Contact
DON'T SURF IN THE NUDE
Security on a Shoestring
Current page:
Spies be gone!
Internet security sites
CERT
Castle Cops
Counterexploitation (cexx.org)
Microsoft Security
PC Flank
Security Focus
Spychecker
Spyware Guide
Spyware Info
Spyware Warrior
Unwanted Links
Wilders Security Advisors
Last Update
14/11/2006
Links
SptwareGuide
Avoiding spyware
Here are some steps you can take to avoid spyware:

- Keep your browser up to date- spyware exploits security vulnerabilities in web browsers to install silently should you happen to visit a malicious site. These vulnerabilities can be exploited only as long as they remain unpatched by the browser company, or as long as you put off updating your browser. Choose a web browser that fixes security vulnerabilities promptly before exploits emerge 'in the wild' and make sure you always have the latest version/updates. Web browser security summary

This also applies to browser plug-ins like Sun's JRE.

- Microsoft's ActiveX technology has been misused to create spyware and install it in Internet Explorer via security vulnerabilities and shortfalls in IE security settings. Microsoft has been improving ActiveX security since XP SP2, but the technology won't be entirely secure until IE7 under Vista: users of Widows versions pre-XP, which are now not supported, are still exposed to ActiveX security vulnerabilities; even XP SP2 users are exposed to new vulnerabilities from time to time. Either crack down on ActiveX security, or move to a browser that does not support the technology, and block the installation of ActiveX spyware in Internet Explorer. PC World

- Keep media players up to date: media files downloaded from the internet may be doctored to exploit security vulnerabilities in programs like MS Media Player. Again you are at risk as long as the vulnerability remains unpatched, or you delay applying the patch. eWeek

- Take some time to find out how spyware can get onto your computer, and pass on this information to other people who use your computer. Remember, spyware often comes bundled with innocent looking applications.

- Get some warning of web sites which push spyware. Google now warns users of sites that may contain badware. Other companies offer a similar service free.

- Check out downloaded applications before installing, and only download from reputable sources which have a no-spyware policy.

- The Windows administrator account allows software to be installed and run freely: consider creating limited user accounts for surfing or for less knowledgeable (or trusted) family members: limited users will not be able to install spyware, either unknowingly or because of a security vulnerability.

- Install a security application which can block the installation of spyware programs.

- Block sites which push spyware.

Not everybody will need or want to take every step. If you keep your system up to date and don't download software from unreliable sources, then the last two steps are not essential. On the other hand, if there are some users of your computer who have not absorbed the information on how spyware gets onto a computer, or who cannot resist free downloads from any source (this usual means the kids!) then they might be a good idea.

Increased browser security

Internet Explorer 6 had a poor record in patching security vulnerabilities. Internet Explorer 7 has improved security, but is only available to XP users with SP2. If you are unable to use IE7, download the more secure Firefox or Opera browser.

Crack down on ActiveX security:

Until recently, one browser was the same as the next. PC users are waking up from their complacency about Microsoft's Internet Explorer browser, however. IE's ActiveX technology permits Web sites (including Web-based e-mail messages crafted in HTML) to install and run programs on your machine--exactly what the virus, Trojan horse, worm, and browser hijacker writers are trying to do. Not surprisingly, many threats to PC security rely on ActiveX.

Microsoft has tightened ActiveX's security, especially in Windows XP's SP2, but new holes continue to crop up, often after malware exploiting them appears online. Microsoft doesn't provide all of these IE security updates for earlier versions of Windows, however, leaving users of Windows 2000, Me, and 98 vulnerable to ActiveX exploits.

To avoid ActiveX dangers, install an IE alternative--it won't be vulnerable to ActiveX attacks--and set it as your default browser. Or simply disable IE's support for ActiveX: Open IE and choose Tools, Internet Options, Security, Custom Level , scroll to 'Run ActiveX controls and plug-ins', select Disable , and click OK, Yes, OK.

Disabling ActiveX prevents you from viewing Web sites that rely on it, such as Microsoft's own Windows Update site. To get these sites to work, add them to IE's Trusted Sites list: Click Tools, Internet Options, Security , choose Trusted Sites , click Sites , and enter the URLs one at a time. Uncheck Require server verification (https:) for all sites in this zone , and click OK.

Internet Tips: It's Time to Update Your Internet Security Arsenal pcworld.com

Spyware which uses Microsoft's ActiveX technology can be blocked using SpywareBlaster.

User education

Protection against spyware begins with user behaviour. Watch this video to find out more about spyware- what it is, ways your computer can become infected, symptoms of infection, and the top three things you can do to prevent spyware.

