Archive for the ‘Anti-spyware’ Category

10 things you can do now to improve the security and performance of your Windows PC

Thursday, July 19th, 2007

Lets face it, secure and Windows are two words almost never used together, and for good reason. Security on Windows has traditionally been extremely horrible, and has singlehandedly brought about the rise of the antivirus industry and its billions of dollars of revenue. Another problem with Windows is that it gets slow over time. If your computer is slow, most of the time because of one of the following reasons:

  1. You have spyware, viruses, or both
  2. You have too many startup programs
  3. You have too many ‘temp’ files
  4. Your temporary internet files folder has too many files (internet explorer)
  5. You have toolbars or other browser helper objects installed
  6. You have antivirus installed (this has a big impact on performance)
  7. You’re using Windows Vista

However, it is possible to live (relatively) securely using a Windows PC with decent performance. Here are some useful tips (most that you already should know, and some that may surprise you).

Security Tips

  • Do your Windows Updates. This should be a given. If you don’t, you are asking for trouble. Sure they’re annoying at times, and can even cause problems, but you better do them. Personally, I do the optional updates too, just in case.
  • Disable Windows file sharing and the Remote Registry service. If you don’t use it, then disable it. Most users don’t share things on the network, so this isn’t a problem. File and Printer sharing can be dangerous to have on a public network, as shown by the next item.
  • Have a strong Administrator password. Many viruses/exploits rely on the fact that you have file and printer sharing enabled and that the Administrator password is blank. See, Windows shares out all of your hard drives to the world with names like C$ or ADMIN$, and by default makes them available to anyone who has the Administrator password. Check for yourself: Click Start -> Run -> type ‘fsmgmt.msc’ and click on ‘Shared Folders’. I bet you didn’t know those were being shared. If you’re really paranoid, rename the Administrator account.
  • BACK YOUR STUFF UP. Seriously, everyone says to do this, but nobody does it regularly. The best defense you can have against malware and viruses is the ability to restore your information anytime you need to without losing too much data. Theres really no excuse with how cheap CD-R and DVD-R media/burners are now.

Performance Tips

  • Don’t use antivirus. Get rid of it. Conventional wisdom says that you should use antivirus on your windows PC to make sure that you don’t get any nasty viruses. I disagree. Not only does antivirus routinely fail to protect your machine from viruses (especially new ones), but most vendors products slow down your computer a TON, and cause even more problems. I have not had antivirus on my PC for over 5 years, and I have never had problems with viruses or spyware. The key to keeping viruses off your computer is surprisingly simple: don’t visit questionable websites, don’t download questionable software or attachments, and do your Windows Updates. And if you happen to make a mistake, you’ve got those backups, right?
  • Remove Viruses and Spyware. Cmon, you don’t have these on your computer, right? NEVER pay money for an anti-spyware product, there are way too many free resources out there to take care of the problem for you (there are also a LOT of bad free anti-spyware products as well, so beware!). My small howto¬† details some programs that you can use to do the job manually without too much trouble.
  • Delete those temporary files. Having too many temporary internet files can slow your computer down a lot, especially on startup and shutdown. For some reason, Windows can sometimes accumulate thousands of files in the temp directory. I’ve seen up to 10,000 files before in someone’s temp directory. Wait you say, I thought that ‘temporary’ means ‘temporary’? No, not in Windows. Most of the trash is stuff left behind by lazy installers or careless third party programs. I recommend you use a program like Pocket Killbox ( to delete the files, its much quicker than doing it manually. Also, don’t forget about those temporary internet files. If you’re not using Firefox (you are, aren’t you?), then internet explorer can get extremely slow because of its inefficient caching methods. Pocket Killbox can help you here too.
  • Stop programs from running on startup. There are a lot of tools (including MSCONFIG, which comes with Windows, despite being rather annoying to use). There are a lot of free tools you can use to examine the programs that are starting up when your computer is, and more! HijackThis and AutoRuns are excellent programs to use for this purpose. Refer to my antivirus and spyware howto about good ways of doing this.
  • Delete your system restore points (All except the most recent one), or just disable it completely. In my experience, System Restore rarely ever fixes problems (though, I’ve heard rumors to the contrary). It just wastes 10% of your hard drive.
  • Defrag regularly. This isn’t as important as it used to be, but its still a good way to keep your system running smoothly. I schedule mine to run every night around 4am when I’m not using my computer.

