PC Survival Kit

Our computers are exposed to many threats, especially on the Internet.  How do we protect ourselves against these threats?  This page describes the tools we use to keep our systems running.

Virus Protection

There are many programs out there that offer virus protection.  Some work better than others.  Some of them slow your system down to the point you wonder if you have a virus.  Our choice in this area is AVG (Free Edition).  AVG is excellent.  The Free Edition, besides being free, doesn't give you a lot of options in the setup.  The main options are the time it checks for updates, and what time it performs a manual scan of your drives.  This is our recommendation for many users just because it doesn't require a "techno-geek" to set it properly.  Their commercial version is only $33.00 for two years.  It has a couple of added features that aren't in the Free Edition, and is well worth the money. 

Our other choice for virus protection is avast!  They have a free edition for home and personal use, but you have to write them for a license, which is pretty simple.  You get a 60-day demo, and the license is good for 14 months.  It is also renewable.  It talks to you, which bugs me, until I finally found how to turn off the sound.  Works well and is affected by the same conflict with certain versions of Roxio CD Creator that AVG has.  Their professional version is $39.95 for one year, or about $75.00 for a three year license.  Multiple copies also helps to lower the price.

F-Prot for DOS, our old standby, works great for systems running Windows 95, 98 or Me.  It is an "on demand" scanner, which means it only runs when you tell it to.  We boot to a DOS prompt and scan from there.  No files are in use by Windows, so all the malicious software can be removed.  Don't run multiple resident virus programs on your system!!!!  They all operate a little differently and tend to interfere with each other.  So, while you think you are getting additional protection, you are probably getting less.

Trend Micro, the same people who make PC-cillin, have an excellent on-line virus scan called a HouseCall.  It is great for that very important second opinion, and there isn't a conflict with your resident virus protection.  While PC-cillin isn't one of my favorites (don't like the interface), I really like their HouseCall.  It runs on XP without a problem, and the folk at Trend Micro are a little paranoid.  A lot of what they find are the Trojans and backdoor applications left over from spyware and hijackers, and this is what can very well come back later and reinfect you.  An excellent program, and its free!

Trend Micro also has a local scanner that checks not only for viruses, worms, and Trojans, but for a lot of malware as well.  Their Sysclean application runs on demand, and updated virus pattern files seems to be released twice a day.  The Sysclean is available from http://www.trendmicro.com/download/dcs.asp, and the virus pattern files from http://www.trendmicro.com/download/pattern.asp.  The virus pattern files are about 6 to 7MB to download, and like I said, they seem to update twice a day.  An excellent program if it is updated before using. 

If you have problems getting the Housecall to run, or you just want to scan with what I consider the best on-line scanner, then head to Kaspersky and run their Online Virus Scanner.  With the exception of a Rootkit, I don't think there is anything that can hide from their scanner.  The only potential drawback to their scanner is that it doesn't actually remove any of the malicious software from your system.  I guess people didn't read the warnings back in the days when they did actually remove the infected and malicious files and then blamed them for "trashing my computer."  It will permit you to save the result list to disk so then the problem files can be dealt with manually.  Knowing that you have a problem is the first step in the battle.

Spyware Protection

Once again we have two choices in this category.  AdAware and SpyBot are excellent programs, and both have free versions available.  I run both of these applications on my systems, with AdAware being the first choice.  SpyBot will handle a couple of the spyware better than AdAware, we just find AdAware so much easier to update and use.

How often you need to run these programs is dependent on your browsing habits.  I usually run them two or three times a week, but sometimes I'll run it two or three times a day!  Keep an eye on what is happening with your system and how many spy bots you remove each time. 

We're running Spyware Blaster  and SpywareGuard by JavaCoolSoftware to keep these pesky critters off our systems.  SpywareBlaster has cut the number of bots I receive from a dozen or two every couple of days, to just 10 in the last 15 months!  That is pretty good.  I don't think I would have gotten those most of those bots if I check for updates daily.  SpywareGuard asks you if it should permit a change in the homepage or accept a BHO.  When an application tries changing your homepage, it is usually accompanied by a BHO or two that really take control of your browser.  By the way, a BHO is a Browser Helper Object, and they are quite powerful.  Some, like Adobe Acrobat Reader, is essential to reading a PDF on a site inline with your browser.  Others, like most toolbars, are nothing but trouble.  They either pull down ads constantly, or open backdoors on your system. 

