Inside Spyware: Part 3 File-Sharing Applications and Spyware
File-Sharing Applications and Spyware
If you use file-sharing applications to trade multimedia files, you are at a higher risk than most to be infected by spyware. There are a number of security risks posed by file-sharing software, including the installation of dialers and spyware bundled with file-sharing applications, as well as Internet connections that do not close and mislabel content.
We recommend that you read this consumer alert — issued by the Federal Trade Commission — about the use of file-sharing applications and the potential dangers.
File-sharing programs have created numerous headaches for colleges and universities, and several of them have set up Web pages alerting students to the legal and technical consequences of file-sharing software. Some of these pages give tips on minimizing the risk, while others attempt to dissuade the use of file-sharing completely. They serve as informative guides, especially if you need draw up your own policies. Examples include St. Norbert College and Duke.
Browser Settings
The Windows operating system and Internet Explorer browser come with variable security settings. While the most convenient way to surf the Web might appear to be with the security settings on low, that's also the most dangerous.
Central to the issue of securing your Web browser is controlling ActiveX, which is the name for a set of controls that can be automatically downloaded and executed by your browser. While most of these controls are useful and help you experience content online, they can be used for malicious purposes.
Typically, you'll find that legitimate ActiveX controls are "signed" by their publishers. Ultimately, you want to OK the download of author-signed ActiveX controls and leave the rest alone. You can do this by adjusting your computer's security settings. Just follow these steps:
In Windows go to: Settings/Control Panel/Internet Options/Security. Highlight the Internet icon and click "Custom Level." Make sure the following settings are checked:
Download signed ActiveX scripts = Prompt
Download unsigned ActiveX scripts = Disable
Initialize and script ActiveX not marked as safe = Disable
Installation of Desktop items = Prompt
Launching programs and files in a IFRAME = Prompt
You have now set your browser to alert you with a prompt when it attempts to download and install what could be legitimate content and ignore questionable content.
Now you want to check the list of "trusted publishers," which is a list of programmers (individuals or companies) whose ActiveX components can be downloaded without warning.
In Windows go to: Settings/Control Panel/Internet Options/Content. Click on the "Publishers" button. If you see any names on there you are not familiar with, delete them so their components cannot be installed without first prompting you.
Stop by next week for Part Four of the series when we discuss even more ways to prevent spyware.
