Cleaning an Infected Windows PC. Part 4

Posted by Siren on August 17, 2013

Install Security Software

Now we get to installing security software on your computer. So, we have done first steps, tried to secure the computer as much as possible, we have done the System Restore, basic tune-ups, now we actually install security software to try to protect the computer and try to rip the viruses. My 14-yaers experience shows that every Internet security company has one thing that it does really very well. The problem is that they try to pack things they do very well with a bunch of crap that they do not do very well.

Most popular security software vendors

You have seen these security suites filling up the Internet. If you have bought Norton, it used to be Norton Antivirus software. If you have bought McAfee, that used to be McAfee, for Kaspersky it was Kaspersky Antivirus. Now, they are trying to sell you entire suites.There is Norton Internet Security Suite, McAfee Internet Security Suite, Kaspersky Internet Security Suite. It is not only antivirus, it is also antimalware, firewall, backup software, etc. The problem with all these manufacturers is that they do one thing very well, and the rest is pretty piss-poor, so that causes problems.

The suggestion is to always try to do the best thing in the class, or the solution that will do best for you. IT professionals tend to install antivirus software from one manufacturer, antimalware software from another manufacturer, and, frankly, best firewall is the Windows Firewall.

When you look at security software, AV software, you just do not need to look to its ability to rip out viruses, malware etc.; you need to consider whether they are not going to cause more problems than they are worth themselves.

Maybe the Norton is going to sue for these worlds, but the point is that IT experts make good money on Norton. The reason is that Norton will do things like closing Port 80. What is Port 80? Port 80 is the port you use to get out to the Internet. There are clients calling up and crying “I cannot get out on the Internet, I need to access the Internet now”.

So experts run there for 100 dollars per hour, find out there is an Internet security suite, right-click, do whatever they want to reopen Port 80, now the client is on the Internet. The clients may ask why Port 80 gets closed. So, they learn it is because the Norton software has decided so. In the wild, Norton is also known to interfere with networking communications, to shut down printers. Printing USB is actually a part of networking communication, so it has been observed to shut down even that part of the communication. That is not a joke, Norton is really bad.

The suggestion is that you find a best class thing of whatever you are going to be using. Best class antivirus, best class antispyware and firewall. IT experts in 2012 preferred Microsoft Security Essentials for antivirus software, Spybot Search & Destroy for the antimalware software, and normal Windows Firewall for protecting the traffic on a PC. You may think they are not secure enough, that sounds too easy. Please remember, if security software tries to shut down your Internet connection, it is pretty much like a virus, so I find this combination works pretty well.

So, after you do everything else, you are going to find a piece of antivirus software that you want to use, you are going to find a piece of antimalware software to use, also firewall, and you are going to install that.

With antimalware software, prior to doing a scan (remember: we are not doing a scan yet), you may have the ability to do something called immunizing the system. With Spybot Search & Destroy there is something called the option to immunize the system. This immunizing enables to lock down the system so new changes do not take place. That is, as you do the next step, viruses try to attack your system and make changes. So, at this point you shall immunize the system.

The next suggestion is that you do not use something called Registry guards, or like Spybot Search & Destroy TeaTimer. This basically happens when any piece of software tries to change registry configuration, you will get a little popup bubble asking whether you want to change this. The point is that you actually do not know what it is saying, it says “blah-blah-blah dot DNS PPP dot com is going to change this,” without actually saying what this change would mean. If you click No, it will not allow that to happen, if you click Yes, it will allow that. So, if you try to install updates, the Registry Guard or TeaTimer (if you click relevant button) will block that, which is just horrible and evil.

So, if you install AV software, antimalware software, it is good to disable Registry guards (in Spybot it is called TeaTimer, in McAfee it is Registry Guard, in Norton it has its thing). That is not to say it’s theoretically a bad idea. That is just like a bit of Russian roulette, it says that so-and-so things are going to do so-and-so changes, and you are to decide. If it is a virus, and you say No, you are right and you are just going to protect your computer, but if it is a normal routine and you say No, this may cause problems.

These are the thoughts to consider when installing security software. Whatever you do, install only one piece of antivirus software (McAfee, Norton, Kaspersky, AVG, Panda, whatever). Whatever you decide, only pick one, because they attack each other. For antimalware software, it is good to have Spybot Search & Destroy, AdAware, Malwarebytes, etc., but ONLY one of those. The more security software you install, the more problems that security software may in the end cause you.

Again, you may need firewall software, which is very good if you know exactly what you are doing. But even malware experts dealing with it for 15 years sometimes get bewildered with that. I have once spent 45 minutes configuring firewall software just to be able to do something, to use desktop connection. It can really be a pain in the butt, even if you know what it is.

And remember, with security software, if it keeps you from doing what you need to do, is that better than a virus that does not allow you doing what you need to?

That is what you need to take into account in terms of security software.

Also Read:

Cleaning an Infected Windows PC: Useful DIY Tips.