In this context, spyware refers to anything that doesn’t belong, such as viruses, adware, malware, trojans, backdoors, etc. Most spyware is installed by opening fake attachments in email messages, installing shareware from the web, and following malicious web links. Software designed to prevent viruses and spyware are only partial solutions - the best solution is to adopt computing practices that eliminate the ability of spyware to install in the first place.
Below are some steps you can take to reduce the chance of infection by spyware.
Windows XP has two main account types: Computer Administrator and Limited User. Most computers ship with an automatic login using an Administrator account. Most spyware tries to install using the privileges of the person logged in. A very powerful way to stop most spyware from installing in the first place is to use a ‘Limited’ account that doesn’t have access to install new software. Here are the steps to create a ‘Limited’ account:
Start menu, Control Panel, User Accounts, Create a new account, enter an account name, select Limited, Create Account.
Then do your day-to-day computing by logging in with the Limited account, and only use the Computer Administrator account for installing new software.
You may need to then copy your Desktop and My Document files from your Administrator account to your new Limited User account. For example, if your Administrator account is “Drew Potratz” and your Limited User account is “ap2a”, You’d log in as Drew Potratz and copy the files in “C:\Documents and Dettings\Drew Potratz\Desktop” and “C:\Documents and Settings\Drew Potratz\My Documents” to the corresponding “C:\Documents and Settings\ap2a” folders.
The next two items are also far less important if you're logged in with a Limited User account.
Don’t use Internet Explorer. Internet Explorer uses two technologies, ActiveX and Active Scripting, which are frequently exploited by malicious websites to install spyware. Instead, use either Firefox (http://www.mozilla.org/firefox) or Netscape as your primary web browser.
Don’t use Outlook Express. Outlook Express has several vulnerabilities, and uses Internet Explorer to render HTML email messages, which also has several vulnerabilities. If you like the interface of Outlook Express, use either Outlook 2003 (Office 2003 is downloadable from Chemserv) or Thunderbird (http://www.mozilla.org/thunderbird) instead. The recommended email program for campus is Mulberry (http://www.cmu.edu/myandrew). If you use Outlook 2003, be sure to visit http://office.microsoft.com/officeupdate/ to install the latest Office patches.