BASH: Episode 17 Malware End of the Beginning
Show notes to BASH: Episode 17.
In last episode's show we zipped through some very important points.
We talked about the reasons why you should keep your operating system patched to the latest revision and we told you why it is important to use both a hardware and a software firewall when you go online.
We also recommended that you not to log into your computer as a System Administrator - instead log in as a simple user with no admin privileges. This way if a virus tried to install itself while you were logged in, it could not because you have insufficient privileges to install software as a simple user.
On today's show we go into some depth on changing your behavior on line and finally we round out the show by telling you what software you can use to fight malware. Let's first talk about changing your behavior.
First off, don’t open email attachments, even if the email is from a friend. Email attachments are the number one way viruses and Trojan horses spread and can get into your system. Turn off HTML email in your email browser.
The problem is that HTML email contains commands that can be executed by your email client. Some of these commands can be used maliciously to exploit common security holes. This can lead you to be exposed to spam, computer viruses, and worms.
On Windows machines, if you have ActiveX enabled, HTML email can directly infect your computer (without you even opening an attachment). Spam emailers embed viruses in their email that report back to the spammer that your email address is a valid address, this makes you even more vulnerable to spam.
HTML email can also embed JavaScript that will track forwarded HTML email and transmit text that has been added! This is known as "email wire tapping". It's no wonder that the U.S. Dept. of Defense has blocked HTML email.
If you do decide to read an HTML email, make sure you do not enable ActiveX, and instruct your email client to turn off JavaScript.
While we are speaking of email, don’t click links in email. Hackers regularly spoof the real link they want you to browse. For example you may think the link says cnn.com but in reality the hacker could actually be directing you to hack.com. If you need to go to some one's link, manually copy and paste the link into your browser. If the link is spoofed you'll see the real address in your browser's address window.
Now that we've modified some of your behavior - at least with respect to emailing, let's get to the final point for today: fighting fire with fire. That is, using software to fight malware.
I'll introduce you to some cool websites where you can download *mostly free* must have software that will allow you to stay safe on the Net so that you can spend more time gaming.
1. Anti Virus software.
Antivirus software has really become big business recently as organized crime, especially in Eastern Europe, has gotten into the game. The number of infections is way up and thus the number of Antivirus programs have rapidly increased. But, how do you know which one to buy?
Well, there's an excellent site that ranks these programs called:
http://www.av-comparatives.org
In their latest testing they found that the number one program for malware detection and removal is not Norton, or Macafee but a program called AVIRA, which can be found at:
http://www.avira.com
At over 99% detection rate - that is it detected 99% of the malware av-comparatives used in their tests. AVIRA beat out other more well known products such as Kaspersky antivirus which finished 5th and Symantec (the makers of Norton) which ended up 6th. These two programs had a detection rate of about 1% below AVIRA. McAfee, another popular program, was a lowly 14th on the av-comparatives rating chart at slightly above 90% detection rate.
Another program making a big splash with the critics lately is something called: NOD32 does both anti-virus and anti-spyware. It has optimized disk scanning, low memory usage and uses a very small footprint on your system; that is, it doesn't take up much in the way of system resources. The website for NOD32 can be found at:
http://www.eset.com
The previous programs I mentioned were not free by the way.
Now, looking at antivirus programs as a gamer, I want a program that has a small footprint. That is, takes up few system resources and does not lag my computer while I am playing - and if it's free, even better (after all, i want to spend my money on my next video card).
Well, clearly Norton and McAfee don't cut it in this respect. In fact, I highly suggest you remove these two programs off your machine if you have them...that is, if you are serious about playing online games. I personally have found a 30-40 ms increase in ping with these installed. They take up a lot of system resources. Sadly, it is very difficult to remove most antivirus from your system - ironic given that it is just as difficult to remove a virus of your system. Just going into control panel and removing them with the Add/Remove program tool is not satisfactory.
Norton and McAfee pose special problems in this regard, so if you have either of these programs and you would like to remove them you can download purpose built removal tools from Symantec and McAfee.
Use these links to download these tools:
Symantec:
Download the Norton Removal Tool: Norton Removal Tool
McAfee:
Download the McAfee Removal Tool: McAfee Removal Tool
Check out the article:
http://www.askdavetaylor.com
will show you how to remove Norton.
We know what not to use...what should we use?
My personal recommendation is AVG 7.0. It is completely free and runs with a very low footprint - both great reasons for me to endorse it as a great antivirus for gamers.
