Answers to common security questions - Best Practices

Best Practices for Safe Computing - Prevention of Malware Infection

Common sense, safe computing and safe surfing habits is essential to protecting yourself from malware infection. No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice these principles and stay informed. Knowledge and the ability to use it is the best defensive tool anyone could have. This includes educating yourself as to the most common ways malware is contracted and spread as well as prevention.

Important Tip: Always remember that security begins with personal responsibility.
Tips to protect yourself against malware infection:

• Keep Windows and Internet Explorer current with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. If you're not sure how to install updates, please refer to Updating your computer. Microsoft also recommends Internet 6 and 7 users to upgrade their browsers due to security vulnerabilities which can be exploited by hackers.

• Avoid gaming sites, porn sites, pirated software (warez), cracking tools, and keygens. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.

• Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

• P2P Software User Advisories
• Risks of File-Sharing Technology

• Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs install themselves and spread infections, read How Malware Spreads - How did I get infected.

• Keeping Autorun enabled on flash drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. One in every eight malware attacks occurs via a USB device. Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.

• Microsoft Security Advisory (967940): Update for Windows Autorun
• Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows

Note: If using Windows 7, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.

• Always update vulnerable software like browsers, Adobe Reader and Java Runtime Environment (JRE) with the latest security patches. Older versions of these programs have vulnerabilities that malicious sites can use to exploit and infect your system.

• Time to Update Your Adobe Reader
• Adobe Security bulletins and advisories
• Microsoft: ‘Unprecedented Wave of Java Exploitation’
• eight out of every 10 Web browsers are vulnerable to attack by exploits

• Use strong passwords and change them anytime you encounter a malware infection, especially if the computer was used for online banking, paying bills, has credit card information or other sensitive data on it. This would include any used for taxes, email, eBay, paypal and other online activities. You should consider them to be compromised and change all passwords immediately as a precaution in case an attacker was able to steal your information when the computer was infected. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.

• Don't disable UAC in Vista or Windows 7 and use Limited User Accounts in Windows XP.

• Don't forget to Back up your important data and files on a regular basis. Some infections may render your computer unbootable during or before the disinfection process. Even if you're computer is not infected, backing up is part of best practices in the event of hardware or system failure related to other causes.

• Windows Backup - The essential guide
• Windows Backup Guide

It is also a good practice to make a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.). Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistant to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made.

• By now everyone should be familiar with Email scams and how to avoid them but also be aware of Phone Scamming.

The scam works by criminals posing as computer security engineers and calling people at home to tell them they are at risk of a computer security threat. The scammers tell their victims they are providing free security checks and add authenticity by claiming to represent legitimate companies and using telephone directories to refer to their victims by name.

Once they have tricked their victims into believing they have a problem and that the caller can help, the scammers are believed to run through a range of deception techniques designed to steal money.

Microsoft Survey & Advice on Phone Scamming
Microsoft Advice on Phone Scamming for UK Citizens


• Security Resources from Microsoft:

• How can I help protect my computer from viruses?
• Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
• Threats and Countermeasures: Security Settings in Windows Server 2008 and Windows Vista
• Microsoft Solutions for Security: The Antivirus Defense-in-Depth Guide

• Other Security Resources:

• Simple and easy ways to keep your computer safe and secure on the Internet
• Malware Prevention - Preventing Re-infection
• Hardening Windows Security - Part 1 & Part 2
• How to Stop 11 Hidden Security Threats

• Browser Security Resources:

• Configuring Internet Explorer for Practical Security and Privacy
• How to Secure Your Web Browser
• LowerMyRights
• Safe Web practices - How to remain safe on the Internet
• Use Task Manager to close pop-up messages to safely exit malware attacks

• Simple Ways To Secure Your Privacy:

• The Simplest Security: A Guide To Better Password Practices
• Securing Privacy Part 1: Hardware Issues
• Securing Privacy Part 2: Software Issues
• Securing Privacy Part 3: E-mail Issues
• Securing Privacy Part 4: Internet Issues

