Internetwork Security Lab: Spyware Detection and Removal, Lab Reports of Electrical and Electronics Engineering

Download Internetwork Security Lab: Spyware Detection and Removal and more Lab Reports Electrical and Electronics Engineering in PDF only on Docsity! ECE 4112: Internetwork Security Lab 12: Spyware Group Number: _______________ Member Names: _________________________ _________________________ Date Assigned: Date Due: Last Edited: December 6, 2005 Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions and be sure you turn in ALL materials listed in the Turn-in Checklist ON or BEFORE the Date Due. Authored By: Paras Ghimire and Amish Anand Goal: At the end of this lab, you should be able to know what spyware is and how it is used. In addition, you will be able to find spyware on your computer and be able to delete it. Summary: This lab will give allow you to install spyware on your computer, detect it, and then use two different programs to get rid of the spyware. Background and Theory: Before we begin, we need to establish what spyware is. Spyware: These applications collect information, may or may not install in stealth, and are designed to transmit that information to 2nd, or 3rd parties covertly employing the user's connection without their consent and knowledge. The word defines the actual intent; this is software (ware) that is designed to collect information in secret (spy). [1] Spyware does not directly spread in the manner of a computer virus or worm: generally, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities. The most direct route by which spyware can get on a computer involves the user installing it. However, users are unlikely to install software if they know that it may 1 disrupt their working environment and compromise their privacy. So many spyware programs deceive the user, either by piggybacking on a piece of desirable software, or by tricking the user to do something that installs the software without realizing it. Spyware can also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program—for instance, a music program or a file- trading utility—and installs it; the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software, as with the Gator spyware now marketed by Claria. In other cases, spyware authors have repackaged desirable software with installers that add spyware. Windows-based computers can rapidly accumulate a great many spyware components. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic -- slowing down legitimate uses of these resources. Stability issues -- application or system crashes -- are also common. Spyware which interferes with the networking software commonly causes difficulty connecting to the Internet. Spyware infection is the most common reason that Windows users seek technical support -- whether from computer manufacturers, Internet service providers, or other sources. In many cases, the user has no awareness of spyware and assumes that the system performance, stability, and/or connectivity issues relate to hardware, to Windows installation problems, or to a virus. Some owners of badly infected systems resort to buying an entire new computer system because the existing system "has become too slow". For badly infected systems, a clean reinstall may be required to restore the system to a working order—a time-consuming project even for experienced users. [2] Prelab Questions: None Lab Scenario: Due to the fact that a vast majority of spyware is created on the windows operating system, we will be using the Windows XP Virtual Machine in this lab. On the Windows XP virtual machine: Create a folder called “Spyware” on the desktop. Copy the contents of the Windows directory of Spyware on the NAS, to this folder. 2 Section 2: Detecting and Deleting Spyware Section2.1 Ad-Aware is a program from Lavasoft that detects and removes software on a user's computer that is determined to be spyware. It also detects dialers, trojans, maleware, data-mining, aggressive advertising, Parasites, Scumware, Browser hijackers, and tracking components. There is a freeware version called Ad-Aware Personal, as well as two commercial products—Ad-Aware Plus and Ad-Aware Professional. The free download includes Ad- Aware SE Personal Edition, skins, help manuals, RegHance and the latest definition file.The freeware version of Ad-Aware is compatible with Microsoft Windows 98/Me/NT/2000/XP/2003. [2] The free Ad-Aware Personal program which we will be using can be found at www.lavasoft.com You should already have the contents of the Windows folder for this lab on your Windows XP Virtual machine on your desktop. Run the executable file called aawsepersonal.exe Select next Accept the license agreement and click next Install the program in the default folder Select Next Choose to run the application now Select Finish Ad-Aware will now scan your computer for spyware. This process may take a few minutes. You should see the following window as it scans your computer: 5 Take a screenshot of the Ad-Aware output (screenshot #2) and submit it with your report Q2.1.1 What type of programs did Ad-Aware find on your computer? Select the spyware that was found and choose the option to delete them. You may now exit Ad-Aware. Section 2.2 Spybot - Search & Destroy can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer. Modules chosen for removal can be sent directly to the included file shredder, ensuring complete elimination from your system. For advanced users, it allows you to fix Registry inconsistencies related to adware and to malicious program installations. The handy online-update feature ensures that Spybot always has the most current and complete listings of adware, dialers, and other uninvited system residents. [4] Spybot is created by PepiMK Software and can be obtained for free at www.download.com and searching for spybot 6 You should already have the contents of the Windows folder for this lab on your Windows XP Virtual machine on your desktop. Run the executable file called spybotsd14.exe Select English as the setup language Click next Accept the license agreement and select next again. Accept the default location for the program Choose to install only the main files Select install. When installation is finished, choose to run it now and select finish. The following window will appear: Download the latest available updates when the option appears. Once the program is updated, select the search & destroy button and choose the button to check for problems 7 Q2.2.1 What spyware programs did Spybot find on your computer? Q2.2.2 Which is a better spyware removal program, Ad-Aware or Spybot? Why? Q2.2.3 Is it helpful to use one spyware removal program on top of another? 10 ECE 4112 Internetwork Security Lab : Spyware Group Number: _________ Member Names: ___________________ _______________________ Answer Sheet Section 1 Q1.1.1. What can you do to prevent your computer from being a victim a spyware attachment. Update patches, update your virus/spyware removal software, use personal firewall, and do not use certain peer to peer software such as Kazaa and iMesh. Also be careful when downloading new software on to your computer. Q1.1.2. What information can be gathered from ethereal to identify who is spying on you? You can see that data is being reported to www.weather.com as well as other advertising sites Section 2 Take a screenshot of the Ad-Aware output (screenshot #2) and submit it with your report Q2.1.1 What type of programs did Ad-Aware find on your computer? Answers may vary. Possible answers: Malware, Dataminer Take a screenshot of the Spybot output (screenshot #3) and submit it with your report. Q2.2.1 What spyware programs did Spybot find on your computer? 11 Answers may vary. Possible answers: Malware, Dataminer, Internet Cookies Q2.2.2 Which is a better spyware removal program, Ad-Aware or Spybot? Why? Answers are optional but may lean towards Ad-Aware as it performs a much thorough clean than. Q2.2.3 Is it helpful to use one spyware removal program on top of another? Yes, one program’s definitions may catch spyware that the other program’s definitions may have missed. General Questions How long did it take you to complete this lab? Was it an appropriate length lab? What corrections and or improvements do you suggest for this lab? You may cross out and edit the text of the lab on previous pages to make corrections. What corrections and or improvements do you suggest for this lab? Please be very specific and if you add new material give the exact wording and instructions you would give to future students in the new lab handout. You need to be very specific and provide details. You need to actually do the suggested additions in the lab and provide solutions to your suggested additions. Caution as usual: only extract and use the tools you downloaded in the safe and approved environment of the network security laboratory. Turn-in Checklist 1 Screenshots 1, 2, & 3 2 Answer Sheet with answers. 3 Any additions for the lab. 12