How To Keep Spyware Off Your PC

In the first article of this series, I covered some of the tools and techniques that users and administrators can apply to remove spyware and other unwanted software. However, an ounce of prevention is worth a pound of cure, especially when it comes to spyware. It's much more effective — and much less stressful — to keep spyware off systems by preventing infection in the first place. This article will show you how to set up those spyware defenses.

Essentially, there are two ways that unwanted software invades a system: Either the software exploits some sort of security hole and installs without any user intervention, or the software installs with permission from the person at the keyboard, often using varying degrees of using trickery or deception. The second method — user-assisted invasion — is much more common.

For example, a Web site may imply that users cannot view the site's content until they agree to install an ActiveX control. In reality the ActiveX control is unrelated to the site and only installs spyware. (Users that visit the site with browsers that don't support ActiveX, such as Firefox, don't see that message, but have full access to the site's content.) In other cases, the software may emphasize the benefits ("fun Web icons!") but play down the drawbacks ("endless popup ads"). If you're in doubt about a site, a Google search can often reveal a lot about the software, the company, and their motives.

Short of simply recognizing when something is spyware, there are a number of ways to keep more devious forms of spyware off systems. What follows are are few of the more effective.

Stay Patched
One of the most important steps that system administrators and users can take is to keep Windows and applications patched. Most major software vendors try to stay ahead of the bad guys and issue regular patches to prevent security problems. In particular, patches to Microsoft Windows and Microsoft Office, which are frequently targeted by malware writers, are critical to keeping a system free of spyware and other unwanted software.Revoke Their Privileges
Perhaps one of the biggest spyware risks arises when otherwise sensible people install problematic software on their systems — or allow others to do so. Company notebooks can be at risk when they're taken home and used, even briefly, by family members. Kids tend to click OK when they shouldn't, and don't worry about running an executable file that they get from a friend or download off a peer-to-peer network like Kazaa or BearShare. Before you know it, you've got a heavily infected system to clean.

Unfortunately, a lot of this happens because nearly nearly all Windows users log in as administrators. This isn't unusual; so many functions today depend on having administrative privileges, that it's been a lot easier to allow administrative sign-ons (the alternative is for users to have to call tech support every time they have to make a significant change). However, it can mean a higher probability of infection.

If you're the sysadmin for your company, a good way to prevent this situation is to either avoid setting up most employees as administrators, or to make sure that all users are educated as to the dangers of random installs. (Note: With luck, things will get easier once Windows Vista is released. Its User Account Protection feature will allow users to temporarily access administrative tools while not giving them full admin privileges.)

Avoid Danger Zones

Where possible, companies should have a policy that prohibits users from installing unapproved software on company computers, and from visiting Web sites that are possible danger zones for malware (such as porn sites and clickthroughs from spam). If employees are repeatedly infected in spite of warnings, consider filtering and/or blocking unauthorized Web use.

Dangerous software can come from surprising sources; it's not just an Internet problem. The recent controversy about Sony BMG including spyware on its music CDs underlines that the risks aren't just limited to the Internet. Some Sony music CDs installed software even if they didn't accept the license agreement, as long as they had the Autoplay feature turned on, which is the default in Windows. (You can bypass Autoplay by holding down the Shift key when you insert a CD, or you can disable Autoplay for CD drives using Microsoft's TweakUI utility.)

Did You Read Your EULA?

Okay, be honest — when was the last time you read the End User License Agreement (EULA) before clicking "Okay" and proceeding with installation? You're not the only one — almost nobody reads those dense paragraphs full of legalese. Typical license agreements run to 20,000 words or more.

In 2004, my company tried an experiment with the EULA for one of our software products. Buried in the license was a clause that offered "financial compensation" for sending feedback to a particular e-mail address. It took four months and nearly 3,000 downloads before we finally got our first e-mail asking about that clause.

EULAs can be weapons of mass deception for spyware makers. For example, many of these agreements say that the software maker can install new software without notice, collect extensive data about the system configuration, record information that the user types into Web forms, and even change the license terms at any time without notifying users. Some EULAs include links to online Web pages that are supposedly part of the legal agreement. Users would need to regularly visit these Web pages to find out what new conditions they have to endure while the software is on their systems.There are tools to help you evaluate the risks. JavaCool Software has written a utility named EULAlyzer that searches lengthy EULA documents and roots out words that can mean trouble. It's a good idea

Spyware Sentinels
Even a well-patched PC with an astute user can still be at risk of being infected with spyware or other unwanted software. That's where the prevention and inoculation features of anti-spyware software can provide even more protection. Using a variety of strategies, such as lists of known threats and threat signatures, detecting attempts to install applets, or through other means, anti-spyware can block the software from installing on the system.

This real-time protection is offered in the free Spybot Search & Destroy and Microsoft Antispyware products. It is also available in the paid versions of Ad-Aware and Spy Sweeper, and in the spyware protection offered by Symantec, McAfee, Panda, and Computer Associates, among others.

The free SpywareBlaster application from JavaCool Software can offer another layer of safety. Unlike the real-time protection of anti-spyware programs, SpywareBlaster doesn't actually run any software in the background. Instead, it manages a "blacklist" of software that Internet Explorer is told that it should not run.Why Prevention Matters
Spyware and unwanted software installations pose many dangers, including the risk of data loss or information theft. Although several good tools exist to identify and fix spyware problems, cleanup is tedious and time-consuming. Plus, most users act to clean up spyware only after they detect a problem with the computer; as spyware becomes more sophisticated those outward signs become harder to detect.

Prevention is a much better way to address the problem. With the right preparation, education, and policies, it's possible for users and administrators to minimize the problem of recurring spyware infestations.

Dave Methvin is Chief Technical Officer at PC Pitstop, a security Web site.