How to prevent Spyware from installing itself using Spybot Search and Destroy

All the Techtips in this series prior to this one are for removing Spyware after it gets onto your computer and even thought it might be perfectly fine just to know how to remove Spyware sometimes removing spyware actually breaks your computer so, the best policy, as always, is to prevent Spyware from ever installing itself in the first place. This tip will show you one of the steps in the process of protecting your computer using Spybot Search and Destroy.

In my previous Spybot Search and Destroy tip "How to download, install and run Spybot Search and Destroy" you were shown how to use Spybot S&D strictly to remove Spyware but it also comes with some very effective ways of protecting your computer from Spyware installation. It's assumed that you have successfully installed Spybot S&D and your computer is free of Spyware. This tip will deal with the features called SDHelper, TeaTimer, and the Hosts file.

  1. SDHelper is a simple feature that when enabled prevents websites from installing unauthorized ActiveX controls using Internet Explorer. ActiveX is a feature implemented in Internet Explorer that was initially designed to make a user's browsing experience richer but because of the broad scope of abilities a control has it has become a security hole that gets used by Spyware companies and hackers to perform unauthorized functions on your computer. If you use a browser other than Internet Explorer such as Firefox to do your internet browsing you likely don't need to use this function but it only works with Internet Explorer anyway.
  2. TeaTimer is a memory resident (runs in the background while you work) program that exists as a feature of Spybot S&D. It monitors your registry (obscure area in Windows that serves to store important information about and for programs) for Spyware activity and either prevents it from happening automatically based on an existing blacklist or notifies you and asks you if it should allow it or not. You might think to yourself "even if I'm notified of changes how do I know if I should allow them or not?". Even without knowing what specific changes do it is often enough to know that they should or shouldn't be happening at any given time. For example, if you are installing software that you know doesn't contain Spyware then you can easily allow all changes, however, if you're browsing the internet and all of a sudden you're being notified that a change is trying to occur you should prevent it from happening. However, the more you learn about Windows and the Registry the easier it will be for you to identify proper or improper entries.
    Enabling TeaTimer involves getting at the advanced settings in Spybot. Simply startup Spybot by double clicking the icon on your desktop. On the menu bar select "Mode" then select "Advanced Mode", read the dialog box and click "Yes". In the menu on the left near the bottom you'll see a bar labelled "Tools" which you should click on. Now you're presented with various options but the one we're dealing with right now is the one called "Resident". When you click on Resident you see two check boxes, one labelled SDHelper and the other TeaTimer. For TeaTimer make sure that there's a checkmark in the box and it'll be enabled so you should see a new icon in the bottom right near your clock, officially called the notification area as of Windows XP.
  3. The Hosts file refers to a file found on all Windows operating systems that helps resolve IP numbers from a name. When you want to get to a website you enter something called a Universal Resource Locator (URL) into the address bar of your browser. The URL isn't the actual address of a webpage it's more like a friendly name. All devices that operate on the Internet have a number that generally looks like 192.168.172.237 and identifies that device uniquely. The numbers are too hard for most people to remember so a method was devised so that people could use friendly names (URLs) and something somewhere else would take care of entering the corresponding number. The system the internet uses is called Domain Name System (DNS) which consists of servers on the internet that maintain updated lists of names and numbers, however, before there was DNS there were Hosts files. They're like personal lists of names and numbers located on your computer and not only are they still used today they are checked first before your computer checks the lists on the internet. The Hosts file method that Spybot uses takes advantage of the existence of the Hosts file by creating a list of URLs that are known to be used by Spyware companies and gives them a number that points to nowhere so, even if your browser wanted to go there it would be unable to. Inserting the entries into the hosts file is quick and easy. In the tools menu mentioned above click on the hosts file option. If you do not see the option you will have to go into the screen just to the right and place a check mark beside "Hosts File". Once "Hosts File" is visible you should click on it and in the resulting window click on the button labelled "Add Spybot-S&D Hosts List" to add the list of sites known to be used by Spyware to your Hosts file thereby preventing Spyware from working even if somehow it manages to get onto your computer.

The next tip deals with scheduling scans and adding an even larger hosts file than the one added by Spybot as a complement to the hosts file protection system.

---
Joe Magueta is an IT Consultant with Phoenix Community Works Enterprises (PCWE), a nonprofit organization that provides support to charities and other nonprofits.
Please send questions or comments to techtips@pcwe.ca.