 

 

Other topics discussed in this thread:
Choosing an Anti-Virus Program
Replacing your Anti-virus - Why should you use Antivirus software?
Choosing a Firewall
Supplementing your Anti-Virus Program with Anti-Malware Tools
Glossary of Malware Related Terms
Why you should not use Registry Cleaners and Optimization Tools
 

 

 

Choosing an Anti-Virus Program

Choosing an anti-virus is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. You may need to experiment and find the one most suitable for your needs. For more specific information to consider, please read Choosing Your Anti-virus Software.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus or anti-malware scanner detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus or anti-malware database is updated can also account for differences in threat detections.

Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.

Free Antivirus programs: (choose and install only one). I recommend any of thesee.

• avast! Free Antivirus <- includes Google Chrome pre-checked by default during installation
• Microsoft Security Essentials
• Avira Free Antivirus <- includes Ask.com Toolbar pre-checked by default during installation

-- Note: Many anti-virus vendors are bundling toolbars and other software with their products. If pre-checked by default that means you need to uncheck that option during installation if you don't want it.


IMPORTANT NOTE: Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to conflicts that can arise when they are running in real-time protection mode simultaneously and issues with Windows resource management. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "False Positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that virus or suspicious file. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found when that is not the case.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of others and may insist they be removed prior to download and installation of another. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms while trying to use it.

To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.

Anti-virus vendors recommend that you install and run only one anti-virus program at a time

• Symantec's statement
• Eset's Statement
• Avast's statement
• AVG's statement
• Dell Support statement

You can always supplement your anti-virus by performing an Online Virus Scan.

Replacing your Anti-virus

IMPORTANT: Before removing (or reinstalling) your existing anti-virus, you should download and save the setup file for the anti-virus you are going to replace it with. Also download any specialized removal tools available from the vendor for your current anti-virus in case you need them. If is not uncommon for some anti-virus programs to not completely uninstall itself using the usual method of Add/Remove Programs or Programs and Features in Vista/Windows 7.

Anti-virus software components insert themselves deep into the operating systems core and create files/folders/registry entries in various locations. Many anti-virus vendors provide clean-up utilities on their web sites to remove remnants left behind after uninstalling or for a failed uninstall. When that is the case, it's best to download directly from the vendor's site to ensure you are using the most current version of the uninstall utility as it is not uncommon for third party hosting sites to have outdated versions which may not work properly.

• Eset's List of Uninstallers (removal tools) for common antivirus software
• SingularLabs: Uninstallers – Security Software
• Antivirus removal tools
• Removal Tools and Methods for Uninstalling Major Antivirus Products
• Comprehensive List of Uninstallers or Removal Tools for Antivirus Software
• Windows Experts Community List of anti-malware program cleanup/uninstall tools - alternate link to list

Alternatively, you can try using Opswat AppRemover - supported applications list.

After doing the above, follow these steps:

• Disconnect from the Internet.
• Uninstall your current anti-virus.
• Reboot and install the replacement.
• Reboot again to ensure it is working properly before reconnecting to the Internet.
• Connect to the Internet and immediately download the latest definition database updates.

Why should you use Antivirus software?

• Why Should You Use Antivirus?
• Understanding Home Network Security: What does antivirus software do?
• Understanding security and safer computing

Using unprotected computers on the Internet is a security risk to everyone as they are prone to attack from hackers, Botnets, zombie computers and malware infection. Using anti-virus software will help minimize the risk and help to prevent the computer from being used to pass on infections to other machines. When infected and compromised, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more zombies are created to perpetuate the cycle.

How do folks who claim they do not use an anti-virus and never get infected know for certain that their computer is malware free? Many of today's attackers employ advanced techniques which involve sophisticated Botnets, Backdoor Trojans and rootkits to hide their presence on a computer. Without proper security tools including an antivirus which can detect such malware, you can never be absolutely sure your computer has not been infected.

