Building a Foundation
Before you download, install, and run anti-spyware solutions, make sure you’ve “inoculated” your computer against further infestations. This is probably the best way to get rid of spyware and adware for free, and it doesn’t make much sense to clean your computer only to have the same or new spyware quickly install itself once your scan/removal is complete. Even if you have a strong anti-virus (AV) solution installed, it’s better to keep spyware (and other nasties) off your system in the first place.
The first step in the hardening process is to prevent installation of third-party cookies. A third-party cookie is installed when you load a Web page filled with links to other services or sites. Tracking cookies–cookies which report your Web activities–are a great example. Figure 1 shows the results of a quick spyware scan of a PC where cookie installation is not properly managed.
As you can see, all the spyware instances identified were tracking cookies. Although the risk is low, this user is still leaking information about his behavior.
In addition to preventing third party cookies, you should choose what cookies to install. If you allow your browser to do so, it will install every cookie it encounters. While many cookies are useful, you should take a moment to look at what you are dropping on your hard drive.
Where to go to see your cookie management settings depends on the browser you use. In this article, I use IE8 as an example. However, all major browsers offer some level of cookie management.
1. Open the IE8 settings window by clicking on Internet Options on the Tools drop-down menu.
2. Click on the Privacy tab, and then the Advanced button, as shown in Figure 2.
3. By default, cookie management is controlled by the privacy level set by the slider located on the main Privacy page. However, I like to override any default settings to ensure cookies behave exactly as I expect. So I change the cookie settings as shown in Figure 2. All red arrows indicate a setting I manually make, including allowing session cookies. This is a compromise. If I didn’t allow session cookies, I would pull my hair out as I moved from site to site, having to approve every cookie required for simple functionality.
If you find that getting prompted for every cookie wanting access to your computer is too frustrating, you may want to remove the requirement to be prompted for installation of first-party cookies. However, leave alone the third-party restriction.
Whack the Toolbars
Toolbars are a great way to simplify online tasks. However, many of them are fronts for underlying spyware functionality. I’m not talking about Google or Yahoo–although these companies tend to collect more data than I’d like. Rather, it is toolbars like SurferBar that can cause desktop mayhem. And the impact can extend far beyond a single PC. For example, I saw a report from an intrusion prevention system, installed in a large enterprise, in which toolbar “calls home” accounted for over 70 percent of logged events.
Resisting the urge to clutter your browser with toolbars is your best defense against dual-purpose utilities like these. For the enterprise, shut down user ability to install anything not business related.
Remove Administrator Access
Most of us have no reason to travel about the Internet using a machine on which we have administrator access. This is becoming less of a problem with Windows Vista and Windows 7. However, most users simply bypass the helpful message asking if they really, really want to install an application. Don’t fall into the trap of accepting any application seeking to find a home on your computer.
Enterprise users should have administrator access removed. Only IT personnel should have that level of access, and then only when performing tasks that require it.
I intentionally left patching off this list. The vast majority of spyware instances are placed on systems because users purposely install something. Software that finds its way onto a computer without user intervention or intent is likely malware.
Free Anti-spyware Software
In the early days of spyware, there was a host of free removal tools. AV vendors hadn’t gotten around to adding spyware to their lists of unwanted software. Today, things are different.
All major free and fee-based malware vendors include anti-spyware capability in their products. Free, effective AV packages include:
In addition to these products, Microsoft’s Windows Defender is an anti-spyware solution that ships with Windows Vista and Windows 7. It is a free download for Windows XP users. For more information about free AV products, see Configuring Free Anti-virus Protection.
If all you need is a quick scan to get a second opinion, one beyond what your installed AV software is finding, most fee-based vendors offer a free spyware-only scanning function. However, they typically won’t remove unwanted software unless you purchase the full product.
Finally, there are toolbars (e.g. Yahoo!) that claim to block spyware. But since you should run AV software anyway, I recommend relying on your AV vendor to stop unwanted data collection. This will provide adequate protection while continuing to enable reasonable system performance. If you plan to regularly stack several AV/anti-spyware solutions on the same machine, you should also plan to purchase a lot of hardware.
In the next and final article in this series, we’ll examine fee-based solutions for spyware control and removal.
This post is part of the series: Understanding Spyware
This series of articles explains what spyware is (and is not), how it works, and how to combat it.