|
|
How adware can thoroughly trash a system
The following is an example of the kinds of stories we received in which, unfortunately, adware corrupted a PC so completely that its software had to be reinstalled from scratch. This tale is from reader Doris Dippel:
-
"Around Christmas, my computer was hijacked by a yet-unidentified malware that
took over IE and Outlook.
"Though I cleaned out other malware using SpyBot,
AdAware SE, X-Clean, and other free programs, the malware kept five of my ports
open and other junk came in.
"I finally gave up and took my tower to the dealer
(not a retail outlet) where I bought it. Even those techs could not clean it up
so the ports closed. (I use 'Shields Up' to test that!)
"I brought the tower
home and could sense the malingerer working against me in the background as I
tried to 'burn' important files before reimaging my computer. I never did
identify the culprit.
"I reinstalled the manufacturer's software as instructed by
the dealer and all is well now (except some mouse and text functions are choppy,
not smooth), but I've put far fewer programs on it to keep it lean, clean and
mean.
"Right now I'm running V-Com's Antivirus and Firewall, Spy Sweeper, am
testing Prevex (something is slowing my machine down A LOT, though!), and run
SpyBot regularly. So far all my ports are 'stealth!'
"Thanks for your VERY informative newsletter. It is and has been one of my most valued resources. God bless you!"
You're very welcome.
Keeping up with an accelerating arms race
One corporate network administrator, who asked to remain anonymous, reports that
malware programs are exploding in number and that anti-adware apps need to evolve at least as quickly.
His own findings, and the questions that lie behind his
message, will be interesting to anyone who's grappling with rampant adware:
-
"I'm a network engineer working as IT manager for an electronics company.
I've spent the last few months pushing my management team towards a purchase of
an enterprise-wide antispyware program. We've just bought and implemented
Webroot Spy Sweeper Enterprise Edition, and it's going in this weekend.
"I first used the 30-day trial of Spy Sweeper in August 2004, when my marketing
manager got her system all but disabled by spyware/malware. SpyBot Search &
Destroy just wasn't helping, so I did a little research and downloaded Spy
Sweeper.
"Spybot was picking up 14 instances of spyware. Spy Sweeper picked up 56
instances (over 1,200 traces in all). Quite a difference. Two sweeps with Spy
Sweeper (the second in Safe Mode) and the workstation was clean.
"Admittedly, Spy Sweeper wouldn't have been able to tell me about problems it
wasn't programmed to detect. But my Registry warnings, Run and Run Once keys,
running processes (in Task Manager), MSCONFIG lists, and Add/Remove Programs
screens were clear (and, more importantly, have stayed clear).
"Also, the user's prolific pop-up and browser hijacking problems stopped
completely.
"Part of the 30-day trial was an update of the Spy Sweeper pattern files. At that
time (August 2004), the update brought the original number of recognized
patterns from 4,000+ to 29,000+. I had a second workstation badly compromised
the next month (September 2004) and by then the patterns numbered over 34,000.
"The current number of recognized patterns (although it will probably grow
between now and the time you look) is 54,000 and change.
"See my issue? Spy Sweeper is now recognizing nearly twice the number of
spyware / malware / Trojan / etc. infestations as it was when Eric did his (truly
impressive) research runs. You don't list the dates of your patterns when you
did your product combinations, but it seems that every couple of weeks hundreds,
or even thousands, of new holes are being plugged.
"Is there any way to find out if those percentages have changed in the last four
months to reflect the significant change in SpySweeper's arsenal? Speaking as a
network manager who's just talked my management team into a pretty sizeable
investment, I'd love a response."
I believe the anti-adware market has progressed very quickly since Eric Howes conducted his tests in October. He tells me that he's planning another round of tests within the next month or two. This set will attempt to evaluate the Microsoft Antispyware beta, which didn't exist four months ago.