Choosing a Firewall

Choosing a firewall is also a matter of personal preference, your needs, your technical ability/experience, features offered, user friendliness, ease of updating, ease of installation/removal, available technical support from the vendor and price. Other factors to consider include effectiveness, the amount of resources it utilizes, how it may affect system performance and what will work best for your system. A particular firewall that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone. You may need to experiment and find the one most suitable for your use and your system. For more specific information to consider, please read:

• How to choose a firewall
• Understanding and Using Firewalls

There is always the option to use Windows built-in Firewall. Most concerns you may have heard or read about the Windows Firewall were in the XP operating system so many users were advised to use third-party alternatives. Microsoft significantly improved the firewall to address these concerns in Vista and then added more improvements in Windows 7.

Windows Vista Firewall offers two-way filtering for better security than it did in XP but it is still limited. The firewall is combined with IPsec, turned on by default and set to a basic configuration that works in tandem with the Windows Service Hardening feature. If the firewall detects activity that it considers prohibited behavior according to the Service Hardenings preset rules, the firewall will block the suspicious activity. Another feature in the Vista firewall is that it can set rules based on three different types of networks using the Rules Wizard so creating firewall rules is much simpler.

By default, most (not all) outbound filtering is turned off (outbound connections are allowed) and inbound filtering is turned on (inbound connections are blocked/not allowed). Why? This is what Microsoft has to say:

Matt Parretta, a former spokesperson for Microsoft's PR agency, Waggener Edstrom, offered this defense: "If we turned on outbound filtering by default for consumers, it forces the user to make a trust decision for every application they run which touches the network. After they upgrade to Windows Vista or purchase a new PC with that OS, they will be prompted on the first launch of every application that touches the network: Instant Messaging, IE, e-mail, Windows Media, iTunes, every self-updating app such as Adobe, and so on. Unless they click 'allow', the app will be broken and won't function properly. The out of box experience would be poor, and they would soon be desensitized to the prompts."

Although most outbound filtering is disabled, Vista’s firewall does provide limited outbound filtering which users may not be aware of as it is essentially invisible.

Jason Leznek, Microsoft senior product manager, told Computerworld that outbound filtering rules "are enabled by default for core Windows services as part of Windows Service Hardening, which enables the firewall to understand specific behaviors Windows services should have, and block them if they are doing something unexpected (ie, via an exploited vulnerability). Windows Firewall also protects the computer by blocking certain outgoing messages to help prevent the computer against certain port scanning attacks."

Outbound filtering can be configured to provide an additional layer of security and it does provide corporate and business administrators control over applications (i.e. peer-to-peer file sharing) they may want to restrict. Any such applications that require outbound access must be added to the rules list by using the firewall with the Advanced Security Microsoft Management Console (MMC). Configuration may be confusing for some and there is no practical way to to configure outbound filtering to stop all unwanted outbound connections. Inbound filtering can be turned on or off and through various tabs and configuration settings. Windows Firewall Control is a free utility which can be used for quick access to define rules and configure the most frequent options used from Windows Firewall.

For more specific information about configuration and security, please refer to these articles:

• Windows Vista Security and Data Protection Improvements
• Understanding Windows Firewall settings
• The Windows Vista Firewall explained
• How to Allow a program to communicate through Windows Firewall
• Netsh Commands for Windows Firewall with Advanced Security

For an independent review read these articles (some include a response by Microsoft regarding outbound filtering as quoted above):

• Review of the Windows Vista Firewall by Arun Kumar, MVP
• Security Blanket: Vista's Outbound Firewall
• Windows Firewall: the best new security feature in Vista?
• Vista Firewall Fails on Outbound Security
• Windows Vista's Firewall

Windows 7 Firewall is similar to Vista and also offers two-way filtering for inbound and outbound traffic. However, Windows 7 adds a few new features in the firewall and related network-safety areas such as separate configuration settings for private (Home or Work) and public networks.

