Preventing Spyware

 

In this context, spyware refers to anything that doesn’t belong, such as viruses, adware, malware, trojans, backdoors, etc.  Most spyware is installed by opening fake attachments in email messages, installing shareware from the web, and following malicious web links.  Software designed to prevent viruses and spyware are only partial solutions - the best solution is to adopt computing practices that eliminate the ability of spyware to install in the first place.


(Most anti-virus products only scan for viruses.  Most anti-spyware products are ‘reactive’- detecting software after a scan, at which point it’s sometimes too late for an automated removal. The most virulent viruses typically have ‘zero-day’ deployment, meaning that it can spread to your computer within a day of being released on the Internet, faster than updates can be created and deployed to anti-virus/anti-spyware products.  Some anti-spyware products use heuristics to identify spyware by their behavior even in the absence of an update that explicitly identifies the spyware, but such heuristics are never perfect.  Firewalls prevent a few types of spyware from being effective once installed, but don’t prevent the actual installation.  Running Windows’ Automatic Updates applies security patches that prevent some types of hacking, but doesn’t prevent spyware from being installed.)

 

Below are some steps you can take to reduce the chance of infection by spyware. 

 

Using a Limited Access account:

Windows XP has two main account types: Computer Administrator and Limited User.  Most computers ship with an automatic login using an Administrator account.  Most spyware tries to install using the privileges of the person logged in.  A very powerful way to stop most spyware from installing in the first place is to use a ‘Limited’ account that doesn’t have access to install new software.  Here are the steps to create a ‘Limited’ account:

 

Start menu, Control Panel, User Accounts, Create a new account, enter an account name, select Limited, Create Account.

 

Then do your day-to-day computing by logging in with the Limited account, and only use the Computer Administrator account for installing new software.

 

You may need to then copy your Desktop and My Document files from your Administrator account to your new Limited User account.  For example, if your Administrator account is “Drew Potratz” and your Limited User account is “ap2a”, You’d log in as Drew Potratz and copy the files in “C:\Documents and Dettings\Drew Potratz\Desktop” and “C:\Documents and Settings\Drew Potratz\My Documents” to the corresponding “C:\Documents and Settings\ap2a” folders.

 

The next two items are also far less important if you're logged in with a Limited User account.

 

Web browsing:

Don’t use Internet Explorer.  Internet Explorer uses two technologies, ActiveX and Active Scripting, which are frequently exploited by malicious websites to install spyware.  Instead, use either Firefox (http://www.mozilla.org/firefox) or Netscape as your primary web browser.

 

Email:

Don’t use Outlook Express.  Outlook Express has several vulnerabilities, and uses Internet Explorer to render HTML email messages, which also has several vulnerabilities.  If you like the interface of Outlook Express, use either Outlook 2003 (Office 2003 is downloadable from Chemserv) or Thunderbird (http://www.mozilla.org/thunderbird) instead.  The recommended email program for campus is Mulberry (http://www.cmu.edu/myandrew).  If you use Outlook 2003, be sure to visit http://office.microsoft.com/officeupdate/ to install the latest Office patches.