Internet Necessities (or, Software you MUST get)

[OddOne]

This is sorta kinda an expanded version of the Spybot/Ad-Aware list Kris posted, only expanded to include software for detecting, removing, or preventing malware installations.

I personally have - and use - ALL of the items on the list below. I catch a LOT of malware and virus attempts but thus far have shrugged all of 'em off without any ill effect.

The Must-Have List:

Spybot Search & Destroy (Link)
Ad-Aware 6 (Link)
Pest Patrol (Link)
A2 (A-squared) (Link)
TDS-3 (Link)
Bit-Defender Free Edition (Link)
AVG 6 Free Edition (Link)
CWShredder (Link)
Hijack This! (Link)
DSOstop (Link)
HTAstop (Link)
Proxomitron (Link)


What They Are/Do:

Spybot Search & Destroy
Spybot S&D is one of the two most popular malware detectors. The latest version includes a memory-resident (always running) protection tool that actively blocks attempts by malware to modify the system Registry.

Ad-Aware 6
Ad-Aware 6 is the other of the two most popular malware detectors. Its scanner is very exhaustive/comprehensive. Ad-Aware is best used in conjunction with Spybot S&D as one will catch what the other misses.

Pest Patrol
Arguably the most thorough malware detector, Pest Patrol finds things even the potent Spybot/Ad-Aware combo might miss. However, the free version doesn't remove any malware, so you'll have to buy this one for full functionality.

A2 (A-squared)
A-squared is a powerful trojan/keylogger detector. It will search every file on a drive if you want it to, and includes a memory-resident (always running) protection tool that actively blocks trojans and keyloggers and other assorted malware from installing.

TDS-3
Although not as user-friendly as A-squared, TDS-3 is another powerful malware detector with emphasis on trojans, keyloggers, and similar nasties.

Bit-Defender Free Edition
Bit-Defender is a potent free antivirus suite that incldues automatic AV signature updates. Its disadvantage is the lack of a resident scanner - unless you buy the more advanced version, of course. Still, it makes a good backup scanner.

AVG 6 Free Edition
The current favorite for best free antivirus software. AVG includes scheduled operation and free updates, and unlike Bit Defender it has a memory-resident (always running) protection tool that monitors files as they are run.

CWShredder
CWShredder finds and removes many variants of the CoolWebSearch browser hijacker, one of the more pervasive adware creations one can encounter. This tool is best run from Safe Mode with NO browser windows open, and severe infestations may require several run-reboot sessions.

Hijack This!
H.T. is an EXTREMELY powerful tool for rescuing badly hijacked systems. It detects and lists EVERY autorunning application, service, tool, and component on the system and can be used to remove any or all of them so they aren't reinvoked at the next boot. This power comes with a pretty big caveat, though - you can use it to unload critical system processes and make your computer not boot properly, or at all, so be careful what you remove with it. On the upside, the Security Forums Dot Com mesage boards has a section devoted to helping users of Hijack This in delousing their systems - it can be reached here.

DSOstop
DSOstop is a small utility that disables Data Source Object access to web-enabled parts of Windows, like Internet Explorer. This effectively closes a security hole that has been used by some types of malware to infect Windows systems without your having to run ANYTHING. (DSO-exploit malware applications can infect computers directly through the Internet connection without requiring any user intervention.)

HTAstop
HTAstop plugs another security hole in Windows by ordering Windows to not execute HTA (HyperText Applications) like it does EXE files. This prevents another type of auto-deploying, no-user-intervention-needed malware from working.

Proxomitron
Proxomitron is arguably the most powerful (and among the smallest) popup-blocker there is. It can block popups, pop-unders, various types of script, DHTML, web bugs, banner ads, META REFRESH auto-reload timers, onload/onunload script, and tons of other things. Plus, as it functions as a web proxy, it works with practically any web browser. Couple Proxomitron with Mozilla Firefox or Opera and you may never see a popup again, ever.



