How did THAT get on my computer: Part 2, Trojans and Adware

In the first installment of this series I discussed “opt out loaders,” where a legit piece of software automatically installs a toolbar, search helper, or other crap unless you take action by un-checking a box or clicking a button. These are annoying but usually benign.

Answer #2: You found it, downloaded it, and installed it. But it’s not what you thought it was.

Adware is software that installs, with your permission, and shows advertisements as pop-up windows or embedded in the program. Many of these are fine, like PrimoPDF and Weatherbug, but the developers of these programs are notorious for collecting extraneous information, not clearly disclosing how they’re using your search habits and possibly personal information, and “accidently” leak or disclose your info. There gets to be a fine line between “legit” adware and that which doesn’t really do anything but show ads. Most of these are hard to remove the standard way through Add/Remove Programs. Is it lazy programming or malice? Hard to tell.

Note the multiple nice big happy ad spaces in the Weatherbug screen capture:

Many common adware programs just show ads without doing anything else of use.

Trojans, on the other hand, are programs that LOOK enticing but really contain crap you don’t want. Like when you go searching for “awesome free photo editing software” and get a program that doesn’t do much…that you can see. Another common ruse is to send an e-mail with instructions to install a Microsoft Update or other software. These programs start to do the nasty work that we’ll discuss in a later installment.

Here’s an example of a Microsoft Update trojan. The aim is to entice the user to run whatever the program is:

The keys point about Trojans and Adware is that they’re both programs that the person USING the computer looks at, evaluates, and decides are worth the download.

How can we protect against these in a business environment?

  1. Make sure your employees have the software they need. From a legit source. A system rebuild costs more than a copy of Adobe Acrobat Pro or Foxit PhantoPDF.
  2. Set forth policies about not installing unauthorized software on a work computer. Most IT providers will vet programs for you if you ask, often at no (or minimal) extra charge.
  3. Use cool tech like UTMs (Unified Threat Management device, the new buzzword for fancy firewalls with active threat monitoring), cloud-based protection, etc in addition to good ol’ Antivirus software. Consider blocking a wider range of non-work-related sites.

Next time we’ll get into the less-avoidable (and increasingly more common) ways THAT gets on your computer.

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: