[ale] Seeking ways to getting around spyware on Windows

Mon Oct 10 13:37:52 EDT 2005

Jason Smith wrote:
> Hi all,
> 
> I need to setup my parents' computer with Windows and
> was thinking of ways to prevent them from
> inadvertently installing spyware/adware.
> Windows is a must since it is all that they are
> familiar with.
> 
> One idea I had was to 
> 1. Install Linux with VMware ... and an image of
> windows XP. That way, if their current image got
> messed up with spyware, I could have them make a copy
> of the original clean image and use that.
> 
> Are there better ways of doing this?

Jason,

I am by no means a MS Windows advocate, however I have been playing 
around with WinXP lately.  I've started to depend on several apps/tools 
for work that require Windows, and as such I switched my GUI back to 
WinXP from Debian/Gnome (at least for now).   So, this is an informed 
statement from a seasoned Linux desktop user who has used Windows here 
and there over the years, as well as from a guy with considerable 
systems security knowledge.  Here goes:

I have what I believe to be a very stable and secure install of Windows 
XP with Service Pack 2 on my very mobile laptop.  Here is what I did and 
what I recommend to others:

    1) Install Microsoft's AntiSpyware 
http://www.microsoft.com/athome/security/spyware/software/default.mspx
       and SpyBot S&D (they compete AND complement each other).
       Set both up to auto run/update/etc.  Use them often.

    2) Setup Windows Firewall to deny all, and check the "Don't
        allow exceptions" box.

    3) Disable almost all WinXP services
        http://is-it-true.org/nt/utips/utips76.shtml

    4) Disable Windows Messenger
http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

    5  Install Trillian for IM.

    6) Install Mozilla Firefox (webbrowser) and Thunderbird (if you need
         email)  Run them, have them setup themselves as the default
         applications for www/etc.  Run IE and tell it NOT to check to
         see if it's the default.
    7) Use Add/Remove Windows Components to remove Windows Media Player
         and Internet Explorer (the binaries remain but the configs go
         away)

    8) Want more?  Run gpedit.msc and restrict further. ;-)

Why did I do this?  Well there are a few reasons:  Google Earth, Cisco 
IP Communicator, iPass Client, Motorola Mobile Phone tools.  Once I get 
those working under Linux I will be back to a Linux desktop 100% of the 
time.  Note, just because I start from a Windows desktop in no way 
implies that I don't still work on Linux systems.

Yes, it can be done. Windows XP can be secure.  However, the rest of 
Windows' nuisances still remain.

<ducking> Flame away!  ;-)

-Jim P.  (I still prefer Gnome and a real! shell)