If you grab any or all of the apps on my list, be sure to USE them, and be sure to UPDATE them REGULARLY for maximum usefulness and detect/remove capabiltiy. If you're not willing to bother with updating 'em, you're probably wasting your time using 'em to begin with and are dooming yourself to a malware nightmare in the future. But if you DO use/update them, you may protect yourself from getting malware from the very beginning.

oO

[john99]

Thanks for this very comprehensive list, OddOne!

[dieseltrooper]

Good deal! I use AdAware and Spybot S&D as well as Norton and ZoneAlarm, but I've been without Google for a tear or so. Sounds like HijackThis! might be worth a try.

[suzy]

OddOne, thanks for posting the list, and descriptions. Have several of these running now, and will go see about the others.

suzy

[OddOne]

Thread stickied, so more folks can find it.

oO

[Zander]

Nice! The only thing missing from the list so far is an alternate browser suggestion. The first step in online security is to ditch Internet Explorer.

Mozilla Firefox (free)
Opera (not free, but excellent)

[Dennis Olson]

Thread copied from TECH to the main forum

[lotsaloans]

What about a good free spam blocker?

I am about to ditch my email address, getting a ton of email every day from a bunch of crazies.

[clem]

What about a good free spam blocker?

I am about to ditch my email address, getting a ton of email every day from a bunch of crazies.

Try this:

http://www.spamfighter.com/default.asp

[Mrs. Peavey]

I have Norton Anti-Virus and Zone Alarm (free version) on my computer. Will I need to shut either of them down to download Ad Aware and/or Spybot?

[Lynn]

Mrs. Peavey........no...don't shut yor FW/AV off to download anything.

[macten_1]

I would add SpyWareBlaster to the mix. It works well with AdAware and Spybot. It keeps a lot of spyware off your machine and it's free. I would say I'm now getting about 75% less spyware since I added it.

[Claudia]

I love my Mac - I don't need any of this "must have" software!
Safari works well as a browser for me. IE is the pits. Just my 2 cents.

[GTDCFNP]

Currently use SpyBot and immunized computer. Switched to Mozilla. Besides it being safer than IE, it is faster on our sloooow dial-up modem. I am not seeing anywhere the same spyware removed.

[LoupGarou]

Linux 7.2, 7.3, 9.0, or Fedora Core on Intel
Linux 7.2, 7.3 on Alpha (Alpha quad proc 8400)

Nothing else needed. Runs great, no viruses, no spyware, no M$.

And for the people a little more worried about security, Flonix, bootable CD, no HD needed. When finished turn off PC. Poof, no trace.


Loup Garou

[Joseph R. Whaley]

This thread should be retitled as follows:

"Reason 75,082 to switch from Windows to Mac!"

(grin)

My last encounter with a virus, trojan, or whatever, was in maybe 1994 and it did no harm, and none of the programs on that long list is needed for my computer.

[OddOne]

This thread should be retitled as follows:

"Reason 75,082 to switch from Windows to Mac!"

(grin)

My last encounter with a virus, trojan, or whatever, was in maybe 1994 and it did no harm, and none of the programs on that long list is needed for my computer.

Viruses exist for Macs, and there are already malware apps that can breach a Mac's defenses.

The only reason Macs are not getting pounded is thet fact that there aren't enough of them to warrant coding for. This used to be the case for Linux, and now that Linux is becoming popular viruses for it are emerging.

Bragging that you're secure becuase you're on a system viruses aren't coded for -yet - is foolish and based on a total lack of understanding of IT security principles. You WILL be targeted eventually - Linux is, cellphones are, PDAs are, and yes, Macs are.

There is no security through obscurity.

oO

[NVBadBoy]

I'm a believer in AV software. Personally, I prefer NOD32. I tried Norton and way back when, I used McAcfee. The latter 2 turned into bloatware and I dumped them both. I've been using NOD32 (v2.0) for the last 3 years. It has a small footprint and consumes very little in CPU cycles.