In the meantime, other testers are suggesting that new leaders now hold the mantle of anti-adware effectiveness. In ratings released last week, for example, PC Magazine gave its coveted Editors' Choice award solely to one of the two programs we recommended: Webroot Spy Sweeper. (See the Security Baseline section for details.)
What's Microsoft's responsibility for spyware?
Several readers sent in criticisms of Microsoft for causing the virus/malware
problem in the first place. In this view, the Redmond company started a "Trustworthy Computing Initiative"
about five years too late and even then didn't complete its mission. Others
question Microsoft's actions regarding its purchase of Giant AntiSpyware, as
expressed by Jim Corsa:
-
"I haven't read anyone exposing Microsoft's conflicts of interest in buying/developing its own
antispyware and antivirus software. Why are pundits praising
the [Microsoft] AntiSpyware beta and debating whether Microsoft will sell it, instead of
pointing out that antispyware wouldn't be so critical if Windows and IE were designed
and coded properly?
"If Microsoft is going to make money selling antispyware and
antivirus products, then where is the incentive to fix Windows? ...
"It appears Microsoft has made matters worse
by removing the best antispyware from the market, or at least from users of
older Microsoft operating systems. (Another attempt to kill older versions of
Windows?)
"I clicked on the Giant AntiSpyware
download link and arrived at a page which gives the impression I can
download Giant AntiSpyware 1.0. However, after checking the Microsoft
AntiSpyware
beta link, I'm suspicious, because it appears Microsoft is abandoning
Windows versions before 2000 and has stopped the sale of Giant AntiSpyware
licenses.
"The Microsoft page contains these paragraphs. The first paragraph
addresses Windows versions Giant covers and Microsoft does not. The second
paragraph seems to say that anything from Giant is a dead end:
-
Support for
Windows 98SE, Windows ME, Windows NT (with Service Pack 3, 4, or 6a) operating
systems. GIANT AntiSpyware supports these operating systems, in addition to
Windows 2000, Windows XP, and Windows Server(tm) 2003. The Windows AntiSpyware
(Beta) software supports only Windows 2000, Windows XP, and Windows Server
2003.
Microsoft will continue to provide the same level of support to current
subscribers of GIANT AntiSpyware software as was offered by GIANT Company
Software prior to its acquisition by Microsoft Corporation. Microsoft, however,
will no longer sell new licenses, subscriptions, or subscription renewals for
GIANT Company Software products, including GIANT AntiSpyware.
"It's the 'however'
that caught my eye. Does this mean folks with old hardware running Windows 98SE
cannot get the best antispyware? Or is it still available?"
It appears Microsoft has shut down most or all of the routes by which
consumers could download and register Giant AntiSpyware, as opposed to the
Microsoft AntiSpyware beta. The download link mentioned above, involving a
product page at Download-ware.com (a former Giant Software Company sales affiliate) no
longer works. If any reader knows a legitimate way to download and register a
supported version of the genuine Giant AntiSpyware, let me know. I personally believe
it's been killed dead.
Numerous readers, while criticizing Microsoft for weak code, wrote to
support the growing movement to the new, free
Firefox
browser as a safer alternative to Internet Explorer. Many rogue programs install
themselves silently, track users' keystrokes, and do other nasty things using IE's
Browser Helper Object "feature."
This is one particular problem that Firefox is relatively immune to. (Firefox
supports extensions but not BHOs.)
We've written about the benefits
of Firefox many times, most recently in the Dec. 2, 2004, issue and as
far back as a
July 12, 2004, column.
How to recover if antispyware breaks your Net connection
Finally, reader Ken Baker fills us in on a problem that Microsoft Antispyware and
some other anti-adware programs can create if they remove malware in a
sloppy way. Many unwanted programs insert themselves into the
Internet connection process. Deleting a rogue program without fixing the
Registry entries it tampered with can leave the PC unable to connect.
Fortunately, there's a cure if this happens to you:
-
"There have been instances in the past where removal of spyware wrecked
computers' Internet connection. In these cases, spyware files insinuated
themselves into Winsock.
