Pestware 101

By Intranet Journal Staff | Posted October 28, 2003

Pestware is a growing threat to end-user laptops and desktops. Its clandestine nature is starting to blur the line between nuisance software and viruses. While Pestware doesn't typically destroy components of your system the way viruses do, it does use up valuable system resources and it can report on your Web surfing habits, and other personal behavior unbeknownst to you.

What is Pestware, And What Does It Do?
Pestware, sometimes referred to as malware or scumware, is probably running on your PC this very minute. In fact, it is estimated that 90 percent of all PCs are affected by pestware — many more than those affected by viruses. The main difference between pestware and viruses is that viruses actively damage your PC, and pestware does notat least in theory. For the most part, pestware consists of various types of nuisance software that becomes installed on your PC through duplicitous channels, often by the vendor or perpetrator tricking you to install it under the guise of so-called advantages to you.

One clear indication that software is pestware is if it does not come with an uninstaller program. Legitimate software packages come with uninstaller programs, since ethical vendors realize you may need to unload the software at some point for one reason or another such as system trouble-shooting, upgrading, or moving the license from one system to another. An uninstaller is an automated program that systematically and efficiently removes a particular software package in its entirety.

Pestware perpetrators do not want you to remove the software for any reason, and therefore make it difficult for you to do just that. Some pestware producers provide cumbersome uninstall instructions that must be performed manually, and do not provide automatic uninstaller programs, in order to reduce the likelihood that you will remove their software. For legitimate software packages, the days of having to follow a detailed page of manual instructions to uninstall software are long gone. Any software producer that requires long and cumbersome manual intervention to remove their software should raise healthy skepticism on the legitimacy of their software.

Types of Pestware
The vast majority of pestware, is adware — software that is designed to facilitate the propagation of pop-up advertisements on your screen. While adware doesn't directly damage your PC, it does use up valuable CPU cycles, bandwidth, and memory resources, and for most people, it is an annoyance that gets in the way of their day-to-day productivity. There are at least 200 different Adware packages today.

Most adware works by trying to display targeted ads to your desktop. Adware producers often require you to consent to the installation of the adware, by duping you into thinking you are downloading freeware such as an atomic clock program, a local weather forecasting program, or other innocuous sounding tools. Some of the techniques that adware producers use to tempt and trick you into downloading their software include promising to:

  • clean-up unwanted garbage files on your system
  • improve the security of your system
  • improve the efficiency of your computing power
  • enable easy file sharing capabilities
  • entertain you with a fun, new computer game
  • give you up to the minute news updates
  • give you a more fully featured Web browser
  • give you a more interesting cursor pointer
  • provide you with a better search engine

Typically adware programs will provide you with some sort of tool, such as an atomic clock, that is completely unrelated to its adware functionality, to fulfill their obligation to provide what they previously promised. Adware vendors would like for you to believe that they are among the purist-freeware-pocket-protector-geeks who write and give away software for holistic purposes. However, what they don't tell you is that the little system tool, for example the atomic clock, is one little piece of a larger adware package. Basically, adware companies do not want you to know their software is adware, since few people would willingly install it if they did.

Some adware, known as targeted adware, tracks your browsing habits so it can understand what targeted ads you may be most susceptible to responding to. For example, if you do a search on "mortgages" using a leading search engine, you may notice that shortly thereafter you start seeing numerous pop-up ads related to mortgage services on your desktop. That is because the targeted adware, currently installed on your system, spied on your Web surfing habits, recorded your search engine habits, and used this information to propagate advertisements related to "mortgages" to your system.

Well-Known Adware Packages
Adware Name Adware Producer
BroadcastPC Mark Adler
CasinoOnNet Casion-on-Net
Comet Cursor Comet Systems, Inc.
Download Receiver eAcceleration
ExactSearch eXactSearchBar
GAIN Gator
GeoWhere Jean Fages
Moe Money Maker EBates
Netsonic Web3000
Network Essentials SmartPops
Offer Companion Gator
RespondMiter VX Corporation
SuperBar GigaTech Software
WildTangent WildTangent, Inc.

