Sneaky apps attack

If you're beset by icons that appear in the system tray without warning, or by pop-up ads that run even when your browser isn't open, or by a mysteriously reconfigured browser, you aren't alone. The culprits--among them MemoryMeter and Rapidblaster--represent a new and more aggressive breed of application that's often called stealthware.

Some stealthware apps track you as you surf a given site. Most of them are adware programs that serve up streams of ads no matter what you're doing on your PC. (We repeatedly contacted these stealthware companies for comment; they did not reply.)

What these apps have in common is their often covert entry: Stealthware apps are not illegal, but like worms and viruses, they can exploit vulnerabilities or low security settings in Internet Explorer to install themselves without so much as a dialog box of warning. Worse, some stealthware is designed to bypass firewalls and other such safeguards.

Stealthware is found mostly on ads served at free Web-hosting sites, at porn sites, or at so-called typo sites (those that take advantage of users' misspelling site URLs). But pinpointing the origin of some programs can be difficult; even an expert like Anthony Porter, founder of, admits that he can have trouble doing so.

The problem has become so prevalent, antivirus software maker Symantec last year began including some of these apps in its virus definition updates. "In the last six months, [stealthware] really has become an issue," says Kevin Hogan, a senior manager with Symantec Security Response.

Stealthware often takes advantage of IE's Browser Help Object subsystem, which lets plug-ins run within IE. Normally, you get a dialog-box warning if you load a new BHO. But by default IE lets scripts --such as ones that trigger a BHO installer download--run automatically. Just visiting a site can be enough to start such a script. You end up with a new app, and your system thinks you authorized it. And because BHO applets run within IE, software firewalls don't readily catch them.

Why not just turn off scripting and BHOs? They serve legitimate functions on many sites; the Google Toolbar, for example, is a BHO. You can tell IE to get your permission each time a site wants to run a script (click Tools, Internet Options, select the Security tab, then click the Custom Level button; scroll to the Scripting area, choose the radio button by Prompt for all three items, click OK, Yes, then OK again). But many sites run dozens of scripts per page--you'll see that dialog box a lot. Currently, Microsoft offers no way to selectively disable BHOs.

Delete Them

Adware and spyware removers like Spybot Search & Destroy or Ad-aware 6 can detect and, in most cases, eliminate stealthware--provided you have the latest definitions.

Spybot also includes a BHO scanning tool that compares a list of your PC's BHOs with Spybot's database of "good" and "bad" plug-ins so you can disable unwanted ones. Symantec's Norton AntiVirus identifies some stealthware apps, such as Flyswat and SaveNow, and targets them; the firm plans more protection. Similarly, CA's ETrust antivirus package recently added CWS to its list of targets. offers a Block List File download, which changes a few Windows Registry settings to disable many aggressive self-installers.

BBX's ImmuneEngine (revised in July; pictured here) attacks the problem another way: It detects, and can delete, new executable files as they appear. "It's like a protective layer on top of Windows," says Bob Terry, BBX founder.

You can also try an IE alternative, such as Mozilla or Opera, but the best defense is to watch where you surf, and to keep your protective apps up-to-date.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

PC World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?