Tuesday, April 28, 2009

How Spyware Works

Has your computer ever become so slow that you can fix yourself a snack in the time it takes your word processor to open? Perhaps spyware is to blame.

Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They're designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. According to some estimates, more than 80 percent of all personal computers are infected with some kind of spyware [source: FaceTime Communications]. But before you chuck your computer out the window and move to a desert island, you might want to read on. In this article we'll explain how spyware gets installed on your computer, what it does there and how you can get rid of it.


Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system.

Spyware, on the other hand, generally isn't designed to damage your computer. Spyware is defined broadly as any program that gets into your computer without your permission and hides in the background while it makes unwanted changes to your user experience. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.

At present, most spyware targets only the Windows operating system. Some of the more notorious spyware threats include Trymedia, Nuvens, Estalive, Hotbar and New.Net.Domain.Plugin

How Your Computer Gets Spyware

Spyware usually ends up on your machine because of something you do, like clicking a button on a pop-up window, installing a software package or agreeing to add functionality to your Web browser. These applications often use trickery to get you to install them, from fake system alert messages to buttons that say "cancel" when they really install spyware.Here are some of the general ways in which spyware finds its way into your computer:

#Piggybacked software installation - Some applications -- particularly peer-to-peer file-sharing clients -- will install spyware as a part of their standard installation procedure. If you don't read the installation list closely, you might not notice that you're getting more than the file-sharing application you want. This is especially true of the "free" versions that are advertised as alternatives to software you have to buy. As the old saying goes, there's no such thing as a free lunch.



#Drive-by download - This is when a Web site or pop-up window automatically tries to download and install spyware on your machine. The only warning you might get would be your browser's standard message telling you the name of the software and asking if it's okay to install it. If your security settings are set low enough, you won't even get the warning.



#Browser add-ons - These are pieces of software that add enhancements to your Web browser, like a toolbar, animated pal or additional search box. Sometimes, these really do what they say they'll do but also include elements of spyware as part of the deal. Or sometimes they are nothing more than thinly veiled spyware themselves. Particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of.




#Masquerading as anti-spyware -- This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware.



When you run the tool, it tells you your computer is clean while it installs additional spyware of its own.

What Spyware Can Do

Spyware can do any number of things once it's installed on your computer.
At a minimum, most spyware runs as an application in the background as soon as you start your computer up, hogging RAM and processor power. It can generate endless pop-up ads that make your Web browser so slow it becomes unusable. It can reset your browser's home page to display an ad every time you open it. Some spyware redirects your Web searches, controlling the results you see and making your search engine practically useless. It can also modify the dynamically linked libraries (DLLs) your computer uses to connect to the Internet, causing connectivity failures that are hard to diagnose. At its very worst, spyware can record the words you type, your Web browsing history, passwords and other private information.

Certain types of spyware can modify your Internet settings so that if you connect through dial-up service, your modem dials out to expensive, pay telephone numbers. Like a bad guest, some spyware changes your firewall settings, inviting in more unwanted pieces of software. There are even some forms that are smart enough to know when you try to remove them in the Windows registry and intercept your attempts to do so.

The point of all this from the spyware makers' perspective isn't always clear. One reason it's used is to pad advertisers' Web traffic statistics. If they can force your computer to show you tons of pop-up ads and fake search results, they can claim credit for displaying that ad to you over and over again. And each time you click the ad by accident, they can count that as someone expressing interest in the advertised product.

Another use of spyware is to steal affiliate credits. Major shopping sites like Amazon and eBay offer credit to a Web site that successfully directs traffic to their item pages. Certain spyware applications capture your requests to view sites like Amazon and eBay and then take the credit for sending you there.


Other "Ware"

Malware -- a general term for any program that makes changes (does malicious or "bad" things) without your express permission
Adware -- programs designed specifically to deliver unrequested advertising
Stealware -- specific spyware designed to capture clicks or Web-site referral credits
Browser hijacker -- a malicious program that becomes deeply embedded in your browser's

Legality

So is it legal to install difficult-to-remove software without the user's permission? Not really. There's an increasing body of state legislation that explicitly bans spyware, including the Spyware Control Act in Utah and the Consumer Protection Against Computer Spyware Act in California. But even without these new state laws, federal law already prohibits spyware. The Computer Fraud and Abuse Act covers any unauthorized software installations. Deceptive trade practices of any kind also violate the Federal Trade Commission Act. Additionally, the Electronic Communications Privacy Act makes it unlawful for companies to violate the security of customers' personal information.

Just like anti-spam legislation, these spyware laws can be very difficult to enforce in practice, and the perpetrators know it. It can be tough to find hard evidence connecting individual companies to their spyware products, and, as with all Internet-related lawsuits, there are often battles over which court's jurisdiction applies to the case. Just because it's illegal doesn't mean it's easy to stop.


How can you protect yourself against spyware, and what can you do if you think you already have some on your computer? Here are a few suggestions.

