Fighting browser-based spyware

There's a massive battle for browsers going on right now. No, I'm not referring to the epic struggle for market dominance between Netscape and Microsoft way back in the mid-1990s. Today's browser battle is being fought between forces that want to have control over users' browsers: users and administrators versus spyware. If a user merely surfs to the wrong Web site, aggressive malware can install itself on the users' box, steal information and possibly give an attacker remote control of the system.

To defend against such aggressive malware, antivirus tools remain a solid solution. However, some popular antivirus tools don't look for spyware programs installed on browsers. Check your antivirus vendor's feature list to make sure it is explicitly looking for spyware. If your antivirus tool doesn't look for spyware, consider moving to another product that does. If such a change isn't possible in your organization, you should definitely consider augmenting your antivirus deployment with specific tools to defend against spyware.

Several high-quality anti-spyware programs are available on a free basis. The free SpywareBlaster program from Javacool Software provides solid proactive protection and gives good technical details on its activities. Ad-aware, freely available for non-commercial use from Lavasoft, is one of the most comprehensive and easiest to use. Be extremely careful when downloading Ad-aware; numerous other tools pretend to be Ad-aware with similar names such as Ada-Ware, Add-Aware and Adaware. Some of these posers are in fact spyware themselves, masquerading as an anti-spyware program. Get Ad-aware only from the download sites listed at www.lavasoftusa.com and nowhere else.

Beyond antivirus and anti-spyware tools, make sure you educate users in the habits of safe browsing. In your organization's awareness program include specific lessons on not altering browser security configurations and leaving its security setting to at least "Medium" and perhaps even "High". Also, tell users to always click "No" when their browser asks them "Do you want to install and run…" regardless of who the claimed author of the program is. If the dialog box lacks a "No" button, tell them to click on the X in the upper right-hand corner to get rid of it.

Finally, where possible, use an enterprise-wide approach to browser hardening. If your organization is using Internet Explorer, and you've gone through the considerable expense of deploying Active Directory, use Group Policy to tighten browser configurations throughout your organization. If you aren't using AD, you can use the Internet Explorer Administration Kit (IEAK), available from Microsoft at no extra charge, for wide-scale browser management.

About the author
Ed Skoudis is a security consultant with International Network Services, and the author of the books Malware: Fighting Malicious Code and Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor Web advertising exploits: Protecting Web browsers and servers Ransomware: How to deal with advanced encryption algorithms Hidden endpoints: Mitigating the threat of non-traditional network devices Protecting exposed servers from Google hacks (and Google 'dorks') Countermeasures against targeted attacks in the enterprise Windows registry forensics guide: Investigating hacker activities More built-in Windows commands for system analysis Tracing malware's steps with RE:Trace Worst practices: Learning from bad security tips Worst practices: Encryption conniptions Viruses, Worms and Other Malware Researcher disinfects multimedia Trojans Researchers develop cloud-based antivirus Web advertising exploits: Protecting Web browsers and servers SaaS startups enter Web security gateway market Hoffman to demonstrate new hacking techniques Analysis tool uses Intel virtualization to hide from malware How can widget malware on social networking sites threaten enterprises? How can an enterprise-wide network remain resilient against denial-of-service (DoS) attacks? Microsoft Word zero-day being actively exploited Can "good" botnets fight bad botnets? Spyware, Adware and Trojans Researchers develop cloud-based antivirus Web advertising exploits: Protecting Web browsers and servers SaaS startups enter Web security gateway market Ransomware: How to deal with advanced encryption algorithms Stolen data ending up in Google cache, say researchers Information security book excerpts and reviews Yahoo, McAfee to warn users of dangerous websites Botnets and ethics Security Services: Webroot Email Security SaaS Interview: Jim Kirkhope of NCR Spyware, Adware and Trojans Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) Mytob  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.