Start page hijacking - Why it is done and how to change your start page to what you want

Ever had your browser all of a sudden change its start page?

Flooding you with gazillions of pop-ups, banners, ads, filling up your favorite's folder with junk and all sorts of things you never asked for? If this has ever happened to you, you will know how hard it is to undo some of these changes.

What you just encountered is know as 'start page hijacking' or 'browser hijacking'. Browser hijacking is a way for other people to increase the income of ads on their sites by forcing your browser to display their page (sometimes loaded with popup ads) as the first page of your browser.

Unfortunately, this sickening method of attacking and harassing us poor internet users is quickly catching on and increasingly more morally questionable sites employ a form of start page hijacking to force internet users to click on their ads in a desperate attempt to get rid of their hijacker.

More often than not attempting to remove the hijacker by any methods indicated by your hijacker (e.g. “Click Here to…”) then leads to at least a billion more adds and programs to be downloaded onto your PC without you wanting them to. If you have by some strange stroke of luck managed to avoid being hijacked so far then it still is time to consider preparing the appropriate protection for any future encounters.

Not only does start page hijacking make other people money, it can also regularly cripple your browsing capabilities and more often than not will ruin a perfectly good day.

Browser hijacking in some cases can simply be un-done by going to the internet options of your browser and changing your start page back to what you want it to be (e.g. www.google.com or www.k.st ) but some hijacks are more persistent. They can change internet options, remove buttons from your internet browser and even go as far as to work themselves into the core of your operating system (your registry). This regularly makes it impossible to undo changes made by the hijacker unless you are skilled in registry editing (which most of us are not).

Fixing the problem afterwards is rarely easy so the wise internet user (that's us!) will take steps to prevent our browser from being hijacked.

Ironically the easiest way to prevent browser hijacking is to stop using Internet Explorer and switching to a different type of browser. Firefox or Mozilla are both excellent alternatives to Internet Explorer and are generally practically immune to most forms of browser hijacking.

The reason for this is two-fold:

1. Most types of browser hijackers concentrate on hijacking Internet Explorer browsers simply because they are the most commonly used. After all, if you try to sell a product and have to target a specific audience you would like to target the biggest possible audience. Since Internet Explorer is standard with Windows operating systems few people ever bother to change their browser causing well over 75% (a conservative estimate) of all internet users to be browsing with a version of the Internet Explorer.

2. Internet Explorer has a very low default priority on security. While browsers like Mozilla and Firefox have deemed security one of their most important features Internet Explorer has strangely never emphasized security features. With browsers like Mozilla and Firefox the user will always be prompted to either allow or disallow web site plug-ins, activeX components and many others that Internet Explorer considers to be safe.

Of course switching browsers is not for everyone and if you can't change browsers or simply don't want to then you will have to put a little more effort into securing your browser from possible start page hijacks. The first step is to install a good spyware scanner which is discussed in another section. It will prevent most of the problems that are accompanied with start page hijacking and will (if it does happen) make your life easier in removing the problems caused by a hijack.

The second step is to update whenever possible. Update your Internet Explorer to the newest version whenever possible and make sure you also install the newest security patches for Internet Explorer. This will require you to check for updates at least once a month to ensure optimal security but going through all that hassle is still better than having your browser hijacked.

A little know fact about internet browsers is that they use so called 'JAVA' programs to display and perform various operations (from displaying movies to installing browser plug-ins for Flash and other things). To be able to do this your computer is equipped with 'Microsoft Java Virtual Machine'. The Microsoft Java VM unfortunately has multiple flaws that can easily be exploited by intelligent browser hijackers (sometimes referred to as 'script-kiddies' indicating the typical computer juvenile delinquent).
Replacing your Microsoft Java VM with 'Sun Java JRE' (available at www.java.com) will severely hinder anyone who is trying to use Java VM's exploits simply because most of them are not present in Sun Java JRE.

Even more tools can be installed to prevent browser hijacking such as a browser hijack blaster (or similar prevention tool) which will detect any changes made to your browser settings (by anyone other than you) and ask you if these changes should be allowed.

As a final tool to be installed there are scripts (similar to programs) like IE-spyads which will add a huge amount of sites to your browser as restricted sites. Restricted sites are crippled to an extent where they are unable to install anything on your PC without you knowing it and are also prevented from making changes to your browser's setting.

Finally there are some changes that can be made to the settings of the Internet Explorer that will help you protect yourself against being hijacked.

To change settings in most versions of the Internet Explorer do the following:

1. Open Internet Options from the Windows control panel and click the Security tab.
2. Highlight the Internet icon and then click Custom Level.
3. Choose Medium from the drop-down box at the bottom (setting it to high can severely hamper your browsing habits and isn't recommended).
4. Then click the Reset button.
5. Click ok and then click Custom Level again.

Below you will find a list of things that you might want to disable (turn off), a list of things you might want to enable (turn on) and a list of items that should prompt you (ask you what to do). Explaining all these items separately would take quite a bit of knowledge of internet security and general internet operations as well as knowledge of TCP/IP. Additionally it would probably be enough to fill a small book and as a result will not be discussed here (you can find an explanation of these settings by searching the web quite easily).

Disable

1. Download unsigned ActiveX controls
2. Initialize and script ActiveX controls not marked as safe
3. Run components not signed with Authenticode
4. Access data sources across domains
5. Userdata persistence

Enable

1. Run ActiveX controls and plug-ins

Prompt

1. Run components signed with Authenticode
2. Download signed ActiveX controls
3. Script ActiveX controls marked safe for scripting
4. Drag and drop or copy and paste files
5. Installation of desktop items
6. Launching programs and files in an IFRAME
7. Navigate sub-frames across different domains
8. Allow paste operations via script
9. Scripting of Java applets

Additionally you will want to set 'Software channel permissions' to 'High safety'.

Now after making all these settings don't be alarmed about the amount of questions your browser starts asking when before it probably didn't ask any at all. We are now in full control of our browser, if we have any doubt about what to answer to a particular question first deny and then if we notice that something we wanted to work doesn't then re-load the page and confirm the browser's question.

Congratulations, you just turned the Internet Explorer from a puny bicycle into a heavy armored tank ready to guard your borders from invasion.