Spyware prevention strategies: From hardening to avoiding IE

Install Windows XP Service Pack 2

Computers running Windows XP can gain significant IE protection by installing Service Pack 2. SP2 blocks ActiveX controls from loading by default. They can now be configured through user policies, offering much tighter behavior control than before. XP SP2 also allows IE users to examine each installed BHO and disable any that look suspicious.

For users not on XP, Microsoft plans to eventually release the IE fixes in SP2 as a separate download after some regression testing. An XP SP2 rollout should only be done on systems that have already been cleaned of spyware.

Change browsers

Since IE repeatedly proves to be insecure, one way to avoid all problems associated with it is to change to another browser, such as Firefox or Opera.

However, you need to take into account several possible issues that arise when changing browsers:

Lock the hosts file

Many spyware programs hijack the Windows hosts file (located in %windir%system32driversetc), which contains mappings of IP addresses to host names. For instance, microsoft.com (or any other domain) could be remapped to the advertising portal created by the spyware's makers. To make sure the hosts file hasn't been hijacked, open it using Notepad and delete all references in it except for:

127.0.0.1 localhost

Save the file and then edit its Attributes to mark it as read-only. Reboot.

Looking for more spyware prevention strategies? Please click for the conclusion of this series, "Spyware block-and-tackle tactics."

For more information

Read up on anti-spyware software options.

Learn about anti-spyware options for the enterprise.

Check out the Best Web Links on spyware.

Reader Feedback

J Greer writes: Since some admins and some spyware cleaner/preventer programs take advantage of the hosts file, I don't think it's good advice to tell people to throw out all entries except the localhost entry. Locking it is good, but then another good idea is to investigate the name and address entries that are in the hosts file to see whether they are placed by the good guys or the bad guys.

Rate this Tip To rate tips, you must be a member of SearchWindowsSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Spyware Protection PatchGuard defends against rootkits in Windows Vista How did a rootkit get on my Windows machine? Determining the proper Microsoft malware removal tool Malware prevention and detection webcast series Rootkit and malware detection and removal guide Preventing malware with tools, patches and education A proper set of antivirus tools? Free tools defend against malicious Web sites in the enterprise Are two antispywares better than one? Controlling Web surfing with Content Advisor Spyware Protection Research Product Flaws and Vulnerabilities Exploit code targets unpatched PowerPoint flaw Debunking the "Blue Pill" Vulnerability Theory Anatomy of the Blue Pill attack New Microsoft Word zero-day exploit discovered MS06-040 review: 'Urgently critical' patch release An introduction to Google Hack Honeypots Blocking peer-to-peer applications Step 1: Blocking peer-to-peer applications Step 3: Application-level filters Step 4: Software restriction with Group Policy Hardening ActiveX security improves with Internet Explorer 8's security features Web security features of Internet Explorer 8 How can I use Process Explorer as a Web security tool? New Windows security tool protects users from keyloggers: XecureCK Cross-site scripting 101: XSS attacks plague Web browsers What's hot in Windows security? New Microsoft Office Security Guide Data protection on the Web: Windows SSL security and other myths What's hot in Windows security: Updating Windows Update; new IE scare Web security tactics that harden Windows networks What do you know about Microsoft Internet security? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.