How do I prevent browser hijacking?
There are several simple steps and rules to greatly reduce the risk of browser hijacking. I can’t promise that you can eliminate that risk, even if you follow all these steps.
One of the biggest factors in mitigating the risk of browser hijacking is our behavior as we browse the net. We should avoid suspicious and dangerous web sites. Many "adult" web sites, run by less scrupulous persons, open forums for uploading and downloading software and media, many eastern European and asian web sites are (unfortunately) risky. If you run one of the sites I’ve described, please consider before you react out of hand and condemn me for making this generalization–it’s true. If you’re not doing anything wrong I’m not talking about you.
If a site contains pirated software or other illegal content, it’s far more likely to contain viruses, malware, and spyware.
In a work environment, have a clear policy about what web sites are appropriate to visit. Most medium-sized businesses, larger companies, and corporate enterprises have policies prohibiting visiting such web sites, and also usually have network security measures in place blocking access to these sites. Such software can’t be perfect, of course.
At home, children are often less suspicious and discriminating about what links they will click, software they might run, and so forth. Parents should communicate clearly what the rules are for surfing the web, using the computer, and how to know if something "looks wrong." Parents should install parental control software when younger children are allowed to access the Internet. The newest versions of Windows, Windows Vista and Windows Live One Care, have parental control software built-in.
Know what you’re running and downloading
Before downloading, running, and installing any software, be sure you know what it is, and that the source is trustworthy. Many security software packages, and other software, may include methods to validate the software is legitimate and unchanged. Obviously, don’t just blindly run or save a program just because a window pops up asking you to! If you are not completely certain you intended to download and install this software, click Cancel or No. Free software may have unwanted malware attached to the install package, intentionally (or unintentionally) by the software provider. This is especially true if the source of the software is an open forum for downloading software, with little or no administrative oversight.
Make these changes to your browser settings
For home users or users without a corporate security policy in place, you can change security settings in your browser to help stop browser hijacking.
Disable pop-ups. If a web site you use regularly requires pop-ups to function properly, you can configure your browser to allow pop ups from just those web sites that need them.
If you are using Internet Explorer, you can use the Trusted sites zone to add safe and trusted sites access to your browser. This is better than lowering the security settings in IE for all web sites.
To add a site to the Trusted sites zone:
On the Tools menu, click Internet Options, and then click Security.
Click on Trusted sites, type or copy the URL for the site that you trust, then click Add.
Use protective software and keep your system updated
If you don’t have it already, download and install good anti-virus & anti-spyware software. If you do have it, make sure that the virus and malware definitions are up to date.
Consider using Microsoft’s automatic updates. Windows 2000, Windows XP, and Windows Vista have the ability to install security patches and updates installed automatically as soon as they are available. Some users and companies may want or need to perform this process manually.
You may want to download and install the latest version of your web browser, unless you have a compelling reason for not doing so. Again, some business and enterprises will have controls in place to ensure all users are using the same versions of software, so this is not an option for the individual user. If you are a user in such a company, talk to your technical support team or the information security staff if you are seeing recurring problems with browser hijacking.