Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free, Near-Foolproof Way to Evade Windows Spyware

Posted by timothy on from the when-100-percent-is-just-too-darn-good dept.

adam wenner writes "I have typed up instructions for 'non-computer people' on how to remove spyware and malware (and viruses for that matter). I have tested this procedure on about 40 computers and have never had any problems with any of it. Most people would say a nice 'format c:' would solve the problem, but for most people, that isn't good, and it's a headache reinstalling and migrating stuff over to a freshly formatted machine." I could have used this a few months ago while trying to mitigate malware damage to a friend's system.

4 of 72 comments (clear)

  1. Re:Step 1 by JamesTRexx · · Score: 4, Funny

    I thought step 1 was to remove user... *cleans shotgun*

    --
    home
  2. A couple of extra steps.. by Mike+McCune · · Score: 4, Insightful

    1. Don't run as administrator. Create another account as restricted user for daily use. Most spyware requires administrator rights to install.

    2. Download and install Microsoft Antispyware http://www.microsoft.com/athome/security/spyware/s oftware/default.mspx . Sure is is still beta but it works pretty well. For those anti MS types out there, MS bought this software from Giant Software.

    Any other tips?

    --

    In a world that is Free and Open, who needs Windows and Gates?

  3. Startup by thing12 · · Score: 4, Informative

    And it's nice to have Mike Lin's StartupMonitor and Startup Control Panel installed. Helps to keep things from being added to start without your knowledge, and lets you disable them after the fact.

  4. Running without admin rights? by Alwin+Henseler · · Score: 5, Informative
    1. Don't run as administrator. Create another account as restricted user for daily use. Most spyware requires administrator rights to install. No. This works real well in Linux and OSX, but not in Windows. It produces way more headaches than it solves, because the concept of not running with admin rights is still fairly new in the Windows world (..)

    I think I should point out some practical experience here, that suggests the opposite. A number of months ago, I helped clean spyware off my parents' PC. Installed Firefox, and my dad agreed to set it up as default browser, so that URL's opened by other programs use Firefox too. Don't underestimate the significance of this; if you can convince grandma to use the safer browser by default, make it so. If you need to, rename the "Firefox" icon as "Internet".

    Installed recent versions of common plugins (Flash, Java & QuickTime IIRC), and asked my dad NOT to agree/install any other plugins after that, only make a note of what's felt as 'missing'. So you have Firefox, you have all common plugins (working! and recent versions). Not enough? Then either that site is badly designed and should be avoided, or additional 'plugins' may mean 'malware'. If I overlooked some popular plugin, my dad will let me know on my next visit.

    Next, I setup separate user accounts, without passwords. I felt that asking my dad to enter a password each time was too much hassle, but he agreed that clicking on his name, once during bootup, was OK (you take what you can get). Account setup was easy, my dad knows how to use admin account if he needs to install something, but normal work is done as non-priviliged user.

    Ofcourse I enabled automatic updates (WinXP), and in this case ignored the firewall setting, since there's a hardware-based firewall box between the ADSL connection and my dad's PC. Regardless of quality, a harder nut to crack than any software-based firewall (decent password set, and any outside-access options disabled on that thingie). A hardware-based firewall also makes OS reinstalls safer/easier.

    The only changes my dad sees: a single click on his name on bootup, and a slightly different looking browser program. A couple of months later, I asked my dad what he had noticed lately. Only comments along the lines of 'one or two programs complaining about being unable to install something, but nothing that got in the way of normal use'. I explained him that there was a good chance, that these programs complaining where likely stuff he wouldn't want/need on his PC anyway, so these rare 'unable to install something' dialogue boxes could be regarded as positive signs. ;-)

    It produces way more headaches than it solves (..)

    Assuming the above scenario could work for many Joe Sixpacks and grandma's, your claim is obviously flawed. A priviliged admin account is needed either for installing software, running applications with special needs, or performing special tasks. Exactly the sort of thing Joe Sixpacks and grandma's DON'T DO (or SHOULDN'T be doing!). So they'll be fine with a non-priviliged user account.

    For folks where this is not the case ('advanced/power user'), you can assume they know what they're doing. If not, those users only have themselves to blame for not RTFM.

    So as you state, a couple of simple steps like this can prevent 99% of the problems. Read: not producing, but preventing headaches. All of the above was easy and took little time, and I don't expect to spend much effort on cleaning virus/spyware crap from that machine in the future. If anything, the next step would be buying a "Linux for dummies" book, and installing a newby-friendly distro a la Mandrake or Ubuntu. My dad already tried to install Linux once, so he's definitely interested. ;-)