Web Informant #396, 10 January 2005: More on safe computing

[Updated April 2006]




Let's start off the new year by getting our systems free of the accumulated junk that various malware programs have left on them. And it is nice that the fruit of the acquisition of Giant Software by Microsoft (I know, it sounds like a redundant joke) is finally in evidence: last week, Microsoft released its first beta of its very own spyware removal tool. While I haven't done extensive testing, if you are interested in trying it out, go here:



I tried to test the software on an infected machine, but as luck would have it, everything is working fine for a change around here. You might want to take a look at a review from FlexBeta that is mostly positive in comparing the MS tool with Ad-Aware and SpyBot, the two gold standards that I use:



Spyware is perhaps the biggest problem that Windows users have to deal with today. I don't know a single household or business that hasn't had to remove these pests in the past several months, and I am glad to see Microsoft finally stepping up to the challenge. Of course, I agree with Walt Mossberg of the Journal. The best way to fight spyware is to use a Mac -- my Mac hasn't had any problems here at Strom central (so far). But for those of you who will not make that leap and who are wrestling with spyware, here are my own personal tips, collected from around the Internet and my own trials and tribulations. To summarize, you'll need the following five items to be totally safe from the bad guys:


1. Hardware firewall/router/gateway

2. Software firewall

3. Anti-virus protection

4. Remove and replace dangerous Windows components

5. Spyware detection/removal tools if all else fails


1. Buy a hardware firewall/router/gateway. First off, make sure that your networks are safe from invasion. Use a hardware firewall on your home or business network and make sure it is set up properly. That is perhaps the most important thing you can do to repel the bad guys. Even if you own a single computer, do not, I repeat, do not directly connect your Windows PC to your cable modem without using one of these boxes. There is no excuse for that, given that prices are less than $50 for some units. If you do go with the lower priced spread, be aware some of the units from D-Link, Buffalo and others need some tweaking to repel outside pings. Also, make sure once you connect the unit that you update it with the latest firmware. I was happily surprised to see that a Netgear router that I recently purchased had a one-button firmware update function on one of its menus, and all I can say it is about time. While you are at it, turn on wireless encryption unless you want to become a wireless hot spot for your neighbors. I would also turn off XP's File and Printer Sharing option (under the Network Control Panel) if you don't plan on sharing any files around your network.


2. Use a software firewall. A hardware firewall isn't enough, particularly if you own a laptop and it travels to other networks where it can get infected. The problem is that the bad guys are getting clever about how to penetrate your defenses. I have come to the conclusion that every laptop should have a software firewall installed, and make sure that you leave it turned on. The firewall that comes included with XP SP2 is good, but the one from Zone Labs called Zone Alarm is even better and the one that I recommend. They have a free version but the Pro version for $50 a year is well worth the additional cost. My friend Fred Avolio recommends several other protective products here:



I tried PrevX and don't recommend it. As is the case with some of these products, they tighten up your machine so much that you spend a great deal of time clicking on the warning messages and eventually lose track of what is just expected behavior and get complacent or annoyed. I haven't had time to try the others that Fred mentioned.


3. Run anti-virus software. I used to use Norton Anti-Virus, but lately the problems with updating older versions and getting it off systems is almost not worth the trouble. Now I use Grisoft's free AVG client. If you are running Norton or anything that requires to you pay for annual updates, make sure you pay to renew your subscription on all of your PCs when the subscriptions expire because they don't do you any good without the most current updates.


4. Remove and replace the dangerous Windows components that keep you at risk. I would steer clear of Outlook/Outlook Express and IE, since they are the major vector of Internet infections. I use the free Mozilla.org replacements Firefox and Thunderbird and have been very happy with both, although I don't recommend T-bird on the Mac. If you download both, they will automatically find your favorites, mail settings, and address books and make the update as painless as possible. Another email alternative to T-bird is Pocomail.com, but that will cost you $40. You get rid of OE from Control Panel/Add or Remove Programs/Windows Components in XP. You can't really remove IE from XP but at least you can stop using it as your default browser for most of your Web pages, If you are running Windows 98, you can remove IE using LitePC here:



5. Spyware removal resources. Okay, you didn't follow all of my recommendations, or you are infected, or you are trying to help out a friend in need. Here is where you need to look to get smarter. First off, if you want a general education more than you can ever read on the topic has been collected by my friend Dave Piscitello here:



My friend Michael Horowitz has excellent and very detailed practical spyware removal instructons that are worth reviewing here:



And finally, Walt Mossberg recommends Webroot.com's anti-Spyware detection and removal tool SpySweeper (which costs $30). I haven't used it (generally I run the free Ad-Aware and SpyBot) but you can read his column here



Good luck with safe computing. There is a lot to do to your average Windows machine, and plan on spending the better part of a weekend if you just bought a new machine to get it completely under control. I know this seems like a lot of work but the time you invest today will pay off down the road. Of course, if you add up all the extras you'll need to buy, the additional $100-$200 that you might spend on a Mac might make more sense now too. But I don't want to get into that fight. Happy new year and may your PCs remain free of problems.


Entire contents copyright 2005, 2006 by David Strom, Inc.

David Strom, david@strom.com

Web Informant is (r) registered trademark with the U.S. Patent and Trademark Office.

ISSN #1524-6353 registered with U.S. Library of Congress