Fighting browser-based spyware

There's a massive battle for browsers going on right now. No, I'm not referring to the epic struggle for market dominance between Netscape and Microsoft way back in the mid-1990s. Today's browser battle is being fought between forces that want to have control over users' browsers: users and administrators versus spyware. If a user merely surfs to the wrong Web site, aggressive malware can install itself on the users' box, steal information and possibly give an attacker remote control of the system.

To defend against such aggressive malware, antivirus tools remain a solid solution. However, some popular antivirus tools don't look for spyware programs installed on browsers. Check your antivirus vendor's feature list to make sure it is explicitly looking for spyware. If your antivirus tool doesn't look for spyware, consider moving to another product that does. If such a change isn't possible in your organization, you should definitely consider augmenting your antivirus deployment with specific tools to defend against spyware.

Several high-quality anti-spyware programs are available on a free basis. The free SpywareBlaster program from Javacool Software provides solid proactive protection and gives good technical details on its activities. Ad-aware, freely available for non-commercial use from Lavasoft, is one of the most comprehensive and easiest to use. Be extremely careful when downloading Ad-aware; numerous other tools pretend to be Ad-aware with similar names such as Ada-Ware, Add-Aware and Adaware. Some of these posers are in fact spyware themselves, masquerading as an anti-spyware program. Get Ad-aware only from the download sites listed at www.lavasoftusa.com and nowhere else.

Beyond antivirus and anti-spyware tools, make sure you educate users in the habits of safe browsing. In your organization's awareness program include specific lessons on not altering browser security configurations and leaving its security setting to at least "Medium" and perhaps even "High". Also, tell users to always click "No" when their browser asks them "Do you want to install and run…" regardless of who the claimed author of the program is. If the dialog box lacks a "No" button, tell them to click on the X in the upper right-hand corner to get rid of it.

Finally, where possible, use an enterprise-wide approach to browser hardening. If your organization is using Internet Explorer, and you've gone through the considerable expense of deploying Active Directory, use Group Policy to tighten browser configurations throughout your organization. If you aren't using AD, you can use the Internet Explorer Administration Kit (IEAK), available from Microsoft at no extra charge, for wide-scale browser management.

About the author
Ed Skoudis is a security consultant with International Network Services, and the author of the books Malware: Fighting Malicious Code and Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Threat Monitor,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor Cut down on calls to help desk with cybersecurity awareness training How to detect software tampering How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Software security threats and employee awareness training Newest malware threats How to defend against rogue DHCP server malware Malware, Viruses, Trojans and Spyware New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.