This belongs in T-T-T-Tech Yourself, but...

Live forum: http://forum.freeipodguide.com/viewtopic.php?t=68626

Admin

25-08-2007 13:09:55

I'm the admin so I'll post it where it gets more traffic.

A friend of mine has a midrange Dell laptop. He's not a computer person. He keeps getting bogged down in spyware, malware, and god knows what else. I am going to flatten and reinstall today. Is there a program (or more likely, a suite of programs) that I can install that will protect him from himself, so to speak?

Gigante

25-08-2007 14:17:33

I would do with Ad-Aware, Spybot Search $ Destroy, AVG Anti-Spyware, SpywareBlaster and Windows Defender. Seems like a lot, but I think it's worth it.

samz465

25-08-2007 14:22:23

[quoteaabeed7cdc="Gigante"]I would do with Ad-Aware, Spybot Search $ Destroy, AVG Anti-Spyware, SpywareBlaster and Windows Defender. Seems like a lot, but I think it's worth it.[/quoteaabeed7cdc]
Lol...You pretty much covered them all.

dmorris68

25-08-2007 14:56:18

I pretty much agree with Gigante, 'cept I've backed off to just AVG Free, a-squared free, and Spybot. a-squared is better than SpyBot (actually better than all of them, IMO) but the free version doesn't have the real-time protection that Spybot has. I ran Windows Defender too for a long time but honestly with the others it's about useless.

JennyWren

25-08-2007 16:12:44

Get him a really hot girlfriend who wants it 24/7 so he stops downloading pron.

Admin

25-08-2007 16:42:44

he's gay

Admin

25-08-2007 16:44:20

also thanks for the help dmo and gigante

tylerc

25-08-2007 17:18:38

[quote4de1ca8090="JennyWren"]Get him a really hot boyfriend who wants it 24/7 so he stops downloading pron.[/quote4de1ca8090]

Problem solved.

Admin

25-08-2007 21:26:48

it took repeated scans by all three of those, and a new user profile, but it appears i have salvaged the existing configuration (which means less work overall)

moviemadnessman

25-08-2007 21:51:16

Also, for a firewall ... ZoneAlarm is what I use. It is free and works really well ... and honestly, it compliments the other programs nicely. Just thought I would throw that in here.

dmorris68

26-08-2007 11:15:10

And I prefer Kerio Personal Firewall to ZoneAlarm, if you care to evaluate the differences. They also have a free version -- the 30-day trial reverts to the more limited free version, which is still a fully functional bi-directional firewall. I paid for it a couple years ago after Sunbelt acquired it, and continue to pay the $10/year maintenance fee to get updates.

topbillin1

26-08-2007 11:22:42

www.pctools.com - check out the free firewall they have at the bottom, it's pretty light on the system and isn't bad overall.

I agree with everyone else about the picks, I wouldn't use AVG on XP but on Vista only since Vista is a bit more secure as a whole compared to XP. I would use www.free-av.com for a free antivirus solution.

Spyware shouldn't be a problem with the right browser, you don't need a spyware program to run in real time but only on demand. I gree with A2 as a trojan and spware solution or www.superantispyware.com as a solution as well.

Personally, I think spybot went a bit downhill...

Also, if he insist on using I.E, have him download cyberhawk as use that in real time...

Dmorris68, kerio is still good but I prefer the 2.15 version but that's pretty outdated...

dmorris68

26-08-2007 11:32:49

Wouldn't use AVG on XP? Who on earth not? It's the best AV by far that I've ever used, and I've used most of them. I routinely "repair" peoples' PC's by removing Norton and McAfee and replacing with AVG, and they love me for it because their PC actually becomes usable again. It's caught every virus I've seen thrown at it. So I'm not at all sure why you think it's not suitable for XP. I've been running it for years, ever since Win95/98.

And I disagree about real-time spyware detection. I'd rather know the instant something tries to write to my registry or add itself to my system startup.

topbillin1

26-08-2007 11:52:02

[quote76221bfd6e="dmorris68"]Wouldn't use AVG on XP? Who on earth not? It's the best AV by far that I've ever used, and I've used most of them. I routinely "repair" peoples' PC's by removing Norton and McAfee and replacing with AVG, and they love me for it because their PC actually becomes usable again. It's caught every virus I've seen thrown at it. So I'm not at all sure why you think it's not suitable for XP. I've been running it for years, ever since Win95/98.

