BROWSER HELP OBJECTS: The New Bad Guy on the Block

A BHO is an add-on program, usually very small, that is supposed to enhance your computing experience. Most of the legitimate helpers are designed to work with web browsers such as Internet Explorer.

Two examples are the Google Toolbar:

And Snagit, a screen capture program. I use it, among other things, to illustrate this column.

Legitimate BHOs usually appear clearly on your browser, and are straightforward about what they do.

Other BHOs make use of web protocols for less magnanimous purposes. Hotbar, for example, advertises itself as a program to enhance searching, security and shopping, but sets up link buttons on your IE toolbar leading to sites that pay to advertise with them. Worse, it also collects information about where you surf for its own purposes.

Hotbar states this openly, as in the Hotbar user privacy statement.

Some BHOs require conscious installation, and some hook themselves into your system by way of an innocuous click. Others add themselves to your system when you install a legitimate program. These nefarious installations, called ‘drive-by’ downloads, are bundled with the same installation program as the software you want to install. Only close examination of the program’s license or user agreement will clue you into what’s really happening.

Why do these intruders bother with user agreements stating clearly what they are going to do with you? For legal protection. And because they are almost certain that few people will bother reading the details before installation. Do you? Usually, I don’t either.

Some BHO creators are less finicky. You will see these BHOs trying to install themselves when you surf to a Web page; the first thing you see is not the page itself, but an installation script that tries to install something like the ‘Bargain Buddy’ toolbar. As you can guess, the toolbar is no bargain.

There are hundreds of these advertising-driven BHOs – you can see a complete list at sysinfo.org.

Now we’ll discuss the really vicious BHOs. These reach deep into your PC, so deep that their digital fingers reach your pockets. Recently, a BHO was uncovered that monitors when you surf to one of 50 or so major personal banking Web sites, in order to steal your private information. (You click on an image called img1big.gif. It usually comes in the form of a pop-up ad.)

After you inadvertently install it, the BHO sits and waits until you come to the page on which you would insert your account information, password, etc. It doesn’t steal data from the secure page, which would be extremely difficult. Instead, it employs a keystroke recorder that gets the information before it gets to the banking site, while you are typing it in.

While that specific BHO has been exposed and security patches have been issued to foil this plot, those who know say that putting together a piece of software like it is pretty simple. I could list a few sites with tutorials in such matters. Do you think Jack would publish the column unedited if I did? [Note to Dennis: I edit everything in TTP! –JW]

A hacker could easily (and many probably have) write a BHO that would target employees of a specific company, and spread the intruder by getting physical access to the company network. Do you think this is difficult?

“Hey, wait a sec,” some of you may be muttering. “Haven’t you told me to install Google toolbar, which blocks pop-up windows! (See screenshot above). Haven’t you told me to configure Windows XP to automatically update. And haven’t some of these updates blocked the script installation and independently block pop-up ads?

“Furthermore Mr. Wizard, haven’t you twisted my arm to install

“And threatened to break my leg if I didn’t install

“And haven’t you given us a myriad of other precautions to prevent these BHOs from or any other intruders from infecting my computer?

“What gives?”

Before the further measures I’m going to suggest, there was no evidence that any of these BHOs have infected my computer. The Windows security updates, SpySweeper and Norton are powerful defensive weapons indeed. Nevertheless, hear me out and decide for yourself. One BHO of a particularly vicious type can steal your identity, wipe you out financially, cause you years of legal problems, and more Read on.

Here is the right time to mention that SpySweeper has been upgraded from version 3.0 to version 3.2. Version 3.2 is significantly more powerful and makes the successful infection of a BHO even less likely. But not zero.

How can you distinguish between the useful BHOs like Google, SnagIt, Yahoo, and MSN, and the harmful variety? You should check out your system and see which BHOs you have. To do that you should download a neat little program named BHODeamon . It will list all the BHOs currently installed on your system.

Click where the cursor is on the word ‘here’ on the bottom of the page. It’ll take you to the download site.

Click download and save the file to a destination of your choice. You will find the file is a compressed file in the zip format.

Windows XP has a built in facility to create compressed zip files or decompress them. You can find out how to use this facility by clicking Start, then help and support. In the textbox labeled ‘search’ at the top left type in ‘zip’ (without the single quotes). Then click the green arrow to the right of the textbox. You should produce a result similar to:

From here you can find what you need.

Anyone using a computer, however, needs a full featured application to create, manipulate, and decompress zip files. The standard in this field is WinZip.

I urge you to buy this application. You probably already have it. It’s a workhorse that you’ll use constantly. I can’t spend more time on compression. If fact, I’ve run out of time for the week, so I have to leave you hanging. Never fear, I finish this crucial topic next week, and hopefully laptops the week after.

Dennis Turner