Spyware prevention strategies: From hardening to avoiding IE

What's to prevent spyware from hitting you next -- or striking again? Learn strategies for securing Windows from spyware by locking down or avoiding Internet Explorer entirely.

This Content Component encountered an error
This Content Component encountered an error

Spyware is considered the single biggest problem affecting desktops, second only to spam and internal sabotage. The single biggest reason spyware is able to develop such a reputation is Internet Explorer, which is not terribly secure and allows third-party Browser Helper Objects (BHOs) to install themselves. So if you want to prevent spyware, you have to lock down IE in certain respects. Here are some ways to accomplish that.

Install Windows XP Service Pack 2

Computers running Windows XP can gain significant IE protection by installing Service Pack 2. SP2 blocks ActiveX controls from loading by default. They can now be configured through user policies, offering much tighter behavior control than before. XP SP2 also allows IE users to examine each installed BHO and disable any that look suspicious.

For users not on XP, Microsoft plans to eventually release the IE fixes in SP2 as a separate download after some regression testing. An XP SP2 rollout should only be done on systems that have already been cleaned of spyware.

Change browsers

Since IE repeatedly proves to be insecure, one way to avoid all problems associated with it is to change to another browser, such as Firefox or Opera.

However, you need to take into account several possible issues that arise when changing browsers:

  • The cost and effort involved in not only changing over all affected computers, but retraining users on the new browser.
  • The possible impact on browser component compatibility.
  • Some functionality may also be lost or restricted by shifting away from IE.
  • Lock the hosts file

    Many spyware programs hijack the Windows hosts file (located in %windir%system32driversetc), which contains mappings of IP addresses to host names. For instance, microsoft.com (or any other domain) could be remapped to the advertising portal created by the spyware's makers. To make sure the hosts file hasn't been hijacked, open it using Notepad and delete all references in it except for:

    127.0.0.1 localhost

    Save the file and then edit its Attributes to mark it as read-only. Reboot.

    Looking for more spyware prevention strategies? Please click for the conclusion of this series, "Spyware block-and-tackle tactics."


    For more information

    Read up on anti-spyware software options.

    Learn about anti-spyware options for the enterprise.

    Check out the Best Web Links on spyware.

    Reader Feedback

    J Greer writes: Since some admins and some spyware cleaner/preventer programs take advantage of the hosts file, I don't think it's good advice to tell people to throw out all entries except the localhost entry. Locking it is good, but then another good idea is to investigate the name and address entries that are in the hosts file to see whether they are placed by the good guys or the bad guys.

    This was first published in September 2004

    Dig deeper on Network intrusion detection and prevention and malware removal

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close