r19 - 13 Jun 2007 - 20:54:18 - JeffersonCowartYou are here: TWiki > 
FAQ Web > MalwareMain > SpywareEntry > PreventFutureSpyware
FAQ Web > MalwareMain > SpywareEntry > PreventFutureSpywareHow can I prevent future problems with spyware?
Be careful what you download
As mentioned before, the most important thing is to pay attention to what you download. Whether through a site like download.com, a standalone website, or a file sharing application, unless you know exactly who wrote this application and what it contains, you might be getting more than you bargained for. Here are some safe alternatives to malware-laden applications:- Instead of using DivX Pro, use XVid for encoding videos, and the DefilerPak for decoding.
- You probably don't need any other toolbar for IE other than the Google Toolbar, with integrated Google search and popup blocking.
- Instead of WeatherBug (which is a malware vector), try WeatherWatcher.
If you must open attachments, watch out for "fake" file extensions, such as .JPG.EXE or .GIF.PIF. The letter groupings are designed to trick you, it's only the set after the last period that count. If they are executable, you've just infected yourself. By default, Windows hides extensions of certain file types. You can avoid falling victim to this by changing the default behavior. Open My Computer and go to
Tools > Folder Options... Under the view tab, make sure Hide extensions for known file types is unchecked.
Harden your browser
There's two ways to do this. The first way is the quickest and the most effective: switch to an alternative browser that doesn't support auto-installs of malicious software at all. Browsers in that category include Mozilla Firefox, Mozilla Suite, or Opera. The browsers MyIE2 and Avant Browser are just shells on top of Internet Explorer, and inherit the same malware problems that IE has. They may provide new functionality, but do not solve the basic problems with ActiveX. Note: that ITS does not currently offer official support for any of these alternative browsers. If you don't want to switch browsers, then you can attempt to harden Internet Explorer. (These same tips apply to MyIE2 and Avant Browser.) This is more complicated, and is not ever going to be 100% reliable, since there are many security holes in Internet Explorer that have not yet been fixed by Microsoft. The steps, in order of importance:- First, make sure that you are running the latest version of IE. If you are running Windows XP, installing XP Service Pack 2 will bring IE up to version 6 SP 2. For any other version of Windows, you can download and install install IE 6 SP1.
- Make sure you have everything from "Critical Updates and Service Packs" installed from Microsoft Update. When they say "critical", they are not kidding.
- Turn off ActiveX downloading for the Internet zone. From the Control Panel, select Internet Options, then the Security tab. Click the Custom bottom, and set the ActiveX control settings to disabled. This will stop most malware dead in its tracks. The next step is to go to the Trusted Sites zone and reset it to "Medium" security (it defaults to "Low"). Then you add microsoft.com to the list of trusted sites to make Microsoft Update continue to work; you can then add sites like macromedia.com (for Flash updates), apple.com (for QuickTime updates), and yahoo.com (for games and chat) at your discretion. Turning off ActiveX downloading for the Internet zone only prevents new software from being downloaded; it does not prevent existing plug-ins from working. For example, it won't prevent the Flash plug-in from working on a site in the Internet zone, but it will prevent the Flash plug-in from installing (unless macromedia.com has been added to the trusted sites list).
- Install the Sun Java Runtime, and have it be the default Java VM instead of the Microsoft one. Sun's Java implementation is much more secure than Microsoft's. Java exploits are rare, and some versions of Windows XP don't have the Microsoft JVM at all, but it never hurts to be safe.
- Use an "inoculation" or "vaccination" tool, which acts much like (but doesn't replace) a virus scanner. Spybot has one of these built into it, called "Immunize". (See the picture below.) The commercial version of Ad-Aware has an inoculation feature as well. These tools can occasionally block legitimate software from working, however, and like scanners, they can only catch malware that they know how to recognize.
If you choose to keep using Internet Explorer, it is recommended that you run Spybot, Ad-Aware, or both at least once a week, because no current solution is going to give perfect immunity to the malware problem.
No matter which browser you use, Spybot also has a feature called TeaTimer that notifies you each time certain aspects of your computer change - most notably, the home page for your web browser and programs in your startup list. However, this can be a bit confusing, and is only recommended for people who have some familiarity with what should be allowed to start with your computer and such. Generally, things should only be added to your startup list if you are installing a program or update, and if something wants to remove itself you should probably let it!
Educate yourself
If you plan on spending a lot of time on the computer, you owe it to yourself and to the rest of the community to learn a bit more about the tools you are using, since computers can become a liability. You wouldn't want to get into a car and start driving around if you've never done it before and are unlicensed. A computer can cause a lot of damage in today's networked environment, you have the responsibility to keep yours from becoming "part of the problem".Further reading
 |
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback