Google
 

- Free Software—At a Price

One Editor's Cautionary Tale
A peril in downloading free software is the possibility of picking up malware. As I researched free programs for this story, a sweep of my system with Webroot Spy Sweeper revealed my first-ever Trojan horse, the NSIS Media Extension. It's an insidious adware program that resists every effort to remove it. (Some places classify NSIS as a dangerous Trojan with the potential to offload sensitive ­information, but I haven't seen any accounts alleging identity theft from it.) Many security programs don't detect it at all, and most that do—such as Spy Sweeper—don't get rid of it permanently. Although I quarantined and deleted it, it was back on reboot, along with the pop-up ads it spawns. It actually appears in the Control Panel's Add/Remove Programs list—but if you try to remove it that way, it simply reappears on start-up.

Schrock Innovations, a Web site (www.schrockinnovations.com/removensismedia.php) dedicated to removing the NSIS Trojan, recommends starting Windows in Safe Mode, then removing both the NSIS folder that appears in C:\Program Files\Common Files and a specified Firefox folder, emptying your ­Recycle Bin, and removing NSIS Media from the Add/Remove Programs list (and also Firefox, which you'll need to reinstall). The Trojan is usually gone on rebooting, but it didn't work for me. Most of the forums I scoured provided either pat suggestions or complicated Registry tweaks, but one user reported finding two suspect files, krnsvr32.dll and wmdmb32.dll, in his Windows\system32 ­directory. He couldn't delete them, but he was able to neutralize them by moving them to a temp file and ­renaming them. I followed this method, and my system is now NSIS-free.

A likely source of my infection is the Arcade Classic Arcade Pack 5, which I had gotten from Download.com, a usually dependable site. Others, too, claim to have picked up the NSIS Trojan from this arcade package, which originated from Openwares.org. We were not, however, able to reproduce the problem. Another frequently blamed source for the infection is the Foxie browser and firewall. Even reliable download sites can sometimes post problem software. My lessons: Look at reader reviews of the program on the download site, and do a Web search on the program's name along with "virus," "Trojan," or "malware."—TH

Don't Get Infected!
Free software is great! Everybody loves to get something for nothing. But sometimes you get more than you bargained for. That spiffy free game might be a Trojan horse. Or your new browser toolbar could be sending your private ­information back to its home base. How can you get the benefits of free programs while keeping them from dragging along viruses, Trojans, or spyware?

You could stick to free feature-limited or personal-use versions of well-known products—they're almost always safe. The vendor wants to help sales of the full-blown product by getting the free version into as many hands as possible. Including spyware would be a major faux pas! Alas, only a few of the many free programs fit this profile.

Big download sites scan their files for ­viruses, but they may miss more subtle problems—say, software that selects personally targeted ads by spying on your browsing habits. And with small or ­vendor-specific sites, there's no telling. So use free software to protect yourself! Install a firewall. Scan for spyware before installing apps, using one of many free scans. (But beware—some rogue antispyware programs may actually be malware in disguise. Check out spyware warrior.com.) Let McAfee's free SiteAdvisor steer you away from dangerous sites. With care, you can get something for nothing.—Neil J. Rubenking

No comments: