Sneaky apps attack

If you're beset by icons that appear in the system tray without warning, or by pop-up ads that run even when your browser isn't open, or by a mysteriously reconfigured browser, you aren't alone. The culprits--among them MemoryMeter and Rapidblaster--represent a new and more aggressive breed of application that's often called stealthware.

Some stealthware apps track you as you surf a given site. Most of them are adware programs that serve up streams of ads no matter what you're doing on your PC. (We repeatedly contacted these stealthware companies for comment; they did not reply.)

What these apps have in common is their often covert entry: Stealthware apps are not illegal, but like worms and viruses, they can exploit vulnerabilities or low security settings in Internet Explorer to install themselves without so much as a dialog box of warning. Worse, some stealthware is designed to bypass firewalls and other such safeguards.

Stealthware is found mostly on ads served at free Web-hosting sites, at porn sites, or at so-called typo sites (those that take advantage of users' misspelling site URLs). But pinpointing the origin of some programs can be difficult; even an expert like Anthony Porter, founder of, admits that he can have trouble doing so.

The problem has become so prevalent, antivirus software maker Symantec last year began including some of these apps in its virus definition updates. "In the last six months, [stealthware] really has become an issue," says Kevin Hogan, a senior manager with Symantec Security Response.

Stealthware often takes advantage of IE's Browser Help Object subsystem, which lets plug-ins run within IE. Normally, you get a dialog-box warning if you load a new BHO. But by default IE lets scripts --such as ones that trigger a BHO installer download--run automatically. Just visiting a site can be enough to start such a script. You end up with a new app, and your system thinks you authorized it. And because BHO applets run within IE, software firewalls don't readily catch them.

Why not just turn off scripting and BHOs? They serve legitimate functions on many sites; the Google Toolbar, for example, is a BHO. You can tell IE to get your permission each time a site wants to run a script (click Tools, Internet Options, select the Security tab, then click the Custom Level button; scroll to the Scripting area, choose the radio button by Prompt for all three items, click OK, Yes, then OK again). But many sites run dozens of scripts per page--you'll see that dialog box a lot. Currently, Microsoft offers no way to selectively disable BHOs.

Delete Them

Adware and spyware removers like Spybot Search & Destroy or Ad-aware 6 can detect and, in most cases, eliminate stealthware--provided you have the latest definitions.

Spybot also includes a BHO scanning tool that compares a list of your PC's BHOs with Spybot's database of "good" and "bad" plug-ins so you can disable unwanted ones. Symantec's Norton AntiVirus identifies some stealthware apps, such as Flyswat and SaveNow, and targets them; the firm plans more protection. Similarly, CA's ETrust antivirus package recently added CWS to its list of targets. offers a Block List File download, which changes a few Windows Registry settings to disable many aggressive self-installers.

BBX's ImmuneEngine (revised in July; pictured here) attacks the problem another way: It detects, and can delete, new executable files as they appear. "It's like a protective layer on top of Windows," says Bob Terry, BBX founder.

You can also try an IE alternative, such as Mozilla or Opera, but the best defense is to watch where you surf, and to keep your protective apps up-to-date.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

PC World
Show Comments

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?