Spyware is considered the single biggest problem affecting desktops, second only to spam and internal sabotage. The single biggest reason spyware is able to develop such a reputation is Internet Explorer, which is not terribly secure and allows third-party Browser Helper Objects (BHOs) to install themselves. So if you want to prevent spyware, you have to lock down IE in certain respects. Here are some ways to accomplish that.
Install Windows XP Service Pack 2
Computers running Windows XP can gain significant IE protection by installing Service Pack 2. SP2 blocks ActiveX controls from loading by default. They can now be configured through user policies, offering much tighter behavior control than before. XP SP2 also allows IE users to examine each installed BHO and disable any that look suspicious.
For users not on XP, Microsoft plans to eventually release the IE fixes in SP2 as a separate download after some regression testing. An XP SP2 rollout should only be done on systems that have already been cleaned of spyware.
Since IE repeatedly proves to be insecure, one way to avoid all problems associated with it is to change to another browser, such as Firefox or Opera.
However, you need to take into account several possible issues that arise when changing browsers:
Lock the hosts file
Many spyware programs hijack the Windows hosts file (located in %windir%system32driversetc), which contains mappings of IP addresses to host names. For instance, microsoft.com (or any other domain) could be remapped to the advertising portal created by the spyware's makers. To make sure the hosts file hasn't been hijacked, open it using Notepad and delete all references in it except for:
Save the file and then edit its Attributes to mark it as read-only. Reboot.
Looking for more spyware prevention strategies? Please click for the conclusion of this series, "Spyware block-and-tackle tactics."
For more information
Read up on anti-spyware software options.
Learn about anti-spyware options for the enterprise.
Check out the Best Web Links on spyware.
J Greer writes: Since some admins and some spyware cleaner/preventer programs take advantage of the hosts file, I don't think it's good advice to tell people to throw out all entries except the localhost entry. Locking it is good, but then another good idea is to investigate the name and address entries that are in the hosts file to see whether they are placed by the good guys or the bad guys.