itself. A good anti-spyware program can remove the registry entry for a particular spyware. However, there may be a hidden registry entry that the anti-spyware program can miss. Because of this, the spyware will reinstall when the computer is rebooted.
Another approach involves programming the spyware to load very early in the boot up process. Trying to uninstall the spyware will then be disallowed by the operating system (OS). This happens when the OS is trying to protect a running program’s integrity that the OS doesn’t control.
The first thing to consider is the prevention of system infection. Beyond switching operating systems (i.e. Linux and Mac) or browsers (i.e. Firefox and Opera) there are free programs that can be used to remove and prevent spyware. The operating system should also have been updated with the latest security patches.
Once an anti-spyware program is installed, it’s important to keep that program updated regularly. This will ensure that the anti-spyware program will have all of the latest spyware definitions and information. In most cases, it can be prudent to set the automatic update feature on the anti-spyware program.
Keyloggers are designed to capture sensitive information by recording keystrokes from a keyboard. One way to avoid this is through the use of a virtual keyboard. This is graphical keyboard that appears on the user’s monitor screen. The keys are accessed by clicking on them with the mouse. This type of keyboard would be then used to enter usernames and passwords. This may not be practical for all user applications. But it can be used for very sensitive data.
It should be noted, however, that this method is not foolproof. Some keylogger software is designed to capture individual screenshots whenever the mouse is clicked. In order to avoid this problem, there are virtual keyboards that will activate a character by hovering over the key. This is in lieu of actually using the mouse to click on it.
Keystroke capture can also be avoided by having the software enter password characters at random. With this method, a software application can request the user to enter odd placed characters of the password. After that, the even placed characters would be entered. However, the sequence would need to be changed after each entry. If not, then the original password could be easily reconstructed. In addition, the application being used must support this method of password entry. The downside to this approach is that all of the characters of the passwords will still be captured. It could then be reconstructed by trying out different combinations.
A more effective method is the use of keystroke encryption. An example of this is the free program “KeyScrambler Personal”. This program is designed to encrypt the user’s keystrokes at the driver level of the keyboard. This means that the keystrokes reaching a hacker will be useless to them.
Currently, seven states have enacted Spyware legislation and 28 states are considering the same. This legislation involves penalties for the transmission of adware and the use of spyware. Legislation covers software programs that:
• Take control of a computer without the permission of the user.
• Alter or modify computer settings that relate to accessing the Internet.
• Collect personal data through deception.
• Prevent or block the user’s attempts to disable or uninstall the software.
• Misrepresent the user’s ability to disabled or uninstall the software.
• Disable or remove anti-virus or anti-spyware software through deceptive means.