I hope this helps you out, let me know what you do to improve the performance and security of your system!

Why Antivirus is unnecessary in a controlled environment that uses DriveShield

Tuesday, July 10th, 2007

This is a short essay-style piece I wrote on my own time a few weeks ago to defend my position of not putting antivirus in our computer labs. I presented this to a group of lab managers here, and I lost the battle with them for political reasons and because they focused on macro viruses too much, which I didn’t look into at first because of they barely exist anymore!! Notwithstanding, I think the technical merits of my argument can stand fairly well anyways, and is a good read anyways. Keep in mind that this is talking about tightly managed machines with something like DriveShield or Deep Freeze on the computer. For perspective, the antivirus vendor we use is Symantec antivirus (which I despise). This paper does not reflect the position or opinions of anyone except myself.


Reliable Windows spyware and virus removal mini-guide

Saturday, February 24th, 2007

Someone at work asked me some advice about spyware removal, so heres some thoughts about how I remove spyware/viruses. I’ve been doing this for about 5 years, and the process I use removes all spyware/viruses about 90% of the time. Disclaimer: Use at your own risk. Don’t be stupid.

I use the following tools to scan computers, all of which can be downloaded free online. Run them in the order listed.

  • Process Explorer: (Download here) Use this to kill any processes that you don’t know what they are. Especially kill ones that don’t have a company name/description by them. You cant hurt anything by killing the wrong process, so kill away. If a process you kill causes another one to pop up, then thats definitely a bad thing, and typically is virus behavior. Usually you can kill it by “Killing Process Tree”. If that doesn’t work either, then I find that if you ‘suspend’ a process and its descendants, then you can kill it after that.
  • Autoruns: (Download here)This has an option to ‘Hide Microsoft Entries’ — use it. Deleting actual Microsoft programs is generally a bad idea, and shouldn’t be done unless you have a reason. The idea here is to kill anything (press the delete key, or uncheck it) that you don’t recognize, or something that doesn’t have a company name/description next to it. If you don’t recognize it, ask the computer owner/user whether or not they have heard of the program. If they don’t know what it is, then chances are its bad for the system. If in doubt, search for the item on google, and usually there will be some results with people saying whether it is good or not.
  • HijackThis: (Download here) This does the same thing as Autoruns, but gets stuff that it misses. Once again, kill anything that you don’t recognize. If it doesn’t list a company name, thats also a warning sign as well. Anything that is misspelled can be a warning sign (like Mircosoft instead of Microsoft, etc.. ). You could just delete everything on the list, because anything that shows up here is non-essential to your computer. However, don’t do that. Things like antivirus (which is useless anyways) and special keyboard programs will break.
  • Pocket Killbox: (Download here) This program is useful for a lot of things, but its primary usefulness if you don’t have any general needs is it can delete all tempory files. Its in one of the menu options, just select it, and run it. You’d be surprised at how many Windows bugs (especially Internet Exploiter) are caused by having too many temporary files. It also can signfically slow down your computer if you have too many of these. Pocket Killbox is useful for other things too, but chances are you’ll never use those capabilities. Just delete the temp files and you should be good.
  • WinsockFix: (Download here) If the person is having network connectivity issues, then many times WinsockFix can solve them. Just run it, and reboot. If they’re not having network issues, it generally won’t hurt if you run it anyways. Usually I don’t because then you have to wait for the system to reboot.

Well, thats my guide. If you have any questions, then post a comment or contact me and I’ll try to answer it. Good luck!