| |
| Add-on browser toolbars, like the well-known Google toolbar or Yahoo toolbar, are cleverly
designed to look like useful, attractive, additional features for your browser. But add-on
toolbars are not the static fixture they seem to be. On the contrary, they are separate
running programs. And, as such, some toolbars (there are many other lesser-known ones lurking
out there) may slow down or destabilise your system,
and will usually be silently carrying out some ulterior motive over the internet without your
knowledge. In fact, some toolbars are absolute
rogues - installing themselves without the user realising it would happen, and sometimes
proving a real devil to get rid of fully once entrenched on a user's system. |
|
| These add-on toolbars, formally known as "third-party browser extensions", are, in fact,
only one thing in an ever-growing list of internet goodies meant to make our everyday surfing
lives a joy - or not. It all began, of course, with the humble, enduring 'cookie'. It was those early cookies which first showed software writers just how easy it was to use the
then-emergent internet to deposit hidden files on people's computers in order to get information
feedback without the users' knowledge or consent. The initial 'good' cookies were, therefore,
soon followed by bad cookies, and that inevitably led on to all the much worse things which
followed. In fact, the full list of different internet threats, of which rogue toolbars
is, as we said, only one, is forever growing - and currently stands at some 60-odd separate
risks (view list). If you already have a good idea what most of the things on the said list are,
and how to evade them, you are obviously on the ball - more so than even we are. But, if you don't have a clue, that
means you are highly vulnerable and should assume your computer, privacy and finances will be
sucked into deep trouble sooner or later. |
|
| Coming back to 3rd-party toolbars, which stand out as being the most visual of the many risks today's surfers face, one or two of these attached to your browser or desktop might not seem too much of a problem. Some people even grow to like them, never giving a second thought to what the associated program
is getting upto behind the scenes. However, if you get swamped by these toolbars, as did
the user's XP-machine shown in Fig. 1, right, it can become a major headache in terms
of loss of screen space, slowing down of the browser, redirection of searches, generation of
popup ads, hijacking of the browser's start-up page, and the secret transmitting of private
information from the hard disk, keystrokes or display screen to goodness knows whom. |
|
| Well-known brand-name toolbars like Google's or Yahoo's, that require a deliberate, conscious effort on the part of the user to install them are, obviously, going to be the most innocuous. Indeed, the Yahoo toolbar is clearly appreciated by Yahoo's many users and seems to be the most
universally prevalent toolbar. But it is quite invasive on your system and heavy on resources,
especially if you allow it to hijack your Home page and install all the various other Yahoo
whatsits, all of which it will endeavour to do. Yahoo's toolbar acquired, as of Feb 2004,
a popup-stopper that works well. However, if you need a pop-up stopper that badly, it
almost certainly means your computer is infected with spyware. The Yahoo toolbar, and
the other less-visible Yahoo add-ons are, fortunately, easy to zap if proving superfluous to
your needs. All you have to do is go into Control Panel's 'Add and Remove Programs' section
where all the Yahoo gubbings will be visible and can be removed one by one. |
|
| After Yahoo, the Google toolbar has to be the next most common one, and can be one of the
safer toolbars because, during the installation process, it thoughtfully allows you to opt out
of its intention to spy on you - though only if you so instruct it, otherwise you are opted
in by default. The Google toolbar sports a popup-stopper (requires IE 5.5 or higher),
which is of a similar, satisfactory capability to Yahoo's. Google's toolbar can easily be removed from IE via Add and Remove Programs (but see tip 3 in the RH col. if you use Firefox). However, removal only becomes necessary if you want to reclaim the space it takes up, or if
you ever tire of wading through all the paid-for links, fake links, spammed links, false pages,
and links to forum pages, blogs or booby-trapped websites, all of which, unfortunately, have
been infiltrating Google's search returns almost unabated since the autumn of 2003. Google is great but, unfortunately, the search-engine spammers (viz. fraudsters and hackers) have long
recognised Google's 'link-popularity' system as also being its Achilles heel. |
|
| Another major-player which jumped on the browser toolbar bandwagon, years behind everybody
else, was Microsoft. Their offering first became available in Feb 2004 for download from
http://toolbar.msn.com. It had buttons to Hotmail and MSN Messenger, and included a good
quality popup-stopper. It featured msnsearch.com (now livesearch.com) which is a pretty
genuine search engine in our experience. Try this one first as it will be safer (the search
engine, that is - not the toolbar). Though the toolbar, being by Microsoft, may possibly
pose the least risk of conflicts or other adverse side effects on your Windows system. |
|
| Notwithstanding the above, only one of the myriad of available add-on browser toolbars has
ever stood out to us as being truly useful and, hence, worth the loss of screen space these
toolbars take up. And that is the eBay toolbar - and not even that one if you are not
an online auction addict. The eBay toolbar is available in world or UK-specific varieties,
and every single button looks to be indispensable - not simply superfluous padding as many
buttons often are on other toolbars. One problem though - there are many articles
on Google citing the eBay toolbar as spyware and adware - which might just be why it lacked
the normally obligatory popup-stopper when we last looked. Shame. |
|
| If, like the XP-user depicted on the right, you are already plagued by too many toolbars
and spybars on your own machine, you will probably have found that you can hide some of them
by clicking Internet Explorer's View button and unticking any that are listed in the drop-down
