[SpamCop-List] Re: Cleaning up and preventing malware (was mypctuneup.com)

[Brian]

Pete Stephenson wrote:
> In article <df0lt2$90c$1 at news.spamcop.net>,
>  Brian <SC.10.myspamgobbler at spamcowboy.net> wrote:
> 
> 
>>1. Firewall. First line of defense. I mean more than Windows Firewall. I 
>>like Sygate, but they are in the process of being bought by Symantec, so 
>>my recommendation is likely to change soon.
> 
> 
> For most casual users, the Windows Firewall is probably more than 
> adequate. It's pretty seamless, so it doesn't present odd messages to 
> users.
> 

I disagree with this statement. Windows firewall helps, but is very 
limited in what it does. A good software firewall plus NAT router is 
best, but a good software firewall will give much more protection than 
Windows firewall alone. It's gotten to be a bit nasty out there.

One of the things that I like about Sygate is how easy it is to make 
decisions. You may need to research what it is that you are allowing or 
blocking, but usually it's clear.

> Otherwise, I really like ZoneAlarm, which can be downloaded for free 
> from Download.com. You can get it from ZoneLabs.com, but they hide the 
> link to the "free" one in relatively small print. Download.com is easier.
> 

ZoneAlarm is also good. I've used both and have a preference for Sygate, 
but like I said, that will likely change soon once Symantec gets their 
hands on it. Who knows what will evolve, but it most likely will not be 
good.

> For most users with firewalls like ZoneAlarm, I strongly suggest using 
> MyNetWatchman.com -- it examines the firewall logs, sends them to MNW, 
> who analyzes logs belonging to you and other MNW users, determine what 
> traffic is legitimate or not depending on various properties, then send 
> reports to those responsible for those systems. Very much like SpamCop, 
> only more automated. No real human involvement is required.
> 
> Obviously, the more MNW users there are, the more accurate and sensitive 
> the network becomes. Definitely something for people to have running. It 
> even will accept logs from various hardware firewalls like Linksys 
> routers and so forth.
> 
> 
>>2. An up-to-date Antivirus. Keep it up to date and scan your computer 
>>daily. My recommendation is AVG by Grisoft.com
> 
> 
> Seconded. http://free.grisoft.com/ is the link directly to the free 
> version.
> 
> 
>>3. Adaware, Spybot Search & Destroy, HijackThis, SpywareBlaster, 
>>SpywareGuard and WinPatrol for finding and keeping spyware off your systems.
> 
> 
> On my cousins computer I have SpyBot set to automatically download new 
> updates, install them, run a scan, and clean any detected malware 
> automatically on launch. Then I have Windows' Scheduled Tasks feature 
> run SpyBot weekly at about 4am on a Sunday.
> 

I use the schedule feature of Spybot, located in the Advanced Menu to 
update and run a scan daily, when the computer is not busy. Doing this 
at boot is a PITA and many people go for many days before they reboot. 
I'd rather have them done daily.

Adaware and HijackThis work with Spybot well. They all do things 
differently and one will pick up things that the others might not. 
Interpreting HijackThis scans requires some research, but it will often 
be the best way to discover malware on your system.

SpywareBlaster prevents a lot of ActiveX exploits and blocks malicious 
sites, so you won't be able to go there. It also blocks cookies from 
certain sites. Spybot also has this ability to a lesser degree using its 
Immunize feature.

SpywareGuard scans files and acts much like an anti-virus shield for 
spyware.

WinPatrol alerts you when changes are made to various items such as your 
browser home page, hosts file, etc.

Also, one of the things that I didn't mention is the Hosts file. A good 
way to block malicious sites as well as some ads and here's also a Hosts 
File Manager at http://www.mvps.org/winhelp2002/hosts.htm which will 
automate the updating of the hosts file. There's also some good 
information there about other things related to this.


> I'm playing around with Microsoft's AntiSpyware Beta, and it seems to be 
> all right. No real opinion yet.
> 

I've used it and tested it and uninstalled it a few weeks ago. It's got 
some possibilities. Recently, M$ has chosen to not list some things for 
removal such as WhenU. I have nothing concrete, but it appears to slow 
things down some and you will likely want to turn off the agents or at 
least restrict what they alert you about. They are real obnoxious with 
not much benefit.

> 
>>4. Update Windows regularly. This is very important. So many people 
>>ignore the alerts to update because they don't want to be bothered, but 
>>are instead bothered by the exploits that are caused by not updating.
> 
> 
> Strongly seconded. If you have WinXP, ensure you get Service Pack 2. 
> Make sure it's configured to automatically download and install updates 
> on a regular basis. Even then, manually check for non-critical updates 
> every so often (I check about once a week).
> 

I create two folders on the desktop named "Once A Week" and "Once A 
Month."  I schedule Adaware, SpywareBlaster, SpywareGuard Update for 
once a week and have them in the corresponding folder. Sometimes windows 
scheduler stops functioning, so it's important to check to make sure 
that they are still being updated. Updates and scans with Adaware need 
to be done manually unless you purchase it.

Once A Month items include disk cleanup, defrag, checking Spybot to make 
sure it's being updated and M$ Baseline Security Analyzer. Seems like 
one or two more items but I'm going from memory and it's late. I've got 
this process somewhat automated.

Very seldom do any of my client's computers have malware show up in any 
of the scans. This is what's important, not that the scans find things, 
but that it's prevented in the first place. If a computer gets infected, 
the damage is usually minor if anything at all.

-- 
Brian
SC.10.myspamgobbler at spamcowboy.net