While targeted adware spies on your Web surfing habits to understand what targeted ads to display on your system, other types of spyware exist as pestware that may have more hostile purposes. Pestware products, other than adware, that may become installed on your system through clandestine means. These often includek eylogger programs that record your keystrokes, password capture programs that record your passwords, spamware designed to use your system as a spam launch pad, tracking cookies designed to investigate your private and personal life, and Trojan horses that are not actually viruses or worms.

Some Trojan horse programs are not actively scanned for, or quarantined by anti-virus products because they aren't actually viruses or worms. If they don't actively damage your system, the removal of it may not be in your anti-virus product's repertoire. For example, some Trojan horses are designed simply to turn on and off services. Though turning on and off certain system services will not damage your system, the purpose of turning on various services could be to exploit security vulnerabilities. Some Trojan horse programs are designed to open your system so that it can be remotely administered by unauthorized users — these programs are otherwise known as RATS.

While keylogger, password capture, spamware, and cookie tracking software doesn't actively damage your system, it can be used for malicious purposes that could among other things damage your personal or professional reputation; damage your credit rating; get your company involved in litigation due to violation of new spamware laws and regulations; investigate you or your family's medical history; obtain your social security number; obtain information on where you live; or obtain login information for theft at a later date. There exist at least 500 available keylogger programs in cyberspace today, all designed for spying on what you type on your keyboard — your personal information, financial information, and passwords.

Products that Control Pestware
Unfortunately, most anti-virus programs do not remove or block pestware. Though eventually anti-pestware and anti-virus products will likely converge, today, they exist as two distinct product categories that have only a small amount of overlap from one type of product to the other.

Anti-pestware software is a nascent market segment, still in its infancy, that has evolved in the last 3 to 5 years. This market will likely mature and become much more competitive in the next 5 years. The good news is that thanks to these innovative and opportunistic companies, some nifty products have been developed to combat pestware. Whether or not any of these pestware products are right for your organization, or your system, is something that you should determine by testing out the various features.

Similar to anti-virus products, anti-pestware products actively prevent pestware from running in memory and also offer manual and automated scanning capabilities. Some anti-pestware products have quarantine features to quarantine the pestware for further testing. Some of them can integrate with your firewall, so you can block unwanted content from your entire network.

Pestware Elimination Products
Product Name Vendor Web Site
Ad-aware Lavasoft http://lavasoft.element5.com/default.shtml.en
Anti-Trojan5.5 Anti-Trojan http://www.anti-trojan.net
PestPatrol PestPatrol http://www.pestpatrol.com
SpyBot Search & Destroy PepiMK Software http://www.security.kolla.de
SpySweeper Webroot Software http://www.webroot.com
XCleaner XBlock http://www.xblock.com

A Word to the Wise
As long as you're concerning yourself with viruses and worms invading your system, you might as well concern yourself with pestware invading you system. Though pestware's exploitive nature is more subtle, the fact that pestware is more prevalent than viruses mean that your system is far more likely to become a victim of pestware, if it's not already. Anti-virus companies and their product lines have yet to fully embrace pestware as something their products should look for and remove. In fact, research for this article showed that leading anti-virus products failed to remove numerous pestware packages, including some of the more hostile pestware packages that were not adware.

Be smart about the so-called freeware that you download. Research the site or banner ad offering the freeware before click on the download button. If you cannot find any technical newsgroups, or product reviews that say nice things about the freeware, it's probably not nice freeware.

Before being deployed enterprise-wide, any anti-pestware package should be adequately tested. You have to be sure that the anti-pestware package you are installing is not actually a pestware package itself. For example one program known as SpywareNuker, is actually spyware itself. Thorough and adequate testing in a lab can help you make sure that an anti-pestware package technically sound and ethically pure.

Adapted from Intranet Journal.com.

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date