Solving the problem of viruses requires the positive identification of them, and then a means to systematically solve them.
Viruses and Trojans are everywhere these days. From emails and computer software to BlackBerries, iPhones, and other cell phones, there all over, and there isn’t much of a limit on what people will try to hack or destroy. The primary target for viruses and Trojan horse programs have always been computers running what is most popular that would serve as an easy target. Originally, systems running DOS were among the earliest of targets. Users on FidoNet and bulletin board systems would share files, and when they did, a TSR or bootsector virus could attach itself to whatever files a user wanted to work with. Back then, most viruses were made just for the purpose of password extraction or sheer destruction. Information gathering still happened, but it was not as common since the likelihood of you being connected to a multiuser terminal via UNIX was slim, and multicast data packet transfers were slim to none.
But all that has changed over the years…
Microsoft Windows became the new target that replaced DOS systems. People who use Windows today are attacked more than users of any other operating system. Microsoft Windows makes it easy to hack a system, and they also make it easy for attackers to compromise a Windows-based machine over a network while they hide what they are doing when remotely connected to a computer.
With each new graphical interface that Microsoft releases and claims to be an operating system, the security of it and each new system that they release becomes easier to compromise. Each new system brings fresh new opportunities and advantages for malicious users to write worms and more complex viruses of choice. Additionally, most of the newer software that is released for Microsoft systems have security issues that were known but never addressed, while others are just waiting to happen.
It is speculated that Microsoft leaves Windows users’ systems vulnerable and incomplete on purpose, so that they may release patches, sell additional software, and keep stringing along businesses and the general public alike. This generally continues for years, sometimes decades, until the business or public user cannot take it anymore. When people finally become wise to what Microsoft has been doing all along, they generally stop paying them money for the latest versions of software and operating systems. They also stop believing what Microsoft is shoving down their throats as the next greatest thing. People either decide at that point to switch to a system where they won’t be treated this way, or they keep what they have and are already using which works well enough for them, such as Windows XP.
Common sense would say that a popular system should have adequate protection…especially one that is used commercially and globally for business, government, and private organizations. But no…unfortunately the contrary is true. Most Windows systems leave a lot to be desired when it comes to protection and network security. Sure, with Windows XP you have what Microsoft tries to pass off as the built-in Windows firewall (which is about as useful as a solar flashlight in the middle of the day). I wouldn’t use it. It failed most basic security tests even when compared to substandard third-party products, and after you allow anything just one time it will never block it again. Not good.
Most of the security products released by Microsoft have been anything but secure. In fact, many of the “patches” that Microsoft released to “fix” problems with their operating systems and the security exploits that existed only created new exploits and holes as they fixed the old ones!
While some people find comfort by sticking to a system that works fr them with the programs and environment that they are most familiar with, other people have taken it a step further to get away from all of the virus attacks and malware. Some people just flat out refuse to have themselves, their computer systems, and their private data become a guinea pig for profit. As a result, many people have taken the time to learn UNIX instead (or its better-known and more public clone, Linux).
Unix and Linux systems are more difficult to use for those who are just used to using Windows, but UNIX systems are far more attractive to the security-conscious (and those fed up with Microsoft) for the sheer fact that they are mostly hardened to core system attacks that Windows is easily vulnerable to, while still flexible. Most of the software for it is freely available, and often has the source code with it so you can edit things as you need them to be, and ensure that what you are compiling and running on a machine is known and exactly what you want it to be. Unix systems are truly multi-user systems too, rather than just a time-sharing system like Windows is. This difference alone helps to make it much, much harder for attackers to ever do the equivalent of a buffer-overrun with arbitrary code execution that Microsoft Operating systems are susceptible to.
Additionally, there just aren’t enough people out there using UNIX to store sensitive data without proper security or noticeable safeguards. Yes, you can still hack a UNIX system. But unless you have a backdoor, the root password, a clever rootkit you recompiled in when no one was looking, or some way to compromise the kernel from a remote login…it isn’t going to be an easy affair!
Apple Macs and other computers with different operating systems just aren’t used enough to justify attacking them, either. An attacker has to know about the operating system being used and any flaws about it, its network, its software, or its hardware to exploit it before they make a move unless they want to risk getting caught should they decide to attack blindly.