And I disagree about real-time spyware detection. I'd rather know the instant something tries to write to my registry or add itself to my system startup.[/quote76221bfd6e]

With the right browser and any basic free firewall you won't even need to run a real time spyware solution, you'll get tracking cookies which is pretty harmless and even that wouldn't be much of a threat if you use any pc cleaning program with your pc.

AVG doesn't have any heuristics... it may work for some but for the experts, they say it's not good, I take their word over anyone elses....

Then again, as I stated before any virus program, firewall and a safe browser (firefox) and you usually shouldn't have any problems. I use pctools firewall which was somewhat built off looknstop, along with antivir and I have 0 problems at all.

topbillin1

26-08-2007 12:07:22

Just did a quick check and I found out the AVG uses different AV engines in some of their products. AVG Free and Pro uses the standard AVG engine but AVG ANTIMALWARE uses a much more advanced engine that performs pretty good, if I were you I'd get that version.

http//www2.grisoft.com/doc/products-avg-anti-malware/us/crp/2

dmorris68

26-08-2007 12:55:55

No sure where you're getting your info, but it's incorrect. AVG uses a heuristics engine, and has for a long time. Plue their anti-malware product you mention is nothing but regular AVG + their spyware scanning engine. There is no difference in their virii scanning engines, they are all the same engine across their product lines. This quoted feature list is from their standard AV Pro product (Free uses the same engine and definitions, just has more limited scheduling and update features)

[quote70b0c786c0] li Easy to use protection install and forget
li New program versions and updates, for free, throughout the license duration
li Quality proven by all major antivirus certifications (VB100%, ICSA, West Coast Labs Checkmark)
li 24/7 technical support provided at no extra cost
li [b70b0c786c0]Improved virus detection based on better heuristics and NTFS data streams scanning[/b70b0c786c0] [i70b0c786c0]the same is quoted for all of their products[/i70b0c786c0]
li Smaller installation and update files
li Improved user interface[/quote70b0c786c0]

And as far as "experts," many still recommend Norton and McAfee, so I take such "experts" opinions with a grain of salt. And for what it's worth, I'd consider myself an "expert" since it's what I've done for a living over the past 20+ years. ;) The number of PC's I've had to repair due to the so-called "expert" garbage would fill a landfill, and my friends & colleagues who run PC repair business feel the same way.

As I said, I base my own preferences not on ANYBODY'S opinion but my own, formed from years of personal experience. I build, operate, and repair dozens of PC's per year, so I've experienced the gamut of most consumer-oriented software. AVG is still the only AV I recommend, and I've yet to have a dissatisfied customer.

Also, you're a bit naive if you think your browser or the sites you visit is the only way to get malware. Malware covers a broad range of software vectors, with browsers being only one of them. One of the leading sources of malware is via executing what you consider to be a legitimate application only to have it install software behind the scenes that you would not approve of. With real-time monitoring, you are immediately aware of anything trying to inject itself behind the scenes, giving you the opportunity to decide what to do about it then. Periodic scanning leaves the window open far too long. And if the application in question is an application that you expect to have access to the internet (for automatic updates, for example, or any type of internet app) then 99% of people will allow it to pass through their software firewall because they assume it's supposed to, when in fact it could have installed a piggyback process that you would NOT want to connect outbound.

Any security expert will tell you that effective malware security requires layers real-time scanning, scheduled scanning, and an outbound firewall. Leave any one of them out, and you're opening a window of vulnerability.

topbillin1

26-08-2007 15:31:27

[quote0d54133830="dmorris68"]No sure where you're getting your info, but it's incorrect. AVG uses a heuristics engine, and has for a long time. Plue their anti-malware product you mention is nothing but regular AVG + their spyware scanning engine. There is no difference in their virii scanning engines, they are all the same engine across their product lines. This quoted feature list is from their standard AV Pro product (Free uses the same engine and definitions, just has more limited scheduling and update features)

[quote0d54133830] li Easy to use protection install and forget
li New program versions and updates, for free, throughout the license duration
li Quality proven by all major antivirus certifications (VB100%, ICSA, West Coast Labs Checkmark)
li 24/7 technical support provided at no extra cost
li [b0d54133830]Improved virus detection based on better heuristics and NTFS data streams scanning[/b0d54133830] [i0d54133830]the same is quoted for all of their products[/i0d54133830]
li Smaller installation and update files
li Improved user interface[/quote0d54133830]

And as far as "experts," many still recommend Norton and McAfee, so I take such "experts" opinions with a grain of salt. And for what it's worth, I'd consider myself an "expert" since it's what I've done for a living over the past 20+ years. ;) The number of PC's I've had to repair due to the so-called "expert" garbage would fill a landfill, and my friends & colleagues who run PC repair business feel the same way.

