So there I was on a Friday night, downloading a podcast off of a web site. All of a sudden, Internet Explorer closed and a spyware box popped up. No matter what, I could not run Internet Explorer again. All that came up was the spyware box: even System Restore was blocked! I proceeded to restart my PC and login. Again, the spyware came back. I booted to WinRE and ran System Restore that way and all was well.
This story is told over and over again, except that I work in IT as systems support. I’ve been spyware free for the past 7 years on my personal computer. I’m running Windows 7 x64 with IE 9 with UAC turned on: not exactly an unsecure PC. What went wrong? Well, I was up to date all on Windows updates, but was a month or two behind on Java and Flash updates. The scary part is that this software announced it was living on my PC. What if it was a keylogger? I would have never known.
I decided to make myself more secure. I first tried running Google Chrome on Ubuntu 11.04 in a Virtualbox session. After messing with Samba so I could save files to my Windows box, I determined this wasn’t going to work. Not only was the response “jerky”, the Debian version of Google Chrome wouldn’t import bookmarks from Internet Explorer. I next tried SandboxIE: a sandboxing solution for IE. I’ve used this program for certain high risk PCs and it works great, however all the files I downloaded would go into C:sandbox. This would require me trying to find them within the sandbox folder, then move them to their final destination: a pain.
I decided to try Google Chrome straight up on my Windows 7 PC. It’s unbeatable at PWN2OWN conferences and constantly updated. Inside of being reactive, Chrome checks to see if there is a new version of itself every time you start it. This is in contrast to Internet Explorer which relies on the mercy of whenever Windows Update is ran. In addition to this, I switched over to Norton DNS, which blocks known malware sites. I found this tidbit from http://www.theregister.co.uk/2010/08/18/sysadmin_malware_athome/. Unfortunately, the first popular DNS offering I tried called OpenDNS only offers malware protection at the Enterprise level which is $2000/year. To top it all over, I loaded Securnia PSI. This scans your system for any outdated software, such as Java and Flash and offers to update it for you in the background (it appears to get around UAC issues by installing two services that run as local system). This allows a one stop shop for updating all the outdated software on your PC.
Finally, get AdBlock from the Chrome web store. This is a free Chrome add-on created by Michael Gundlach that blocks ads on web sites.
– Soli Deo Gloria