Most of the more complicated operating systems that are homemade, proprietary, unknown, or UNIX-centric are being run by intelligent computer savvy folks who are not going to let their guard down for a second. Most rogue attackers are well aware of this.
Unfortunately, most of the people using Microsoft Windows demand that things be made easy for them, so that they do not have to know how to use a computer beyond pointing and clicking at things. Rogue attackers know this too, and exploit every aspect in the reality of it. While some users are still the same savvy folks who would secure and lockdown a system for safety that would be avoided on the UNIX systems…the rest of the people who use Windows by majority are general users who would not even realize that they are being attacked by people on the outside half of the time.
On top of this, there are a variety of ways to attack most vulnerable Microsoft systems…usually many ways all at the same time. So if a person were attacking a Mac or a UNIX system, they might have one or two initial methods that they would use. If those methods bomb out, then the attacker either has to hope they have another approach they can try for later, or they must move on to the next tack remote sources that try to connect. Sometimes, one shot is all you get with systems because of log files and ways to But if they attack a Microsoft system? Hackers and virus authors can agree that Microsoft Windows is much more forgiving! They can usually rest assured that if one method does not work as expected, at least 5 or 6 other exploits will…and only one of them is needed to work in order to compromise a system. Although it is still only a rumor, it has been said that the mafia has made anonymous donations to Microsoft for making some of their tasks easier to do. After seeing and using Windows over the years, I wouldn’t doubt it. If I were them, I would show my appreciation for helping me out, too!
Whether the goal of a virus is to steal data or to just destroy what it comes across…it would make sense for an attacker to target Microsoft Windows to give them the best results.
I hear that Microsoft is now trying to release free security software (the week before I wrote this article they announced it) to help people stop suing them for releasing operating systems that don’t have adequate security which are extremely easy to hack. Between that and the bombshell disaster of Windows Vista, I think that protection is just what Microsoft needs…from the general public!
I have yet to try out their new “protection” software. Although I cannot yet honestly say whether it works or not (in all fairness) since I have not yet tried nor tested it…I can honestly still say that most other products and software released from Microsoft that weren’t purchased or stolen from other companies have proven to be fairly lame packages with security holes as large as craters on the moon. There are more ways to access, manipulate, and take control of Microsoft Windows systems it than is reasonable or safe for any user of any kind. Quite honestly, I do believe it is deliberate.
I have believed for a long time (after seeing it first hand and having other solid evidence prior to that) that Microsoft builds backdoors into the operating systems and programs that they sell and release to the public. They do this for their own use, for government use, and for the use of select others. While that in itself is not ethical or acceptable, people within the computer industry randomly discover these backdoors on their own, along with new ways to take control of systems and write automated tools to do this at ways that Microsoft and its partner companies had not yet thought possible. Sometimes this is done for profit and gain, other times it is done just for people to prove a point or be the first to have accomplished it.
So now that we know the majority of computer users trust their most sensitive data to an unstable OS with more holes than the Grand Canyon…what are we going to do about it beyond talking about and complaining about it? For many, as mentioned earlier, the answer is to learn and use something like Linux with a graphical front end to replicate the functionality, look, and feel of what they do with Windows. But even with emulators like Wine to run many Windows programs, this is still not yet practical enough or feasible just yet for most users to do.
People tend to cling to what they know, are comfortable with, or want to stay compatible with for several reasons. So if people feel that they MUST continue to use Microsoft Windows…or are forced to by others or other reasons…then they must take the steps necessary to protect themselves and secure what they can correctly.
The very first step to correcting this situation is for people to take the time to know more about their computer, how it works, and how people may try to attack it. The second step is to figure out how to protect yourself from as many of those attacks out there as you can. The third step is to keep up with valid updates and know the patterns of how attackers try to gain access even when they know that you have security.
Having people who help you with your security and computer programs is great, but it is never enough when you are alone and download an uncertain email attachment, or download a file from the web and need to make the decision on whether or not you should try to run it. Please be aware that there are some really nasty things that can get onto a Windows system that are never fully be removed without completely restoring a system (sometimes requiring you to reformat). Even if virus elements are nullified on a windows system, they can still leave security holes with what is left behind and accessible to other programs via the system registry. There are things that can be left behind which enable others to attack a system more easily in the future, even if the other elements are deleted. There are so many ways to attack a computer these days on Windows that it is hard to defend against them all. Even seemingly innocent files and setting information left over on the registry from programs no longer on the system. But we need a starting point, and that point is to start fresh, start strong, and stay secure and watchful of all software that we choose to use from here on out.