Use a spyware scanner.
There are several applications you can turn to for trustworthy spyware detection and removal, including Ad-aware, Spybot and Microsoft AntiSpyware, which is currently in beta. All three are free for the personal edition. These work just like your anti-virus software and can provide active protection as well as detection. They will also detect Internet cookies and tell you which sites they refer back to.

Note - Once you know which spyware is on your computer, in some cases you'll need to seek specific instructions on how to remove it. Links to some of those instructions are listed in the "Spyware Help" box to the right, and more are included in the Lots More Information section at the end of this article. Here are a few more solutions:

Use a pop-up blocker.
Many of the current browsers, including Internet Explorer 6.0 and Mozilla Firefox 1.0, have the ability to block all Web sites from serving you pop-up windows. This function can be configured to be on all of the time or to alert you each time a site wants to pop up a new window. It can also tell you where the pop-up is coming from and selectively allow windows from trusted sources.

Disable Active-X.
Most browsers have security settings in their preferences which allow you to specify which actions Web sites are allowed to take on your machine. Since many spyware applications take advantage of a special code in Windows called Active-X, it's not a bad idea to simply disable Active-X on your browser. Note that if you do this, you will also disallow the legitimate uses for Active-X, which may interfere with the functionality of some Web sites.

Be suspicious of installing new software.
In general, it pays to be suspicious when a site asks to install something new on your computer. If it's not a plug-in you recognize, like Flash, QuickTime or the latest Java engine, the safest plan of action is to reject the installation of new components unless you have some specific reason to trust them. Today's Web sites are sophisticated enough that the vast majority of functionality happens inside your browser, requiring only a bare minimum of standard plug-ins. Besides, it never hurts to reject the installation first and see if you can get on without it. A trustworthy site will always give you the opportunity to go back and download a needed component later.

Use the "X" to close pop-up windows.
Get to know what your computer's system messages look like so that you can spot a fake. It's usually pretty easy to tell the difference once you get to know the standard look of your system alerts. Stay away from the "No thanks" buttons if you can help it, and instead close the window with the default "X" at the corner of the toolbar. For an even more reliable option, use the keystroke combination for "close window" built into your software. You can look in your browser's "File" menu to find it.

Friday, April 17, 2009

How Shared Computing Works

Imagine that you've been assigned the task of pushing a very heavy car up a hill. You're allowed to recruit people who aren't doing anything else to help you move the car. You've got two choices: You can look around for one person big and strong enough to do it all by him or herself, or you could grab several average people to push together. While you might eventually find someone large enough to push the car alone, most of the time it will be easier to just gather a group of average-sized people. It might sound strange, but shared computer systems use the same principle.
When a computational problem is really complex, it can take a single computer a long time to process it -- millions of days, in some cases. Even supercomputers have processing limitations. They're also rare and expensive. Many research facilities require a lot of computational power, but don't have access to a supercomputer. For these organizations, shared computing is often an attractive alternative to supercomputers.



Shared computing is a kind of high-performance computing. A shared computing system is a network of computers that work together to accomplish a specific task. Each computer donates part of its processing power -- and sometimes other resources -- to help achieve a goal. By networking thousands of computers together, a shared computing system can equal or even surpass the processing power of a supercomputer.


Most of the time, your computer isn't using all of its computational resources. There are other times when you might have your computer on, but aren't actually using it. A shared computing system takes advantage of these resources that otherwise would remain unused.


Shared computing systems are great for certain complex problems, but aren't useful for others. They can be complicated to design and administer. While several computer scientists are working on a way to standardize shared computing systems, many existing systems rely on unique hardware, software and architecture.

Shared Computing Systems

In a traditional high-performance computing system, all the computers are the same model and run on the same operating system. Much of the time, every application run on the system has its own dedicated server. Sometimes the entire network relies on hardwired connections, meaning all the elements in the system connect to each other through various hubs. The entire system is efficient and elegant.


A shared computing system can be just as efficient, but it doesn't necessarily look very elegant. A shared computing system is limited only by the software it relies upon to connect computers together. With the right software, a shared computing system can work on different kinds of computers running on different operating systems. Network connections might exist over hardwired networks, local area networks (LANs), wireless area networks (WANs) or the Internet. The biggest advantage a shared computing system has over traditional HPC systems is that it's easier to add more resources to a shared computing system. Anyone with a computer capable of running the system's software can join.

The system's software is what gives it access to each computer's unused processing power. Every computer connected to the system must have this software installed in order to participate. There's no definitive shared computing software kit, but in general the software must do the following:

Contact the system's administrative server to get a chunk of data
Monitor the host computer's CPU usage and utilize the processing power whenever it's available
Send analyzed data back to the administrative server in exchange for new data

Shared computing systems have a relatively narrow use. They're great for solving big computational problems that scientists can break down into smaller sections. If breaking the problem into smaller chunks is particularly simple, it's called an embarrassingly parallel problem.


