Spyware can end up on computers through three main channels: spam, Web surfing, and software downloads from the Web.

To address the problem of spyware, you need to develop policies and implement technologies to manage these vectors of attack.

If you haven’t done so already, install Windows XP Service Pack 2. Windows Service Pack 2 includes enhancements like the pop-up blocker that greatly reduce the chances of a spyware infection.

Have a strategy to reduce spam. This could include utilizing the Smart Screen technology found in Exchange Server 2003 and in Outlook 2003. Upgrading to these releases and following the guidance available on Microsoft.com can reduce a major channel for spyware and Phishing attacks. This technology is used to block over 3 billion unwanted e-mail messages per day.

Utilize the features of the Internet Explorer Administrator’s Kit to lock down your environment. The I.E.A.K. enables administrators to centrally manage the settings of Internet Explorer.

You should also consider implementing the Zone Management features within Internet Explorer. This provides you greater control over content from external or untrusted websites.

Install spyware protection software on all your computers. I encourage you to download and evaluate a copy of the new Microsoft Windows AntiSpyware beta available at www.microsoft.com/spyware.

Make sure antivirus and desktop firewall software are installed on all the computers in your network and that the network is protected by an Internet firewall.

Be sure to keep these security protections up-to-date and scan your computers on a regular basis.

Establish policy around what software can and cannot be installed on your PCs. Utilize systems management tools like SMS 2003 and the features within Active Directory to help enforce this policy.

Keep up-to-date on all Microsoft security updates and service packs. This is critical to helping reduce the impact of malicious attacks, including spyware.

For guidance on how to implement a patch management program, take a look at our December Webcast available at http://www.microsoft.com/security360/.

To reduce spyware, you must implement a usage policy that restricts non-business related computing activity.

Tell your employees avoid untrusted Web sites. You can use ISA Server 2004 and partner solutions such as SurfControl to enforce this policy.

Prevent employees from downloading unsigned ActiveX programs. Windows XP Service Pack 2 can help you enforce this policy.

Educate users about the dangers of opening e-mail messages and attachments from people they don’t know.

Microsoft Windows AntiSpyware (Beta)
Download the beta of this security technology that helps protect your computer from spyware and other potentially unwanted software.

Malicious Software Removal Tool
Use this tool to scan your computer for specific threats and remove them.

ISA Server 2004 Webcast Series
Learn about Internet Security and Acceleration (ISA) Server 2004 through this week-long series of webcasts January 17-21, 2005. These webcasts will be available for on-demand viewing.