By Kurt Seifried, [email protected], http://www.seifried.org/security/quick-reference/windows-security-reference-spyware.html
This is a quick reference card for Microsoft Windows anti spyware security. This guide is designed to help people secure their systems, be they home users, a business with one or more PC's. I encourage you to print this guide out and give it to people experiencing spyware problems.
Spyware is a critical problem, with some estimates of infected systems running as high as %80. It is virtually guarenteed that any Windows system using email and the web will have Spyware installed, unbeknownst to the user. There are several free Anti-Spyware products, the best two being “Spybot Search & Destroy” and “Ad-Aware”.
Spybot is particular effective as Anti-spyware because it immunizes systems from hostile web content.
The majority of Spyware software is delivered as “ActiveX” code. Every ActiveX program has a uniqe ID called a “CLSID”. Internet Explorer can be configured to ignore certain CLSID values, thus preventing the Spyware from running on your system, this is done using the “kill bit” (essentially the CLSID value with a parameter that tells Internet Explorer not to run the software).
Spybot Search & Destroy is available at http://www.safer-networking.org/en/download/index.html
Towards the bottom of the page you will see Spybot (currently at version 1.3) with a button marked “Download here”
Once you click this you will be taken to a list of mirror sites
Click on “Download here” next to one of the mirror sites, please note that some are difficult to navigate, if this is the case click “Back” and choose a new download site.
During installation of Spybot Search & Destroy an option is given to “Run TeaTimer.exe”. TeaTimer.exe is a program that runs in the background and protects the Windows registry against changes. Many spyware programs make changes to the registry so that they can run automatically or hijack your home page for example. TeamTimer.exe will alert you when such a change is made and give you the option to block it.
Once downloaded run the program, the installer will some up. The defaults are generally the best choice. Once you run Spybot for the first time it will prompt you to backup your registry, download updates, and immunize your system. If you want to immunize your computer later the screen to do so looks like:
The immunization is critical for preventing your system from being infected by known hostile spyware components.
You should run Spybot Search & Destroy at least once a week. Run the update component first. Then run the immunizer. Finally run the “Check for problems”. If Spybot finds hostile applications it is best to choose “Fix Problem” and let Spybot fix or remove the affected components
Ad-Aware is similar to Spybot but does not immunize a system against Spyware. Ad-Aware does however have the ability to remove cookies and other hostile information to ensure that Spyware is not being used to track your online activities.
Go to http://www.lavasoftusa.com/support/download/
Go down the page to the “AD-AWARE SE PERSONAL” section and choose a download site. You will be taken to that download site (download.com is recommended).
Once downloaded run the program, the installer will some up. The defaults are generally the best choice. Once you run Ad-Aware for first time it will prompt you to download updates.
Choose the “Smart System Scan” and let Ad-Aware run.
You should run Ad-Aware at least once a week. Run the update component first. If Ad-Aware finds hostile applications it is best to choose quarantine and let Ad-Aware remove the affected components
A new anti-spyware program is available in beta format from Microsoft. It is unclear whether or not this product will become commercial and cost money, or if Microsoft will give it away for free (however this is seen as unlikely).
Go to http://www.microsoft.com/athome/security/spyware/software/default.mspx
Click on the button “Continue”, please note that you do not actually need to run the Windows checking component to get to the download
Choose “No, do not validate Windows at this time, but take me to the download.” and click on the “Continue” button.
Click on the download button.
Once downloaded run the program, the installer will some up. The defaults are generally the best choice.
You should schedule the Microsoft AntiSpyware to run once a day at a time when your computer will be on. You should also enable automatic updates.
Back to the main page at http://www.seifried.org/security/quick-reference/windows-security-reference.html
Copyright Kurt Seifried 2005, all rights reserved.