Ten ways to avoid spyware

I made a quick stop in Madrid this week. In ten years of traveling and speaking on Internet security I encounter people to whom the threats are all new at every stop. Part of the motivation behind this blog is to get the word out. As I build on my own understanding of the threats an informative blog is the ideal way to spread the word.

So here are the first five of ten tips to avoid spyware and maintain control of your computing experience.

1. Just say no to freeware.

While there are still great programs that are free, many freeware programs are just elaborate hoaxes to get you to install a bunch of nasty stuff. They usually take the guise of a tool bar for searches (One of the worst is slotchbar.com Don’t go there! It installs 666 traces and over a dozen of the slimiest pieces of adware and spyware.) although any number of so called utilities can be vehicles for infection such as screen savers, cute cursors, etc. Because there are so many pieces of great software out there that ask for donations or have time limits or remind you to register and subscribe you have to get adept at recognizing the difference between a download that is unencumbered and one that is backed by slimeware.

2. Practice safe browsing.

There are hundreds of thousands of websites that contain exploits. If you frequent online gaming and pornography sites you are going to get infected.

3. Use Firefox. Or rather, do not use Internet Explorer.

Spyware writers recognize that if they are going to reap the greatest gain they have to focus their efforts on the predominant browser. IE has at least a 95% market share. By using any other browser you can avoid all known drive-by spyware (as far as I know today. Contact me if you think you have found a FireFox spy!). Opera, Safari, whatever your favorite browser, it will be safer than IE. Just one problem. Because of IE’s ubiquity many web site developers have gotten lazy and will not let you log in if you do not have IE. This can be annoying if it is your bank or favorite travel site. So, contact your financial institution and ask them to support W3C standard browsers today!

4. Switch to Mac.

Let’s face it. Spyware is a Windows problem. Mac users smile smugly whenever they hear the rest of us complain about the latest worm, virus, spy. Ever notice that a high percentage of people in the security industry use Power Books?

5. Block ad sites

There is a very useful file on the Windows MVP site. Download it and install it. It replaces your hosts file with about 5,000 entries that short circuits internet connections that would normally take you to ad sites. This speeds up your browsing when you are going to ad laden sites, the ones that get fed from known ad servers. There are a couple of drawbacks. If you are researching spyware you are blocked from a lot of sites. And if you want to visit one of the sites that appears to one side of the Google search page when you do a search you will not be able to click through to that site. Just type the url in manually though and you can get past that minor annoyance.

I have five more tips which I will post from RSA next week.

Originally published at www.threatchaos.com