The Vista firewall was built on a new Windows Filtering Platform (WFP) and added the ability to filter outbound traffic via the Advanced Security MMC snap-in. With Windows 7, Microsoft has tweaked the firewall further and made it much more useable, especially on mobile computers, by adding support for multiple active firewall policies.

The Windows 7 Firewall refines the much-improved firewall that was included in Windows Vista, and brings its "hidden" advanced features out into the open. Many users, including some IT professionals, were unaware that you could filter outbound traffic, monitor and otherwise perform advanced configuration tasks for the Vista firewall, because none of that was apparent from the Firewall applet in Control Panel. With Windows 7, Microsoft has created a built-in host firewall that is much more functional than its predecessors and now poses a viable alternative to third party host firewall products.

What's new in the Windows 7 Firewall?

As with Vista, the basic settings for the Windows 7 firewall are accessed via the Control Panel applet. Unlike Vista, you can also access the advanced settings (including configuration of filtering for outbound connections) through the Control Panel instead of having to create an empty MMC and add a snap-in...

The Vista firewall allows you to choose whether you are on a public or private network. With Windows 7, you have three choices - public network, home network or work network. The two latter options are treated as private networks...With All-Network types, by default the Windows 7 firewall blocks connections to programs that are not on the list of allowed programs. Windows 7 allows you to configure the settings for each network type separately,...

What's new in the Windows 7 Firewall?

For information about using the Windows 7 firewall, managing settings, block programs from accessing the Internet, open/close ports or disabling firewall notifications, please refer to:

• Understanding Windows Firewall settings
• How to Manage the Windows 7 Firewall

For an independent review read:

• Security in Windows 7: Firewall and Networking
• Should You Use Windows Firewall?

Windows Firewall Tools

• Windows Firewall Control is a free utility which can be used for quick access to define rules and configure the most frequently used options.
• Windows Firewall Notifier is a free utility which can be used to extend the default Windows embedded firewall behavior.

IMPORTANT NOTE: Using more than one software firewall on a single computer is not advisable. Why? Using two firewalls could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (a router) and a software firewall (i.e. Kerio, ZoneAlarm, Comodo, etc) in conjunction.

• The Differences and Features of Hardware & Software Firewalls
• Choosing a Firewall: Hardware v. Software

Supplementing your Anti-Virus Program with Anti-Malware Tools

Anti-virus and Anti-spyware (anti-malware) programs each perform different tasks as it relates to computer security and malware detection. Essentially, they look for and remove different types of malicious threats. In simplistic terms, an anti-virus program will focus on viruses, worms and Trojans while an anti-spyware program tends to focus more on spyware, adware and PUPS (potentially unwanted programs)?. However, there can be some overlap in functionality and detection features depending on the program's scanning engine, how the vendor defines a specific threat and what Naming Standards are used. Some vendors also add a modifier or additional information after the name that further describes what type of malware it is.

• Why should you use both Anti Virus and Anti Spyware Software?
• Antivirus and Antispyware Software: What's The Difference?
• Differences Between Antivirus & Anti-Spyware
• What Is the Difference Between Antivirus & Antispyware?

Since no single product is 100% foolproof, it is recommended to supplement your anti-virus by performing scans with trustworthy security tools like:

• Malwarebytes Anti-Malware: How to scan and remove malware from your computer
• SUPERAntiSpyware: How to use to scan and remove malware from your computer

Free malware scanning/removal programs which can be used to supplement your anti-virus and anti-spyware or get a second opinion:

• Malwarebytes Anti-Rootkit - How to use Malwarebytes Anti-Rootkit
• Kaspersky Virus Removal Tool - How to use the Kaspersky Virus Removal Tool
• Sophos Virus Removal Tool <- detects and removes rootkits
• ESET Rogue Applications Remover
• Dr.Web CureIt
• Norman Malware Cleaner <- detects and removes rootkits
• Microsoft Safety Scanner - How to use the MS Safety Scanner
• Windows Malicious Software Removal Tool
• Windows Defender Offline <- detects and removes rootkits
• F-Secure Easy Clean
• MicroWorld eScan AntiVirus Toolkit (MWAV)
• McAfee Avert Stinger Tool
• Trend Micro System Cleaner
• Trend Micro Fake Antivirus (FakeAV) Removal Tool

For a list of other recommended security tools (i.e SpywareBlaster, WinPatrol) and resources, please refer to:

• Bleeping Computer's Freeware Replacements For Common Commercial Apps
• Bleeping Computer's List of Antivirus, Antimalware, And Antispyware Resources

As a general rule, using more than one anti-spyware program like Malwarebytes Anti-Malware, SuperAntispyware, Windows Defender, Spybot S&D, Ad-Aware, Spyware Terminator, etc. will not conflict with each other or your anti-virus if using only one of them for real-time protection and the others as stand-alone on demand scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware.

Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-malware database is updated can also account for differences in threat detections. Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another.

If using multiple real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc.) together at the same time, there can be conflicts as a result of the overlap in protection. These conflicts are typical when similar applications try to compete for resources and exclusive rights to perform an action. They may identify the activity of each other as suspicious and produce alerts. Further, your anti-virus may detect suspicious activity while anti-malware programs are scanning (reading) files, especially if it uses a heuristic scanning engine, regardless if they are running in real-time or on demand. The anti-virus may even detect as threats, any malware removed by these programs and placed into quarantined areas. This can lead to a repetitive cycle of endless alerts or false alarms that continually warn a threat has been found if the contents of the quarantine folder are not removed before beginning a new security scan. Generally these conflicts are more of an annoyance rather than the significant conflicts which occur when running two anti-virus programs in real time.


By the way, you can also supplement your security tools and get a second opinion by performing an Online Virus Scan.

• List of free online Anti virus scanners
• List of online Anti virus scanners
• Top Free Online Virus Scan Services
  

I recommend taking advantage of the Malwarebytes Anti-Malware (Pro) Protection Module in the full version which uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology runs at startup where it monitors every process and helps stop malicious processes before they can infect your computer. Keep in mind that this feature does not guarantee something will not slip through as no product can detect and prevent every type of malware. The database that defines the heuristics is updated as often as there is something to add to it. Also keep in mind that Malwarebytes does not act as a real-time protection scanner for every file like an anti-virus program so it is intended to be a supplement, not a substitute.

IP Protection (malicious website blocking) is part of the Protection Module and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. IP Protection is also designed to block incoming connections it determines to be malicious. More information about IP Protection can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

Those who purchase the full version receive a license key via email to activate the protection module. The license includes a lifetime of free upgrades and support. For corporate and business customers, annual licenses are required. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs. If any conflicts between Malwarebytes and another security program are reported, suggested solutions are usually provided in the Common Issues, Questions, and their Solutions, FAQs thread.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.


FYI: mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products). Further, most people don't understand how to use Spybot's TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.

As for Ad-Aware.

Ad-Aware...have gone into a downhill spiral over the past five years and recently sold the company to Solaria... Majorgeeks stopped listing Ad-Aware as a “pick” some years ago as we watched the quality of the company slip over the years...it can’t stand up to the new generation of anti-spyware applications...

What does the future hold for Ad-Aware?
Lavasoft Controversies

Glossary of Malware Related Terms

What is Malware?
What is Spyware?
What is Adware?
What is Rogue software?
What is Ransomware?
What is a Spyware Dialer? - Understanding Spyware, Browser Hijackers, and Dialers
What are Potentially Unwanted Programs (PUPS)?  - McAfee White Paper: Potentially Unwanted Programs

What is a Worm?
What is a Backdoor Trojan? - Backdoors explained
What is a Botnet?
What is an IRCBot?
What is a Remote Access Trojan (RAT)?
What is a Virus?
What is a File infecting virus?
What is a Boot sector virus?
What is a Polymorphic virus?
What is a Metamorphic virus?