As I said, I base my own preferences not on ANYBODY'S opinion but my own, formed from years of personal experience. I build, operate, and repair dozens of PC's per year, so I've experienced the gamut of most consumer-oriented software. AVG is still the only AV I recommend, and I've yet to have a dissatisfied customer.

Also, you're a bit naive if you think your browser or the sites you visit is the only way to get malware. Malware covers a broad range of software vectors, with browsers being only one of them. One of the leading sources of malware is via executing what you consider to be a legitimate application only to have it install software behind the scenes that you would not approve of. With real-time monitoring, you are immediately aware of anything trying to inject itself behind the scenes, giving you the opportunity to decide what to do about it then. Periodic scanning leaves the window open far too long. And if the application in question is an application that you expect to have access to the internet (for automatic updates, for example, or any type of internet app) then 99% of people will allow it to pass through their software firewall because they assume it's supposed to, when in fact it could have installed a piggyback process that you would NOT want to connect outbound.

Any security expert will tell you that effective malware security requires layers real-time scanning, scheduled scanning, and an outbound firewall. Leave any one of them out, and you're opening a window of vulnerability.[/quote0d54133830]

With the Ewido engine to go along with the regular AVG engine, AVG gets much better results as opposed to the regular AVG engine.

www.av-comparitives.org

I know you don't like expert reviews but the proof is in the pudding, I'm not saying AVG is a bad av but it's not suitable to me for a high risk surfer (porn, warez, p2p).

As for as Mcafee or Norton is concerned, both of those products score a consistent 97% and up each review they are tested, these are from independent sites like the one above, not the crap that PC Magazine gives out. The insult to Norton or Mcafee isn't really valid for a couple reasons.

1. The main knock on Norton or Mcafee is the bloat that they cause on the PC, Norton 2006 and up are much better at using less resources as opposed to the earlier version. People mainly bitch at Norton because the program slows the PC down to a crawl 9 times outta 10, Norton addresses this with the newer version.

2. Most these guys that have to end up taking their PC's to shops to get fixed usually never run a antivirus scan, they just think real time is enough and that's a lie, anyone with a little knowledge about AV's know that a real time scan detection rates usually fail in comparision to a on demand scan, since that's is where most of the baddies are caught.

As far as Browsers is concerned, a typical DSL connection comes with a built in firewall + your software firewall + a browser that blocks most spyware + a AV and usually you are set.'

I will speak from experience and from others who are really into IT security that most spyware will not affect a pc with Opera or Firefox running as opposed to one running IE.

You can compare alot of AV's to AVG, AVG has improved greatly from their earlier versions but it's not enough for me to consider to use it on my XP desktop as I'm a heavy torrent user and the protection they give me simply isn't enough.

If you really want to go into detail about AV's, then you'll know that most experts are saying that signature based AV's are pretty dead since most malware is behavior based, that's usually only caught by proactive and heuristic detection.

Even norton is opened up Norton Antibot, which is a behavior based malware catcher, with that being said and with a user that prefers to use IE, it's not smart to use AVG free at all, I would throw Antivir or Nod32 on my pc if my surfing habits were not good.

Just look at all the rootkit programs that are here now, signature based AV's can't even catch them anymore.

Strong heuristic is the future of AV's as well as behavior blocking.

dmorris68

26-08-2007 17:22:42

Okay, it's obvious I'm not getting through your own strongly held opinions, and that's fine. We're all entitled to them, but it bugs me when people regurgitate things as facts rather than through the filter of personal experience, which is what I gather you're doing.

So I'll reiterate a few things and leave you to your opinions

1. AVG uses a heuristics based engine. Nobody said it was signature based only, which I agree is less than ideal.

2. In my own experience, which is not insubstantial and does not come from PC Magazine (or any other reviewer for that matter), Norton and McAfee are crap. They've killed entirely too many PC's for the very reasons you mention, and the new releases ONLY MAKE THEM WORSE. They have lineverli gotten better. I have lineverli had a PC owner complain that their Norton was replaced with AVG Free. It reduced their cost AND provided better protection. And I count those owners in the several dozen.