Spam gets detected and deleted with Choicemail One. Latest release is v2.54A.

For quiet, unobtrusive web browsing, Outpost Firewall is my best option. If you don't run an ad blocker, then you hav to mess with the Hosts file in your Windows/System32/Drivers folder.

TDS-3 is another good trojan detector. I run Port Explorer in conjuntion with Wormguard.

The software listed in previous posts are all great to have. You can't go wrong. Updates are a must-have, though.


NVBadBoy

[Prairie Lady]

Avast is an excellent free Antivirus..actually of all the freebies, it's the better one.

I use a free AV program called "Antidote Lite". All that one is is a SCANNER, not a removal utility. But I'll tell you what; it catches what the others miss. It will also tell you if your system files are corrupted so you can repair them. There are no changes made to the system when you install it, it runs from the desktop and unless it's updated it won't run. It uses no resources being on your computer, it doesn't run in the background. It only runs when you open the program to scan with it.

TIP

Hijackthis MUST have it's own folder for the storage of the logs you make. But once you have given it it's own folder, you can then put an ICON link on the desktop for ease of use.

TIP

To prevent spam in your mail box, do not leave your email address ANYWHERE on line. Set yourself up a freebie junkmail box somewhere and use THAT address if you must leave an addy when an addy is demanded. Make sure you scan and scroll the page and check off everything related to sending you junkmail. Even when registering products, use the junkmail box. When signining up to something and they say they will validate your email by sending you a password and a validation link..use the junkmail box.

Set up a second account for business such as credit card purchases. That way your valid business doesn't get confused with the viagra ads, but your private family/friends and folks you DO want to hear from go to your "good" addy.

Finally, Oo was working on a spambuster program that sounded excellent. I don't know how that's coming along, but you can ask him

pl

[mudwrench]

oddone i read everything i think of myself as being a little literate and understanding of computers as an operator only i couldnt even make your beta test download so i doubt i need any of this stuff either........... maybe i do but this puter wont let me

[oldertech]

I would add All-in-one secretmaker for firewall and spam filter. It is good and it is a free download. Mozilla's Firefox browser is a good alternative to IE. and it has a popup blocker built in.

[energy_wave]

I used Hijackthis today. Somehow I got the trojan.startpage virus. Norton didn't detect or remove it.

The trojan.startpage took over my browser and bogged my system down. When I tried downloading a cleaner it blocked it everytime. Make sure you at least have a copy of hijackthis on hand.

Every minute your browser is open the virus replicates itself and hides. I had to remove well over 30 registry changes and it still wasn't enough.

[OddOne]

HijackThis is best run in Safe Mode, and it's wise to unplug your network cable as well if you're on a LAN or have broadband, so an infection cannot redownload itself as you remove it.

oO

[milkydoo]

Nice list, but Zone Alarm should be at the top. Imo, a firewall is the first line of defense from the one zillion and one scumbags on the net. Running without a firewall is like a submarine with a screendoor on it......sooner or later, you'll go down, and you won't come back up.

[OddOne]

Nice list, but Zone Alarm should be at the top. Imo, a firewall is the first line of defense from the one zillion and one scumbags on the net. Running without a firewall is like a submarine with a screendoor on it......sooner or later, you'll go down, and you won't come back up.

Actually, Zone Alarm - and ALL software firewalls - should be a tertiary line of defense, NOT THE FIRST. The first line of defense for a broadband Internet user is a HARDWARE firewall NOT a software one, and that only protects against a specific subset of all intrusion and compromise attempts. By the time your software firewall fires, you're probably already compromised.

Here's why software firewalls are now almost useless:

The latest generation of malware (MALicious softWARE) - and spy/adware in particular is doing this a lot lately - installs itself by penetrating your defenses through OS or browser exploits. Since your SOFTWARE firewall was long since told to allow your browser or specific Internet-aware portions of your OS to connect, the malware simply slips right through under its radar because it's coming in THROUGH the browser or OS component.

