Pop-up advertisements and similar annoyances like having the web browser home page being constantly re-directed to a web site not of your choosing are due to software being installed on the workstation. This is not something that a firewall will protect against.

Un-authorised software may be installed unwittingly by users due to a lack of understanding of the potential consequences. The lure of "free" software that purports to provide some 'nice' feature like an automatic desktop-changer, or an exotic screen-saver is designed to encourage users to download and install a program. What users often don't appreciate is that these programs from an unknown source may also contain Trojans (e.g. a second 'hidden' program) such as the pop-up advertisements or worse remote keystroke monitoring software to capture passwords and other confidential information, or some other 'nasty' like a virus).

Unauthorised software can also be installed automatically without the users knowledge when visiting certain undesirable Web sites. Often these "honeypot" sites lure users with the promise of free give-aways, or other dubious material. Once the user visits the Web site, the Web site exploits vulnerabilities in the web browser to automatically install and execute Trojan software.

How do you prevent this problem?

The first and cheapest step is educating users about "acceptable use" policy of computers in the work environment. If users don't install un-authorised software, and users don't visit non-mainstream Web sites, then the risks of installing Trojan software is substantially reduced.

Second, ensure that appropriate security updates are installed as they are released. As these patches are released by the software vendors to address known exploits.

Third, consider implementing a Standard Operating Environment (check this article for an explanation of a SOE). With a SOE deployed users should not need to install applications and thus workstations can be 'locked down'.

Prevention is the best approach, but if you know or suspect that you may have 'spyware' software installed on some of your workstations already, then you can try the following programs to identify and remove the Trojans (Ad-aware, Spybot Search & Destroy, TDS-3)