best way to combat spyware on windows computers?

[Filliam H. Muffman]

Describe your situation a little more: how old is the computer, specs, OS, favorite browser, typical use (home, home business, small business), do you use Windows Update regularly?

There was a related thread recently.
http://forums.macresource.com/read.php?1,908361

I just went through updating my Mom's WinXP computer with McAfee (free from AT&T with higher tier DSL) and it kept a 2.8 GHz single core Athlon over at over 70% for 15 minutes doing a full scan. Really performance crushing, I walked away and let it run.

Edit: it looks like Microsoft is herding people to IE8 by letting live exploits for IE6 and IE7 go unpatched for a long time. I use Firefox most of the time.

[samintx]

I use SpyHunter and am happy with it. I run it every time I open WIN8. I have heard SpyBot is very good, tho.

[Lew Zealand]

OK, I posted a short somewhat smartass answer, though it is accurate, but the best thing you can do to prevent _catastrophic_ spyware problems is to run in normal user mode, not admin.

We switched here at work and users have been bitten by spyware but since our contract-supported users are running sans admin, the cleanup is easy. Remove a few .exe files from the user's temp directory and a few entries in HKEY_LOCAL_USER and you're back up and running.

We don't use any antispyware here and most people use IE7 so we're relatively exposed but the problems have not been bad for the users not using admin.

[ztirffritz]

Lew Zealand's post is technically accurate, but in my experience, not practical. It depends upon the situation a bit and which applications are being used. In my environment, most all of the users need access to software that won't run unless the user is logged in as an administrator. I've complained to the vendors, but they don't care. They know that I'm at their mercy. I used to try to modify the installations so that un-privileged uses could use the software, but every update undid my efforts.

If you can get away with running the users in a 'Standard User' role then definitely do so. It just wouldn't work for me though. Microsoft actually recommends that all users run as admin users, but that you control security settings via GPOs from the domain controller to prevent the installation of software.

[Sam3]

We use Spybot S&D, Malwarebytes, Super Anti-Spyware, but these tools are used mostly to clean out infected machines. We use Symantec Endpoint Protection as the enterprise-level anti-virus software, but still get infections. Lately the infections have been limited to one particularly nasty bugger; the FakeAV malware. For infected machines the best recourse has been to reformat and reinstall Windows and all drivers and applications.

Also, XP makes it almost impossible to run in a non-administrative mode. Quite a few of the applications that we run need to be run as administrator. Also, general management like installing printers or software is near impossible as a regular user.

[Lew Zealand]

We are experimenting right now with software access restriction GPOs and it's going quite well but it hasn't been rolled out to everyone yet.

We have a number of software packages which individual users need Full Control or at least Modify rights to the Program's folder in Program Files but once those rights are given, we don't have any problems. We're not constantly updating so the frequency of this being necessary by no means prohibitive. The exceptions are the Developers who need admin as they need to test all possibilities on the software they are writing.

[Lew Zealand]

BTW, I don't make these decisions for our users nor have I set the system up here but this setup (with a print server which delivers the drivers to the user when they select their printers) is working for hundreds of supported users and almost all of them are running without admin.

[Lew Zealand]

More notes: all using XP, on AD, we send jobs remotely and remote desktop if necessary using 3rd party SW. And the users are using many different apps, our installation server has many dozens of software packages (maybe hundreds) which are in use on different various computers.

[Filliam H. Muffman]

ztirffritz wrote:
If you can get away with running the users in a 'Standard User' role then definitely do so. It just wouldn't work for me though. Microsoft actually recommends that all users run as admin users...

:agree:

Sad but true for a lot of software. I know someone that worked at a minor competitor to Oracle and they tried to stomp on related bugs for several years before just giving in. It is possible for to run as non-admin for people that use ONLY Microsoft office programs in a business setting, but it can be unpredictable in complicated domain setups. It will be a lot easier to fix infections in the future when everybody is booting off of network .VHD images... restart the machine, infection gone. Patch the master image with updated virus softare, have everybody restart, no more threat (for a few days at least).

[Dick Moore]

I'm using Microsoft's free Security Essentials, and so far, so good.