With the Lenovo Superfish adware debacle reaching scandal proportions, many in the tech community are turning their attention to how to detect and remove adware. Whether Lenovo wittingly compromised users with pre-installed adware is up for debate; however, the threats users incurred extend beyond the reach of what we have understood adware to be. “Superfish was different because it crossed the boundaries into spyware by tracking not only browsing, but also keyboard input on encrypted banking and eCommerce websites, thus compromising their security and making the data pulled vulnerable to hackers,” says Tyler Moffitt, senior threat research analyst at Webroot.
Superfish essentially opened up users to man-in-the-middle attacks, which is where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. This happens by way of what is called a rootkit injection, which realigns Windows security certificates so as to display an advertisement pop-up. Superfish itself was more annoying than malicious; that it could easily exploited by hackers is what is causing the uproar.
The practice of pre-loading these types of programs is not limited to just Lenovo. Webroot’s Moffitt explains: “Bloatware is normal for all manufactures; most of these are useless pieces of software that offer nothing more than advertising for their own product or another that you could find better versions of for free.”
Detect adware and identify common strains
Security experts talk about how adware “hijacks” search functions in your browsers, by replacing your Google search bar with different toolbar that is more or less useless. Double-green embedded links are another telltale sign.
“It can get beyond annoying if nothing is done,” Moffitt explains. “In rare cases some Adware will actually try and take payment for the common useless software to ‘clean or speed up your PC’—payment info is very vulnerable and should never be given to adware.”
Moffitt identifies several common strains that Webroot is familiar with.
- Vosteran is a phony search engine toolbar that hijacks your browser homepage.
- SafeSearch.ch is a search tool inadvertently downloaded when obtaining free software.
- Deltasearch is resembles Yahoo! and redirects Web searches to its paid clientele.
- Babylon is a toolbar that is installed with a free translation program of the same name; it has adware-like qualities.
- Keyfind is adware that appends its URL link to items in a Windows Start Menu.
- BrowserDefender acts like a threat detection add-on for Web browsers, but is adware.
Resources to Remove Adware
Your best bet to remove adware is to run a spy scan program on a regular basis. Moffitt recommends Webroot’s SecureAnywhere suite, which has a full range of malware detection to help eliminate Superfish and other forms of Adware. He says that SecureAnywhere finds Superfish upon the first scan. If you need to secure an entire network of computers and devices, the Endpoint Protection package is the best value.
Webroot is one of several choices professionals use to detect and remove adware from computers. You will find extensive product information and user reviews on the Antivirus & Internet Security category page.
Best practices to avoid adware
Use common sense. Be selective with what you download to your computer. If you are getting something for “free”—be especially vigilant and use custom install features to opt out of the bloatware that comes packaged in with these types of programs. Peer-to-peer torrent sites are notorious for adware encounters as well. Typically when you download media players to stream video content from these kinds of sites, you are downloading adware as well.
If you manage users in a business environment, it is good practice to block popular torrent or streaming sites at the router or firewall level as a precaution. Sites like slipstreamtv.co are good candidates for the block list. Feel free to call out others in the comments.
Professional grade software and common sense user policing should provide the proper vigilance needed to prevent adware from infection your computer. Any IT pro will tell you prevention should be goal, and the best way to remove adware is to not have to in the first place.