Spyware: What is It and How to Remove It?
The vast majority of threats encountered online are collectively known as malware. This term can refer to a wide variety of issues including spyware, adware, viruses, rootkits, Trojans, and other such malicious software. We are going to discuss spyware: what is it and how to remove it.
As some of us know, spyware is computer software that is installed without the user's knowledge or consent and which is specifically designed to collect various types of information. The information may be related to the user's internet surfing habits, or it can be personal information that the user inputs into the computer.
Spyware can also be used by businesses legally to keep an eye on their employees' day-to-day activities. These are commonly known as keyloggers. Nevertheless, the most common use for this type of software is to steal someone's identity, or worse.
What's more, once a computer is infected with spyware, there are additional problems that may also arise. Your system may start working slower without explanation, as the spyware is secretly eating up memory and processing power. Your web browser may have an additional toolbar, or the browser may present a different home page.
Error messages may also appear on screen, as well as previously-unknown icons that may pop up on your desktop. These are just a few telltale signs of spyware finding its way into your system.
Below are several steps that you can take to remove any spyware that's on your computer.
The Traditional Uninstall
Though it may seem surprising, some spyware and adware applications do have fully functioning uninstallers, which means that you can remove them from your Windows' own Control Panel.
In the Add-Remove Programs list, search for any unwanted programs listed there and uninstall them. Be careful not to confuse any useful apps or programs with spyware. Reboot your system after the procedure was successful, even if you are not prompted to do so.
Most spyware, especially the dangerous kind, do not have the previously-mentioned option, in which case you will need to remove it via an up-to-date antivirus scanner. You will first need to disconnect your computer from the internet. If your antivirus allows it, perform the scan in Safe Mode.
If by any chance you don't have an antivirus installed, which you definitely should, choose one of these free versions, or go for the paid variants for better results. Whenever you are using these tools, always make sure to update them. New spyware is created on a daily basis, and only up-to-date antivirus software will be able to detect and remove them.
Undo any Potential Damage
After one or both of the steps mentioned above have been performed, make sure that the spyware will not reintegrate back into the system once you reconnect it to the internet. To do that, however, you will have to reset your browser start and home pages, make sure that it hasn't hijacked your HOSTS file or that any undesirable websites haven't been secretly added to your Trusted Sites List. Only after you've completed these steps, it is a good idea to reconnect to the internet.
Like with any other online threat out there, the best way to protect yourself is through prevention. Make sure that no spyware will make it into your computer by keeping your security systems up-to-date. Likewise, be more skeptical about what programs you install on your PC, especially if it is part of a package or if it promises something that seems too good to be true. Contact us today to discuss possible solutions.
Meltdown and Spectre: Current Status 01/12/2018
Meltdown and Spectre: Current Status 01/12/2018
By Robert Meyers and Sean Andrews
The vulnerabilities known as Meltdown or Spectre are new vulnerabilities announced last week to the world at large. They are based on a process called speculative execution which is a technique that became popular in the mid-nineties to improve processor performance.
In most cases, these vulnerabilities don’t allow an external unauthorized party to gain access to a system, although it could allow a party that has access to the system to access unauthorized data. However, this is the current state. These vulnerabilities are typically weaponized into malicious websites and malware. At that point these vulnerabilities will become significantly more dangerous. These at that point we can expect these exploits to be used to recover all information in memory (including passwords and tokens) as well as inject commands into the computers processor.
As your technology partner we are working on building a strategy to aid in defending our clients. Currently that is mainly still in testing, the same as ever other provider. We wanted to update you with current findings.
On average current machines will see around six percent performance degradation on average from the Microsoft patches. However, there is a complication around anti-virus and anti-malware platforms which is currently be worked on. This complication causes boot issues and crashing. Additionally, the patches currently have a similar impact when deployed to AMD based machines, there are similar issues. As it is common to have more than one anti-virus Microsoft and the anti-virus and anti-malware providers are working on a solution. Additionally, a new patch attempt by Intel is causing random reboots and is simply not recommended for production. Please note that older systems will have increasing impact from the patching. Our current recommendation and practice is to test and monitor. These solutions are not yet ready for wide spread production without a level of predictable instability and should be limited to administrative systems on demand.
Currently only High Sierra from Apple is being updated. There are no currently reported errors from our or our partners testing that we have seen. As such, we are agreeing with the Apple recommendation on deploying the upgrade to any Macs to High Sierra (10.13.2 supplemental update) and patch. There is a performance impact, however in testing it has appeared stable and between 1% and 6% performance degradation.
We are currently waiting on updates from most software vendors, however Chrome should be updated on Jan 23 (as currently advised), however they have a recommendation to help mitigate part of Spectre. IBM will start rolling out some fixes in February, although there is limited information so far released. Microsoft currently has a series of patches for Internet Explorer, Edge and SQL. Due to the instability being seen, our current strategy is to only deploy these to administrative systems.
Anti-Virus / Anti-Malware
We have confirmed that one of our partner’s Webroot SecureAnywhere 9.0.18.xx is compatible with the Microsoft patches, however it does require that a registry key is set before being deployed. There is a version being developed that will place and manage this registry key (a part of a Windows Computer’s DNA) automatically, and we recommend waiting for this.
Microsoft currently deploys Windows Defender Antivirus, System Center Endpoint Protection, and Microsoft Security Essentials that are compatible with the January 2018 security updates and have set the required registry key.
Currently there are versions of Avast, Avira, AVG, ESET, F-Secure, BitDefender, Kaspersky, Sophos, Malwarebytes, and Symantec that are declaring as compatible and deploying the required registry key as per Microsoft’s guidelines. However, please note that Microsoft has published that future updates will require the registry key is set. As always, our recommendation is to maintain a system under protection. However, version changes will need to be managed.
Performance on servers can be critical, and the Microsoft and Linux patches that have been released are showing very large performance degradation. Often averaging 30% degradation once patched. As such a strategy is being reviewed for server protection although please note that as long as there is no browsing or general use of a server, there are less attach vectors. Patches are being refined and alternative strategies are being reviewed including isolation. We are working with partners and monitoring the industry recommendations.
Azure, AWS and Google have been deploying mitigation. At this time other SaaS and IaaS providers are working on independent strategies. We are monitoring this situation.
Most systems will need to install both operating system and hardware/firmware updates for all available protections. Intel has committed to releasing updates to more than 90% of processor products by 1/15. AMD is making firmware updates available for Ryzen and EPYC owners this week, and the company is planning to update older processors “over the coming weeks.” These updates are given to the hardware manufacturers who then have to make the bios updates for each system. Expect newer and higher volume systems to have firmware updates available first. See Additional resources of this Microsoft Article for links to OEM Device Manufacturers. Please note that we are waiting for more feedback from testing and community results for future planning before making full recommendations for firmware.
SCCM and WSUS
The community has identified issues with some of the patches deployed by WSUS, and SCCM which utilizes WSUS, are not showing up as available to install on some systems. The patches will show up as Installed / Not Applicable. These systems have the Anti-Virus registry key in place. Even bypassing WSUS and scanning directly from Microsoft will not show the patches as needed. This TechNet forums post documents the issues the community is having. If the issue really is the requirement of older parent patches being installed then we expect the patches will be re-released to address this. Our strategy and recommendation at this point is to delay patching and wait for more information at this time.
Managed Solution customers that do not have a managed service agreement could contact their account executive to discuss further details.
Not a current customer? Contact us today to get started 858-429-3084