Here are some tips for safe Web surfing to pass along to your employees for preventing spyware from entering your company's network. (Download and print the PDF.)
- Never deliberately download software to your workstation or desktop from the Internet, no matter how helpful or interesting it may appear. Even innocuous toolbars and nifty utilities can be packed with unwanted spyware. Be especially wary of file-sharing programs, which you shouldn't be using in the office anyways.
- Stay away from any questionable sites, including pornography, gambling, hacking or other off-beat sites. But you shouldn't be, in any case, visiting these types of sites at work either. At most companies, you could be terminated for doing so.
- Whenever an unwanted or unexpected pop-window appears, shut it down immediately by clicking on the "x" in the upper right hand corner of the window. Never click on any button, even if it says "Cancel" or "Close" on the window itself. These buttons can masquerade as innocent features that inadvertently start an unwanted download of spyware.
- Be suspicious if endless pop-up windows start opening simultaneously, or if the performance of your workstation turns into a crawl. Assume that you've been hit by spyware and seek assistance from the Help Desk.
- If you're using Internet Explorer as your browser, change its settings to block Active X objects. Go to Tools > Internet Options > Security > Custom Level. There is a section near the top of the dialogue box devoted to Active X controls. At the very least, disable downloading of both signed and unsigned Active X controls and those marked as unsafe. Some Active X objects are spyware. This will block them.
- If you're workstation is running Windows XP SP2, then turn on the pop-up blocker feature in Internet Explorer and activate the firewall now bundled as part of SP2. The pop-blocker is listed under Tools in Internet Explorer's menu bar, and the firewall can be turned on from the Windows Firewall icon in Control Panel. These actions won't stop spyware altogether, but they can help.
About the author
Joel Dubin is an independent computer security consultant based in Chicago. He specializes in Web and application security and is the author of the recently released book The Little Black Book of Computer Security available from Amazon.