Mark Russinovich, a Microsoft Technical Fellow, presented a very good session at the TechEd IT Forum last year on the topic of advanced eradication of malware on Windows machines. It’s a great session and has some useful advanced techniques for removal. It is also a very good resource for those who want to better understand how malware infects and what some of the risks are. Lots of practical information and how-tos in this one.

Fortunately, the session was recorded and is available online for anyone who wants to see it. If viruses and malware are a part of your job or if this type of security topic is of interest to you, it’s an hour and twelve minutes well-spent. I went looking for this session online hoping to find the PowerPoint and found the whole session with video and demo and everything — terrific stuff.

This is a quickie, but a really important quickie if you use FlashGet.

My buddy Steve Bass, in his Tips and Tweaks blog, relates the following:

I just uninstalled FlashGet, my favorite downloading program. It’s got a big, inviting security hole that can — and did — let a nasty Trojan worm its way onto my system. I’m not the only one having to fend off the attack. Users on the FlashGet and Kapersky Labs first raised the flag. [FlashGet’s Security Hole Delivers a Trojan]

Gnomie fendabenda writes in with his top 5 favorite anti-viruses:

1. Kaspersky Anti-Virus Personal
   Kaspersky Anti-Virus Personal offers excellent anti-virus protection, perhaps unsurpassed in its ability to unpack and scan compressed files — something that trips up a lot of other vendors. Should be used in conjunction with a firewall.

2. BitDefender Antivirus Plus
   Softwin’s BitDefender Professional protects against viruses, spyware, and instant messaging threats, as well as offering firewall rules to block undesirable traffic and a privacy gateway to keep your identity and preferences private while surfing the Internet.

3. McAfee VirusScan Plus
   McAfee VirusScan Plus is an ideal candidate for those seeking an anti-virus/firewall combination without all the bloat of traditional Internet security suites. McAfee VirusScan Plus makes an easy job of removing adware and spyware, something not all anti-virus products deliver.

4. Eset Nod32
   Nod32 features a small footprint, low performance hit, and fast scan speeds, providing focused virus protection ideal for gamers or those with an older PC. Should be used in conjunction with a firewall. This is also a very nice anti-virus for computer experts, and nerds like Chris himself :) As it provides more use for those smarter few of us that want more features and need more protection.

5. Panda Antivirus 2007
   Panda Antivirus 2007 combines anti-virus, anti-spyware, and anti-phishing with its highly touted behavior-based TruPrevent Technology. License covers use on two computers and includes free tech support via email (telephone support options are also available).

What is the difference between viruses, worms, and Trojans? –Patrick

The world of computing has always had pranksters developing rogue software programs with ill intent, but these days, the intent is becoming more menacing.

Technically speaking, viruses, worms, and Trojans are different transmission methods to deliver a malicious “payload”, usually to compromise your computer. Knowing the differences can help you understand how to protect yourself from them all.

A computer virus is much like a human virus, in that it needs the help of a human to spread. The most common way to get infected by a virus is to manually run a program that has the malicious code attached to it.

All viruses are avoidable because the user has to double-click or run the infected file in order to get infected. The best way to avoid computer viruses is to avoid running any program or file attachment that you are not 100% sure about. In addition, keeping your anti-virus program up-to-date will generally stop you from running an infected file before it has a chance to attack your computer.

The problem with relying on your anti-virus program to protect you all the time is that the bad guys have the upper hand. Anti-virus program vendors can create protection against a new virus only AFTER it has been released in the wild and in most cases started to infect users.

Before the Internet connected us all together, the most common way to get infected by a virus was to run a program on a floppy disk that came from an infected computer, which meant virus spread was slow and anti-virus companies had the time to create and distribute updates.

Today, a new virus can spread across the world in a matter of hours if humans can be “tricked” into opening or running a file they get via e-mail, instant messaging or from a rogue website. One of the key indicators that a file may be dangerous is if it has the .EXE extension, which means that it is an executable file.

You should never open or run an EXE file that you receive via e-mail, instant messaging or from a website unless you are absolutely sure of its validity.

A computer worm, unlike a virus, doesn’t need a human in order to spread. A worm is capable of “worming” its way from computer to computer through a network without the assistance or knowledge of the infected party.

The Internet is the world’s largest computer network, so any one user is capable of spreading a worm to every other user on the entire network, which is why this method is so insidious.

One of the keys to defending yourself against worms is to install a firewall. If you are on a high-speed (always on) Internet connection and you don’t have a firewall in place, the thousands of worms traversing the Internet every minute are capable of infecting you just because you are physically connected to the Internet.

Broadband “routers” (which are considered hardware firewalls) are a must have on today’s Internet because they provide a single point of protection for all the computers in your home or at your business. Software firewalls should be considered a second layer of protection to be used in conjunction with a hardware firewall.

Trojans are programs that hide themselves inside of other programs and “jump out” once the carrier program has been run. Users that like to download and install lots of free programs that they find on the Internet or on file sharing networks are at the highest risk of being infected by a Trojan.

Unfortunately, the vast majority of today’s attempts to infect you use a “blended threat” approach, which means a virus and a worm or Trojan are usually coded together in the same attack, so don’t let your guard down!

Ken Colburn
President of Data Doctors Computer Services, Host of the award-winning Computer Corner radio show, and Author of Computer Q&A in the East Valley Tribune newspapers.

Hazard Shield is an antimalware program that scans for any and every threat it can get its hands on. These include malicious items such as malware, viruses, spyware, trojans, backdoors, dialers, and much more. Hazard Shield also comes with realtime protection that removes threats the instant they appear and before they can cause damage.

[356K] [WinXP/Vista] [FREE]

Protecting your computer and your personal data is serious business. We do not take the problem lightly and we have vetted this software program thoroughly with people who fight spyware and malware on a daily basis. This review was done over weeks by an assessment team. SUPERAntiSpyware comes highly recommended.

The details are provided on the promotion page where Lockergnome readers receive a healthy 33% discount. The latest version of SUPERAntiSpyware is available for $19.95 and this offer is good until December 9th, 2007.

System Requirements: Windows 98, 98SE, ME, 2000, XP, Vista or Windows 2003

Link for Lockergnome people (the discount is available through this link).

You can read about the program on the link to the product page. You might be interested in the background behind this product. The founder of this product is Nick Skrepetos. Nick is well known for products like Pop-Up Stopper and SuperAdBlocker. These are well known and ’super’ products. He brings decades of experience to the spyware wars. Nick and his team are in anti-spyware forums and keep tabs on current issues. That is important because dangers may appear daily and protection/security programs must be nimble enough to respond quickly. Nick stands behind this product; and emails/questions are answered.

SUPERAntiSpyware has an active user support system. If there are questions about the program, there is a means to receiving assistance. The product also has its own forum.

This is a recommended product, at an excellent value for Lockergnome people. Buy it. Install it. Use it and protect your computer. This is a great gift that keeps on giving throughout the year. Shopping problem solved!