3. I can find you dozens of people who torrent pretty heavily, and use Firefox exclusively, who have had many occasions to be infected (IE is not a common vector for trojans, btw). Most use AVG and it has caught everything infected that ever hit their filesystem. I certainly can't remember the last time I was infected (it was years ago and before I ran a resident virus scanner).

I'm really curious as to what you're basing your assertions upon. How many years have you been in this business? How much code have you written? I'm sorry but it sounds an awful lot like you buy into the written hype. I've read so many things published that are so very liWRONGli that it's laughable.

Again, I'll base my own opinions and recommendations off my own personal experience that I've cultivated through 25 years in engineering, software development, and PC maintenance. I do read the journals and many online reviews, but I take much of what I read with the aforementioned proverbial grain of NaCl, especially when my personal, daily experience proves them wrong.

topbillin1

27-08-2007 07:53:05

It's no problem, we both have our seperate views on antivirus products but for the record, I'm not saying that avg is bad, I think it's good but I believe thier is much better products out there as well.

Hell, I think Avast is trash as well and many experts stand behind Avast since their the orginators of Mcafee's current av engine.

In the end, it's all about your surfing habits, if you know you're way around the web, the av means nothing as you'll take precautions...

Anyways, I'm done...

Scott

manOFice

27-08-2007 08:21:26

With the exception of me getting the vundo (which I got fixed)

I use Norton AntiVirus and Spybot

Other than that vundo i haven't had a virus in years

KnightTrader

27-08-2007 09:34:24

I've never used an Anti virus on any of my 6 Lan'd PCs or my Laptop. I'm so hardxcore.

Easy Bling

27-08-2007 10:44:04

I didn't see one mention of Sygate's Personal Firewall. I think it's much better than Zone Alarm, but I haven't used Kerio yet. I can't list off the specs of Sygate, but it's free, if that counts for something =)

And I use AVG spy/anti, and just downloaded Spybot (weren't they becoming outdated? Or have they really improved?)

Oh and if you use torrents, I recommend using PeerGuardian.

dmorris68

27-08-2007 11:16:49

We use Sygate here at work, and I must say I don't care for it. Granted I think the net admins have it tweaked down to a very specific purpose, so that may be why. But based on that limited experience with it, I think Kerio eats it's lunch. )

Don't get too lazy depending on PeerGuardian to save you. Just like any other static IP lists (proxy blacklists, for example) the data is obsolete by the time you get it. Probably 60% or more of the IP's on the net are dynamic, and believe me -- RIAA/MPAA/BSA/etc aren't just trolling from their corporate networks. Their agents are doing it from home, from offsite locations including from consulting companies, proxies, etc. They smartened up to PeerGuardian and other such blacklists years ago, and it's pretty trivial to defeat.

Admin

27-08-2007 11:56:11

[quote23076c0fa0="manOFice"]With the exception of me getting the vundo (which I got fixed)

I use Norton AntiVirus and Spybot

Other than that vundo i haven't had a virus in years[/quote23076c0fa0]

this lappy had vundo but i didn't know there were tools for killing it

s&d wouldn't kill it despite rescans during startup. i had to download process explorer and figure out that it was somehow getting a handle open on the fucking DLL via winlogon.exe.

so i made a batch script
loop
del c\windows\system32\vtuvs.dll
goto loop

ran it and then kill the process. woot!

manOFice

27-08-2007 11:59:26

[quote33ea197bd8="Admin"][quote33ea197bd8="manOFice"]With the exception of me getting the vundo (which I got fixed)

I use Norton AntiVirus and Spybot

Other than that vundo i haven't had a virus in years[/quote33ea197bd8]

this lappy had vundo but i didn't know there were tools for killing it

s&d wouldn't kill it despite rescans during startup. i had to download process explorer and figure out that it was somehow getting a handle open on the fucking DLL via winlogon.exe.

so i made a batch script
loop
del c\windows\system32\vtuvs.dll
goto loop

ran it and then kill the process. woot![/quote33ea197bd8]

http//tinyurl.com/3dc95c

They got me fixed up

Had to turn off system restore, boot into safe mode and kill couple dll's with some kind of kill program

then run hijackthis and kill some registery stuff

Vundo sucks

dmorris68

27-08-2007 12:17:35

[quotea7fc46a911="manOFice"]http//tinyurl.com/3dc95c

They got me fixed up

Had to turn off system restore, boot into safe mode and kill couple dll's with some kind of kill program

then run hijackthis and kill some registery stuff

Vundo sucks[/quotea7fc46a911]
That is pretty routine, and will kill ANYTHING if you know what you're doing -- no infection-specific cleaner tools required. It's my default approach to any infected PC brought to me to be fixed. However if you lidon'tli know what you're doing, you can potentially hose your entire system, so make sure you're comfortable with your knowledge of system files and the registry.

