Spyware prevention strategies: From hardening to avoiding IE

Spyware is considered the single biggest problem affecting desktops, second only to spam and internal sabotage. The single biggest reason spyware is able to develop such a reputation is Internet Explorer, which is not terribly secure and allows third-party Browser Helper Objects (BHOs) to install themselves. So if you want to prevent spyware, you have to lock down IE in certain respects. Here are some ways to accomplish that.

Install Windows XP Service Pack 2

Computers running Windows XP can gain significant IE protection by installing Service Pack 2. SP2 blocks ActiveX controls from loading by default. They can now be configured through user policies, offering much tighter behavior control than before. XP SP2 also allows IE users to examine each installed BHO and disable any that look suspicious.

For users not on XP, Microsoft plans to eventually release the IE fixes in SP2 as a separate download after some regression testing. An XP SP2 rollout should only be done on systems that have already been cleaned of spyware.

Change browsers

Since IE repeatedly proves to be insecure, one way to avoid all problems associated with it is to change to another browser, such as Firefox or Opera.

However, you need to take into account several possible issues that arise when changing browsers:

  • The cost and effort involved in not only changing over all affected computers, but retraining users on the new browser.
  • The possible impact on browser component compatibility.
  • Some functionality may also be lost or restricted by shifting away from IE.

    • Lock the hosts file

    Many spyware programs hijack the Windows hosts file (located in %windir%system32driversetc), which contains mappings of IP addresses to host names. For instance, microsoft.com (or any other domain) could be remapped to the advertising portal created by the spyware's makers. To make sure the hosts file hasn't been hijacked, open it using Notepad and delete all references in it except for: 

    127.0.0.1 localhost

    Save the file and then edit its Attributes to mark it as read-only. Reboot.

    Looking for more spyware prevention strategies? Please click for the conclusion of this series, "Spyware block-and-tackle tactics."

    For more information

    Read up on anti-spyware software options.

    Learn about anti-spyware options for the enterprise.

    Check out the Best Web Links on spyware.

    Reader Feedback

    J Greer writes: Since some admins and some spyware cleaner/preventer programs take advantage of the hosts file, I don't think it's good advice to tell people to throw out all entries except the localhost entry. Locking it is good, but then another good idea is to investigate the name and address entries that are in the hosts file to see whether they are placed by the good guys or the bad guys.

    This was first published in September 2004

    Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.

      Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

      Back to top