Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What are the best (free) stand-alone supplemental malware programs to use for XP-Pro?


  • Please log in to reply
31 replies to this topic

#1 Lee42

Lee42

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:50 AM

Posted 27 December 2010 - 05:47 AM

I'm fixing my friends computer again because due to his unsafe surfing habits, he got it wrecked up with malware again and it required a reinstallation of XP-Pro. It's an old Dell 2.8Ghz w/512Mb RAM.

I've installed Microsoft Security Essentials for the real-time virus/spyware protection. And I've installed Malwarebytes as a stand-alone to scan and fix with. I want to load his computer up with as many free programs that I possibly can that wont conflict with each other. I'll put a dozen or more on there if that's what it takes. But I gotta put more on there than just MSE and Malwarebytes.

I also want to install SUPERAntiSpyware and Spybot Search & Destroy. As far as I know they don't have real-time so it shouldn't be an issue...or will there be one?
I know you can't have two antivirus programs running at the same time so I'm not going to do that.

I want to go overboard to give him more "ammunition" to scan his computer with when he gets infected again (and he will I'm sure) so I really need to know what all I can install for supplemental programs.

What all (free) programs are out there that I can install that wont clash with each other? And please provide your reviews on each one.

I will really appreciate this information!

Thank you

Lee

BC AdBot (Login to Remove)

 


#2 max7bg

max7bg

  • Banned
  • 317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 27 December 2010 - 06:08 AM

Hello,

I use AVG 2011 Pro and MalwareBytes Pro, and they are working perfect so far! I have only best words for them :thumbsup:
I am not considering adding any more Security Programs!
You can install Spybot S&D, it will protect you better if you don't have full versions of antivirus!

Hope this helps!

Max

Edited by max7bg, 27 December 2010 - 06:10 AM.


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 27 December 2010 - 06:37 AM

Could you convince your friend to use an account on his XP Pro machine that is not an administrative account?
This will prevent a lot of malware from infecting his computer, and it will also help with the cleanup.

I know it's not that easy to use XP with a non-admin account, so if it's not possible for your friend, I recommend you configure SRPs to restrict the rights of some of the targeted applications, like Internet Explorer and and Adobe Reader.
I've a blogpost on how to configure SRP to restrict the rights of Adobe Reader:
http://blog.didierstevens.com/2009/09/28/quickpot-safer-and-malicious-documents/

It's easy to adapt these instructions for another program, like Word, Excel, Internet Explorer, ...

By configuring SRPs like I show in the blogpost, these applications will not run with administrative rights, even if your friend uses an administrative account.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 max7bg

max7bg

  • Banned
  • 317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 27 December 2010 - 07:33 AM

Could you convince your friend to use an account on his XP Pro machine that is not an administrative account?
This will prevent a lot of malware from infecting his computer, and it will also help with the cleanup.

I know it's not that easy to use XP with a non-admin account, so if it's not possible for your friend, I recommend you configure SRPs to restrict the rights of some of the targeted applications, like Internet Explorer and and Adobe Reader.
I've a blogpost on how to configure SRP to restrict the rights of Adobe Reader:
http://blog.didierstevens.com/2009/09/28/quickpot-safer-and-malicious-documents/

It's easy to adapt these instructions for another program, like Word, Excel, Internet Explorer, ...

By configuring SRPs like I show in the blogpost, these applications will not run with administrative rights, even if your friend uses an administrative account.


It's :offtopic: , but I must say that it is great mini tut! :clapping:
Could I block every program with this?

Regards,
Max

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 27 December 2010 - 07:53 AM

Could I block every program with this?


In theory yes, but it won't work, as many programs on XP require administrative rights to function correctly.

But here's an alternative: use a Least-privilege User Account (LUA, fancy word for non-admin account) and configure SRPs to only allow LUAs to execute programs from the system directory and the program files directory (see step 3 here http://hype-free.blogspot.com/2008/04/windows-xp-high-security-configuration.html).

This way, you prevent LUAs from executing programs you as an administrator have not approved: they won't be able to start programs that are not in the system and program files directory, and they won't be able to change/install programs in these directories.

Configuring and using your XP machine like this will prevent almost all downloaded malware from running.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 27 December 2010 - 08:04 AM

Another good program I run with my Norton Internet Security and Malwarebytes AntiMalware PRO and then for the rest I use SUPERAntiSpyware. Use an AV and MBAM, SAS once a week and you will like me NEVER get infected, also a good thing is to setup a HOST file for blocking unwanted internet access.

I hope you find this useful. MBAM = MalwareBytes AntiMalware , SAS = SUPERAntiSpyware

Check this tutorial out for learning about HOST file and its use : http://www.bleepingcomputer.com/tutorials/hosts-files-explained/

With Regards,
Karsten

#7 max7bg

max7bg

  • Banned
  • 317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 27 December 2010 - 08:11 AM


Could I block every program with this?


In theory yes, but it won't work, as many programs on XP require administrative rights to function correctly.

