End user's spyware prevention checklist

Here are some tips for safe Web surfing to pass along to your employees for preventing spyware from entering your company's network. (Download and print the PDF.)

• Never deliberately download software to your workstation or desktop from the Internet, no matter how helpful or interesting it may appear. Even innocuous toolbars and nifty utilities can be packed with unwanted spyware. Be especially wary of file-sharing programs, which you shouldn't be using in the office anyways.

• Stay away from any questionable sites, including pornography, gambling, hacking or other off-beat sites. But you shouldn't be, in any case, visiting these types of sites at work either. At most companies, you could be terminated for doing so.

• Whenever an unwanted or unexpected pop-window appears, shut it down immediately by clicking on the "x" in the upper right hand corner of the window. Never click on any button, even if it says "Cancel" or "Close" on the window itself. These buttons can masquerade as innocent features that inadvertently start an unwanted download of spyware.

• Be suspicious if endless pop-up windows start opening simultaneously, or if the performance of your workstation turns into a crawl. Assume that you've been hit by spyware and seek assistance from the Help Desk.

• If you're using Internet Explorer as your browser, change its settings to block Active X objects. Go to Tools > Internet Options > Security > Custom Level. There is a section near the top of the dialogue box devoted to Active X controls. At the very least, disable downloading of both signed and unsigned Active X controls and those marked as unsafe. Some Active X objects are spyware. This will block them.

• If you're workstation is running Windows XP SP2, then turn ...
  
  To continue reading for free, register below or login

  Requires Membership to View

  To gain access to this and all member only content, please provide the following information:

  Email Address:
  
  
  

  By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
  
  TechTarget cares about your privacy. Read our Privacy Policy
  To read more you must become a member of SearchSecurity.com

  As an existing member of the TechTarget network please activate your SearchSecurity.com account 

  By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
  
  TechTarget cares about your privacy. Read our Privacy Policy
  
  
  

  BROWSE BY TAG Threat Monitor,   Web Security Advisor,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS

  
  

  RELATED CONTENT Threat Monitor Server Message Block Version 2 security in question: Disable or patch? Preparing for future security threats, evolving malware Best practices for (small) botnets Cut down on calls to help desk with cybersecurity awareness training How to detect software tampering How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Web Security Advisor DNS rebinding defenses still necessary, thanks to Web 2.0 New defenses for automated SQL injection attacks PCI compliance and Web applications: Code review or firewalls? Worst practices: Bad security incidents to avoid Web scanning and reporting best practices Social networking website threats manageable with good enterprise policy Enterprise security in 2008: Building trust into the application development process PCI DSS Section 6: A plan for tackling application security Making the case for Web application vulnerability scanners Preparing for uniform resource identifier (URI) exploits Malware, Viruses, Trojans and Spyware Malware in Google attacks uses spaghetti code Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Another PDF attack targets Adobe zero-day vulnerability Security report finds rise in banking Trojans, adware, fewer viruses How to prevent rogue antivirus programs in the enterprise How to stop keylogging malware with more than basic antivirus software, firewalls Conficker-infected machines now number 7 million, Shadowserver finds FBI estimates rogue antivirus losses exceeding $150 million Security researchers continue hunt for Conficker authors

  RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

  RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

  
  
  on the pop-up blocker feature in Internet Explorer and activate the firewall now bundled as part of SP2. The pop-blocker is listed under Tools in Internet Explorer's menu bar, and the firewall can be turned on from the Windows Firewall icon in Control Panel. These actions won't stop spyware altogether, but they can help.

MORE INFORMATION:

Get more tips and expert advice on preventing and cleaning up spyware.

---

About the author
Joel Dubin is an independent computer security consultant based in Chicago. He specializes in Web and application security and is the author of the recently released book The Little Black Book of Computer Security available from Amazon.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.