Advanced Spyware Prevention

Some users feel a little is not enough when it comes to Spyware prevention. And to a certain degree they are correct. That being said: enforcing the perimeter of your Operating System (OS) can be achieved with the following tools I recommend.

The Host File Defense Strategy

I have briefly discussed the Hosts file when it comes to malware infection [with respect to browser hijacking]; however, when managed properly, the Hosts file can also be used to fight against potential infections. Let me explain.

The Hosts file is like an address book. When you type an address like www.yahoo.com into a web browser, the Hosts file is consulted to see if the IP address, or 'telephone number,' for that site exists. If the IP is listed in the Hosts file, then your computer will 'call' the web site directly and the web page will be displayed in the browser. If the IP is not listed in the Hosts file (which is almost always the case), the computer will refer to your Internet Service Provider (ISP) to resolve the 'phone number' of the web site there, or ultimately to a Domain Name Server. This happens transparently.

One way you can use a Hosts file  to block unwanted web sites (such as ad servers, malware sites, etc) from being displayed in your browser is to list a bad web site name with the 'local' phone number of your own computer. Effectively, when a bad web site is looked up in your Hosts file, your computer will refer to itself (resulting in a 'busy signal'). Thus, the Hosts file can be used to block potentially dangerous web sites. (Source: accs-net.com)

As the name implies, a Hosts File Manager (HFM) can manage your Hosts file. You can use a HFM to accommodate additions, make edits, back up your Hosts file, download large lists of blacklisted 'bad' web sites, and more. You can find several different Hosts file managers at this Wikipedia page under External Links. I personally use HostsMan because it provides a simple interface and offers options which won't overwhelm novice users. For those wanting a more advanced manager, I also recommend Bluetack Hosts Manager.

Defense by Zone (Internet Explorer)

Another area where we can strengthen our defenses against malware infested sites would be to configure Internet Explorer's security zones. Each Zone can be customized, but by simply adding a site to the Restricted Zone at its default level, you can prevent many of a website's features from even loading (including exploits often hidden in ActiveX, Java programs and Active Scripting embedded into web pages).

Each zone is configurable with many settings. I routinely recommend that users follow IE Tweaks' suggestions. Sites entered into the Trusted Zone should only be sites you fully trust because settings are usually set to Low by default.

A great tool for managing the sites in either the Trusted or Restricted Zones is ZonedOut. With this tool you can easily add or delete any site from either zone, create white lists or blacklists and search if a site is listed. IE-SPYADS is a collection of sites known to download malware when visited. This list is routinely updated to keep abreast of the latest sites which present a threat. You can also use IE-SPYADS to block access to ad related sites as well. Many sites listed in Hosts files and on this list are duplicated adding a sort secondary bit of precaution.

Microsoft offers Internet Explorer 5 Power Tweaks Web Accessories which affords a simpler way to add sites to either zone, but does not have the management abilities.

Of course, using any of these lists and accompanying management tools will not prevent infection in all cases. They rely on known malicious sites already in their respective databases. But with all the sites out there, you never know when a click will bring you to one.

Both these management tools use virtually no resources and provide a layer of protection which is invisible.

In my next blog entry, I discuss program control applications in the fight against Spyware.

Surf Safe, and Surf Secure!