For small computational problems or problems that aren't easy to break up, shared computing systems are less useful. The whole point of the system is to decrease the amount of time it takes to finish complex calculations. It won't necessarily increase the speed of simple calculations across the network.

Shared Computing Architecture

Unlike grid computing systems -- which in theory can have as many network interface points as there are users -- a shared computing system usually only has a few points of control. That's because most shared computing systems have specific purposes and aren't general utilities.

It's useful to imagine a typical shared computing system as having a front end and a back end. On the front end are all the computers that are volunteering CPU resources to the project. On the back end are the computers and servers that manage the overall project, divide the main task into smaller chunks, communicate with the computers on the front end and store the information the front end computers send after completing an analysis.

Virtual Servers

Some shared computing systems use virtual servers. To create virtual servers, an engineer installs special software on a single, physical server. The software divides the server into multiple exclusive platforms, each of which can run an operating system independently of the others. Why do this? Just as the average computer owner rarely uses all of his or her computer's processing power, it's rare for the average server to work at full capacity. Using virtual servers means that a single physical server runs closer to its full potential and reduces the need for additional hardware.


In general, the job of dividing up the computational problem into smaller chunks falls to a program on a back end computer, usually a server. This computer uses specific software to divide up the task into smaller pieces that are easier for an average computer system to manage. When contacted by the companion software installed on a front end computer, the server will send data over the network for analysis. Upon receiving a completed analysis job, the server will direct the data to an appropriate database.


The system's administrators will usually use another computer to piece completed analyses together. The end goal is to come to a solution of a very large problem by solving it in tiny bits. In many cases, the system's administrators will publish the results so that others can benefit from the information.


If this architecture description seems a little vague, it's because there's no single way to create and administer a shared computing system. Each system has its own unique software and architecture. In most cases, a programmer customizes the software for the specific system's goals. While two different shared computer systems might work the same way in general, once you dig down into details, they can look very different.

Shared Computing Applications

There are dozens of active shared computing system projects, each with its own networks and computational tasks. Some of these networks overlap -- it's possible for a user to participate in more than one network, though it does mean that different projects have to divvy up the idle resources. As a result, each individual task takes a little longer.

One example of a shared computer system is the Grid Laboratory of Wisconsin (GLOW). The University of Wisconsin-Madison uses GLOW for multiple projects, which in some ways sets it apart from most shared computing systems. One project uses the GLOW network to study the human genome. Another takes advantage of GLOW's resources to research potential treatments for cancer. Unlike the shared computing systems that are dedicated to a single task, GLOW can accommodate multiple projects.



The software that makes GLOW possible is called Condor. It's Condor's job to seek out idle processors within the GLOW network and use them to work on individual projects. When one project is inactive, Condor borrows its resources for the other projects. However, if any previously inactive project comes back online, Condor releases the respective computers' processors.

Concerns About Shared Computing
Any time a system allows one computer access to another computer's resources, questions come up about safety and privacy. What stops the program's administrators from snooping around a particular user's computer? If the administrators can tap into CPU power, can they also access files and sensitive data?


The simple answer to this question is that it depends on the software the participating computer has to install to be part of the system. Everything a shared computing system can do with an individual computer depends upon that software application. Most of the time, the software doesn't allow anyone direct access to the contents on the host computer. Everything is automated, and only the CPU's processing power is accessible.


There are exceptions, though. A zombie computer system or botnet is an example of a malicious shared computing system. Headed by a hacker, a zombie computer system turns innocent computer owners into victims. First, the victim must install specific software on his or her computer before a hacker can access it. Usually, such a software application is disguised as a harmless program. Once installed, the hacker can access the victim's computer to perform malicious tasks like a direct denial of service (DDoS) attack or send out massive amounts of spam. A botnet can span hundreds or thousands of computers, all without the victims being aware of what's going on.


Shared computing systems also need a plan in place for the times when a particular computer goes offline or otherwise becomes unavailable for an extended time. Most systems have a procedure in place that puts a time limit on each task. If the participant's computer doesn't complete the task in a certain amount of time, the control server will cancel that computer's task and assign the task to a new computer.


One criticism of shared computing is that while it capitalizes on idle processors, it increases power consumption and heat output. As computers use more of their processing power, they require more electricity. Some shared computing system administrators urge participants to leave their computers on all the time so that the system has constant access to resources. Sometimes a shared computing system initiative comes into conflict with green initiatives, which emphasize energy conservation.


Perhaps the biggest criticism of shared computing systems is that they aren't comprehensive enough. While they pool processing power resources together, they don't take advantage of other resources like storage. For that reason, many organizations are looking at implementing grid computing systems, which take advantage of more resources and allow a larger variety of applications to leverage networks.


Are shared computing systems the future, or will grid computing systems take their place? As both models become more commonplace, we'll see which system wins out.

Sunday, April 5, 2009

How Internet Infrastructure Works

This summary is not available. Please click here to view the post.

How Web Servers Work

This summary is not available. Please click here to view the post.