 

 

The Difference Between a Virus, Worm, Trojan Horse and Blended Threats
What is the difference between viruses, worms, and Trojans?
Trojan FAQs: Common Trojans and how they work

What are Alternate Data Streams (ADS)?
What is Spam?
What is a Spambot?
What is a Web Crawler?

What is Whistler Bootkit
What Is A Rootkit?
What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit[

What is a TDSS rootkit?
TDSS: Rootkit technologies from the beginning
TDSS part 1 - TDSS part 2: Ifs and Bots - TDSS part 3: Bootkit on the Other Foot
TDL4 Top Bot: The indestructible botnet
Memory Forging Attempt by a Rootkit: TDL4 variants
Bootkit: the challenge
TDL4 Rootkit Bypasses Windows Code-Signing Protection
TDSS loader has now got legs - a self-propagation mechanism
The Worm, the Rogue DHCP, and TDL4
Stalking TDL4: All Access Pass to the Hard Drive
POPUREB vs. TDL4
TDL4 rebooted and its hidden partition table
A New TDL4 with a Stealthy New Twist: creates hidden partition table

ZeroAccess (Max++) Rootkit:
Olmasco bootkit: next circle of TDL4 evolution
TDL4 Infection Update Win32/Olmasco MAXSS Pihar
ZeroAccess / Max++ / Smiscer Crimeware Rootkit
Dissecting the ZeroAccess Rootkit
MAX++ sets its sights on x64 platforms
ZeroAccess (Max++) Rootkit
ZeroAccess Gets Another Update
ZeroAccess rootkit malware shifts to user-mode

These are .pdf documents with more comprehensive information.
ZeroAccess an advanced kernel mode rootkit
Rooting about in TDSS
The Evolution of TDL: Conquering x64
Defeating x64: The Evolution of the TDL Rootkit
TDL3: The Rootkit of All Evil?
Backdoor.Tdss.565
TDL3: Part I A detailed analysis of TDL rootkit 3rd generation

Each security vendor uses their own naming conventions to identify various types of malware. Names with Generic or Patched are a very broad category.

• Understanding virus names
• Microsoft Malware Protection Center Naming Standards

Why you should not use Registry Cleaners and Optimization Tools

There are numerous programs which purport to improve performance, make repairs and tune up a computer. Many of them include such features as a registry cleaner, registry optimizer, disk optimizer, etc. Some of these programs even incorporate optimization/registry cleaning features alongside anti-malware capabilities. IMO such claims to speed up and improve computer performance are highly overrated and borderline scams intended to goad users into using an unnecessary and potential dangerous product.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Further, some vendors who offer registry cleaners use deceptive advertisements and claims which are borderline scams. They may alert you to finding thousands of registry errors which can only be fixed to improve performance if you use or buy their product.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".


Microsoft support policy for the use of registry cleaning utilities

...Windows continually references the registry in the background and it is not designed to be accessed or edited. Some products such as registry cleaning utilities suggest that the registry needs regular maintenance or cleaning. However, serious issues can occur when you modify the registry incorrectly using these types of utilities. These issues might require users to reinstall the operating system due to instability. Microsoft cannot guarantee that these problems can be solved without a reinstallation of the Operating System as the extent of the changes made by registry cleaning utilities varies from application to application...Microsoft does not support the use of registry cleaners...

Unless you have a particular problem that requires a specific registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I dont use registry cleaners

• Do I need a Registry Cleaner?
• Registry Cleaners and System Tweaking Tools

If you want to improve computer performance, please read: Slow Computer/Browser? Check here first; it may not be malware