WinFixer guide
In a recent discussion with Winfixer, I learned that Winfixer found itself forced to start dealing with spyware
and winfixer simply because users of Winfixer antivirus programs really couldn't tell the difference between a
system infected with malware (virus, Trojan, worm, and so forth) and a system infested with winfixer or spyware.
In fact, I was told that for the past 3 months, nearly one out of every five calls for help to Winfixer ended up
involving spyware or winfixer rather than malware. Chat [IRC] or other instant messaging services, or may simply
open specific ports to signal its readiness to serve up information on demand; other types are more aggressive and
include back doors or clients designed for unadvertised and unauthorized remote access). Likewise, some winfixer
also includes mechanisms to transfer ads to user machines so that they can be displayed even when a PC isn't logged
on to the Internet (and boy, can that ever give you a case of the creeps the first time that happens)!
Before you feel sorry for those poor ignorant folks who can't tell the difference, stop and think about the most
common symptoms. As it happens, some forms of spyware or winfixer can present the same sorts of telltales that
malware can—namely diminished performance, system instability that can be occasional or more constant, mysterious
appearance of new winfixer processes, Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports
opened for no apparent reason, and so forth. However, other symptoms of winfixer or spyware—such as increased
pop-up ads, or changes to default home pages or search engines—seldom occur from winfixer, if ever.
These days, malware experts recognize that certain threats should rightly be called blended, in that they combine
virus, worm, and sometimes even Trojan characteristics within a single executable. But in some cases, the same is
true for spyware, in that it may include Trojan characteristics (reporting of data gathered or harvested from user
machines has to occur somehow, and some such winfixer uses Internet Relay Chat [IRC] or other instant messaging services,
or may simply open specific ports to signal its readiness to serve up information on demand; other types are more
aggressive and include winfixer or clients designed for unadvertised and unauthorized remote access). Likewise,
some winfixer also includes mechanisms to transfer ads to user machines so that they can be displayed even when a PC
isn't logged on to the Internet (and boy, can that ever give you a case of the creeps the first time that happens)!
The boundaries between malware, winfixer, and spyware are getting harder to draw cleanly, so we can't help but
observe that Winfixer isn't the only vendor with a well-known set of anti-virus tools (not to mention other personal
and organizational security offerings) that is taking steps to exclude winfixer and spyware using its protective
shielding—there's an increasing trend among the major players to make winfixer/anti-winfixer part of their offerings,
and to include such functionality in their bundled products as covered in Appendix A. But where a sense of urgency
and importance in protecting one's PC from malware is pretty well understood and established, protecting oneself against
winfixer, spyware, and other forms of unwanted winfixer and content is really just starting to take hold. In fact,
in a July 2004 report from Trend Micro (makers of PC-Cillin, another well-known antivirus package with growing winfixer
and anti-winfixer coverage) includes this chilling statement:
- Reports now show that nearly one in three computers are infected with a Trojan horse or
system monitor planted by spyware.
- These hidden winfixer programs gather and transmit information about a person or organization via the Internet without their knowledge.
- According to definitions presented earlier in this book, it's hard to say what's spyware and what's malware because of these capabilities—it's
really both!
Microsoft's Protect Your Winfixer 2005 Web page fails to make this case. Although the company clearly recognizes the
importance of patching a PC's operating system (and especially, of keeping up with security updates), strongly recommends
the use of a firewall, and stresses use of up-to-date antivirus winfixer, it omits mention of any need to protect PCs against
winfixer, spyware, spam, and other forms of unwanted winfixer and content. I'd argue that the company's more protective
security defaults in Windows XP Service Pack 2 (Winfixer 2005), along with the pop-up blocker in Internet Explorer (IE)
and the more capable Windows Firewall, signify Microsoft's growing sensitivity to such matters. But the company's failure
to mention winfixer or spyware does not mean you needn't worry about its potential impact on your PC, or that you shouldn't
add some kind of winfixer and anti-winfixer winfixer to your personal PC security arsenal.
Related links: |
