Spyware is considered the single biggest problem affecting desktops -- and Internet Explorer is often to blame. The following spyware prevention strategies conclude Serdar's tip on locking down IE to keep your Windows systems spyware-free.
Block bad objects using a block list
Browser Helper Objects (BHOs) are small programs that run automatically every time you start your Internet browser, usually installed on your system by another software program -- and some classify as spyware.
One possible way to prevent bad BHOs from installing themselve on IE is to use a predefined list of objects that loads into a segment of the registry used to define BHOs that should not run. Spyware-Guide.com maintains just such a list, which can be loaded as a simple registry file (and unloaded just as easily). Unfortunately, some spyware does not use consistent nomenclature when loaded and may not be affected by this list, but the list does silently block over 400 known bad BHOs. It can be a useful first line of defense.
Restrict browsing habits
Most above-board Web sites do not have advertising that loads spyware. If you already have plans to restrict the Web-browsing habits of users (usually by configuring the firewall that proxies Web connections), the best strategy is to start by locking out sites by default and then only allowing them once they have been verified as safe.
Block domains that carry advertising
This is more involved, but may prove to save bandwidth in your organization as a whole. Configure your company's firewall to redirect certain domains that carry ads to 127.0.0.1 (or another "black hole" address). The Web Ad Blocking site contains a ready-made list of hosts to block. Simply copy and paste into a hosts file, or feed the list into a firewall or routing appliance. Not only does this prevent spyware from being downloaded, it also prevents that much more bandwidth from being eaten up by advertising in general.
Many companies are also using third-party programs such as Ad-Aware and Spybot Search & Destroy as a line of defense against spyware. These programs are helpful and contain many useful tools: Spybot, for instance, contains rules for blocking known bad products from affecting IE.
Conclusion
The main problem was and still is that IE is highly insecure, even though Microsoft is now taking measures to change that. Until IE is safe out of the box across all Windows versions, administrators need to take steps to lock down or replace IE.
Click to return to part one, "Spyware prevention strategies: From hardening to avoiding IE."
For more information
Get an overview of spyware issues in this article.
Check out the crash course on spyware.
See our collection of white papers on virus, worms and spyware.
