___________________________________________________________________________
_____
Identity is often difficult to verify on the internet. Frequently, attackers and their malware
impersonate associates of the target user to coax them into installing the malicious code. A
common example of this is when malware infects a system and then automatically emails itself
to everyone in the infected person’s address book. When such an email is received, the recipient
is more likely to open the contents because the sender is a familiar, trusted source.
Don’t trust unknown or known high-risk sources
When visiting unfamiliar web sites, you should exercise caution. This guideline should also
apply to sites you expect to be high risk based on their content. Such sites include those with
many popups, constant or required requests to install browser components and other applications,
and those with content focused on illegal or questionable topics such as software cracking or
hacking.
If you must visit sites of these types, never allow ActiveX controls, browser plug-ins, or other
types of applications to be installed on your system. If you are prompted about allowing an
installation or about agreeing to terms of some kind, it is a good idea to press ALT-F4 or take
other action to close the popup or browser window. Taking any other action, including answering
NO to the installation request, could result in malware being installed on your computer.
Read the fine print
If you decide to install an application obtained on the internet, be sure to read all license or
privacy agreements related to the software and the organization the code comes from, and be
sure you completely understand the details. Many times, information about monitoring
functionality or the vendor’s right to install additional software is included in these documents. It
may be located near the end of the data or buried in long paragraphs to make it harder to detect.
Although the practice of documenting things in ways that make it hard to locate can be
misleading, you are ultimately responsible for your own actions. If you see agreements that seem
too lengthy or hard to understand, consider this a warning sign that you may want to reconsider
installing the application.
Pay attention when installing applications
Software installation packages sometimes take advantage of a user’s tendency to not pay
attention to the details and simply accept the default “checked” options. If the default options are
blindly accepted and prompts are ignored, clicking next, next, next may actually be agreeing to
the installation of spyware, adware, or other applications that are not desired. Reading
instructions and paying attention to what is being agreed to is important to staying safe.
Keep your operating system and software up to date
Keeping systems and applications current with security–related patches is critical. This includes
patching the operating system and all installed applications, especially those related to network
and internet activity like browsers, media players, email clients, and news readers. These are very
common targets of attack and second only to social engineering as a means of spreading malware.
If You Are Running Windows XP, Install Service Pack 2
Windows XP Service Pack 2 includes several features that will help avoid spyware. It includes
pop-up blocking capabilities, an improved automated update process, a better host firewall, and
7