Windows Security Checklist - Part 33: Must-Have Protections from Spyware

by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer
December 4, 2005

No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it could possibly bring their chances of being infected by malwares almost to zero. Now we begin our next installment of the Windows Security Checklist - Part 33: Must-Have Protections from Spyware.

It is not as complicated as it may first appear, although there is a lot of information to absorb. The Security Experts, 1st Responders, Special Response Team members, Host and Moderator consultants at CastleCops can help you, if you have questions about any of these techniques or featured applications.

Getting Started

I have written many articles on this subject, and will continue to do so, as long as people need help along the way. Spyware is evolving, becoming more advanced and increasingly difficult to remove from Windows platforms. Many of the newest spyware programs are using rootkit technologies to invade personal computers. The latest two Windows Security Checklist articles (Parts 31 and 32) were devoted to rootkits and their effects. Even though more of you are now getting with-it in regards to improving and maintaining your PC security, it still surprises me how some have not the slightest clue how to secure themselves online? They are the ones who pay lots of money to take their PC's into the repair shops to get them fixed because they won't work right. The smarter ones come to security forums such as CastleCops to ask for help and to learn. They are saving themselves endless hassle and are using their hard-earned resources wisely.

Must-Have Protections Online

1. A Firewall is an absolute must online. Without it, you are wide open to most trojans and simple hacking attempts. Hackers regularly run search programs online with which they find unprotected computers. It's so much easier to compromise an unfortified system, which could then be used to hack into something bigger and juicier without being traceable back to the hacker. The owners of those PC's could be left "holding the bag," in lawful terms?

Two kinds of software firewalls exist, Rule-based and Application-based. Rule-based ones have gotten a little easier as guides have been developed by which you can configure them. In the old days you had to write your own rules, a daunting task to new users. Application-based firewalls have their rules already setup. All you have to do is decide what applications you want to access the Internet and how high to make the security settings. Piece of cake.

One good quality firewall is all you need. More than one will cause system conflicts and be worse than none. The only case in which two are good is combining a hardware firewall with a software one. Many routers used to access the Internet act like hardware firewalls. Dedicated hardware firewalls are commercially available. If you use wireless you absolutely need a software one in addition to your wireless router. A firewall is your first line of defense against spyware.

You can find good quality firewalls in the CastleCops Firewalls Downloads section. For extra help and if you have questions visit CastleCops Firewalls Forum.

You can test your firewall and security effectiveness for free at Gibson Shields Up Testing

Note: Windows XP comes with a mostly useless built-in firewall. It cannot stop requests to access the Internet from inside the PC. It's best to disable it and replace it with one that truly works both ways.

2. An AntiVirus application is another absolute must. Like firewalls, one is enough. More than that will only weaken your system. Many antivirus (AV) applications now provide some basic anti-trojan and anti-spyware capabilities, but their primary strength exists against viruses. Trojans and spyware are not viruses, yet may be installed by them. Get an AV, install it (be sure your system meets it's requirements), and keep it up-to-date. Regular weekly or daily updates are essential to maintaining the strength of your AV.

Antivirus programs provide Real-Time Monitors (RTM) for while you are online. These scan for a reduced list of the most popular viruses. So, though your full AV program can scan say 100,000 viruses, the RTM will actively scan for about 30,000. Why not more? If it actively scanned for 100,000 you would not have room for all those other things you like to do, such as using your browser?

Of great importance, you need to do full system scans with your AV on a regular basis, at least once per week is recommended. Turn off most of the extra applications you have running (keep essential ones such as Explorer.exe--your operating system), disconnect from the Internet (if possible), and do a full system scan of all your hard disk drives and folders.

If it finds malware or viruses, don't panic. If the malware is in a non-system file that you can live without then delete it. If it's in a System or cherished program folder, quarantine it (AV's have folders for quarantining detected files, usually automatic), be sure you have your install (not recovery) disk and run System File Checker so you can replace System files with a clean copy. You can then leave it in quarantine or delete it. A good idea is to keep backup copies (on seperate media such as CDs) of all your cherished programs in case any of them are trashed due to viruses.

Please refer to WSC - Part 9: Batting Clean-upM for more information on using System File Checker.

Excellent AntiVirus applications are available (free ones too) from CastleCops AntiVirus Tools Downloads.

For extra help and questions choose from the following CastleCops AntiVirus Forums:

http://castlecops.com/f88-AntiVir_Perso...assic.html
http://castlecops.com/f106-AVG_Topics.html
http://castlecops.com/f80-Norton_Anti_Virus.html
http://castlecops.com/f66-Virus_Prevention.html


3. An Anti-Trojan application is needed. Again, one is enough. Trojans are special programs that are used by another program or a hacker to compromise a system. They can read all of your e-mail and send messages to all of your contacts, your IM's and chat, see every website you have visited, watch as you balance your checkbook online, copy your credit card numbers when you buy online, copy all of your passwords, and actually watch every single keystroke you make. They can access your computer to copy or delete files and make changes to your software. Such changes can include hidden program folders used to transmit illegal and criminal content to other computers. Trojans are spyware but many more varieties exist which are not trojans.

Using an anti-trojan is very similar to using an antivirus. Get it, install it, keep it up-to-date and do full scans while you are offline regularly, at least once per week. Use the anti-trojan RTM as much as the one for your AV.

Anti-Trojan aplications are available from CastleCops Anti-Trojan Tools Downloads. For questions and concerns please visit the following Anti-Trojan Forums:

http://castlecops.com/f196-Ewido.html
http://castlecops.com/f63-TrojanHunter.html

4. You can have as many Anti-Spyware applications as you wish and can accomodate. These often do not conflict with each other like firewalls, antiviruses and anti-trojans do. No one application is the best, so it's a good idea to use several. A good rule-of-thumb though is to use one anti-spyware RTM, with the remaining anti-spyware programs on standby. You can run them one at a time with your weekly checkup. Spyware, and their dearest cousin, adware do many of the things that trojans do (see #3).

Anti-Spyware applications are available from CastleCops Anti-Spyware Downloads. Questions and concerns can be addressed in the CastleCops Spyware Forums, specifically the Spyware Tools Forum.

To learn more about what else you can do to improve your PC security please refer to the list of articles in my Larry Stevenson Archive here at CastleCops.

Best regards and always take care of your security.

Article References