Sunday, October 24, 2010

Computers: Antivirus

In previous blogs, I discussed basic computer maintenance tasks as well as setting up your anti-spyware protection. After you take care of those tasks you should ensure that you’ve cleaned off any potential malware with these tools. It is best that you scan your computer first, then install these and activate their protection services.


Antivirus
1. Introduction
2. Malwarebytes
3. Avira and Avast
4. On-line tools
5. Hijack this
6. Other tools and my comments
7. Summary

1. Introduction

Computer "viruses" have come to mean any number of different types of software that install themselves without your knowledge and perform operations that you do not know about and do not want. In common usage, malware has become synonymous with "virus".

For that reason, most anti-virus software is designed to detect and mostly remove all sorts of bad stuff (Yeah!).

I'm going to introduce you to several pieces of software that I have used in the past couple of years. However, there is a lot of other perfectly good software I am not including because I am either ignorant about it or I've found I prefer one of their other tools. I'll discuss some of these at the end of the blog.

All of the ones I've included you can download and use for free.

One thing you should know is that many antivirus applications do NOT work well when use on the same computer as other antivirus software. I'll discuss this in a bit more detail under the relevant sections

Back to the top


2. Malwarebytes
Malwarebytes is a malware scan tool only. Meaning it'll only look for and try to fix viruses if it finds them. It does not include virus protection. Which means that it does not have a program that runs on you computer and tries to block suspicious activity. This is unlike the other applications I'll discuss here.

However, if you have other virus protection, Malwarebytes is a very nice tool to have because it runs fast and it won't interfere with other programs. Malwarebytes *CAN* be installed and used with all of the other antivirus software I've tried. So I have it installed on all of our computers.

To get it simply "Google" it or go directly to www.malwarebytes.org. I used to post direct links but Google has been busy nerfing my external links!
Select the free version and wait for the file to download (it's about 6MB in size).
When the download completes, execute the downloaded file.
Follow the directions for installing the software.
When asked if you want to update the virus definitions file, say "yes."
When asked if you want to scan the computer, say "yes."

If Malwarebytes finds problems, allow it to try to fix them.

When you're done with the scan, set up Malwarebytes to scan your computer automatically every week (just like we set up the weekly defragmentation runs a couple of blogs ago).

To set up daily virus definitions updates on Windows XP:
1. Left mouse click (abbreviated LMC) on the [Start] button.
2. Click on "Settings >"
3. Click on "Control Panel"
4. Double click on "Scheduled Tasks"
5. The "Scheduled Tasks" window should launch.
6. Double click on "Add Scheduled Tasks"
7. On the "Task" tab, enter the text "C:\Program Files\Malwarebytes\mbam.exe /runupdate" into the run field
8. On the "Task" tab, ensure that the "Enabled" check box is checked at the bottom of the page.
9. On the "Schedule" tab, select the scheduled task to run "Daily"
10. On the "Schedule" tab, select a start time (I just leave it with the default, the update runs so fast, you won't even notice it).
11. On the "Schedule" tab, select the number one in the "Every" box.
12. On the "Settings" tab, you may choose your own settings but I would enable the ability to "Wake the computer to run this task."
13. When done click the [OK] button.
14. You may be prompted to enter your username & password. If you are, enter them and click [OK] again.
15. Your computer is now set to update your virus definitions daily!


To set up weekly Malwarebytes virus scans for Windows XP:
1. Left mouse click (abbreviated LMC) on the [Start] button.
2. Click on "Settings >"
3. Click on "Control Panel"
4. Double click on "Scheduled Tasks"
5. The "Scheduled Tasks" window should launch.
6. Double click on "Add Scheduled Tasks"
7. On the "Task" tab, enter the text "C:\Program Files\Malwarebytes\mbam.exe /fullscanterminate" into the run field
8. On the "Task" tab, ensure that the "Enabled" check box is checked at the bottom of the page.
9. On the "Schedule" tab, select the scheduled task to run "Weekly"
10. On the "Schedule" tab, select a start time (I select a time a few minutes after midnight).
11. On the "Schedule" tab, select the number one in the "Every" box and select a day (any day except one reserved for defragmentation or another scan).
12. On the "Settings" tab, you may choose your own settings but I would enable the ability to "Wake the computer to run this task" and click the setting to "stop running if the system is running on batteries."
13. When done click the [OK] button.
14. You may be prompted to enter your username & password. If you are, enter them and click [OK] again.
15. Your computer is now set to scan your hard drive for viruses every week!

