Six steps you can take to block unwanted software

Last week, I published “Ten things you need to know about spyware” and got some great feedback. Today, I’m following up with some advice on how you can prevent unwanted software from ending up on your PC in the first place. This piece, like the last one, is an extremely condensed (and preliminary) version of content that will appear in an updated version of Windows Security Inside Out, which is due to be published this spring.

As I noted last week, trying to remove spyware/adware/viruses is a difficult proposition. You’re much better off if you can prevent an unwanted program from being installed in the first place. This is the advice I give to clients in my consulting practice, and it’s been successful. If you follow this advice, your likelihood of being attacked should drop to nearly zero.

If you have comments or questions, add them in the comments or create an entry on your own site and give me a trackback link. The list appears in the full version of this post. (If you’re reading this in Bloglines or another reader that doesn’t properly handle extended posts, click here to continue.)

How to Block Unwanted Software

1. Avoid questionable Web sites and untrusted downloads. You’re more likely to have to deal with unwanted software if you go looking for “cracked” programs, pirated music and video files, or X-rated pictures. If you frequent those darker corners of the net, make sure you take extra precautions. If you’re a parent of a teenager who insists on using Kazaa or Grokster or another unsafe file-sharing tool, you’ll have to combine active prevention with education.
2. Protect yourself from forced installations through security holes. The most virulent forms of viruses and worms and adware can be installed on a system by exploiting weaknesses in the operating system, the browser, or an application. The sad part is that virtually all such attacks are preventable if you follow these simple steps:
   • Install all Critical Updates and security patches from Windows Update.
   • Configure Automatic Updates to download and install new updates as needed. If you use Windows 98 or Windows NT 4.0 and are unable or unwilling to upgrade to a newer version of Windows, install the Windows Critical Update Notification Utility.
   • Use a good anti-virus program and configure it to download and install new virus definitions automatically. An anti-virus program will protect you from Trojan horse programs that can install other software.
3. Block “drive-by downloads.” Most adware and spyware programs get installed when the user clicks Yes or Install in response to an ActiveX dialog box. Unscrupulous Web site operators try to make spyware and adware programs sound essential or desirable, when the truth is exactly the opposite. You can reduce the odds that you’ll be fooled into accepting a drive-by download by taking these steps:
   • If you use Windows XP, install Service Pack 2. The new Information Bar feature virtually eliminates ActiveX pop-ups.
   • Consider using an alternative browser such as Firefox or Opera. Because these browsers don’t support ActiveX, they are somewhat more resistant to spyware and adware attacks. Even if you choose another default browser, however, be sure to configure Internet Explorer properly, because other programs may launch it unexpectedly.
   • Configure your system to block installation of signed ActiveX programs in the Internet zone. (Unsigned programs are blocked by the default settings.) To do so, open Internet Explorer and click Tools, Internet Options. On the Security tab, click the Internet zone and click Custom Level. Under the ActiveX controls and plug-ins heading, click Disable for Download signed ActiveX controls and Prompt for Script ActiveX controls marked safe for scripting. These settings will allow any previously installed ActiveX controls to run but won’t allow you to install new ones. If you visit a page that uses an ActiveX control you need, reverse these changes temporarily to install the control. (Carl and I have written a script to automate this process, which will be in the new edition.)
   • Add known good sites to the Trusted Sites zone; do so sparingly, and only for sites that you are certain can be trusted. Use the Restricted Sites zone to block sites that are known to be a source of unwanted software. I recommend Eric L. Howes’ IE-SPYAD as an excellent starting point.
   • Block pop-ups. These are a common source of come-ons for unwanted software.
   • Avoid clicking links in unsolicited e-mail, which can lead to untrusted sites.
4. Don’t install any new program unless you are certain it is trustworthy.
   Most people are far too trusting of software and are willing to install a program on a whim or a casual recommendation. In my experience, you’ll do best if you assume that any new program is untrustworthy until proven otherwise. If you’re not 100% sure about a program’s safety or reliability, don’t allow it to be installed.
   • If you have any doubts, read the license agreement and privacy policy! Many spyware and adware programs disclose the fact that they display pop-up adds, clutter your browser with unwanted toolbars, and download additional programs.
   • Do your homework. You can find out a lot about a program and its developer by doing a quick search on Google or MSN before agreeing to install it. (When entering the search terms, add the word spyware to increase the chances that you’ll find pages that directly address the question of whether a program is safe. See this search and this one for good examples.) When in doubt, say no!
   • And if you do agree to install a program, set a System Restore point first. In Windows XP, click Start, and then click All Programs, Accessories, System Tools, and choose System Restore. Choose the Create a restore point option and give the entry a descriptive name of your choosing, something like “Just before installing new CD-burning utility.” Save the restore point and continue with the installation. If anything goes wrong, run System Restore again (in Safe Mode if necessary), and select the manual restore point you just created. That undoes all your changes and removes any executable files and Registry entries that were added during the installation. System Restore works best if you use it as soon as possible after making a system change.
   • Don’t install multiple programs at the same time. If you experience a problem after installing several programs or utilities, you’ll find troubleshooting is more difficult than it should be. When you install a new program, use it for a day or two and verify that it behaves as expected. After you’re satisfied that it’s safe and reliable, you can add another program. 
5. Keep a close eye on your computer. Be sure you know when a program tries to set itself up to run automatically or to hook into your browser. Take advantage of utilities that can help you monitor common software installation locations. Some useful programs include Spyware Blaster, Spyware Guard, CounterSpy, the Resident Tea Timer feature in Spybot S&D, and the real-time protection features in Microsoft AntiSpyware. Be especially alert for symptoms of unwanted software, such as unexplained pop-up ads and unidentified processes.
6. Maintain good backups. Many adware and spyware programs can be uninstalled using one or more removal tools. But some are so persistent that they require manual removal, a process that can take hours even in the hands of an expert. If you’re confronted with a severe infestation, you might find it simpler to reformat your hard disk and start over. In that case, you’ll be in much better shape if you have a current backup of your data files.