| By Mark Joseph Edwards |
When your system is so corrupt with malware that it becomes unstable or won’t even boot, a bootable rescue CD can give it the scrubbing it needs.
The free anti-malware rescue CDs I describe today have all the tools you need to remove viruses and restore Windows’ health.
Two anti-malware rescue CDs outshine the others
When your PC is infected with one or more types of vicious malware, the machine may behave erratically or not boot at all. The best cure is to boot the system using another OS and scan the PC’s hard drives to find and remove the malware.
Subscribe and get our monthly bonuses - free!
Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!
But how can you do all that without installing a whole new OS? The answer is simple: use a bootable anti-malware rescue CD.
At a minimum, such a CD should contain a decent anti-malware scanner, although such CDs usually include other helpful tools, such as a partition manager and Web browser. You boot your system from the rescue CD, select options from a menu, and let the tool scan your PC to detect and possibly remove malware. Hopefully, that process resolves your problems.
Some desktop anti-malware solutions allow you to create a rescue disk. However, there are at least six vendors who make standalone, downloadable rescue CDs that anyone can get their hands on: Avast!, AVG (formerly Grisoft), Avira, BitDefender, F-Secure, and Kaspersky. All of these solutions are offered for free except the ones from AVG and Avast.
The advantages to using a bootable rescue CD are that you have access to another vendor’s solution and you don’t need to install a full-blown desktop application in order to create a rescue disk.
I found each of the products to be useful, though one is clearly better than the others: Avira’s free AntiVir Rescue System. When it comes to anti-malware detection and removal, however, one vendor’s solution may not handle every issue that other vendors’ solutions can.
I suggest that you download all four of the free solutions. If you administer a business network, you should seriously consider buying the AVG and Avast solutions, too. That way, when you’re in a pinch, you can try all the possible options to clear up a problem.
When you’ve got at least four free anti-malware solutions to choose from, which one do you use first? That comes down to which tool provides the best on-demand malware detection rates. Since I don’t have a full-blown anti-malware test lab — which is a complex and difficult-to-maintain service — I defer to the experts who do maintain such labs.
As in the past, I rely on the results published by Virus Bulletin, a well-known and respected independent lab. Virus Bulletin recently tested 35 anti-malware solutions using samples from the WildList as it stood in April 2008. The tests were conducted using product releases available as of June 24, 2008. Five of the 35 virus scanners are available on their respective vendors’ rescue CDs and are reviewed here.
My overall scores cover the ready-made free products; I also summarize the features available in the two commercial products and offer a couple of other rescue alternatives.
All of the products that I rate work basically the same way: there is no installation or removal process required with a boot CD, and disk scanning is performed by selecting menu items. My ratings are based on each product’s ability to detect malware and on the other features included on each CD. As it turns out, the tools with the most features also have the best on-demand scanning capabilities.
#1: AVIRA ANTIVIR RESCUE SYSTEM
| Free version |
Avira’s solution is the best anti-malware rescue CD you can get today. The AntiVir Rescue System doesn’t come with a full-blown Linux GUI-based desktop, as does BitDefender (my #2 choice). But the program’s text-based command shell comes in handy for such basic tasks as copying, moving, and deleting files.
You can set the AntiVir Rescue System to update its anti-malware definitions when it boots up, although this requires an active Internet connection. What makes AntiVir the #1 rescue CD is that its malware scanner has the highest virus-detection score of all the products I examined.
AntiVir detected all worms, bots, file infectors, and polymorphic virus strains. The program also caught 98.27% of all Trojans thrown at it. Very little gets past AntiVir, and that’s a big reason why Avira’s solution earns the top rating.
#2: BITDEFENDER RESCUE CD
| Free version |
BitDefender’s Rescue CD features are far superior to those in the other free solutions I tested. Still, what makes this CD really great is that it boots a version of Knoppix Linux — complete with a desktop GUI — for easy access to its many useful tools.
Among these are a rootkit scanner, network-vulnerability scanner, partition manager, file recovery tools, wireless network monitor, network diagnostics, and Mozilla’s Firefox browser. When you boot the CD, the software tries to download anti-malware definition updates if the system has an active Internet connection.
Features aren’t nearly as important as the ability to detect and remove malware. Like AntiVir, BitDefender detected all worms and bots, file infectors, and polymorphic strains thrown at it by Virus Bulletin. But it caught only 94.75% of the Trojans.
The “more info” link in the box at right leads to an index page from which you can download Bitdefender’s .iso file. For an explanation of how to burn this file to a CD using freeware or commercial tools, see the Petri IT Knowledgebase.
