Handling your computer security and dealing with Spyware and viruses
Tue, Jul 10 2007 7:12 PM
Viruses and Spyware are annoying to deal with that’s why the following is a bit of a guide to make sure you don’t have to deal with them and if you do need to battle them what the right way to do so is.
A bit of advice to help out with not having to deal with this in the first place.
When you’re doing things like surfing the web you can make use of a lower privileged account to make sure that the websites / web ads can’t install any stuff on your computer that you don’t like. This also goes for programs and utilities which you run which can in turn install other programs which you don’t want.
How to create a limited account, this is the easy part :)
start -> settings -> control panel -> users
Create New user:
Give the new user a name -> select next
Select limited user -> create account
control panel -> user accounts -> manage another user account -> create a new account
Give it a user name and select standard user then hit create account.
The hard part is actually using these accounts when doing your computer work.
There are a few programs which won’t work these programs can be run through using “run as” which is available when you use a right click on whatever program you want to start being in the start menu or in through an explorer interface.
There is also something more powerful to do the job namely which is called Make me Admin, more information about that tool can be found here.
Ok now that we got that out of the way, next point of attention: Virus scanners are performance killers, I would go so far as they are just a little step better then the viruses which they protect you from. Mr Atwood was so kind as to give his opinions on the matter here.
When looking at this article you can see that the top 2 virus scanners in use today are also the ones which suck the most performance out of your system.
Namely using 20% of your CPU and slowing your hard drive down 20 fold. The review of the Symantec NIS 2007 version was supplied by Symantec before it was available in the shops so that’s why I’m quoting the numbers for the 2006 release (not sure if the 2007 version was a special sample).
So first step in combating stuff you don’t want running on your computer, know your taskman
Ok now you know, how to do the task switching stuff in the standard windows way, now your ready for the next step which is a better task manager for even more powerful features called process explorer.
This does the same as task manager from windows only it allows you to do a lot more.
You can use this when you want to delve a little deeper into what is happening in your computer. So what about when you do get infected by nasty little viruses and other things, you can use a combination of autoruns and process explorer to clean everything up.
The how to for this can be found here . Some added notes. Determining which files are spyware / viruses can be helped by taking into account the following:
- They usually doesn’t contain an icon
- They are often packed (outlined in purple) to avoid detection by anti spyware / virus
- You can look at the strings in the files to see if they contain suspicious text like: www.blabla-poker.com or something like it
- When files are packed look at the memory version of the strings tab to find the decoded version of strings
- Microsoft signes almost all their code so if it says it’s from Microsoft and it’s not signed then it’s probably a fake.
- When going after the software suspend all the processes first before killing them. This way they won't be protected by each other.
After you have cleaned out the normal spyware and other vermin, your next stop is Microsoft’s own rootkit revealer .
This program will help show you which viruses and malware / spyware has hidden itself from you in a way that you can’t remove it.
When you know which dll / exe it is which has hid itself it’s just a matter of writing down the names and removing the files from your hard drive using either something like a linux live disc or safe mode. All the programs mentioned are free of cost and free of spyware, they are just simple no nonsense applications which do their job :)