Back to the top


3. Avira and Avast
I like these programs equally well. You should select only one of these two for installation because they may conflict with each other if you install both.

Avira: http://www.free-av.com/
Avast: http://www.avast.com/index

After downloading the install images, execute the installer, and follow the installation instructions.

Once installed both pieces of software offer the ability to set up automatic scans of your computer.

Unfortunately I only have Avira installed right now so I only have its directions here:

After installation and reboot (if necessary):
1) Launch the tool
2) Click on the "Administration" tab in the left pane.
3) Click on the "Scheduler" option under the "Administration" tab.
4) Click on the "Complete System Scan" in the main pane and then select the third icon from the left (if you mouse over the icon, it'll say "Edit selected job".
5) [Optional: In the first wizard window edit the name of the job if you wish.] and click [Next >]
6) Click [Next >] (you should not change anything in the second wizard window)
7) Ensure that "Local Hard Disks" option is selected in the third window and click [Next >]
8) In the fourth window select "Weekly", the day of the week, the time of the day, and click [Next >] (I pick a day different than other scans and defragmentation jobs and a time a few minutes past midnight).
9) In the fifth window, select your preferences (you really can pick the settings that best suite you or leave them with the default values), and click on [Finish].
10) Click on the "Daily Update" job, the "Edit selected job" and repeat steps 5) - 9) with only changing the frequency of the job (select daily for updating services).

Now your system will automatically scan for and remove viruses on a weekly basis!

Go back to the "Overview" tab in the left pane and select the "Status" pick.
Ensure that the "AntiVir Guard" (the first item in the main pane) is activated.
Ensure that the "Last update" (the third item in the main pane) is a recent date.
Then click on the "Scan system" option adjacent to the "Last complete system scan (the second item in the main pane).

You're done setting up your antivirus software!

Back to the top


4. On-line Tools
Both Pandaware and TrendMicro possess on-line virus scan tools.

The downside to these tools is that they are very slow. A scan that would take 2 hours or so on your computer might take 12 hours or more from these tools depending upon your internet connection.

However, they do serve a very important role in your virus protection. The more sophisticated viruses can hide from most installed antivirus tools after the virus has gained control of your computer. There are a couple of ways to work around this problem and one of them is to use a scanner running on another computer. These on-line tools provide that capability to people who do not have sophisticated local area networks set up.

Pandaware's tool is called "ActiveScan". You can find the ActiveScan scanner with Google or you can navigate directly there using this address http://www.pandasecurity.com/homeusers/solutions/activescan/. Follow the steps to get the scanner running. When it has finished do not be alarmed if it finds *thousands* of threats on your computer. It includes even very low risk cookies in its threat analysis. If I remember correctly, it will give a threat description and/or a numeric code. You can safely ignore low and medium risk threats reported by this scanner. I know it will not offer to clean these (they want you to buy the full scanner). ActiveScan has never found a severe threat so I don't know if it'll offer to clean those.

TrendMicro's tool is called "HouseCall". You can find the HouseCall scanner with Google or you can navigate directly there using this address http://housecall.trendmicro.com/. Follow the steps provided by Trend to get the scanner running. It's been over a year since I used HouseCall so I don't remember what the output looks like. If you have questions, feel free to ask me in the Comments section!

Both tools require the use of Internet Explorer to run properly, so even if you normally use another browser like Firefox, switch back to Internet Explorer for the scan.

Back to the top


5. HijackThis
HijackThis is not a tool like any of the others mentioned in this blog.

It does not scan for viruses and malware, it does not clean those things either. Instead TrendMicro wrote it to capture a very accurate description of what is installed on your computer and it presents that information in a manner that an IT professional could use to determine whether you have a computer virus infection. It can be used by computer professions to find and delete malicious software on your computer. However, it is VERY easy to delete software that you need to run your computer. Until you learn a lot about the programs running on your computer, this should be used only as a tool of last resort.

