November 25, 2004
All My Base Are Belong To ThemI just ran Ad-Aware on my computer and discovered it was stuffed full of spyware. I watched in awe as it paraded a cornucopia of 946 suspicious items in front of me, including 3 active processes and 500+ registry keys. I felt like quite a turkey for having such an infected computer. And I should give thanks to my father, who suggested I check my computer for spyware before it turned into a pumpkin.
You can find a list of Anti-spyware tools at PC World's site, among other places.
Posted by AdamBa at November 25, 2004 09:40 AM
TrackBack URL for this entry:
Would you happen to be running as an administrator? If so, then you deserve the spyware.
Posted by: Ovidiu at November 25, 2004 12:54 PM
A way to keep up to date on spyware is to follow the Spyware Warrior blog: http://www.netrn.net/spywareblog/
Anyone remotely technical has to stop running as Administrator. It's bearable if you have tools like Aaron Margosis' makemeadmin batch file and his PrivBar which tells you what context you're running IE or Explorer under. Couple that with using Run As with Internet Explorer on the few occasions you need a new ActiveX control, to edit a restricted file, or to use certain Control Panel applets, and it's not too bad - I've been set up like this at work and at home for a couple of months now.
Alternatively, if you can't bear that, you could use Michael Howard's latest MSDN article (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp) to drop your rights when running certain risky applications - your web browser, email client, news aggregator, etc.
Posted by: Mike Dimmick at November 25, 2004 01:14 PM
You may wish to also run Spybot Search & Destroy. It routinely finds things that Ad Aware doesn't, and visa versa.
Posted by: Gary Petersen at November 25, 2004 08:26 PM
Actually I did run Spybot also! Based on the same advice you gave me.
I admit I am guilty of running as admin. I keep meaning to stop (at home and at work). I think Microsoft should start a real campaign to get employees to stop running as admin. I suggested this to Michael Howard -- we could have t-shirts with slogans like "Friends don't let friends run as administrator". He agreed it was a good idea, but nothing has come of it.
Posted by: Adam Barr at November 25, 2004 11:21 PM
SInce Microsoft runs such a managed network environment I'm surprised you are allowed to run as Administrator there unless you absolutely have to for your development work. Is that a privilege that comes with seniority or does everyone through development sales and marketing routinely run as admin? Or is it just on your personal test machines? Do you have systems set up to filter spyware at the firewall?
Posted by: Edward at November 26, 2004 09:18 AM
I found 4 pieces of spyware on my machine at home. And I run in a LUA. And I have up-to-date AV, and I don't go to the sites that are likely to have spyware on them.
And I don't accept ActiveX controls, etc.
I don't know what vector they're using to reinfect my machine, but...
Posted by: Larry Osterman at November 26, 2004 01:24 PM