A Dangerous Duo: Hacking and Spyware
Version 2005-05-30. Copyright 2005 by Terry Bollinger

Does Avoiding Viruses Keep Out Spyware?
Someone at work asked me an interesting question: "Can I keep spyware off of my system by avoiding dangerous sites and not opening attachments?"

The answer, unfortunately, is no. The reason why is rather worrisome. Because viruses seldom return anything of value to their creators, users who do not fall for their ploys are typically safe. After all, why should a virus writer spend time and effort simply to infect one additional user, when their main goal was simply to show how many users they could infect globally?

With spyware the situation is different. Because spyware is all about making money, as opposed to the primary virus writer incentive of showing off coding skills, your system often is worth real money to spyware controllers. To get or keep your laptop or PC, spyware controllers will go to lengths seldom seen with viruses. More specifically, they will hack directly into your system to plant their spyware. This means that by doing nothing beyond connecting to the Internet, you can up with a Windows system so riddled with hardcore spyware that it is unusable -- and unsafe to use even if you could.

The Striking Fragility of Unprotected Windows Systems
While there has been some increase in the general public awareness of the dangers of linking an unprotected Windows systems into an Internet DSL connection, most people grossly underestimate the level of risk. A quick look at SANS Internet Storm Center statistics on the top ten "port attacks" can help reset that impression, even if you are not familiar with ports and how they are used. Suffice it to say this: An average Windows system encounters an automated hacker attack to a Windows software destiantion known as Port 445 within seconds of being connected to the Internet over a DSL line. The effects of automation on attack levels cannot be understated. Whereas in the past hacking generally meant a real person focusing on getting into your system, the first phase of a modern attack is usually fully automated and provided by other computers that have already been successfully hacked. Once a break-in occurs, your system may be folded into the same network that launched the attack. If your system is found to contain sufficiently interesting data on it, a real human hacker may be alerted to take over.

Microsoft has of course been addressing this problem by bundling features such as a built-in firewall into their recent Service Pack 2 for Windows XP,  (It must be noted that the problem is largely one of Microsoft's own creation, since they somewhat inexpicably designed the high-risk Port 445 as a replacement for earlier and similarly risky Windows software ports.) While such security-oriented upgrades are always helpful, they are unlikely to provide the best available security solutions, and they do not directly address security in older 95-based Windows systems including 95, 98, 98SE, and ME. Upgrading to Windows XP can definitely help, but such an upgrade will not get rid of spyware already on your system (yet).

The Global Consequences of Windows Fragility
While the fate of other systems, especially older Windows systems, might not seem to be that important to you if you are using only the latest technology and have the support of a good technical group, consider this: How much total processing power is available to a global network of older Windows systems, and how damaging could that power become if focused on breaking into and taking over more security-aware systems?

The question is not an abstract one. It is quite common nowadays to talk to people with DSL connections and computers that are furiously exchanging data, but no longer respond to their owner's commands or requests. A spyware network that gains enough members will have substantial processing power, and may well be able to focus that power on bringing in new systems that would not normally be easy to take over. On an oddly positive note, the ability of spyware networks to gain more nodes is almost certainly limited in part by competition between spyware groups that are all vying for the same resources.

Gaining Maximum Security in Windows Systems

The best way to provide maximum security in both older and current Windows systems is first to perform a very thorough eradication of spyware, including in particular elimination of deeply hidden Shiva spyware that ordinary scans cannot detect. This must be followed up by the installation of a suite of continually active applications to monitor both your Internet connection (firewalls) and your internal Windows settings (active spyware guards) for any indication of attempted or successful hacking into your system. If properly done, such a procedure can result in Windows systems that greatly reduce the risk of break-ins from hackers.

Reversing the Consequences
Hacking is unlikely to go away anytime soon, but it is worth noting that if sufficiently large numbers of Windows systems get rid of spyware and start fighting off new infections, hackers will be deprived of more than just a few victims. Their opportunity to form powerful spyware networks will be drastically curtailed, forcing them to switch from powerful and highly automated distributed tactics back to a more one-on-one style of attack. The direct effect of such spreading security would be a major drop in those SANS statistics, as remote systems stop attacking your systems and instead go back to doing their real jobs. This is a reason for optimism in fighting spyware, and for shutting it out not just from new systems, but from older ones around the globe.