Spam Protection

If you are using an ISP that uses a POP3 server, Mailwasher does a wonderful job of weeding out the junk mail.  Besides being able to blacklist entire domains, you can also create friend lists and various filters to identify and mark incoming mail before it even hits your system.  It gives you the ability to preview your mail while still on your ISP's POP3 server.  You can normally see enough of the message to determine if it is legitimate or spam.  Once you determine that a mail is spam you can mark the message for deletion, bounce the message back (undeliverable - no such mailbox), add the sender to the blacklist or friend list, or even add the entire domain to the blacklist or friend list.  A great way to manage your mail!  A $20.00 "donation" removes the their notice form the screen, giving you a much larger windows to preview your mail.  Well worth the investment.

Popup Protection

Our choice here is Pop-Up Stopper by Panicware.  The Internet Explorer is a leaky program that, when closed, doesn't free up all the memory it uses.  The result is that after opening and closing the Internet Explorer so many times, you find yourself with insufficient resources to do anything.  While rebooting your system will restore the "lost" resources, that is a pain.  We find it easier to do little things to keep our resources available, and that is where Pop-Up Stopper comes into play.  By stopping those annoying pop-ups from every coming up, we're keeping our resource higher.  Also, we don't have to keep selecting the browser we're trying to read since the popup that take the focus never materializes.  This program is not needed if you are running Windows XP with Service Pack 2.

Hijackers

There is no automatic program to fix hijackers.  While some of the threats can be cleaned by your Anti-Virus software, or by AdAware and Spybot, the majority of hijackers will remain on your system to perform their nasty tasks.  One of the best programs for identifying what is on your system is a program called HijackThis!  It provides a great deal of information on what is running on your system, especially the browser and communications configuration.  The drawback here is that it is up to you to determine what are valid applications and what are malware.  It is possible to totally screw up your system taking out essential applications.  For this reason, I'm not providing a link for HijackThis!  I figure that if you can locate it on the Web, you can locate the information as to what is essential, and what is malware.

To further complicate the issue with hijackers, polymorphic naming and file sizing are their new camouflage.  You can have several computers with the same hijacker on them, and they all have different file names and sizes.  To make matters worse, when you kill and delete one offending file, it is recreated under a different name, and quite possibly a different file size.  Search the Internet all you want, but you won't find the file name you are looking for because it only exists on your computer. 

There are a lot of great tools from Sysinternals that let you find out what is actually running on your system.  The Process Explorer will show you all the files that are supporting the processes running on your system.  Autoruns lets you see what is being started on your system every time you boot up.  Filemon and Regmon let you see every file and registry access.  If you made it this far, then you should realize that having the tools is one thing, now it is up to your imagination on how to use them.

Additional Information

The Internet is full of wonderful information, some of it good, some of it very wrong.  We spend a lot of time trying find information on items running on systems.  The cryptic names don't give much of an indication of what some of these programs do, so we search the Web.  As you might have noticed, not all search engines are created equal.  They all tend to specialize in an area and it amazing to see some of the differences in what the different search engines find.  To give ourselves a little bit of a jump start, we use Dogpile for many of our searches.  Dogpile feeds yours search term to 15 different search engines, reducing the number of time we have to enter search terms and increasing the chances we'll find something relevant. 

None of this will do you any good unless you also update the applications.  ProtectorPlus, AVG, F-Prot, AdAware, SpyBot S&D, SpywareBlaster and SpywareGuard all need to be updated regularly.  It is a never-ending battle to keep your system safe.  A 2 year old definition file on your virus software will not find most of the current threats.   You have to stay vigiliant.

You also have to keep an eye on your system to detect any changes.  An additional toolbar that you didn't load, suddenly having popups appear every time you boot your system, your system wanting to dial out when you boot, or a different homepage that you didn't set, are all examples of viruses, spyware, or hijackers running on your system.  The longer they are on your system, the more "friends" they tend to invite in, and the harder they are to clean.

Last Updated:  March 31, 2008