You’ve done it all. The servers are patched with the latest code,
the workstations are protected with the top-of-the-line spyware detection
software, and you’ve configured the firewall to block all unnecessary outbound
ports. You sit back, take a breath, and congratulate everyone on a job well
done.

But while you’re enjoying the moment, a new employee in
another part of the building is installing WeatherBug so she can get the daily
forecast before driving home. By the time your party’s over, she’ll have
convinced two of her coworkers to install the application as well. Your safe
and secure network was just breached at the weakest point: the user.

In this article, we’ll discuss steps you can take to enlist
your users’ help in fighting the spyware battle. We’ve also included a spyware prevention
checklist, which you can use as a quick reference for anti-spyware best
practices.

Raising user awareness

One of the key components of an anti-spyware initiative is educating
users. Start with the basics, such as what constitutes spyware and what risks
it poses. Once you’ve introduced the fundamentals, you can teach users how to spot
spyware and what they can do to keep it off their machines. Depending on the
size of your organization, these lessons can be taught in formal classes or in
one-on-one sessions, where technicians visit users. Topics you’ll want covered
include:

Recognizing installed
spyware.
Users need to be aware of spyware symptoms. Most spyware is easily
detected because it generates advertising pop-up windows, but users should also
look for sluggish system performance, new home pages in their Internet browser,
Internet pages that are rerouted to other Web sites, and the sudden appearance
of new toolbars.

Downloading and
installing cautiously.
When users are presented with a pop-up window that
asks them to click OK to install a “helpful” application, instruct them to either
click the X in the upper-right corner of the window or press [Alt][F4] to close
the window. They should never click OK or I Agree to close a pop-up window.

Carefully reading the
EULA.
If users elect to install a software program, they should take a few
minutes to read the end-user license agreement (EULA) and all installation
options to ensure that there aren’t any additional applications hidden within
the installation package. Even a trustworthy program like the Google toolbar
has benign spyware options offered as part of the installation routine.

Be prepared to encounter users who believe that spyware
applications are helpful. For example, at first glance, WeatherBug may appear
quite handy. However, it also installs the My Search toolbar and generates
pop-up advertising windows. So, in addition to removing the spyware,
you must convince users that these programs can potentially lead to other
problems.

Tightening browser security

Internet Explorer 6 offers several security settings designed
to keep spyware at bay. These features attempt to strike a balance that allows
users to browse the Web while still protecting their computers from harmful
software.

To access the IE security settings, click Tools | Options.
The security settings are located on the Security and Privacy tabs. Figure A shows the four security zones where
all Web sites are gathered:

The Internet
Zone
contains all Web sites that are not placed in the other three zones.

The Local
Intranet Zone
contains Web sites on your company’s intranet.

The
Trusted Sites Zone
contains all sites that you believe to be trustworthy
and that you want your users to be able to view.

The
Restricted Sites Zone
contains all the sites you don’t want anyone who uses
the computer to view.

Figure A

 

By adding sites to the Restricted Sites Zone, you can
prevent users from viewing sites you deem dangerous. For example, you might
want to consider blocking the download site for WeatherBug to keep users from
downloading and installing the program.

To add sites to the Restricted Sites Zone, click the Sites
button. When the Restricted Sites dialog box appears (Figure B), enter the address of the site you want to restrict and
click Add. The site will be added to the Restricted Sites list.

Figure B

 

You can also customize the security settings for a
particular zone. Click the Custom Level button to open the dialog box shown in Figure C. Here, you can change the
security level or modify the default settings.

Figure C

 

The Privacy tab, shown in Figure D, allows you to modify the security level for the Internet Zone.
To adjust the level, simply move the slider to the desired setting. The Privacy
tab also lets you modify the settings for the Microsoft Pop-up Blocker program,
which we’ll look at next.

Figure D

 

Installing pop-up blocker software

Pop-up blocker software won’t prevent spyware from being
installed on a computer, but it will at least keep pop-up advertisements from
displaying. These programs use a database of known pop-up sites to prevent them
from opening. When a Web site in the database attempts to display, the pop-up
blocker closes the new window.

Pop-up site databases are populated in two ways. Some pop-up
blockers require users to specify every Web site they want blocked, usually by
selecting from a list of open windows. There are a couple of problems with this
approach. First, it’s a time-consuming method of populating the database. Second,
the pop-up window must be opened at least once before it is blocked. This type
of program works well, but users quickly tire of adding Web sites to the
database.

Other pop-up blockers use a pop-up window definition file,
which is a better alternative. The definition files are constantly updated,
providing a current list of pop-up sites. These programs are easier to use and
only require users to update the definition file, not actually build their own.
The IE Pop-up Blocker that’s installed with WinXP SP2 is an example of this
type of software.

To view Pop-up Blocker settings, open Internet Explorer and
click Tools | Pop-up Blocker | Pop-up Blocker Settings. Figure E shows the options that are available.

Figure E

 

First, you can add Web site addresses to the Allowed Sites
list. These sites override the definition file and allow you to view pop-up
windows from certain Web sites that might otherwise be blocked. You can also
select the type of notification you receive when a pop-up is blocked
and set the Filter Level. In general, the Medium setting does a good job of
blocking most pop-ups from adware companies. If you want to block all pop-ups,
select the High setting. The Low setting
blocks all pop-ups except those from secure sites listed in the definition
file.

Using anti-spyware tools

Spyware detection software scans a computer’s hard drive for
known spyware. Teaching your users how to use these applications allows them to
remove spyware at the first sign. You should also instruct your users to run
the spyware detection software at least once a week, even if they don’t notice
any signs of spyware. Regularly running the detection program can prevent
problems before they surface. We’ll look at spyware detection software in depth
in a future article.

Wrap-up

In today’s world, spyware is a constant threat. However,
computer users can help combat spyware by understanding the risks, downloading
cautiously, carefully reading EULAs for every piece of software they install,
and regularly using spyware detection software. The checklist in Table A covers the basic steps you and
your users can take to stay on top of the spyware situation.

Untitled Document

Table A

Spyware
prevention checklist
Educate
users about the dangers of downloading and installing software that
has not been approved for the corporate network.
Explain the importance
of reading the end-user license agreement (EULA) when installing
software.
Install anti-spyware
software, such as Lavasoft’s Ad-Aware,
on all computers in the corporate environment.
Teach users how
to recognize and remove spyware using
anti-spyware software programs.
Inform users of
new spyware programs that appear in the corporate environment. This
can prevent them from downloading and installing something that a
coworker or friend shows them.
Configure browser
security settings to reduce the amount of spyware that can be downloaded.
Install pop-up
blocker software or use the Internet Explorer
Pop-up Blocker addition.
Configure firewalls
to block all outbound traffic on unused ports to prevent spyware
from covertly sending information through them.
Use group policies
to prevent software installation on corporate workstations.
Reduce the amount
of Web surfing allowed on corporate computers.
 

These measures will greatly reduce the amount of spyware
that gets installed on a computer. Of course, they won’t eliminate the threat entirely,
but they’ll give you a healthy head start on keeping spyware under control.