"Win who? Winsock is our new term of the day. It's a
series of files that are used to make the Internet connection. So the spyware
files wrote themselves into the Registry. That made the spyware a required part
of the Internet-connection process. See how tricky these folks are?
"When the spyware was deleted, the Registry could no longer find those files. Therefore,
the Internet connection failed.
"Over time, the antispyware makers learned to
remove the Registry keys when the Winsock invaders were deleted.
"The Windows firewall works closely with Winsock. It appears that the spyware is insinuating
itself into the startup of the firewall. When you remove the files, the Registry
can't find them. So, it refuses to start the firewall service.
"Repairing Winsock formerly meant going into the Registry. You had to track down the offending keys
and delete them. But Windows has a command that will do the job.
"To run the command, click Start, Run. Type cmd in the box and click
OK. That will put you at a command prompt. Enter netsh winsock reset and press Enter. Close the DOS window and reboot the computer.
"After doing the above, you should be good to go!"
Information about recovering from Winsock corruption is documented in more
detail by Microsoft in Knowledge Base article 811259 and, for
fixing general TCP/IP corruption, KB 317518.
In response to all the readers who asked, be assured that we very much plan to bring you more news on this front as we discover it. We're just beginning to see the full scope of the damage that adware can cause, unfortunately.
In the meanwhile, to send us more information you've uncovered about adware, or to send us a tip on any other
subject, visit
WindowsSecrets.com/contact.
Readers Butler, Dippel, Corsa, and Baker (and Mr. Anonymous) will receive gift certificates for a book,
CD, or DVD of their choice for sending us tips we printed.
^
THE SECURITY BASELINE — the minimum you need for
safe computing
New security suites top the rankings
Every PC needs a complete set of the six building blocks shown below for protection against hacker
attacks. In this section, which appears in every
issue, we summarize the top ratings from trusted reviewers.
PC Magazine last week published an extensive review that
updates two of our categories: software
firewalls and anti-adware programs. The reviewers gave their Editors' Choice
award to ZoneAlarm Security Suite, saying it was both the best software
firewall and the best antivirus program. Among anti-adware programs, Webroot's Spy
Sweeper 3.5 took top honors in the ratings.
|
|
1. Hardware firewall. For wired home and small-office networking, the 8-port
Linksys BEFSR81 router (photo
at left, about $80 USD street price) is rated "the best of our testing" by Extreme Tech.
For wireless networking, the new Belkin Wireless Pre-N router ($120) is
currently highest-rated at CNET.
|
|
|
2.
Software firewall.
New info:
ZoneAlarm Security Suite (left, $60)
holds PC
Magazine's Editors' Choice as the best combined software firewall, antivirus program,
and antispam filter. For software firewall protection only, ZoneAlarm Pro
($35) is number one according to several testers, including PC World's Best of 2004 awards.
|
|
|
3. Antivirus program. If you
need an antivirus program other than ZoneAlarm Security Suite, Trend Micro's
PC-cillin Internet Security 2005 antivirus
suite ($45), which also includes a personal firewall, recently won head-to-head comparisons
in PC World and CNET against McAfee's and Symantec's offerings.
|
|
|
4.
Antispam program. Cloudmark Safetybar
(available in versions for Outlook and Outlook Express, $30) is rated as a PC World
Best Buy and a PC Magazine Editors' Choice. If you don't need your
antispam program to be separate from your security suite, however, the
above-mentioned ZoneAlarm Security Suite includes a top-rated antispam
function.
|
|
|
5.
Anti-adware program.
New info:
Giant AntiSpyware, the top choice in our
Jan. 27, 2005, issue,
recently shut down affiliate sales after its December 2004 acquisition by Microsoft.