First and foremost, we want to create the cleanest possible Windows system that we can. So lets start by cleaning off the drive as much as possible. If you don’t have any private data or things that you can’t download again, then give your computer a fresh start by completely formatting the hard drive, and reinstalling your OS. This will ensure that nothing that could affect the computer later is left behind, and then we can proceed to do a brand new install of XP from a trusted source. Make sure that you have the driver discs for the OS that you plan to install. If you don’t have those discs, then make sure that you have the network drivers you’ll need to access the Internet to download all of the other drivers that you will need after the new OS install is complete.
Do not use a pirated copy of an OS if you can help it, since it is hard and sometimes impossible to identify or verify the source of it. Many of the distributions can have malware or Trojans slipstreamed onto the setup disc or built into the kernel after install as a rootkit, even if they did use a tool like PE or NLite. The best way to start is to just start fresh. Sometimes there are virus signatures and other implementations which are ignored, because they lay dormant and are not triggered until they are activated by a remote user in the future as part of a botnet (an army of computers used as robots to attack a specific target on the Internet by using your Internet connection and computer’s resources without your consent) or something worse. If you must use a pirated copy, then please be careful.
If you have far too much data on your computer to start fresh, then don’t format it…but at least try to get rid of anything that you know may be potentially harmful or slowing your computer down. For example, programs that are not malware but slow a system down tremendously (like Apple Itunes) can be removed to help free up space for the programs we will be installing and improve performance of your PC if you don’t need to use it.
The next step is to obtain an anti-virus software that is decent that you won’t have to pay for. As mentioned on my article about information specialists (hackers), most of the commercial anti-virus programs are no better than freeware programs like AVG, and they share most if not all of the same databases. On top of this, programs like Norton Antivirus and Mcafee slow down and control systems so horribly that they often end up causing more problems and issues than the actual viruses themselves! I consider Norton and Mcafee to be commercially bought malware for just that reason alone. But trust me, there are several more issues that Norton and Mcafee have caused for clients of mine to where you couldn’t pay me to use it on one of my systems.
Most commercial antivirus programs require you to buy their product AND pay a monthly or yearly subscription for them to keep working. To me, that is simply unacceptable. There are freeware products that you can download and run to protect your machine today better than what you might go out and pay money for. There are a few good commercial programs out there that might be worth paying for…but as far as I’m concerned, they are far and few between (and I wouldn’t use most of them even if they were given to me for free).
So we will google for and download the free version of AVG from http://www.avg.com and install it. It will load a light-weight resident shield that won’t fuss or fight unless a real virus actually gives us a problem. But we need more than this…
So what’s the next step to protecting a Windows PC? Rather than pulling a Norton-Mcafee and refusing yourself the right to use your own computer freely, you can get the free version of MalwareBytes Anti-Malware from http://www.malwarebytes.org
This program tends to get more malware, spyware, viruses, and Trojans out of a compromised system than anything else yet that I’ve seen and is still free to use. They use an approach to get nearly everything that is known, and they also detect things that are unknown but still potentially dangerous. They give you the freedom to analyze and delete those elements after they have been detected. They have this free version and a paid version available. After all the tools that I’ve used over the years, there are few of them that I would pay for…but if you can afford it, I actually would pay for Malwarebytes Anti-Malware program. It works, and it works well. The major difference between the paid and free version is that the free version does not protect from rootkits…but all the other functionality is still there, and it effectively fixes and protects a system regardless which one you elect to go for.
If you can’t afford to buy it at this time, then by all means I would use the free version of this software as-is. Both versions are great. While I don’t pay for AVG and am content with the freeware version of it, it is also one of the very few security software packages that I would consider paying for. Even though the scanner doesn’t seem to be as good or as efficient as the one on the Malware Antibytes program, it still works extremely well as a resident shield, and provides updates free of charge which do not run the risk of system compromise like other security packages have been known to do. Over the years, it has earned any dues that I might pay out that saved me from having to pay others unnecessarily. It kept things running smooth for free, and to me, that’s worth money in itself as a donation.