But here's an alternative: use a Least-privilege User Account (LUA, fancy word for non-admin account) and configure SRPs to only allow LUAs to execute programs from the system directory and the program files directory (see step 3 here http://hype-free.blogspot.com/2008/04/windows-xp-high-security-configuration.html).

This way, you prevent LUAs from executing programs you as an administrator have not approved: they won't be able to start programs that are not in the system and program files directory, and they won't be able to change/install programs in these directories.

Configuring and using your XP machine like this will prevent almost all downloaded malware from running.


Many thanks, I really needed this!
Bookmarked this topic... :)

Another good program I run with my Norton Internet Security and Malwarebytes AntiMalware PRO and then for the rest I use SUPERAntiSpyware. Use an AV and MBAM, SAS once a week and you will like me NEVER get infected, also a good thing is to setup a HOST file for blocking unwanted internet access.

I hope you find this useful. MBAM = MalwareBytes AntiMalware , SAS = SUPERAntiSpyware

Check this tutorial out for learning about HOST file and its use : http://www.bleepingcomputer.com/tutorials/hosts-files-explained/

With Regards,
Karsten


Never tried SUPERAntiSpyware. Must try it just to see how it looks and works! Doubtfully but maybe MBAM missed something bad :whistle:

Regards,
Max

#8 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 27 December 2010 - 09:40 AM

MBAM overlooks alot of COOKIES that SAS takes out everytime, this is my reason for using it! MBAM does take almost EVERYTHING infection related!

SUPERAntiSpyware is just one I use, just to be on the safe side!

#9 max7bg

max7bg

  • Banned
  • 317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 27 December 2010 - 10:04 AM

MBAM overlooks alot of COOKIES that SAS takes out everytime, this is my reason for using it! MBAM does take almost EVERYTHING infection related!

SUPERAntiSpyware is just one I use, just to be on the safe side!


I tried SUPERAntiSpyware and i really doesn't like it, too many unnecessary buttons and options, MBAM is simply to use! I just got used to MBAM, I use it over 2 years! SAS sometimes crash unexpectedly, and knows to slow computer! Also MBAM has faster scan! Don't know about you, but I see it like that!

For Cookies there is AVG, he cleans it perfectly!

Don't get me wrong, I just love using MBAM, and i will keep using it... B)

With regards,
Max

#10 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 27 December 2010 - 10:31 AM

Dont get me wrong max, MBAM is one of my best tools, but it for sure is NOT and will NEVER be my only tool used. As I stated ealier I use it for what MBAM dont take along and my AV and MBAM and SAS works so good together. My AV is realtime and so is MBAM, but SAS I only use for scanning and removing mostly cookies. MBAM is one of the best tools we have, no doubt. But still I will always use the tools I think is best for the job at hand! Im not locked into any tools and I dont want to be locked in my choosing! This was my 2 cents.

You can ofcourse use whatever tools you like it is only meant as a suggestion to you and other people reading this topic!

Cheers

#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 27 December 2010 - 10:42 AM

but SAS I only use for scanning and removing mostly cookies.


BTW, I'm wondering, is this the only way you manage cookies?

From your avatar, I assume you use FF (like me). I've set FF to erase all cookies when I close FF. And I've the BetterPrivacy add-on to erase Flash Cookies.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 max7bg

max7bg

  • Banned
  • 317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 27 December 2010 - 10:49 AM

Dont get me wrong max, MBAM is one of my best tools, but it for sure is NOT and will NEVER be my only tool used. As I stated ealier I use it for what MBAM dont take along and my AV and MBAM and SAS works so good together. My AV is realtime and so is MBAM, but SAS I only use for scanning and removing mostly cookies. MBAM is one of the best tools we have, no doubt. But still I will always use the tools I think is best for the job at hand! Im not locked into any tools and I dont want to be locked in my choosing! This was my 2 cents.

You can ofcourse use whatever tools you like it is only meant as a suggestion to you and other people reading this topic!

Cheers


Sorry, I misunderstood you
I also have AV and MBAM realtime, so I will consider using SAS, for removing cookies, althought AV doing it perfectly!

With regards,
Max

#13 Lee42

Lee42
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:50 AM

Posted 28 December 2010 - 02:40 AM

You can install Spybot S&D, it will protect you better if you don't have full versions of antivirus!

Hope this helps!

Max

Yes, that does help! Thank you. I'll definitely install that program too. I just now read the wikipedia.org review on it and it has something called a TeaTimer module that provides real-time protection from undesirable registry changes like when malware tries alter the registry. I think that'll come in real handy. :thumbup2:

Lee

#14 max7bg

max7bg

  • Banned
  • 317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 28 December 2010 - 02:44 AM

Hi,

I am glad I can help :)

Please take your time and read Bleeping Computer's great tutorial about Spybot S&D!

Spybot S&D Tutorial

Regards,
Max

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 28 December 2010 - 03:09 AM

Check out SpywareBlaster. It is not a scanner but it can prevent infections getting on your computer.

Edited by Budapest, 28 December 2010 - 03:09 AM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users