The HTA exploit is a classic example. A HTA file is a HyperText Application, an executable file that is intended to run as a clientside web application. Internet Explorer will execute HTA files as though they were ActiveX controls, and when that happens the HTA can make system changes such as downloading files and writing to the system Registry - but to a software firewall running on the machine only Internet Explorer is connected... the HTA is never seen as a separate process by the firewall since it's a thread running within IE's process space!


A couple years ago a software firewall was your best firstline defense option. No longer. The only real use for a sotfware firewall now is to catch malware (after-the-fact, after it has already installed itself) when it calls home.


Nowadays, proper defenses require a layered approach. You need two antivirus apps, updated weekly. You need an install detector like Spybot's TeaTimer or StopZilla. You need a trojan detector or two. You need ALL of the security fixes and patches for your OS. You still need a software firewall, but now it's to catch anything that does makie it through.

oO

[NVBadBoy]

You might also keep an eye on this website. It shows you a list of Rogue/Suspect Anti-Spyware Products & Web Sites on the market today, and the list keeps growing.

http://www.spywarewarrior.com/rogue_anti-spyware.htm


NVBadBoy

[NVBadBoy]

A quick note of importance regarding Ad-Aware....

Apparently, Ad-Aware is keeping users vulnerable.

"Users who are running versions of Ad-Aware SE Plus or SE Pro earlier than the current v1.03, which is available now for download, should redownload their copies of the application. This is Ad-Aware's third update in a week's time, but the most urgent. Simply running the software's Web Update feature--which downloads the latest definition files--will not correct the problem. " - (Source: Yahoo)

For complete info, visit http://story.news.yahoo.com/news?tmp...pcworld/117372

[OddOne]

What I've found works well is to use Hijack This! in safe mode to systematically remove any unusual applications. However, this requires a thorough knowledge of what is and isn't "normal" for the OS in question as well as a flair for spotting the bogies hiding among the friendlies - disabling the wrong things with HJT! can result in an unbootable computer!

So hat I usually end up doing is rebooting into Safe Mode, launching HJT, and then tracking down each and every autoloaded file by following the directory path it's in and checking the EXE in question for version info and other clues. If it looks suspect I make note of it, kill its entry in HJT!, reboot, and check to see if it restarts on its own. If it does, I force a rename on reboot (either by creating a WININIT.INI file or using the PendingRenameOperations Registry key, depending on the Windows version) to rename the file, reboot again (ignoring any errors about not finding the filenow), and remove the renamed file.

Of course this is awfully complicated and potentially risky if you lack the expertise, in which case I suggest seeking out some help.

oO

[Trasael Adnepos]

Thanks, OddOne. I have no idea what the heck I'm doing, but I have changed prompt lines in DOS before to get rid of the rest of a virus a few years past, and I've been trekking all over the Registry files, (and everywhere else), getting rid of stuff this thing has replicated or installed, so I am willing to try. I have learned to run a boot log (print it) and back up the registry in case I really screw up, but if I hadn't been hand weeding so far, I wouldn't have found quite a few components of this thing which the scan programs missed. I found a brand new WININIT.INI file last night that the thing had evidently created to rename files in Favorites it was hiding in.

I'll try again to get Hijack This! In the meantime, I have that machine off unless I'm working on it.

I also learned something else which others may be able to use from this remote location today, which is that if you enter begin2search.com using no caps, (the toolbar hijack uses caps (B) & (S), they claim to have an uninstall for the thing. I haven't tried it yet, but the link is there

Edit to correct: I thought I must have entered the link differently, but now that I brought up this machine to try it, it appears the hijack toolbar is actually re-directing me to the junk site where the uninstall link isn't. I am getting a different site than I did at the remote location, and it evidently wasn't the addy. Here's the link to the bad one. Someone see what you get.

http://dp.information.com/?a_id=1054...intosearch.com

That's where it goes when I enter begin2search.com. The uninstall links justs take you to other sites.