menu that appears. However, the only toolbar in there that is guaranteed to stay hidden
when you next reopen IE is its own 'Links' toolbar. The more-parasitic toolbars might
not even be listed in the View menu in the first place or, if they were, they may automatically
reappear in the browser the next time you open IE or reboot the PC. |
|
| So annoying can be the problem of unwanted toolbars that Internet Explorer, as of version 6,
included an option that will permanently stop all such add-on toolbars from displaying
in the browser. To activate this useful feature, click Tools (or Alt > Tools in IE7)
> Internet Options > Advanced tab > scroll down to 'Enable Third-Party Toolbar Extensions'
and untick the box next to it. Disabling third-party toolbars in this way will definitely
stop them from taking up valuable screen space in your browser. Whether or not the setting
will stay unticked after reboots, or if it will stop the generation of any popup ads and spying,
for all such toolbars, is not known. To be certain of that, you would need to fully uninstall
the bars' associated software. Some bars you will find listed in Add-Remove Programs,
and you can ditch them from there. Others, if they are associated with a separate main
program, may have a disabling option within that program's Preferences. But most of the nastier bars have become downright devious at hiding themselves where you will never find them. In those cases, the solution is to search on the internet for uninstall instructions for specific
bars by name, or install the freeware program 'Spybot - Search & Destroy' to see if that
can do the dirty work for you. |
|
|
|
| Fig. 1 (below) This partial screenshot shows how a proliferation of
third-party toolbars and spybars can quickly consume a lot of your screen real-estate. |
|
|
|
| * |
Click the blue link above to see a full-width screenshot. If there is a problem with
that link, then click here |
| |
|
| |
|
| |
|
 |
|
|
|
| |
Tips |
|
|
|
|
|
| |
1. |
ActiveX
Third-party toolbars may look like static elements. But they are actually running software and, as such, can be programmed to do things behind the scenes you might not like them to do. They always masquerade as 'useful'
utilities, such as search tools, ad-blockers and popup-managers, in order to tempt the unwary into installing them. When, in fact,
the toolbars may be transmitting your surfing habits and other private information back to the originator, and also causing unwanted advertisements to be put on your screen.
These spybars take advantage of a vulnerability in a part of the Windows operating system known as ActiveX. In order to work, they alter code in the registry and the operating system which, ultimately, could have an adverse effect on the speed and stability of your system. The safest way to avoid a situation like the user above and, eventually, a poorly PC, is
not to follow search engine links to dubious websites which may be booby-trapped with unsolicited invitations to download software.
You can easily protect yourself from ActiveX components if you so wish. Most major websites will still function satisfactorily with ActiveX disabled (though not with Cookies and JavaScript
disabled) - some exceptions are referred to in the final paragraph of this tip. Open Internet Explorer > Tools > Internet Options > Security tab > Custom Level button > choose Disable against the half-dozen references to ActiveX near the top of the list. The 'Active Scripting' option, near the bottom of the list, could possibly be left enabled, as that is actually JavaScript (i.e. not to be confused with ActiveX nor Java). If all your regular sites and web applications still perform normally after this, you can leave ActiveX disabled. If not, re-enable the ActiveX components one at a time until you establish which need to be on and which can be off.
Unfortunately, to use some Internet Banking services, or Windows Automatic Updates, will require some if not all elements of ActiveX to be enabled - so stopping the curse of spyware toolbars,
or worse, is not so easy for the majority of Windows' users. The way we get round this ourselves is to use a configurable firewall (like Agnitum's Outpost) as it can be set to normally block ActiveX, Cookies, JavaScript,
Popup windows and Java, but allows any of them to be turned on temporarily, from the System Tray, with just a few mouse clicks, depending on which functions we know will be required by a trusted site we are about
to visit. For example, before using Google to research anything, we would always turn all 'Active Content' off in Outpost. If we then wanted to send email via Hotmail, we would have
to turn on Cookies and JavaScript (or Hotmail won't work), but nothing else. ActiveX never gets turned on except briefly for any whitelisted website which must have it. This stringent
regime prevents infestations from happening in the first place and keeps our machines fast, safe and trouble free. |
|
|
|
|
|
| |
2. |
Toolbar Phishing
Be aware that, as of 9.4.04, fake Address Bars were the latest add-on toolbar menace for Internet
Explorer users. These were spawned by criminal phishing gangs to cloak the clumsy addresses
of their fake banking sites, thus fooling a person into thinking they are submitting their passwords
and account numbers to a bank's real website. These Address Bars are mainly acquired by
clicking on an innocent looking link in a seemingly authentic yet totally bogus spam e-mail.
Millions of surfers worldwide have fallen for this sophisticated racket. So, if you too
are ever silly enough to fall for this most-ingenious of toolbar scams, despite all the warnings,
such as this one, do not be surprised or offended when your next bank statement shows your account
has been drained dry!
Update: as of Jan 05, this particular vulnerability in IE was plugged, though only if you are
fully updated. |
|
|
|
|
|
| |
3. |
Firefox
Be aware that, as of December 2006, using the Firefox browser does not safeguard you from infection
by malicious toolbars. The danger is no longer confined to Internet Explorer users.
Whilst it is hard to manually remove some of the worst ones from IE, it is possible, eventually.
In the case of Firefox, it appears to be harder still, even for ones like the Google toolbar.
So best not to let the blighters install in the first place! |
|
|
|
|
|
|
|
|