#3: F-SECURE RESCUE CD
| Free version |
Like the rescue CD from BitDefender, F-Secure’s solution is based on the Knoppix version of Linux. Unlike BitDefender, the F-Secure rescue CD is strictly text-based, although you can access a command shell just like the one in the AntiVir Rescue System.
The F-Secure Rescue CD provides an auto-update mechanism for its anti-malware definitions. However, F-Secure didn’t fare as well as Avira or BitDefender in detecting malware. The solution identified all the worms, bots, and file infectors thrown at it. Unfortunately, the program was able to detect only 98.55% of polymorphic viruses and 94.15% of Trojans.
Even so, you should keep a copy of this tool handy in case the first two rescuers can’t detect or remove the malware present on your problematic system.
#4: KASPERSKY RESCUE DISK
| Free version |
The Kaspersky Rescue Disk is a useful tool, even though it doesn’t provide a command shell or a mechanism to automatically update its malware definitions. Because of the latter, this rescue CD isn’t nearly as useful as the other three free contenders. Still, it’s a good idea to have it nearby if you need a rescue CD to fill in where the others might be lacking in terms of malware detection and removal.
Like F-Secure’s solution, Kaspersky’s standalone Rescue Disk detected all worms, bots, and file infectors in Virus Bulletin’s tests, as well as 98.55% of polymorphic viruses. But the program caught only 93.79% of the Trojans, making it slightly less effective than F-Secure’s product.
If you decide to use the Kaspersky Rescue CD, check for the latest version on the vendor’s site before you put it to use. That way, you can be sure that you have the latest malware definitions available. As I write this column, the last release was issued on June 28, 2008, which means it’s already nearly two months behind the times.
To Kaspersky’s credit, this tool isn’t meant specifically for widespread public distribution. It’s more likely that Kaspersky provides it as a helper tool, since an up-to-date rescue disk can be created at any time, according to a Kaspersky FAQ page. To do so, you must have the company’s antivirus solution installed on your desktop, along with BartPE and PE Builder and a copy of Windows XP with SP2.
The anti-malware-rescue-CD also-rans
Other popular free rescue CDs include the Ultimate Boot CD and Hiren’s BootCD, both of which contain a DOS version of F-PROT Antivirus and McAfee Antivirus. However, their antivirus definitions haven’t been updated for over a year.
There is also a beta available for Ultimate Boot CD 5, which adds the open-source ClamAV anti-malware scanner. And there’s BartPE, which lets you build a Windows-based bootable CD and incorporate plug-ins for ClamAV, McAfee malware scanners, and even BitDefender. However, BartPE is a solution you have to build from scratch.
Two ready-made commercial tools worth considering are Avast! Bart CD and AVG Rescue CD, each of which costs $150 for a one-year license. Along with anti-malware detection and removal, Bart CD comes with a Registry cleaner, Registry editor, disk checker, data shredder, file manager, text editor, and command shell.
AVG’s product is similar to Bart CD. The anti-malware solution is complemented by a command shell, Registry editor, network-settings tool, disk scanner, text-file editor, and network-mapping tools.
So which of the two commercial tools is better at removing malware: Avast or AVG? That I can’t tell you, because Avast didn’t take part in the most recent Virus Bulletin tests. What I can tell you is that AVG didn’t do nearly as well as the free tools in this review, managing to catch only 99.94% of worms and bots, 99.21% of file infectors, 89.95% of polymorphic virus strains, and 97.36% of Trojans.
That’s not very impressive, compared to Avira AntiVir and BitDefender. Nevertheless, when other scanners fail to clear up problems on your systems, it certainly won’t hurt to try the rescue CDs from Avast and AVG.
Protect your systems against Snapview exploits
Microsoft released a patch this week for a problem related to its Snapview ActiveX control, which is used to view Access databases. However, if you don’t have Microsoft Office installed, you probably won’t be offered the patch via Windows Update.
Nevertheless, it’s definitely wise to take defensive action now by setting the killbits for the relevant Class IDs used by this ActiveX control.
According to Windows Secrets columnist Susan Bradley, even if you don’t have the ActiveX control installed, it’s possible that some sites might try to push the control out to your system. This could happen when you visit a malicious Web page that’s specifically designed to deliver the control. Susan reports that this exact situation occurred to her recently.
Set the killbits now, just to be on the safe side. You can find detailed instructions on how to do this in Microsoft’s related advisory, “Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution.” You’ll find all the information you need to address the problem in the Suggested Actions section of the advisory.
Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.