Shell Extension - A definition
The Microsoft Windows user interface enables to user to access and modify a range of objects necessary
for managing the operating system. The most familiar of these objects are files and folders, which
are stored on the hard-drive. Another example of these objects is the recycle bin. The shell organize these
objects in a tree-structured hierarchy, and the user can interact with the objects through
the shell's graphical user interface, Windows
Explorer, or an application.
Third-party developer can extend the shell by using the Shell's application programming interface (API). A Shell Extension
the third-party developer to run his program inside the Shell. This can be used for both good and bad. A
legitimate example is to extend the shell with an object that represents a database or a FTP server that can be accessed
from Windows Explorer. An illegitimate example is to extend the shell with a hidden adware object that opens
As I see it, spyware and adware vendors benefit from choosing to implement their software as a Shell Extension.
Firstly, a shell extension is tightly coupled with the operating system, making it more difficult to
remove than a regular piece of software.
Secondly, it can be harder, perhaps even for experienced users, to spot adware or spyware since
it is running within the shell, thus making no appearance in the Task Manager, neither in the Application List nor in
the Process list.
Thirdly, taking into account that firewalls often operates at a granularity of processes and that the Windows Explorer
process in many cases is allowed to connect to the Internet, a shell extension has very low
probability of being spotted compared to regular software.
Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!
The File Database - Search the file database for more information. Free!
PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!
Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.