The two most effective anti-adware products are now
Microsoft AntiSpyware (free beta until July 2005) and Webroot Spy Sweeper (left, $25). Use both programs for scanning, but enable only Spy Sweeper's background protection. According to the
above-mentioned PC Mag review, Spy Sweeper eliminates the need for CWShredder, a
program we previously recommended that's been acquired by InterMute.
|
|
|
|
6.
Update management. Without naming a winner (because update software
is highly related to your network's size), a wide-ranging buyer's guide to
patch-management software was published in the Oct. 2004
Windows IT Pro magazine.
|
^
FORWARDING INSTRUCTIONS — news gains value when it's shared
Please share this information with your friends
You're encouraged to refer your friends and colleagues to this free newsletter.
Because most e-mail programs don't correctly display a formatted message that's
been forwarded, simply call people's attention to the permanent Web address of
this issue:
WindowsSecrets.com/050210.
INDEX OF REVIEWS — our directory of
product shootouts
The Index of Reviews
In this section, we link to respected expert reviews of the best
Windows-compatible hardware products available today. Only head-to-head
ratings of competing products — not individual reviews of
single products — are indexed here.
The links below lead to information from U.S. sources. For information
from sources in other countries, enter the name of a reviewed product into
a search box at one of the following links:
Canada /
U.K. /
Elsewhere
 |
|
WI-FI DETECTORS
Canary's Hotspotter comes out on top
Wired Magazine tests three of the newest pocket Wi-Fi detectors. It finds the
features of the Canary Wireless Digital Hotspotter with its LCD display (left) are worth
the unit's large size.
Canary Wireless Digital Hotspotter (Score: 4.0/5.0)
Link to all ratings and full review
|
 |
|
HARD DRIVES
PC World rates monster-sized drives
With cost-per-gigabyte at an all time low, PC World tests 10 massive hard drives
to find the best overall value. Of the five SATA and five PATA drives, from
five different major manufacturers, both Maxtor and Seagate stand out as "Best
Buys."
Maxtor DiamondMax10 6B300S0 (SATA Best Buy, Score: 4.0/10.0)
Seagate Barracuda 7200.8 (250GB) (PATA Best Buy, 3.5)
Link to all ratings and full review
|
 |
|
WIRELESS MULTIFUNCTION PRINTERS
HP's wireless all-in-one wins CNET Editors' Choice
Small-office printing has gotten easier with wireless printing, faxing, copying,
and scanning, all without third-party print servers. CNET takes a look at six
models with 802.11 capabilities and recommends the feature-rich HP OfficeJet 7410.
HP OfficeJet 7410 (Editors' Choice, Score: 8.0/10.0)
Link to all ratings and full review
|
 |
|
PALM PDAS
PDA Buyer finds Tungsten T3 a threat to Pocket PCs
New Palm PDAs are flooding the market. PDA Buyer Magazine breaks down each of the
new Palms to find the best buys for business users and consumers alike.
PalmOne Tungsten T3 (Editor's Choice, Score: 92%/100%)
PalmOne Treo 600 (Editor's Choice, 90%)
PalmOne Tungsten E (Best Value, 88%)
PalmOne Zire 72 (Editor's Choice, 82%)
Link to all ratings and full review
|
 |
|
POCKET PC PDAS
Four Pocket PCs receive magazine award
Pocket PCs take the familiar Windows OS and make it portable. Of the 16 models
reviewed, HP, O2, Dell, and
Toshiba introduced new capabilities that impressed the judges at PDA Buyer Magazine
(in a companion review to their Palm ratings, above).
HP iPaq H4150 (Editor's Choice, Score: 86%/100%)
O2 XDA II (Editor's Choice, 86%)
Dell Axim X30 (Editor's Choice, 84%)
Toshiba e800 (Editor's Choice, 84%)
Link to all ratings and full review
|
 |
|
RAM
PC Extreme rates the best RAM
PC Extreme Magazine takes a sample of random-access memory chips, puts them head to
head, and lets readers know which one is the best buy.