AVG's website:
http://free.grisoft.com
and can be downloaded from:
http://www.download.com/AVG-Anti-Virus-Free-Edition
finished 8th in the antivirus comparison. And as advertised they off their antivirus scanning and repair program AVG for free. In addition to an anti-virus program, AVG also offers a free Anti-Rootkit tool. AVG Anti-Rootkit is a program that can detect and remove rootkits. Rootkits are used to hide the presence of a malicious programs like trojans. If a malware program uses rootkit technology to hide itself it is very hard to find it on your PC.
Now, some folks on the Devil Dogz swear by another free low foot print antivirus package called Avast.
http://www.download.com/Avast-Home-Edition
If you just want to know if you are infected then head to:
http://www.infectedornot.com
where you can get a free scan to see if you are indeed infected by malware.
This site is owned by Panda Software who started it after they discovered that in 2006 more malware was circulating than in the previous 15 years combined. The spread of malware infections was huge and it was now getting worse and worse. As explained to me by one of their spokespeople, Panda Software decided to launch their Infected Or Not campaign.
At their website you can quickly check if your computer is currently running malware using Panda Nanoscan. This checks your RAM for viruses however, we recommend a much deeper scan of your whole harddrive. For that reason you should try the PandaTotalScan.
Panda told me that so far, the numbers have been really impressive: almost 60% of the scanned computers are infected.
The only downside to the scan is that it requires you to turn on ActiveX. ActiveX downloads and executes programs on your computer. This is an easy way to download viruses. So don't forget to shut off ActiveX after you have scanned your machine. However, Panda Software is a respected company and very well known in the software security industry, and I would doubt they would risk alienating their customers by uploading any sort of malicious code to your machine so you should be safe letting them scan your system.
Antivirus programs in general have very sophisticated algorithms inside to detect what is and what isn't a virus. For that reason you should never run more than one antivirus program - I wouldn't even recommend have two on your drive - never mind having them both running. It is not uncommon for the two programs to think the other is a virus.
We told you that no antivirus is 100% effective. Therefore there is some chance that you may have been infected by malware, like a Trojan or a virus. If you have been infected, I'm afraid to tell you that it is very difficult to clean them off your system. Lately, viruses are being programmed to be unobtrusive and therefore, it is getting harder and harder to find them and root them out.
Sadly, some of the better malware actually target the more popular antivirus programs and will try to fool them into thinking you are clean.
This next tool is especially useful if you think you think your antivirus software has been compromised. You may not even know you have this software but you do. If you have XP you can simply go into Start, click on run and type in mrt.exe, this command will run Microsoft’s Malicious Software Removal Tool. If you don’t have mrt.exe it you can download it free from Microsoft. It is not a very comprehensive virus cleaning tool but they scan and remove some pretty nasty viruses. So try scanning with this one. BTW, this tool is not meant to be antivirus software – it’s made for specific viruses that try to fool your system into thinking you are clean.
In conclusion, I’m sad to say that if you have been infected, the only 100% proof positive way to ensure you completely clean off the infection is to re-install your operating system from scratch.
2. Anti-Spyware Programs
Many antivirus programs come with anti-spyware programs. Again, in my opinion spyware and virus programs are near enough the same thing - but technically they are labelled differently.
Two programs I highly recommend to keep you clean of spyware are:
a) Lavasoft's ADAWARE
A free program, that can be downloaded at:
http://www.lavasoftusa.com
this software has been around for years and is continuously updated. It will automatically detect spyware in realtime. I run both this and my second choice for Anti-spyware:
b) Spybot Search and Destroy
http://www.safer-networking.org
This program has become a bit long in the tooth: it's finding only about 90% of all spyware. When you use it with ADAWARE you get a potent combination that finds most of the spyware around these days.
There’s one more class of software you might be interested in and these are what I call:
3. Monitoring programs.
These programs are antivirus programs but they do check for suspicious activities…
One such program in Zonealarm – which is a software firewall, but it detects malware trying to phone home, so it falls into this category – and we talked about it last time.
Another of these types of programs is a little free program called Winpatrol.
http://www.download.com/WinPatrol
WinPatrol detects if any piece of malicious code has set itself up on your computer system. It does this by taking a picture of your key system resources and running processes and lets you know if any changes have occurred. Processes are programs that run in the background. Most of these that will be listed by WinPatrol are normal Windows operating system services.
Malicious programs do occasionally install services of their own, however. WinPatrol can alert you of these and you can disable them as you see fit.
While most antivirus programs are automated, this great little allows you to know exactly what is going on in your system and allows you to do something about it.