After you have installed and updated the Malware Antibytes program, you’ll want to run at least a quick scan (although I strongly recommend that you run the full scan to detect and get everything out that you can). More times than not, it will surely find a threat that standard antivirus programs didn’t if installed on your system, and will remove them as best it can. This may require a restart of the system, so make sure that you save any work that you were doing on your computer before you start this scan. After completing that and/or rebooting the system when it’s done, we are ready to move on to the next step to securing your system.
The next step is to get an adequate firewall that will help to protect you with malicious programs and identify certain types of threats…sometimes as a first line of defense, and other times a second. To achieve this, we’ll go visit a cool provider of a decent free firewall product that protects as well as a program I used to use called Tiny Personal Firewall prior to my Windows 2000 and Windows XP days.
Head on out to http://www.tallemu.com and then download and install the free version of their program called Online Armor.
They have a pay-version of their product too, but the free firewall is very good. I haven’t used the pay one yet honestly, but when I do I will give it a review based on how it performs. I’m sure it will be every bit as good or better as the free one they provide for private use.
When you run Online Armor the first time, it will check out everything on your system, identify what is safe and what might not be, and make any necessary arrangements with you as the user to get around those things. You can block not only data transfer, but certain types of programs…including trojans and viruses as a quick-fix to prevent them from running if you are waiting for an update from AVG or Malware Antibytes to add it to their database to delete it. Sometimes, you can use the free Online Armor Firewall to monitor and trap both data and program execution, then use a Linux live cd to log on, access your hard drive, and delete a trojan or virus that you positively identified that isn’t yet on any database. There is more than one way to skin a cat.
Another set of useful tools to help you discover what your computer is doing at all times are freeware programs called Filemon (file monitor), Diskmon (raw disk monitor), Process Mon (process monitor), and NetMon (Network monitor). If there is anything that gets by you with Online Armor even, it won’t get by you with these used together as a package suite. These programs are released as freeware from a great company called Sysinternals. Unfortunately, they worked so well on Windows that Microsoft decided to buy them out rather than compete with them! They still release this great software for free…they just do it on Microsoft’s behalf now. Visit http://www.sysinternals.com to get what you need for free!
Sometimes a virus or trojan can hook hard onto the system files, hide itself behind svchost, and other nasty things. Some viruses are even designed to defeat or make other programs like Norton and Mcafee an extension of their virus since they both take hard control of a system and if compromised, lock the user out of their own computer while they permit exclusive full access to the virus author instead! If you paid money for either of those two products…do you feel cheated yet? I would feel that way! But you know, it can even prevent programs that are not usually bad like AVG or Malware Antibytes from running. If you get a virus that bad, then there are times that you will have to go around all of this…moving a step above it all, and going straight to the source.
A live freeware CD like Hirem’s Boot Disc which can be downloaded usually from the torrent sites (but is perfectly legal and royalty-free to use) wil do the trick to help you run a special type of virus scan, without the system on your hard drive running. The end goal is to load and correct the data remotely from the read-only CD, and write back the clean stuff without any compromise at all to the system we loaded from the CD, and without compromise to the machine that we would normally want to use once cleaned. Sometimes you need to use a disc like this to clean up a system just enough to be able to install an antivirus, or anti-malware program. I have found that the best disc to use is called HawkPE. Unfortunately, it is not commercially available and is considered illegal despite its great advantages, due to the fact that it uses altered commercial software hacks to achieve its great success. If you want to find it, you can get it on select torrent sites…especially the most popular ocean of torrents that people like to sail on and plunder. Some sort of torrent bay, you might say…
I could continue with more tips and methods to stay safe and keep a system in tune, but this is more than plenty for now (and this article was intended to be 800 words or less, but ended up becoming nearly 3,000) so I’m going to conclude here. I wish you the best of luck. And remember, even if all these free tools and methods still aren’t enough to protect you…then I would strongly advise that you check out PCLinux, Ubuntu, or traditional Debian distributions with graphical environments. It can save you a lot of grief, and for most standard users, shouldn’t be hard to port your data and settings over to from Windows. Be successful, and stay safe. Digital or not, it’s a jungle out there…