Thanks again,

Tras

[Trasael Adnepos]

Update. OK, apparently the difference in the urls was between (2) and (to), but I'm not going back to find out. I'm getting a little blinkey from this. Does it show?

I downloaded Hijack This! (saved to disk), brought it home, and the driver was missing. So much for that idea.

I did another Google and went through some more material at ComputerCops. Eventually I found this link someone had posted for removal of the hi-jack bar.

Here's the goods in case anyone else gets hit:

Download uninstaller for Begin2Search

http://216.130.185.143/uninstall.exe

It did change my home page to Yahoo and something (it?) loaded some other easy to delete crap. It did not appear to get anything BUT the active hijack toolbar which was highlighting words and making links of them, generating pop-ups, and appearing on every new window when I supposedly had the toolbar locked, but that was a big deal because it was a regular vacuum of malware whenever I logged on.

I then ran Spybot Search and Destroy, which ends up being far and away my favorite even over AdAware (which I also ran), identified and deleted over a hundred hostiles I either couldn't identify with the hijack bar running or which it had sucked up in a few minutes of running, but had a number of other Explorer Registry values and keys, including a bunch of plug-ins the thing had installed, which I couldn't delete with the program running.

Here's where Spybot S&D shines! I was able to set the thing to run at start-up. I won't bore you with the details, but after reboot failure from the stuff I had deleted and a bit of fooling around, I got it to boot and Spybot S&D scanned the thing before it let Explorer load, captured the hostiles, and may have even repaired my registry. The guy is getting a donation if I can get a mailing address!

I'm not completely done cleaning, but the difference in internet page load speed is remarkable already. Thanks OddOne & all for this thread. It's not a learning curve I would have chosen, but a profitable one nonetheless.

From Norton to the Spybot S&D files, this thing must be a combo of everything to date.

The Ballad of John Henry has been going through my mind, only with the computer being the steam-drill...



Tras

[OddOne]

Update:

For folks looking for spam handling, I found a great tool called SpamBayes (Link). It's free/open-source and can run on just about any OS for which there are Python libraries. (Most Windows versions, practically every Linux distribution, MacOS X, Solaris, you name it.)

SpamBayes acts as a mail proxy - you check mail through it, and it scans the mail it's fetching - so it'll work with any POP3-compliant mail client. There's also a plugin for Outlook to make it easier to use, although it's web-based administration is pretty straightforward. IMAP4 users can grab the plugin for that, too.

It's a Bayesian detector, meaning that you tell it what is and isn't spam and over time it "learns" to distinguish the two. The more you use it, therefore, the smarter it becomes at catching cleverly constructed spam and not tripping on legitimate traffic. If you already have a large "trash" message folder you can feed the whole thing into SpamBayes and say "these are all spam" and train it on a bunch of spam in one shot. Same for training on a bunch of good mail - feed it the mailbox and say "this is all good mail".

My results at the two-week point are up over 97% on spam and 99+% at non-spam, with one false positive (good flagged as bad) thus far, and about a half-dozen false negatives (bad not flagged as bad) per 100 messages. This after feeding it 2,200+ trash messages and 3,000-someodd good ones.

oO

[Myranya]

I miss Diamond CS RegistryProt on the list; a program that will warn you whenever something is added to your registry, and you can then allow (if you are installing new software you want, for example) or deny (if something nasty is trying to install itself).

It's available here:
http://www.diamondcs.com.au/index.php?page=regprot

[Trivium Pursuit]

As Cory would say, 'Halp Halp!' I pull up this thread, scan through and see dozens of programs recommended, some must be run from safe mode, etc, etc...
WHAT ONE PGM IS RECOMMENDED , simply, to start with? I do seem to have a virus as my other window, when I try to get Yahoo, keeps bringing up 'about:blank', and an AD for spyware removeres...