Similar articles:We talked about the reasons why you should keep your operating system patched to the latest revision and we told you why it is important to use both a hardware and a software firewall when you go online.
We also recommended that you not to log into your computer as a System Administrator - instead log in as a simple user with no admin privileges. This way if a virus tried to install itself while you were logged in, it could not because you have insufficient privileges to install software as a simple user.
On today's show we go into some depth on changing your behavior on line and finally we round out the show by telling you what software you can use to fight malware. Let's first talk about changing your behavior.
First off, don’t open email attachments, even if the email is from a friend. Email attachments are the number one way viruses and Trojan horses spread and can get into your system. Turn off HTML email in your email browser.
The problem is that HTML email contains commands that can be executed by your email client. Some of these commands can be used maliciously to exploit common security holes. This can lead you to be exposed to spam, computer viruses, and worms.
On Windows machines, if you have ActiveX enabled, HTML email can directly infect your computer (without you even opening an attachment). Spam emailers embed viruses in their email that report back to the spammer that your email address is a valid address, this makes you even more vulnerable to spam.
HTML email can also embed JavaScript that will track forwarded HTML email and transmit text that has been added! This is known as "email wire tapping". It's no wonder that the U.S. Dept. of Defense has blocked HTML email.
If you do decide to read an HTML email, make sure you do not enable ActiveX, and instruct your email client to turn off JavaScript.
While we are speaking of email, don’t click links in email. Hackers regularly spoof the real link they want you to browse. For example you may think the link says cnn.com but in reality the hacker could actually be directing you to hack.com. If you need to go to some one's link, manually copy and paste the link into your browser. If the link is spoofed you'll see the real address in your browser's address window.
Now that we've modified some of your behavior - at least with respect to emailing, let's get to the final point for today: fighting fire with fire. That is, using software to fight malware.
I'll introduce you to some cool websites where you can download *mostly free* must have software that will allow you to stay safe on the Net so that you can spend more time gaming.
1. Anti Virus software.
Antivirus software has really become big business recently as organized crime, especially in Eastern Europe, has gotten into the game. The number of infections is way up and thus the number of Antivirus programs have rapidly increased. But, how do you know which one to buy?
Well, there's an excellent site that ranks these programs called:
http://www.av-comparatives.org
In their latest testing they found that the number one program for malware detection and removal is not Norton, or Macafee but a program called AVIRA, which can be found at:
http://www.avira.com
At over 99% detection rate - that is it detected 99% of the malware av-comparatives used in their tests. AVIRA beat out other more well known products such as Kaspersky antivirus which finished 5th and Symantec (the makers of Norton) which ended up 6th. These two programs had a detection rate of about 1% below AVIRA. McAfee, another popular program, was a lowly 14th on the av-comparatives rating chart at slightly above 90% detection rate.
Another program making a big splash with the critics lately is something called: NOD32 does both anti-virus and anti-spyware. It has optimized disk scanning, low memory usage and uses a very small footprint on your system; that is, it doesn't take up much in the way of system resources. The website for NOD32 can be found at:
http://www.eset.com
The previous programs I mentioned were not free by the way.
Now, looking at antivirus programs as a gamer, I want a program that has a small footprint. That is, takes up few system resources and does not lag my computer while I am playing - and if it's free, even better (after all, i want to spend my money on my next video card).
Well, clearly Norton and McAfee don't cut it in this respect. In fact, I highly suggest you remove these two programs off your machine if you have them...that is, if you are serious about playing online games. I personally have found a 30-40 ms increase in ping with these installed. They take up a lot of system resources. Sadly, it is very difficult to remove most antivirus from your system - ironic given that it is just as difficult to remove a virus of your system. Just going into control panel and removing them with the Add/Remove program tool is not satisfactory.
Norton and McAfee pose special problems in this regard, so if you have either of these programs and you would like to remove them you can download purpose built removal tools from Symantec and McAfee.
Use these links to download these tools:
Symantec:
Download the Norton Removal Tool: Norton Removal Tool
McAfee:
Download the McAfee Removal Tool: McAfee Removal Tool
Check out the article:
How to uninstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe).Now, even using these tools may not completely remove all traces of mcafee or norton. For that reason you might want to Google how to remove these completely from your computer. For example,
http://www.askdavetaylor.com
will show you how to remove Norton.
We know what not to use...what should we use?
My personal recommendation is AVG 7.0. It is completely free and runs with a very low footprint - both great reasons for me to endorse it as a great antivirus for gamers.
