Hi Louise - There isn't a really single simple answer to your question - it
depends on a number of variables including your OS, whether you keep it
updated with ALL critical hotfixes, which anti-malware programs you run on a
regular basis (you mentioned AdAware and SpyBot S&D which I certainly
recommend, although I would suggest running both of them at least weekly
rather than alternating - each can sometimes find things that the other
doesn't. However, there are a number of others that you can usefully run on
a regular basis such as A² Personal, here:
http://www.emsisoft.com/en/software/free/, and Stinger.exe, from the link on
this page:
http://vil.nai.com/vil/stinger/, just to name a couple - there
are others.), which brower you use, what your surfing habits are, how you
handle your emal and with which client, how conscientious you are about
UPDATING things, etc. I would suggest that you take a look at my Blog,
Defending Your Machine, addy below in my Signature, especially doing some
reading of the references in the first section.
In the meantime the following, taken from that Blog's Preventive Measures
section identifies several essentially non-intrusive steps you can take
which will add substantial protection assuming you don't already employ
them. (It assumes that you're using a Microsoft OS and Internet Explorer):
PREVENTIVE MEASURES TO TAKE
? Next, courtesy of Mike Burgess, edited by me:
"--Recommended Minimum Security Settings--
Close ALL instances of IE and OE. In Control PanelInternet Options click on
the "Security" tab. Highlight the "Internet" icon, click "Custom Level". Set
the following:
1) "Download signed ActiveX scripts" = Prompt
2) "Download unsigned ActiveX scripts = Disable
3) "Initialize and script ActiveX not marked as safe" = Disable
4) "Installation of Desktop items" = Prompt
5) "Launching programs and files in a IFRAME" = Prompt (Added by JB - See
more below about this.)
Click on the "Content" tab, then click the "Publishers" button
Highlight and click "Remove" for any unknowns, then click OK
Click on the "Advanced" tab, then uncheck: "Install on demand (other)",
click Apply\OK
Prevent your "HomePage" setting from being Hijacked
http://www.mvps.org/winhelp2002/ietips.htm
Mike Burgess
Information isn't free if you can't find it!
http://www.mvps.org/winhelp2002/"
Note the Publisher setting - this vector is often overlooked. See here:
http://mvps.org/winhelp2002/restricted.htm#Setting
Then, from me:
Disable BOTH "Install on Demand" options on the IE6 Advanced tab. Disable
BOTH "Launch Programs and Files in an IFRAME" and "Navigate sub-frames
across different domains" in IE6SecurityInternetCustom Level in the Misc
section. (Be sure that you install hotfix 889293, also.)
Another set of not unreasonable (although much more severe) security setting
recommendations is available here:
http://www.infinisource.com/techfiles/surf-safe.html And here:
http://www.techbargains.com/hottips/hottip13/index.cfm Also, see here for a
comprehensive discussion of this (very highly recommended):
https://netfiles.uiuc.edu/ehowes/www/btw/ie/ie-opts.htm
? There's a reasonable test of your Browser's secuity here:
Jason Levine's Browser Security Tests
http://www.jasons-toolbox.com/BrowserSecurity/ and another extensive and
Recommended one here:
http://bcheck.scanit.be/bcheck/
? You might want to consider installing Eric Howes' IESpyAds, SpywareBlaster
and SpywareGuard here to help prevent this kind of thing from happening in
the future:
IESPYAD -
https://www.spywarewarrior.com/uiuc/resource.htm "IE-SPYAD adds a
long list of sites and domains associated with known advertisers, marketers,
and crapware pushers to the Restricted sites zone of Internet Explorer. Once
you merge this list of sites and domains into the Registry, the web sites
for these companies will not be able to use cookies, ActiveX controls, Java
applets, or scripting to compromise your privacy or your PC while you surf
the Net. Nor will they be able to use your browser to push unwanted pop-ups,
cookies, or auto-installing programs on your PC." Read carefully. Tutorial
here:
http://www.bleepingcomputer.com/forums/tutorial53.html
http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs, blocks spyware/tracking cookies, and restricts the actions of
potentially dangerous sites) (BTW, SpyWareBlaster is not memory resident ...
no CPU or memory load - but keep it UPDATED) The latest version as of this
writing will prevent installation or prevent the malware from running if it
is already installed, and, additionally, it provides information about and
fixit-links for a variety of parasites. Tutorial here:
http://www.bleepingcomputer.com/forums/tutorial49.html One additional
feature of SpywareBlaster is the ability to add your own supplemental Custom
Blocking CLSIDs. Some directions for manually adding these can be found
here:
http://www.wilderssecurity.com/showthread.php?t=13684 A good source
for a pre-compiled list of these as well as directions for adding them can
be found here at dak's site:
http://customblockinglist.cjb.net/ This list is
irregularly updated, so you should check on it ever-so-often or use the
ChangeDetection service, mentioned below.
IMPORTANT NOTE: A good additional source of preventive blocking for ActiveX
components is the Blocking List available here:
http://www.spywareguide.com/blockfile.php While smaller than the
SpywareBlaster list, it contains some different malware CLSIDs and appears
to be updated with new threats more frequently. Strongly Recommended as a
supplement to SpywareBlaster. Read all of the instructions in the Expert
package download carefully. You might want to consider using:
http://www.changedetection.com/monitor.html to monitor and notify you of
changes/updates to this list and/or to dak's Custom Blocking list (or other
programs, for that matter, including this Blog which is updated fairly
frequently).
http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Tutorial here:
http://www.bleepingcomputer.com/forums/tutorial50.html
All three Very Highly Recommended
? IESPYAD and SpywareBlaster (and the other malware-ActiveX blocking lists)
are probably the best preventive tools currently available, expecially if
supplemented by using the Immunize function in SpyBot S&D and a good HOSTS
file (see next).
? Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here:
http://www.mvps.org/winhelp2002/hosts.htm (Be
sure it's named/renamed HOSTS - all caps, no extension) Additional tutorials
here:
http://www.spywarewarrior.com/viewtopic.php?t=410 (overview) and here:
http://www.bleepingcomputer.com/forums/tutorial51.html (detailed)
? Lastly, with regards to cookies: The following overview of the approach I
recommend is courtesy of Mel's Spyware Tools: XML-Menu for IE6 -
(
http://www.spywarewarrior.com/uiuc/main.htm, click on IE6 Tools on website)
"This package contains a full menu of custom Import XML files that can be
used to manipulate IE6's handling of cookies in the Internet and Trusted
zones (the Privacy tab controls only the Internet zone). The files are
divided into three sets: one "short list" of recommended files, and two
"advanced" lists containing a wide range of possible Privacy configurations.
The ReadMe covers the basics of using custom XML Import files and details
all the files that are available. A .REG file that can be used to restore
the default Privacy tab settings is included."
This is the technique that I use and, while I do very infrequently have to
override on some sites that don't have a Privacy Policy in place, I've found
it almost infallible in stopping bad cookies (I use 1-e, BTW) FWIW, MVP Eric
Howes' site here:
https://netfiles.uiuc.edu/ehowes/www/main-nf.htm is one of
the very best on the net with regard to anything having to do with security.
Very Highly Recommended.
Sorry for the long reply, but perhaps you'll find it helpful.
