It all begins at a website or server. This is the starting point and it might be a good idea to start validating that server before even thinking about downloading files from there. This can be done manually by performing some searches in search engines but also automatically with browser add-ons or plugins like Web of Trust, McAfee’s Site Advisor and a plethora of other respected programs including local security software that can also check websites and servers.

The second step involves downloading the file to the local computer system. There is not a lot that can be done here in this step. The only defense are security software programs that are installed on the computer system that should scan the file and report back to the user if they believe it to be malicious. Cautious users can also use one of the many online virus scanners to upload the file and scan it online. Services like Virus Total scan the files with more than a dozen different up to date antivirus engines resulting in a more precise analysis of the file.

Another option is to check the hash values of the downloaded files to make sure that they have not been tampered with. This only makes sense if the developer is displaying the values on a trusted website.

It is pretty safe to assume that the file is safe and can be executed on the computer system if it did pass the tests. There is however a last step that can be done to add the extra mile of security: Virtualization. Programs like Sandboxie or VMWare Player make it possible to execute programs in a closed environment for testing purposes. The benefit of this approach is that they cannot harm the rest of the computer system if they should be malicious.

Did we leave something out? Let us know in the comments.

Related posts

• What is connecting to the Internet (4)
• Tinyload Upload to Multiple Sites at Once (3)
• The Most Dangerous Web Search Terms (12)
• Select a country for your proxy (7)
• Monitor your network connections with X-NetStat (4)

Windows Defender comes with the usual options to automatically update the program and schedule regular system scans to protect the computer system. Default actions for low, medium and high alerts can be defined that will be executed by the anti-spyware program automatically.

Microsoft’s anti-spyware solution comes with the interesting advanced tool Software Explorer which can display extensive information about startup programs, currently running programs, network connected programs and Winsock service providers.

Each program and provider is sorted by company which makes it easier to find non-Microsoft programs that are running or connected to the computer system.

Microsoft has improved Windows Defender over the years. The company did receive lots of criticism in the beginning which can be attributed to a low spyware detection rate. Several anti-spyware products have performed better in tests, outlined here or here. Please note that the tests linked in this article have been performed about 10 months ago and that the situation may have changed in the mean time.

Which leads to the question: Are you running anti-spyware software? If so which?

Related posts

• Taking a look at Microsofts Anti Spam Solution (1)
• Scan And Detect Spyware And Suspicious Files In Windows (5)
• Microsoft Security Essentials Final Available (7)
• Malwarebytes Anti-Malware (16)
• Free Spyware Removal Tools (12)

The important part of the agreement is outlined below.

… The information which is monitored and collected includes internet usage information, basic demographic information, certain hardware, software, computer configuration and application usage information about the computer on which you install RelevantKnowledge. We may use the information that we monitor, such as name and address, to better understand your household demographics; for example, we may combine the information that you provide us with additional information from consumer data brokers and other data sources in accordance with our privacy policy. We make commercially viable efforts to automatically filter confidential personally identifiable information and to purge our databases of such information about our panelists when inadvertently collected…

The user has the option to go back, accept or decline the agreement. Back simply goes back one screen, accept will install Relevant Knowledge on the computer system while decline will not install Relevant Knowledge and exit the software installation.

Looking at the agreement it is obvious that Relevant Knowledge is collecting and monitoring information about the user, the computer system and usage. It is also clear that the collected information are combined with information from various other sources to create an extensive profile. Relevant Knowledge may also display surveys from time to time on the computer system. It is therefor clear that most anti-spyware applications and other programs that protect a computer system against malicious software consider Relevant Knowledge to be spyware.

Relevant Knowledge can be uninstalled from the Windows Control Panel. It has its own entry there. Uninstallation will not affect the software program it was installed with. Some developers, like those that develop SUMO, provide access to a lite version of their application which will install the program without the Relevant Knowledge addition.

Users who usually click-through installations should begin to pay better attentions to the dialogs presented to them to avoid installing programs like Relevant Knowledge on their computer system.

Related posts

• Windows Defender (11)
• Which Programs Should I Run To Scan A Computer For Malicious Software? (13)
• What is your Security Concept ? (9)
• Video Inspector Displays Video Codecs Information (3)
• Universal Music Group Music Cds might also install rootkit (0)

An Internet connection is needed on the other hand to perform the scan which sometimes can be a problem if the system is not booting into the operating system. A Live CD could help but many Online Virus Scanners demand the Internet Explorer which is obviously unavailable on Linux systems.

Online Virus Scanners can be used to get a “second opinion” without having to install another anti-virus software on the computer. It is probably a good idea to use as many of the virus scanners as possible if it is suspected that the system was infected by a virus. Below is a list of services that provide access to online virus scanners.

Bitdefender Online Scanner – requires Internet Explorer 4+

Eset Online Scanner – requires Internet Explorer

F-Secure Online Scanner – works only with Internet Explorer 6+

Kaspersky Free Virus Scan – browser independent, downloads roughly 25 Megabytes of files prior to scanning. User can select locations to scan. The scanner does not remove infected files.

McAfee FreeScan – requires Microsoft Internet Explorer 5.5+

Microsoft OneCare Live – requires Internet Explorer.

Panda ActiveScan – requires Internet Explorer or Firefox, does not run in Opera.

Shields Up! – browser independent but very slow and unresponsive currently.

Symantec Security Check – down or gone.

Trendsecure HouseCall – Java based scanner, works with Java compatible browsers.

Windows Security – Trojan scan that requires Internet Explorer 5+

File Scanners:

Avast Online Scanner – file size limit of 512 Kilobyte

Virus Scan – file size limit of 10 Megabyte.

Virus Total – email upload option, 10 Megabyte file size limit.

Do you know any other services where users can scan files or the computer ?

Related posts

• What You Should Do After Buying A New Computer System (18)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Say no to Drugs Virus (0)
• Recover Computer System After Malware Infection (7)
• Norton Antibot Free 1 Year License (15)

The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.

[tags]malware, microsoft, windows, Malicious Software Removal Tool, freeware[/tags]

Related posts

• Windows Malicious Software Removal Tool Observations (1)
• Word Document Property Tool (0)
• Windows Updates Downloader (6)
• Windows stores information about the programs that you use (4)
• Windows Live Messenger 8.5 beta 2 (4)