AVG's website:
http://free.grisoft.com
and can be downloaded from:
http://www.download.com/AVG-Anti-Virus-Free-Edition
finished 8th in the antivirus comparison. And as advertised they off their antivirus scanning and repair program AVG for free. In addition to an anti-virus program, AVG also offers a free Anti-Rootkit tool. AVG Anti-Rootkit is a program that can detect and remove rootkits. Rootkits are used to hide the presence of a malicious programs like trojans. If a malware program uses rootkit technology to hide itself it is very hard to find it on your PC.
Now, some folks on the Devil Dogz swear by another free low foot print antivirus package called Avast.
http://www.download.com/Avast-Home-Edition
If you just want to know if you are infected then head to:
http://www.infectedornot.com
where you can get a free scan to see if you are indeed infected by malware.
This site is owned by Panda Software who started it after they discovered that in 2006 more malware was circulating than in the previous 15 years combined. The spread of malware infections was huge and it was now getting worse and worse. As explained to me by one of their spokespeople, Panda Software decided to launch their Infected Or Not campaign.
At their website you can quickly check if your computer is currently running malware using Panda Nanoscan. This checks your RAM for viruses however, we recommend a much deeper scan of your whole harddrive. For that reason you should try the PandaTotalScan.
Panda told me that so far, the numbers have been really impressive: almost 60% of the scanned computers are infected.
The only downside to the scan is that it requires you to turn on ActiveX. ActiveX downloads and executes programs on your computer. This is an easy way to download viruses. So don't forget to shut off ActiveX after you have scanned your machine. However, Panda Software is a respected company and very well known in the software security industry, and I would doubt they would risk alienating their customers by uploading any sort of malicious code to your machine so you should be safe letting them scan your system.
Antivirus programs in general have very sophisticated algorithms inside to detect what is and what isn't a virus. For that reason you should never run more than one antivirus program - I wouldn't even recommend have two on your drive - never mind having them both running. It is not uncommon for the two programs to think the other is a virus.
We told you that no antivirus is 100% effective. Therefore there is some chance that you may have been infected by malware, like a Trojan or a virus. If you have been infected, I'm afraid to tell you that it is very difficult to clean them off your system. Lately, viruses are being programmed to be unobtrusive and therefore, it is getting harder and harder to find them and root them out.
Sadly, some of the better malware actually target the more popular antivirus programs and will try to fool them into thinking you are clean.
This next tool is especially useful if you think you think your antivirus software has been compromised. You may not even know you have this software but you do. If you have XP you can simply go into Start, click on run and type in mrt.exe, this command will run Microsoft’s Malicious Software Removal Tool. If you don’t have mrt.exe it you can download it free from Microsoft. It is not a very comprehensive virus cleaning tool but they scan and remove some pretty nasty viruses. So try scanning with this one. BTW, this tool is not meant to be antivirus software – it’s made for specific viruses that try to fool your system into thinking you are clean.
In conclusion, I’m sad to say that if you have been infected, the only 100% proof positive way to ensure you completely clean off the infection is to re-install your operating system from scratch.
2. Anti-Spyware Programs
Many antivirus programs come with anti-spyware programs. Again, in my opinion spyware and virus programs are near enough the same thing - but technically they are labelled differently.
Two programs I highly recommend to keep you clean of spyware are:
a) Lavasoft's ADAWARE
A free program, that can be downloaded at:
http://www.lavasoftusa.com
this software has been around for years and is continuously updated. It will automatically detect spyware in realtime. I run both this and my second choice for Anti-spyware:
b) Spybot Search and Destroy
http://www.safer-networking.org
This program has become a bit long in the tooth: it's finding only about 90% of all spyware. When you use it with ADAWARE you get a potent combination that finds most of the spyware around these days.
There’s one more class of software you might be interested in and these are what I call:
3. Monitoring programs.
These programs are antivirus programs but they do check for suspicious activities…
One such program in Zonealarm – which is a software firewall, but it detects malware trying to phone home, so it falls into this category – and we talked about it last time.
Another of these types of programs is a little free program called Winpatrol.
http://www.download.com/WinPatrol
WinPatrol detects if any piece of malicious code has set itself up on your computer system. It does this by taking a picture of your key system resources and running processes and lets you know if any changes have occurred. Processes are programs that run in the background. Most of these that will be listed by WinPatrol are normal Windows operating system services.
Malicious programs do occasionally install services of their own, however. WinPatrol can alert you of these and you can disable them as you see fit.
While most antivirus programs are automated, this great little allows you to know exactly what is going on in your system and allows you to do something about it.
malware-war-defense-in-depth.html
how-to-protect-yourself-from-malware.html
weve-been-punked.html