Beat off Spyware
Right, back after a busy few months, hopefully I’ve got some stuff to say now, so the blog will get some use again!
And into something that’s cropped up several times for me recently, spyware, and how to avoid it.
I’ve recently had a couple of friends need help with slow and unresponsive systems, the same with people at work, and people working in schools trying to find a way to manage many machines and the persistent spyware problems they get.
So, I thought I’d share with you my general procedure.
[short version]
Install Spybot, immunize and scan
Install MS AntiSpware where possible (and for however long we’re able to) and scan
Get all Windows Patches (You may need to actully clean off some spyware to be able to do this)
Ensure AV is up-to-date (Or even get some!)
Use Opera Browser or Firefox instead of IE if possible.
Use a firewall if not already
[long version]
First off, Spybot Search and Destroy is a bit of software like Adaware, but the free version of adaware
scans only, it doesn’t protect against getting the stuff in the first place. Spybot is free, has a
generally very good immunization feature, and scans pretty well. I tend to install it on a new machine,
get all the updates, and immunize it straight away. You shouldn’t then need to do much scanning afterwards.
www.safer-networking.org/en/download/index.html
If you’re running 2000 or XP, you can get the BETA version of the MS Antispyware, and yes it does seem
pretty good. It can scan and has some general protection features to try and stop a machine getting it in
the first place, plus being able to reset some settings, if some malware tries changing them.
However, the current BETA release of Antispyware is only valid until April I believe, and the last I heard,
MS were being very quiet about whether it was going to continue to be free, or a paid for product. www.microsoft.com/athome/security/spyware/software/default.mspx
It does seem to be very proficient at finding and removing spyware, picking up several things Spybot struggles with.
Make sure patches are all up-to-date. Some of these nasties use Windows/IE exploits to get in undetected.
By patching them up, you can stop them. If you have XP, PLEASE try and get SP2 installed if you haven’t already. There’s more to it than some people seem to think, and it fills a lot of holes.
Using Firefox, Mozilla, or Opera instead of IE is also a good idea, if it’s possible.
Firefox is probably the one I’d go for, as most sites tend to work in it, and in my mind, it works better
than Mozilla (which has other stuff attached to it). Opera, although my browser of choice, does seem to
get more problems with sites designed by people who only test in IE, and is probably less usable to the non-technical crowd. So for most average users, I’d tend
to give them Firefox as a good compromise. You are bound to still find some sites that will only work in
IE, because of the poor way in which they have been designed. Make you’re own decision as to whether you
really need them or not.
The reason IE is so much more of a security risk, is partly because it’s quite integral to Windows these
days. Therefore it has a bit more access to things than 3rd party browsers. The other main reason is
ActiveX controls. These are generally the biggest problem and most common way websites install nasties on
your machine. You can help stop it by upping the security on ActiveX, which XP SP2 does a bit anyway.
Goto www.getfirefox.com to download Firefox, it currently weighs in at 4.7MB, which is under half an hour on dial-up connections. And if you have people who complain that they don’t like it
because it works differently to IE, try having a look at www.firefoxie.net as well. Running through the
steps there, you can get Firefox to look quite like IE, and something that unadventerous people can cope
with. It’d be nice if they could package that Firefoxie thing up into a single install, I’d hate to go
through and do it all on 30 machines at a time. Firefox really is generally easy to use though, so
hopefully people can adjust easily enough.
Anti-Virus. There’s a problem for a lot of people. I am constantly amazed at the number of people wihtout any kind of Antivirus software on their machines.
If you have some, make sure it is checking for updates every day. Even if you aren’t online every day. In this last year, I’d be surprised if more than 48 hrs went by without a new virus/variant being released.
If you haven’t got any, GET SOME!!!!!!
AVG7 can now be got for free, and if you don’t use an odd email client (it doesn’t like Opera’s M2 for example), then it should do you fine. Check on the AVG site for info on the email clients supported.
if you want to pay for something, I’d recommend Trend Micro’s which has been very good for me, and is quite highly regarded in small business set-ups.
Lastly, firewalls. Not the msot friendly of things for the average user, to work, but very sueful for blocking things out.
First off, forget the XP Firewall. It’s annoyed me so much I disable it. Instead, you can get software like Zonealarm or Spybot, both of which do a free version for home users.
At home, and at work, I run all free software for my Internet usage, and get very very few problems with
spyware. I use Opera Browser, which is very good, if a little different to IE and Firefox, and I very very
rarely use IE. I have Spybot installed and very rarely have to run it to clean things off, though you will
want to load it to run updates and reimmunize every so often.
I currently have MS Antispyware, and yes it does pick up some things Spybot doesn’t, while Spybot picks up
some things MS AntiSpyware doesn’t (though MS Antispyware is probably the better of the 2). It seems there is no one spyware scanner that will do it all. I also
then have regularly updated AntiVirus, and a firewall on my machine(server at work).
If you have some choice over ISP’s, there are some that offer firewall, virus/spam filtering services as
part of the deal now. In the UK I’ve found Nildram(now owned by Pipex) give very good reliability and speed on broadband connections, as well as offering a service with antivirus/spam on email, and a Firewall which works on a ‘everything is blocked unless you ask it to be opened’ basis. As standard a few common ports are open only.
Certainly prevention is better than spending hours going round scanning dozens of machines, if that’s what you’ve got to deal with 