Browser Security

There are steps you can take to reduce the likelihood of getting infected by spyware while web surfing.

Nearly all web-borne spyware is in the form of an "Active-X" control (a type of program). 

What is Active-X?  Active-X is a Microsoft technology that allows a web site to install and run code (a program) on your computer.  That's not to say that Active-X is bad.  Active-X is a tool, nothing more.  Like any tool, it can be used for good and bad.

Your browser can be configured to react in several ways when it encounters a web site attempting to run an Active-X control.  It can deny the control, it can accept and run the control, or it can ask you if you want to accept and run it.

The safest option is to simply have the browser deny the control.  This way, Active-X controls will never run on your browser, making it less likely to get infected while browsing.  But if you set your browser to always deny Active-X, then you can't run most web-based games or other cool things.  Of course, those cool things may well carry a spyware tag-along!

Another safe option is to configure your browser to always ask you before running an Active-X control.  This way, you can decide.

A word of warning:  Just because your browser asks you doesn't mean the Active-X control that a web site is trying to run is safe.  Your browser cannot determine the intent or safety of the Active-X control.  It can only ask you for permission to run it, nothing more.

Signed vs. Unsigned
Some Active-X controls are "signed" and others are "unsigned".  What does that mean?

A signed control means that the control's author has certified to a trusted CA (Certificate Authority, such as VeriSign) that the control is "safe" and their identify is confirmed.  This is great if your only concern is avoiding Active-X controls written by Eastern Bloc hackers.  But it doesn't mean a thing if you are trying to avoid spyware.

In fact, nearly all common spyware is loaded from a signed Active-X control because most computer's browser are configured to automatically reject unsigned controls.  For the purposes of avoiding spyware, you should exhibit the same level of caution and doubt for signed Active-X controls that you would for unsigned Active-X controls.  That is, don't trust it unless you know FOR A FACT that the control really is SAFE -- no spyware!

Web games
Most legitimate free, web-based games on the internet are written using Shockwave or Flash, a rich-content authoring system developed by Macromedia.  These games are generally safe since they operate solely within the confines of the Shockwave or Flash runtime rendering engine.  Since you probably already have Shockwave and/or Flash on your computer, then running a game written using these authoring systems will not generate an Active-X execution permission window. They'll just run.

Here's how to set your browser security for Internet Explorer:

• Open Internet Explorer
• Click Tools
• Click Internet Options
• Click the "Security" tab
• You'll see a window with four icons, labeled "Internet", "Local intranet", "Trusted sites", and "Restricted sites".
• Click the "Internet" icon.
• Click "Default Level", near the bottom right.
• You'll see a slider.  Set it to "Medium", or higher.

Here's what the "Internet Options" setting window looks like when it's properly set.  Note the areas circled in red.

Mozilla Firefox, a popular open-source (source code that is published and free to download) browser, is far less vulnerable to many of the security threats that affect Microsoft Internet Explorer.  For one thing, Firefox does not natively run Active-X controls.  You can get an Active-X plug-in for Firefox, but it's not automatically there.