Preventing spyware infestation

[melvyn]

I've been on the receiving end of enough spyware over the years, and I had a sudden revelation - why not put the offending servernames (such as the urls for Gator, Xupiter, etc.) into a hosts file referencing localhost, like this...

127.0.0.1 localhost
127.0.0.1 www,xupiter,com
127.0.0.1 www,gator,com

(using periods instead of commas, of course)

This works great for stopping ad banners and a lot of pop-ups, and might just work for unwanted spyware.

Of course, I could be inventing the wheel all over again.

 

[TonyKlein]

Hi, and welcome to the board!

What's really required, is tightening your security settings, particularly ActiveX.

I have a little list:

1) Go to IE > Tools > Windows Update > Product Updates, and install ALL Critical Updates listed.

2) Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first three options ("Download signed and unsigned ActiveX controls", and 'Initialize and Script ActiveX controls not marked as safe") to prompt.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.

Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.


And some more advice:

3) Install Javacool's SpywareBlaster

It will protect you from all spy/foistware in it's database.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.

The spyware that you told Spywareblaster to set the "kill bit" for wont be a hazard to you any longer.

Don't forget to check for updates every week or so.

There's a small board at Wilderssecurity as well.

It won't protect you from every form of spyware known to man, but it is an extra layer of protection.

The beta version of SpyBot S&D also has an "Immunize" function which works in the same way, and targets even more baddies.
This feature will be implemented in the regular version before long.

 

[melvyn]

I agree, that there is no substitute for a good security policy and having an up to date set of diagnostic and repair tools, but having something else as frontline protection is also good. On my personal and work systems, I've learned to take heavy hand with unknown sites on the internet, so pretty much everything is disabled for the internet zone. Trusted sites are a bit more relaxed, but anything that cannot be marked as safe is still set to disabled.

I never fail to be amazed when I look at someones system and find all kinds of junk present, mostly because they want all the eye candy and "nice" features, so either leave the security settings at default, or purposely reduce them to an unsafe level. Same goes for Outlook Express users - set the darned security option to "restricted" and turn off the preview pane to stop most embedded scripts running automatically.



Actually, better not go into e-mail too much or I'll start ranting about Incredimail and Hotbar again.

 

[pyritechips]

Tony:

You are a Gentleman and a Prince! Thanks for the tip on spywareblaster!

I have it installed but I have one question: does this need to run with windows and in the background or do I merely close it after applying the settings?

 

[$teve]

just click apply and then close it jim .........and your sorted




footnote: there is an update for s/b as of 29/1/03

 

[pyritechips]

Thx $teve: You're a gentleman and a prince also!

 

[Balzac]

Another good one to change if you have scripting enabled like I do--too many sites depend on it......is to goto tools>internet options>security>internet zone>custom level> Set ---Allow paste operations via script to prompt.

Any site can use javascript to read your clipboard and then automatically submit it thru a hidden form.