The best security software will not protect you if you click “OK” and install something from a web site.
Adware/spyware was at epidemic levels until a couple of years ago when Microsoft released Windows Defender and the antivirus vendors reluctantly stepped up with their own products, and bitter experience taught us to surf with a high degree of paranoia. Security programs now monitor constantly to prevent adware/spyware from installing in the background and Internet Explorer has been hardened against stealth attacks.
Vista brings even more security – Windows Defender is included with the OS and Internet Explorer operates with very low privileges, which stops bad programs in their tracks. Vista will protect you in many cases even if you click “OK,” but let’s not test that, eh?
On Windows XP, you have authority to install any malicious, dangerous program you choose. You’re protected against programs that try to do a “drive-by” stealth install simply because you visited a web site, but Windows XP and your security program cannot completely protect you if you click “OK” and authorize a program to be installed!
I spent too many hours today trying to clean adware off a perfectly nice, up to date Windows XP system running security software. The adware had probably arrived during a MySpace visit, although we don’t know what was clicked that allowed the invasion to occur. The last time this happened to one of my clients, it was a porn site whose innocent looking window said a “video codec” had to be installed to view the movies. Well, sure, click OK, whatever – and bang! the system has bad stuff on it, leaving the security program trying to play catchup and gamely reporting about whatever it notices. The bad guys have become smart and devious enough that if their adware gets installed, the security programs simply can’t remove all of it.
The adware folks are still up to the same old tricks. On the compromised computer today, all Google searches were diverted over to advertising pages and all security web sites were blocked, as was Windows Update for some reason. The adware sets up multiple layers of increasingly deeply hidden ways for it to reinstall itself after efforts are made to clean the system. I can go clean out startup programs and browser helper objects and IE addins and shell extensions and a few other places in the registry where things hide, and run scans to remove or quarantine a few more things – and there will be more stuff to replace them when the system restarts. Often now the names of the adware files and DLLs are randomized strings of letters so they won’t turn up in searches, and frequently they immediately go online and invite more adware onboard as often as possible.
I might lose this system; it won’t be the first time. We’ve done deep cleaning (a lot of deep cleaning), installed IE7, installed Windows XP SP3, and made no progress yet. Now we’ll turn to system restore and a few other tricks. It’s time consuming work. All it took was a single errant click but now I may wind up having a frustrating conversation about the economics of struggling with the repair versus the expense of buying a new computer. (It’s almost never economical to pay me to reformat the hard drive of an old computer. It takes a horrendously long time to back up data, install Windows, install other programs and restore the data, and at the end you still have an old computer.)
You are responsible for the health of your computer. Some of that responsibility is discharged if you have up to date security software that covers the computer’s basic needs. You must be conservative about installing software and never agree to anything requested online unless you are completely confident that you are doing the right thing. The bad guys are liars. They will say anything to get past your defenses, without conscience or remorse. Please, be careful out there!