What are some things to avoid if you want to keep your computer adware/spyware free?

Question

I recently reinstalled the OS (Windows XP Home) on a friend's heavily spyware/adware infected machine. It appears as though his kids (7 and 11 years I believe) were visiting sites that offered downloads for search bars, screensavers, and "cute" cartoony animations that anyone with safety in mind would never download.

Some of the concerns I noted on the machine were:

• The main account was Administrator
• Expired anti-virus software
• Lack of Windows updates
• Multiple firewalls installed

Basically, I'm looking for a guide for non tech-savvy users that would help them avoid getting infected again.

Answer 1

• Have non-tech users accounts be non-admin
• Teach safe browsing habits
• Never download anything that isn't from an 'official' source
• Use Firefox/Chrome/Safari/Opera instead of Internet Explorer
• Run malware scans regularly
• Set Windows to update automatically
• Install virus protection and scan automatically/regularly
• Install a firewall
• And again, smart browsing habits.

For firewall, either don't use one (and use Windows Firewall instead) or install one free one, like ZoneAlarm.

Edit: I see in your question you mentioned expired anti virus. Use AVG instead. It's free and will never expire and updates automatically.

Edit2: As others have mentioned, you could install software that basically locks the computer down. I have to disagree with this. I would much rather take the time and teach the users (especially the children) about how to properly use the computer to the fullest, rather than block them out.

Answer 2

Best solution I found: gave my kids a Mac mini with parental controls on... No virus problems, they can't really install any crapware even if their friends point them to some. Also, game choice is limited, which is a big plus. With that, they spend much more time exploring the web, experimenting with making music or videos than playing games.

Plus, the mini makes 0 noise and fits anywhere, it's perfect for a bedroom. Kids love it too, don't miss games much, they prefer to play on the Wii anyway...

So, my advice: forget XP, it's a lost cause. There are much better things out there. If you want to reuse you machine and don't want to buy a new one, install Linux on it. The desktop effects on the new Ubuntu are amazing (see http://www.youtube.com/watch?v=dlhD_4pK4MM for example), kids always get excited with that. Plus they'll have tons of things to explore with Linux, much more interesting than old grandpa's Windows XP clunker :) With linux, you're basically also virtually guaranteed to remain crapware-free.

I'm moving away slowly from Windows (started late last year), and I am very glad I did so far, I refuse to waste any more time fixing Windows installs.

Answer 3

If the question is really to help them avoid getting infected again, and it is a computer for the kids, I recommend you to do some research on deploying Windows SteadyState for that particular computer.

Answer 4

Run the web browser in an isolated environment (e.g. with Sandboxie) and be done with malware attacks, 'accidental' toolbar installations, and the like.

PS: In the registered version you can force a program to run always inside the sandbox. If system memory is not a scarce commodity, you might as well use a RAM disk as 'container'.

Answer 5

Here is a simple answer:

Avoid using the Internet.

And another simple answer:

Don't install anything.

Answer 6

Ask your friend to browse/ do his work in a virtual machine (VM), and prepare a backup image so that whenever that VM is infected, you can always delete it and restore from the backup image.

Or, maybe you can use Sanboxie to isolate the browsing and BitTorrent software.

Answer 7

The top rated advice here is all good, but there is no perfect solution. Not yet covered:

I would emphasize training above all else. Most spyware / adware is invited into the computer. Whatever your computer / OS & your religious beliefs about them, your web browser is your weakest point in the system. Surfing the web is analogous to driving randomly around town asking strangers if they want a ride. Keep in mind most people using Outlook have HTML mail enabled by default, effectively turning their email client into a web browser.

Consider using Firefox and installing NoScript. It's a solid plugin that by default prevents all scripts running. It's easy to add exceptions for sites you trust.

All the machines in my house were Windows NT / XP / Vista for years. I finally shifted to Ubuntu to simplify my life. I was tired of being the family systems administrator. I picked Ubuntu largely for these reasons:

1. No root account by default
2. No open ports by default
3. Huge software repository
4. Easy updates with a long support cycle
5. My favorite price. Free.

Answer 8

Exactly what do your friend and his family use the computer for? It might be that they can do just fine with Ubuntu or some other user-friendly Linux distro, and that would drastically cut down on these problems.

There are mail clients, web browsers, and office suites suitable for home use included in Ubuntu. It would very likely annoy the children by not running games, but your friend might consider that a good idea.

It's very possible that your friend is using something that won't run on Ubuntu, and that there's no good replacement for, of course, and in that case you shouldn't change the OS. However, I know computer users that would be just as happy with it, and your friend might be one.

Answer 9

One of my standard answers to this kind of question is to use OpenDNS, because it allows users to block sites that are known to host malicious software from the router so that it keeps all connected PCs clean.

If they're the kind of users who won't renew AV software for expense reasons they are better off with a current free AV solution than an out-of-date commercial one.

Answer 10

Particularly if the main OS is Windows XP, I would recommend setting up a virtual machine (VirtualBox is free and good) and putting a Linux distribution inside the VM. Do web browsing from Linux and run other programs from Windows.

You could also set up a dual boot - Wubi is a dead simple way to install a Linux "virtual partition", but the VM makes it simpler to switch between operating systems.

While Windows Vista and Windows 7 can be very secure OSes, Windows XP has enough holes that trying to make it secure is very difficult.

Answer 11

My issue is about having the kids grow up learning. SteadyState styled solutions, which so far sound like the most attractive, will either A) be a limitation to what the kids can learn, or B) will be worked around at some point by the kids. Either way, you're limiting the kids' ability to be become good computer users.

I'd recommend that you basically setup a state rollback that is voluntary, I don't know if SteadyState offers this choice. This is something you'd do from a safe start. You then teach the kids to do that, and explain to them why they need to, what they lose when they do it, and how to avoid having to do it. Additionally if it ever happens that your friend chooses to rollback, he should use the opportunity to show the kids what's wrong with the machine, theorize on why it happened, and have one of them pull the trigger on the rollback, while possibly letting them keep some of the misplaced files and such that invariably they will have and want to keep.