How to Protect Your Computer from Spyware and Adware microsoft.com

Bad site warnings

The glory days of carefree Web surfing are over, due to the growing ranks of untrustworthy sites that bust your browser and drop ID-stealing malware onto your system. Fortunately, two innovative, free services--Scandoo (public beta) and SiteAdvisor--can help you surf the Web safely. Both use automatic crawlers to scour the Internet for potentially dangerous Web sites, and each uses color-coded icons to signify risk factors for the sites that appear in your Web search results.

Scandoo and SiteAdvisor Make Surfing Safer pcworld.com

Site advisor's safety button:

Site advisor results key

A Firefox add-on called WOT offers a similar service:

WOT helps you avoid disingenuous Internet content by allowing you to learn from other users' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website.

Against Intuition, Inc.'s WOT

Checking out downloads

Check out any program you find on the internet before you download it: do a search on Google for what people say about it (download.com is a good source: check the user reviews) and check one of the spyware databases below.

Is it spyware? spychecker.com (online database)
Spychaser camtech2000.net (downloadable database)

Search Spyware-Guide.com

Remember, it's often possible to obtain spyware-free versions of peer-to-peer networks, music players etc. The link below gives clean alternatives to spyware infected applications.

A list of common infected applications and clean alternatives safer-networking.org

If possible, only download from software sites with a strict no-spyware policy:

SnapFiles has a zero tolerance policy when it comes to adware/spyware/malware or whatever you may want to call it. We do not list any software that includes third party advertising or tracking components of any kind. Every program you find on our sites has been downloaded by us, installed on our machines, and (as part of the review) tested for any type of malware and viruses, using several industry leading products. snapfiles.com

Limited user accounts in Windows

If you use a computer powered by Microsoft Windows to surf the Web, check your e-mail and so forth, the single most important step you can take to protect your machine from viruses, worms and hackers is to use a "limited user" account for everyday computer use.

By running Windows the way Microsoft ships it -- using the all-powerful administrator account -- you expose yourself to huge security risks. If a Trojan horse or virus makes it onto your machine while you're using an administrator account, it can get its hooks deep into the operating system (often without your knowledge.) However, by regularly using Windows under a limited account, you can safely avoid the vast majority of malware out there today, simply because the limited-user account does not have the right to install programs or change system settings. As a result, when malicious Web sites try to use security weaknesses in the operating system or your Web browser to conduct "drive-by" spyware and malware installs, for example, that installation process fails.

The Importance of the Limited User, Revisited washingtonpost.com

See also:

Windows Security Checklist - Part 28: Limited-User Security on Windows XP castlecops.com

As an alternative, consider using DropMyRights to run your web browser with reduced privileges:

Windows Users: Drop Your Rights washingtonpost.com

Blocking spyware installation

Winpatrol logoWinpatrol has some very useful features, both for removal of spyware and for real-time blocking of spyware installation. Scotty the dog will alert you to processes which attempt to make changes to your system, so you can block any change that you didn't want. Scotty will bark at additions to startup programs, IE helpers, scheduled tasks and the hosts file.

Winpatrol

BillP Studios' Winpatrol

For manual removal of spyware, it can disable more than one active spyware process at one time (sometimes one process will reactivate another process if it is deleted) and can be set to delete files at reboot (sometimes processes in memory will prevent the deletion of a file: deletion at reboot deletes the file before the spyware process is activated.)

Microsoft's AntiSpyware program also blocks spyware installation. It has probably the most comprehensive blocking features, with 59 different "checkpoints" to prevent spyware installing itself or making system changes.

Microsoft Anti-Spyware

Microsoft's AntiSpyware

Crawler's Spyware Terminator is another free product which has real-time protection against spyware installs. I've haven't seen this product in any comparative reviews yet, so I can't comment on its effectiveness, but it is worth considering.
Crawler's Spyware Terminator

Prevx Home "will protect your PC against the worms, trojans, malicious spyware, malware and hacker attacks that bypass traditional security technology."

Prevx's Prevx Home

The test bed blog pcw.co.uk

N.B. With computers, having only one program doing the same job at the same time is generally a good rule: one anti-virus program, one firewall etc. Two programs doing the same job at the same time may conflict. For this reason, I like to use only one blocking program, but some of these programs do reportedly work OK side by side.

Blocking web sites which attempt to install spyware

See Blocking bad sites

Back to top | Next page

Valid HTML 4.01!

Hosted by www.Geocities.ws

1