Kingmax DDR 500 Hard-Core (Score: 90%/100%)
Link to all ratings and full review
|
 |
|
NETWORK STORAGE
PC World chooses LinkStation external drive
Made for small-business and home use, network-attached storage units do
it all. PC World takes 10 varieties to their test center and finds the best
combination of size, ease, and cost.
Buffalo LinkStation Network Storage Center (Best Buy, Score: 4.5/5.0)
Snap Appliance Snap Server 1100 (Best Buy, 4.0)
Link to all ratings and full review
|
 |
|
CUBE PCS
Shuttle XPC is an Extreme Tech favorite
Extreme Tech Magazine reviews a new batch of bare-bones, no-compromise desktops.
Only one of these systems wins the "ExtremeTech Approval" rating.
Shuttle XPC SB81P (Extremetech Approved, Score: 9.0/10.0)
Link to all ratings and full review
|
 |
|
17-INCH LCD MONITORS
PC World picks Dell's mid-size LCD
PC World takes a look at the new 17-inch LCDs that have hit the market.
Among the flat-panels, Dell gets a "Best Buy" for the extras it offers at a reasonable
price.
Dell UltraSharp 1704FPV (Best Buy, Score: 4.0/5.0)
Sharp LL-172G (Best Buy, 4.0)
Link to all ratings and full review
|
^
HERE'S A TIP — you'll get a better newsletter if you choose the paid version
You're reading the free version of the Windows Secrets Newsletter
 For the first time, the paid version of
today's issue brings you the advice of Mark Burnett (photo, left). The author of
"Hacking the Code" and coauthor of "Stealing the Box," Mark is an accomplished
independent security consultant. He reveals in our exclusive new Update Management section how pros
keep their systems constantly patched against bad guys while doing as little
grunt work as
possible.
This feature joins the three other columns we've started since January 1 in the paid version of the
newsletter: Over The Horizon/Chris Mosby, Patch Watch/Susan Bradley, and
Briefing Session/Paul Thurrott. Our latest content expansion is now complete. Simply make a
voluntary financial contribution — any amount of your choice — and you'll
receive in 15 minutes a gold mine of Windows knowledge that would take you hours
to discover on your own.
Some of the extras in today's paid version of the newsletter are:
-
Update Management. How to keep your systems patched, whether you're
responsible for 5 or 50,000 PCs:
• How to patch when Microsoft's tools won't
• Secrets of updating ASP.NET
• The Enterprise Update Scanning Tool fills in the cracks for you
• How to force Automatic Updates to run scans
-
Over the Horizon.
The steps you need to take NOW to protect yourself, because patches aren't yet available for
these known threats:
• Don't get scammed by "bait and switch"
• How hackers are using frame injection
• RealPlayer .RM files can now be a real problem
- Windows Patch Watch.
We tell you which official Windows patches have problems and how to avoid them:
• We need to eat our Wheaties to handle Fat Patch Tuesday
• Stop everything and patch IE and Drag-and-Drop right NOW!
• Messenger may need manual updating
• Handling the 1st round and the 2nd round of patching
• How to call Microsoft if all else fails
-
Briefing Session. We reveal what the insiders know — and what you need to
find out — about Windows:
• The bare facts about MSN Search
• How to get the Encarta encyclopedia for free
• The new kinds of queries MSN supports that Google doesn't
Paid subscribers gain access to all past paid newsletter content
Make a contribution to support our research into Windows and you'll immediately
be able to read and search through scores of valuable articles. In addition,
paid subscribers are entitled to download valuable content that we license for
them at least once every calendar quarter.
We have no fixed fee — contribute any amount you choose
If you do this by February 23, 2005, you'll instantly be sent the full, paid
version of today's newsletter.
To upgrade to the paid version of Windows Secrets, please visit
WindowsSecrets.com/upgrade.
Thanks in advance.
