【 Weak current College 】 grayware symptoms and prevention methods

As viruses, worms, Trojan horses, backdoors and blended threats of floods, the current address new vulnerability resulting speed much faster than before, but the social engineering (socialengineering) trap has also become a major new attacks. With social engineering attacks to trap elements including spyware, phishing, email-based attacks and malicious Web sites, etc. These attacks often masquerade as legitimate applications and email information, designed to deceive users expose sensitive information, download and install malicious programs, traditional security device is difficult to stop, often require advanced detection and security technology. This article focuses on the characteristics of gray software and protection methods.
1. What is a grey software

Grey software is a general term, it is installed on your computer to a destination to track or report-specific information that a category of software. The software is typically not being allowed to install and execute. Many grey software is needed to download and run the application you unconsciously completed work, such as tracking computer use, theft, privacy, etc. In a large number of e-mail virus become monthly news headlines, users may be aware that if you open a message that is not to determine what risks. But for grey software, users don't need to open an attachment or execution of the infected program, the only access using the technology of the Web site, it will become a victim of grey software. Many grey software only generated spam, for example, a pop-up window. It is true that in the grey "harmless" and stolen credit card account number of the software, passwords and social security numbers of these valuable information, or between an attack there is a clear distinction between standards.

Grey software often comes from the following acts: (1) download shareware, freeware or other forms of shared files; (2) open the infected by mail; and (3) click the pop-up ads; and (4) access to irresponsible or spoofed Web sites; (5) to install a Trojan.

Grey software is not malicious software. Many grey software ultimate goal is to track visitors to your Web site to obtain search results, to achieve a business objective. Typical symptoms of grey software is the system slow, pop-up ads, redirect to a different Web site home page, causing a disturbance. However, hackers often put gray software technology used for other purposes, such as the use of the browser to load and run some programs. These programs can open access to the system, collecting information, tracking keyboard input, modify settings, or create some damage.

Grey software in General can be divided into the following categories:

(1) adware: Adware is usually built into the user free to download and install the software. Installation will occasionally pop-up browser window to disseminate advertising, interfere with the normal use of the user.

(2) spyware: spyware is usually embedded in free software. It can track and analyze user behavior, such as users browse the Web. Tracking information is returned to the authors of the site, where logging and analysis. It will cause your computer's performance.

(3) dial-up software: dial-up software is to control the computer's Modem grey software. These programs are usually expensive long-distance or call the phone number to generate income for thieves.

(4) joke software: joke software to modify system settings, but does not destroy the system. For example the system mouse or Windows background picture be modified also some games software usually is some jokes or hoaxes.

(5) peer to peer software: peer to peer (P2P) software to complete the file exchange. Use it to accomplish business objectives may be legitimate, but use it to Exchange illegal music, movies and other files, often illegal.

(6) keyboard recording software: keyboard logging is perhaps the most dangerous one of grey software. These programs can capture keyboard input, thus obtaining a user name and password, credit card number, is used for Email, chat, instant messaging, etc.

(7) the hijackers software: it can modify the browser settings to change the user's hobbies, such as Home, Favorites or menu. You can even modify the DNS settings, DNS redirection to malicious DNS servers.

(8) plug-ins: plug-ins to add code to the existing procedures or new features, to control, record and send browsing preferences or other information will be sent to an external address.

(9) network management software: it is designed for malicious purposes, you can change the gray software network settings, network security, or cause damage to other networks. Remote administration tools is to allow external users to remote control, change and monitor computers in your network.

(10) BHO: BHO is as an ordinary software dll files installed, you can control the behavior of the InternetExplorer. Not all of the BHO is malicious, but it has a tracking browsing preferences and collect additional information.

(11) toolbar: it can modify the computer's toolbar features, you can monitor the habit of browsing the Web, send information to the developer, or change the host's capabilities.

(12) download grey software: it users unknowingly secretly download and install additional software. These programs are usually run during the boot process, you can install adware, dial-up software, and other malicious code.

Second, the symptoms of grey software

Grayware symptoms manifested in the following areas:

(1) performance degradation. Typically, the process of grey software is that users don't know. It takes up a lot of CPU and memory resources, lead to slow down. Open the Task Manager to view the resource-intensive process, General resistance can identify grey software.

(2) even in the absence of any online program, Cable or DSL Modem to send and receive data in light of, or the network card or a Mod in the taskbarEm's icon, also in non-stop flashing, it means that data is being transmitted.

(3) in not connected to the Internet, or is not running the browser, the computer will pop-up Windows and advertisement information.

(4) the browser's home page without notice from default into another page, modify it to work.

(5) InternetExplorer search engine, search results are always point to a search URL is not specified.

(6) Web browser's Favorites is modified, you cannot change it back, or cannot remove the newly added entry.

(7) the search or the Web browser's toolbar is modified, the new option is installed, but these toolbars cannot be deleted.

(8) antivirus programs, anti-grey software program is forced to stop working, popular security software is turned off. Application run-time warning lost files, even if the file is overwritten back also has no effect. Before you can close the popular security software.

Third, grayware protection methods

1. user education

User education is the most basic method is to allow the user to understand features and grey software to prohibit harmful downloads and installs the software of dubious. Or to allow the download and installation of unknown program, read the "end-user license". Malicious tendencies of grayware and Trojans often try to hide them, protect them from being clean or quarantine. Reduce the chances of infection is another way to improve your Web browser's security level configuration like Outlook which e-mail program to not automatically download pictures in an HTML message or other content, turn off automatic preview on all operating systems and application software is the latest patch, etc.

2, install anti-spyware program

New grey software and your computer's antivirus software functionality is similar, they can be based on the number of eigenvalues of grey software and signature detection, removal and frozen grey software. Gray software program and host-based client software and network-based software against grey. Host-based cost of client software to install and maintain, including installation on each computer, a scheduled upgrade software and virus database. Due to the use license, the entire enterprise deployment costs more.

In addition, a lot of Trojans and grey software before installation will proactively detect if these protection software, if any, is closed off, so you can avoid being detected. So there is a certain risk.

Network-based software against gray is in the enterprise network to connect to the Internet's border platform, deployed against grey software products. In grey software into the network to identify and clear before, install, maintain and keep updated costs. Gateway to get upgrades, all firewall after the computer is automatically protected.