You should download this software and install it. You should NOT attempt to use this software to clean an infection unless you are given specific directions to do so by someone very knowledgeable about computers.

The reason that you should get it now is because many virus infections will prevent you from getting it after they've infected your system. Getting it now will save you time and trouble if you get an infection later.

You can find this software by entering "HijackThis download" into Google. Then select a reputable file server (e.g. CNET, MajorGeeks, or other) and download it.

Back to the top


6. Other tools
There are many other good antivirus programs. Some I haven't tried, some cost money, some I didn't like. Here a few of these and my notes:

Norton Antivirus - does a good job fighting viruses but there's no free version. It does not play nice with most other forms of computer protection. It causes severe performance problems on some computers.

TrendMicro OfficeScan - I have to use this on my work computer. They've locked down the controls so I really haven't been able to play with it and see how it works. It seems to do an OK job. You must pay to use it.

F-Prot (stands for "Frisk" [the creator's name] Protect) - I used to use this on my MS DOS computers back in the day and I loved it. However, I haven't used it in 10 or more years so I can't really fairly evaluate it now. Currently F-Prot only offers a trial version which is free only until the trial is over.

Pandaware Antivirus - Other than its on-line scan tool, I've never used Pandaware's software. I do not think that it has a free installable version but you can use its on-line scan tool to scan for malware.

McAfee - has recently had some very notable and large issues lately, however, I have not personally suffered from any of these. McAfee provides no free version that I'm aware of. I have heard it does not work well with other antivirus software.

Back to the top


7. Summary
Well I can't really call this a summary because I intend to instill a little IT wisdom instead.

When protecting your computer there are technological weaknesses and sociological weaknesses. No matter how good your technology is, your computer will still get infected if you download and install the malicious software yourself. The technology can only help protect your computer - you still need to be careful.

Avoid malicious sites! The Spybot Search & Destroy "host file" tool blocks known malicious sites but these spring up very quickly and the list is never up to date. The Web of Trust add on for Firefox also helps because it provides a rating of how trust worthy a site is but it suffers from the same fate as Spybot's tool. Finally, the "NoScript" add on for Firefox will block malicious web site's code but only so long as you don't override that tool's block! Remember *YOU* are a much bigger security hole for your computer's security than any piece of software is.

Scan file downloads! You now have virus scanning tools - USE THEM. When you download a file, scan it with one of these tools. It costs only a little time and can do a lot to prevent malicious infections from ruining your computer.

Don't automatically override security pop-ups! I see this all of the time. Someone installs Spybot's "Tea Timer" tool to prevent the running of malicious software but then whenever the tool advises the user of some activity they automatically override the block! Why the heck do you even bother? Instead remember these tools "learn" the correct behavior. When the tool launches a pop-up, read the pop-up, and determine whether the application should be trusted. Do you recognize the name? Only after you are certain the application can be trusted, check the settings, ensure the "remember this decision" box is checked and either [Allow] or [Deny] the access. If you are not sure, then uncheck the "remember this decision box and click on [Deny]. If your application works fine without the access, then the next time it asks, make the decision permanent.

Don't respond to email solicitations! It is very easy to spoof links in an email. It looks like a valid address (say to your bank) but it will actually take you to a site disguised to look like your bank. If your bank needs to contact you, then type the address into your browser directly and do not depend upon a link.

Don't open unsolicited files! When you get files in your email, don't open them unless you were expecting it. Some malware will look through your email software and harvest the email addresses there. It will then email itself to all of your friends with familiar greeting ("hey, look at this!"). Do not trust email even from your trusted friends. When you do get some, USE YOUR SCANNER to ensure it is safe!

At this point you may wondering if I'm paranoid. I can assure you that I know everyone is not out to get me. However, your computer will be a whole lot safer if you always question whether the website you're using or the email you're reading was really sent by the person you think it was.

Remember that you are not just protecting your computer. You are also protecting your data. If you have banking information, tax information, or other very sensitive personal information then the malware will collect that and return it to criminal gangs who will use it to steal your identity.

Back to the top

Proceed to my next computer blog, Computers: VM Performance Tuning (really these tips can be used to tune up any machine and not just virtual machines).

Return to my previous computer blog, Fighting spyware.

No comments:

Post a Comment