Category Archives: Protecting your PC

Something useful that I have bumped into that will increase the security protection for your PC.

Malware Hunting and Windows Troubleshooting with Mark Russinovich and Microsoft Sysinternals tools

Mark Russinovich is a Microsoft teWindows Sysinternalschnical fellow, who a few of my, ahem, more mature readership will remember from his Winternals Windows tools company – which turned into Windows Sysinternals when Microsoft bought his company and hired Mark.

Mark is a an easy to follow and very engaging presenter who delivered two great sessions at TechED 2013 US:

Case of the Unexplained 2013: Windows Troubleshooting with Mark Russinovich

In which Mark walks you “step-by-step through how he has solved seemingly unsolvable system and application problems on Windows.

With all new real case studies, Mark shows how to apply the Microsoft Debugging Tools and his own Sysinternals tools, including Process Explorer, Process Monitor, to solve system crashes, process hangs, security vulnerabilities, DLL conflicts, permissions problems, registry misconfiguration, network hangs, and file system issues.

License to Kill: Malware Hunting with the Sysinternals Tools

Mark delivers “an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal.

These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. You will see demos for their malware-hunting capabilities through several real-world cases that used the tools to identify and clean malware, and conclude by performing a live analysis of a Stuxnet infection’s system impact.

—–

If you want to increase your skills at troubleshooting Windows issues or you are currently fighting a virus/malware infection (or not even sure if you have a malware or virus infection) then these videos are very good use of your time – and of course, the whole plethora of Windows Sysinternals tools are well worth evaluating.

Note: These videos are available for download – you don’t have to only watch them streaming. No need for get_iplayer and therefore Microsoft 1, BBC Nil…

Microsoft Security Essentials – Free Anti-Virus software that just works

Don’t kid yourself – we all need anti-virus software – and it would really help if it was free. Right?

In fact, I tend not to be too bothered about the “free” bit. What is important to me, is to simply get the best product for the job – and if it is free, that helps. 🙂

So why would you want this?

Well, trust me – everyone needs anti-virus software in order to protect your PC from the cretins out there and if you don’t think you need it – then good luck, you are on your own …..

I tend to find that most people ask me what Anti-Virus software to use when their existing licence runs out. You know how it is. You buy a new PC. It comes pre-loaded with Norton, AVG, Kaspersky or whatever – but the licence only lasts so long before it runs out and it is nagging you for money – and that’s reasonable, because these folks do a great job, but they can’t afford to do it for free.

So, how come that Microsoft can give this away for free – and is it any good?

Yes.

spyware protection

Microsoft Security Essentials is really the consumer version of the anti-virus software that they sell to Enterprise clients – so once it is written, and paid for by commercial users, Microsoft might as well spread the love (which they do quite a lot – despite what Apple fans may have you believe).

So, it is free and has a good pedigree – but is it any good?

Yes.

It is as good as all the other products out there – for one simple reason that not a lot of people know about:

Microsoft have a huge security division who work with security services that you have heard of and probably some that you haven’t and telemetry collected from their products distributed all over the world. Each time Microsoft collects evidence of a new virus, they update their antivirus software to detect that new virus AND put that virus and detection info in a large database that Microsoft share with the world by giving free access to all the major anti-virus vendors like, yes, you guessed it, Norton, AVG, Kaspersky etc. This is called the Microsoft Active Protections Program and you can read all about it by clicking the link.

So, this Microsoft Security Essentials is free and works as well as other anti-virus products out there – anything else I should know?

Yes.

The reason that I like it, is that it is “fire and forget”. That is, once you install it, it doesn’t do nagging pop-up messages that it needs to be updated or “why not buy the pro version” blah, blah, blah …. Microsoft Security Essentials just gets on with the job and updates its virus info at least once a day (as far as I can tell). That is why I find it really great for installing on the PC’s of folk that treat you like their own personal IT support team. You know who I am talking about – your Mum, your Dad, Aunties, Uncles and old uncle Tom Cobley and all.

Imagine a world where they don’t ring you up to ask what this funny pop up message asking about a “pro subscription” is all about…. trust me, Microsoft Security Essentials is your friend.

How to check if suspect files do really contain a virus

OK, so you have scanned your PC with Avast anti-virus and it is reporting that a particular file contains a virus. In 99% of cases, if Avast reports virus infection – it probably is. However, some reports can be what is known as “false positive” i.e. a report of a virus because the contents of a file look suspiciously like a known virus. This quite often happens if you are using Adaware/Spyare scanning programmes which unzip compacted files into a temporary directory in order to scan the files. At the point of unzipping – sometimes Avast (or any other anti-virus tool) can get confused. I have seen this happen a number of times when the anti-virus has checked of the cool tools from Nir Sofer over at http://www.nirsoft.net/ – particularly if you happen to have downloaded one of his password recovery utilities.

So, if you have  a report of a virus in a particular file which you suspect might just be a mistaken report, go to VirusTotal where you can submit the file in question. VirusTotal will scan it with about 30 (yes, 30) different virus scanning products and send you back the results.

Rootkit detectors

As mentioned on the Protecting your PC page, Rootkits are a method that virus writers use to hide code deeply within the operating system so that they can’t be discovered by normal anti-virus tools.

If you even slightly suspect that you might have a virus, it’s a really good idea to run a Rootkit detector as well as an anti-virus scan.

I would use a combination of Blacklight from F-Secure – where they have a free trial until April 2007 (the site also gives a good explanation of rootkit technology and techniques) – and Rootkit Revealer 1.71 from Microsoft.

Superantispyware – is this the best free (anti) spyware product?

We are all aware, and have relied on, the combination of trusty Ad-aware SE and Spybot – Search and Destroy but now I have bumped into a product that is getting rave reviews and my own testing seems to confirm that it is identifying and cleaning more stuff. Step forward Superantispyware. There is a commercial version and a free version. The free one has been working well for me.

Rogue anti-spyware products – how to tell which ones are actually viruses?

We have all experienced it – go to some web page and a box pops up telling you that you have spyware/adware and to click on this link for a free programme to remove it. There are a lot of free spyware/adware programmes out there – but how do you tell which ones are kosher and which ones actually install something nasty on your PC instead? Well, step forward the Spyware Warrior – a great site that lists those products that you should trust – or not …..

Possibly the best free Windows Firewall?

I have bumped into the Comodo Firewall that seems to be getting rave reviews these days – including becoming PC Magazine’s “Editors Choice”. I have been running this for two months now on a very low spec PC (a lot of other free firewalls seem to eat CPU) and am very pleased. The Comodo Firewall is free for personal use.

However, be warned, the Comodo Firewall always checks if it is up to date and running the latest version. This is very good – because normally it would mean that you can install and forget. Unfortunately, I was running version 2.3 and allowed it to update itself to 2.4. While my system stayed stable, I did notice that CPU usage increased and the PC became a little sluggish. I see others reporting similar on the Comodo Forums. So, I reverted to version 2.3 and it’s going like a dream.

Unfortunately, you can’t download version 2.3 from the Comodo site – and most download sites now only offer the 2.4 version. However, I have found the 2.3 version still available to download from the Freedownload Centre. I throroughly recommend it.