Malware Hunting and Windows Troubleshooting with Mark Russinovich and Microsoft Sysinternals tools

Mark Russinovich is a Microsoft technical fellow, who a few of my, ahem, more mature readership will remember from his Winternals Windows tools company – which turned into Windows Sysinternals when Microsoft bought his company and hired Mark.

Mark is a an easy to follow and very engaging presenter who delivered two great sessions at TechED 2013 US:

Case of the Unexplained 2013: Windows Troubleshooting with Mark Russinovich

In which Mark walks you “step-by-step through how he has solved seemingly unsolvable system and application problems on Windows.

With all new real case studies, Mark shows how to apply the Microsoft Debugging Tools and his own Sysinternals tools, including Process Explorer, Process Monitor, to solve system crashes, process hangs, security vulnerabilities, DLL conflicts, permissions problems, registry misconfiguration, network hangs, and file system issues.”

License to Kill: Malware Hunting with the Sysinternals Tools

Mark delivers “an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal.

These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. You will see demos for their malware-hunting capabilities through several real-world cases that used the tools to identify and clean malware, and conclude by performing a live analysis of a Stuxnet infection’s system impact.”

—–

If you want to increase your skills at troubleshooting Windows issues or you are currently fighting a virus/malware infection (or not even sure if you have a malware or virus infection) then these videos are very good use of your time – and of course, the whole plethora of Windows Sysinternals tools are well worth evaluating.

Note: These videos are available for download – you don’t have to only watch them streaming. No need for get_iplayer and therefore Microsoft 1, BBC Nil…

Advertisement

Microsoft Security Essentials – Free Anti-Virus software that just works

Don’t kid yourself – we all need anti-virus software – and it would really help if it was free. Right?

In fact, I tend not to be too bothered about the “free” bit. What is important to me, is to simply get the best product for the job – and if it is free, that helps. 🙂

So why would you want this?

Well, trust me – everyone needs anti-virus software in order to protect your PC from the cretins out there and if you don’t think you need it – then good luck, you are on your own …..

I tend to find that most people ask me what Anti-Virus software to use when their existing licence runs out. You know how it is. You buy a new PC. It comes pre-loaded with Norton, AVG, Kaspersky or whatever – but the licence only lasts so long before it runs out and it is nagging you for money – and that’s reasonable, because these folks do a great job, but they can’t afford to do it for free.

So, how come that Microsoft can give this away for free – and is it any good?

Yes.

Microsoft Security Essentials is really the consumer version of the anti-virus software that they sell to Enterprise clients – so once it is written, and paid for by commercial users, Microsoft might as well spread the love (which they do quite a lot – despite what Apple fans may have you believe).

So, it is free and has a good pedigree – but is it any good?

Yes.

It is as good as all the other products out there – for one simple reason that not a lot of people know about:

Microsoft have a huge security division who work with security services that you have heard of and probably some that you haven’t and telemetry collected from their products distributed all over the world. Each time Microsoft collects evidence of a new virus, they update their antivirus software to detect that new virus AND put that virus and detection info in a large database that Microsoft share with the world by giving free access to all the major anti-virus vendors like, yes, you guessed it, Norton, AVG, Kaspersky etc. This is called the Microsoft Active Protections Program and you can read all about it by clicking the link.

So, this Microsoft Security Essentials is free and works as well as other anti-virus products out there – anything else I should know?

Yes.

The reason that I like it, is that it is “fire and forget”. That is, once you install it, it doesn’t do nagging pop-up messages that it needs to be updated or “why not buy the pro version” blah, blah, blah …. Microsoft Security Essentials just gets on with the job and updates its virus info at least once a day (as far as I can tell). That is why I find it really great for installing on the PC’s of folk that treat you like their own personal IT support team. You know who I am talking about – your Mum, your Dad, Aunties, Uncles and old uncle Tom Cobley and all.

Imagine a world where they don’t ring you up to ask what this funny pop up message asking about a “pro subscription” is all about…. trust me, Microsoft Security Essentials is your friend.