Once I've identified the problem (sometimes with an eyeball check of running processes, otherwise through an initial spyware scan), I don't even bother with routine scanning/cleaning anymore. I use Process Explorer to identify the process(es) in question, disable System Restore, boot into Safe Mode, run Hijack This and Autoruns, and start killing/deleting files. Repeat until done (sometimes it takes a few passes). It's usually quicker and more reliable than running scan/clean cycles with anti-malware tools from a regular (non-Safe) login.

manOFice

27-08-2007 12:22:13

[quotee8cb558608="dmorris68"][quotee8cb558608="manOFice"]http//tinyurl.com/3dc95c

They got me fixed up

Had to turn off system restore, boot into safe mode and kill couple dll's with some kind of kill program

then run hijackthis and kill some registery stuff

Vundo sucks[/quotee8cb558608]
That is pretty routine, and will kill ANYTHING if you know what you're doing -- no infection-specific cleaner tools required. It's my default approach to any infected PC brought to me to be fixed. However if you lidon'tli know what you're doing, you can potentially hose your entire system, so make sure you're comfortable with your knowledge of system files and the registry.

Once I've identified the problem (sometimes with an eyeball check of running processes, otherwise through an initial spyware scan), I don't even bother with routine scanning/cleaning anymore. I use Process Explorer to identify the process(es) in question, disable System Restore, boot into Safe Mode, run Hijack This and Autoruns, and start killing/deleting files. Repeat until done (sometimes it takes a few passes). It's usually quicker and more reliable than running scan/clean cycles with anti-malware tools from a regular (non-Safe) login.[/quotee8cb558608]

yep

Speaking of vundo..darn corp employee's!

Alert Virus Found
Computer lililili
Date 8/27/2007
Time 21837 PM
Severity Critical
Source Symantec AntiVirus Corporate Edition File PathC\WINDOWS\pmlkii.dll Virus Name Trojan.Vundo

Gigante

27-08-2007 22:08:08

[quotef57a2abbcd="dmorris68"]Don't get too lazy depending on PeerGuardian to save you. Just like any other static IP lists (proxy blacklists, for example) the data is obsolete by the time you get it. Probably 60% or more of the IP's on the net are dynamic, and believe me -- RIAA/MPAA/BSA/etc aren't just trolling from their corporate networks. Their agents are doing it from home, from offsite locations including from consulting companies, proxies, etc. They smartened up to PeerGuardian and other such blacklists years ago, and it's pretty trivial to defeat.[/quotef57a2abbcd]

Any recommendations on steps we can do to keep from being detected besides watching sources of downloads?

dmorris68

28-08-2007 08:00:19

[quote1d2cc4a7a2="Gigante"][quote1d2cc4a7a2="dmorris68"]Don't get too lazy depending on PeerGuardian to save you. Just like any other static IP lists (proxy blacklists, for example) the data is obsolete by the time you get it. Probably 60% or more of the IP's on the net are dynamic, and believe me -- RIAA/MPAA/BSA/etc aren't just trolling from their corporate networks. Their agents are doing it from home, from offsite locations including from consulting companies, proxies, etc. They smartened up to PeerGuardian and other such blacklists years ago, and it's pretty trivial to defeat.[/quote1d2cc4a7a2]

Any recommendations on steps we can do to keep from being detected besides watching sources of downloads?[/quote1d2cc4a7a2]
None really. Internet activity is far from private. I'd say unless & until a reliable offshore torrent proxy system is developed, there will be constant risk with torrent trading or most any other current P2P technology. Usenet is probably the safest avenue, but even it would only be as safe as far as the service provider is willing to protect your identity. I remember years ago when DirecTV hacking was easy and popular -- all the online vendors promised total anonymity and destruction of customer records immediately after orders were fulfilled. Then when DirecTV and the feds came knocking, they rolled over and gave up customer records by the thousands in order to reduce their own penalty.

Not even private trackers are reliably secure. Just witness the invite trading going on here and in tons of other forums, where folks toss out invitations to anybody. All it takes is one agent of the (insert monitoring organization here) to get in, and then every member is exposed. And with the number of members that sites like OiNK and Demonoid have, I'd be very surprised if they weren't already infiltrated several times over.