^
ELECTRONIC BOOKSHELF — new e-books from the editors
 |
|
Spam-Proof Your E-Mail Address
This 27-page e-book by Brian Livingston gives you step-by-step instructions
that can eliminate 97% of the spam that would otherwise clog your e-mail
account. You could call it "Livingston's Spam Secrets." The PDF-format e-book
is the result of months of experiments and tests we conducted. We now
receive little or no spam to the addresses we used as guinea pigs. These tests
show that you can actually reduce your volume of spam to practically nothing,
not just battle an unstoppable and ever-growing flood. The methods we describe
work with Windows, Apple, and Linux and don't require any filters or block
lists — but you can use those in addition to the book's techniques,
if you wish.
More info
|
^
WACKY WEB WEEK — playing for you the Internet's
greatest bits
|
|
You've got a good head on your shoulders
A digital photographer, Susan Hesse, is creating a stir with her Web gallery of
faces overlaid on various objects, such as a Napa cabbage bearing the
visages of her and her husband, Stephen (photo, left).
She reportedly e-mailed her friends one of these whimsical creations a day for
10 months before a friend, Norman Sanders, surprised her by assembling the shots into a Web site.
Now the odd and hilarious images can surprise you, too.
Visit Hesse's site
|
^
USEFUL LINKS — more stuff that's good
to know
Can antispammers win the war?
The way things are going, it looks like spam will make up 99.9% of all e-mail
before too much longer. But there may be some good news. Antispam experts say
they may finally have some tools to dramatically reduce spam, if not eliminate
it. (By Brian Livingston, Datamation)
More info
The new Outlook Live
A subscription offering that combines Microsoft's popular Outlook 2003 application with MSN's Hotmail Plus service and Microsoft Office Outlook Connector software, Microsoft Office Outlook Live provides an interesting solution for power users who are accustomed to Outlook. (By Paul Thurrott, SuperSite for Windows)
More info
Microsoft AntiSpyware: separated at birth
You probably know that a program called Microsoft AntiSpyware is currently being
given away by the Redmond company in a public beta program. What you may not
know is that the program started out being co-developed by another software
company. (By Brian Livingston, Datamation)
More info
^
ABOUT YOUR SUBSCRIPTION — we're here to
serve you
The Windows Secrets Newsletter (formerly Woody's Windows Watch and
Brian's Buzz on Windows) is published twice a month, except for breaks in July
and December. The newsletter is published on the first and third Thursdays
after Patch Tuesday (the 2nd Tuesday of each month, when Microsoft generally releases
new Windows patches).
Publisher: The newsletter publisher is WindowsSecrets.com LLC, 300 Queen
Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited
packages to this address (readers' letters are fine).
Editor:
Brian Livingston is the coauthor of
Windows 2000 Secrets,
Windows Me Secrets, and eight other books. Associate Editor:
Paul Thurrott is the author of
Windows XP Home Networking and
Great Digital Media with Windows XP and the author or
coauthor of several other books. Contributing Editors: Susan Bradley, Mark
Burnett, Chris Mosby.
Research Director: Vickie Stevens. Program Director: Ian Maddox.
Trademarks: Windows is a registered trademark of Microsoft Corporation.
The Windows Secrets series of books is published by
Wiley Publishing Inc. The
Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos,
Index of Reviews, Briefing Session, Windows Patch Watch, and Wacky Web Week are
trademarks and service marks of WindowsSecrets.com LLC. All other marks are the
trademarks or service marks of their respective owners.
How to subscribe: Anyone may subscribe to this newsletter by visiting
WindowsSecrets.com/signup.
Our Ironclad Privacy Guarantee:
(1) We will never sell, rent, or give away your address to any outside party,
ever; (2) We will never send you any unrequested e-mail, besides newsletter
updates; and (3) All unsubscribe requests are always honored immediately,
period.
Privacy policy
HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
Copyright © 2005 by WindowsSecrets.com LLC. All rights reserved.
^
|
|
