Free Malware Removal Forum

[cturtle]

After I was assisted on this site last month cleaning up some infections on my XP Home system, I was given a list of recommendations to maintain my system. Right now, I'm running . . .

1.) AVG8.5 free, which includes
a.) anti-virus (desc. says for viruses, worms, and trojans)
b.) resident shield (scans files in the background, whatever that means. sounds the same as anti-virus)
c.) anti-spyware (for adware and spyware. I don't get why the anti-virus part can't do this, too)
d.) email scanner (but I just use web-based email anyway)
e.) link scanner (to block sites and check search engine links)

2.) Zone Alarm free version
I have a router for firewalling ports, but for whatever reason I guess I have to have this to look at out-bound processes. Seems like just a different way to do anti-virus control. It came with anti-virus, too, I think, but I don't think I installed that part.

3.) Malwarebytess Anti-Malware free version
I run this manually to find more stuff that I thought the anti-virus was supposed to find

4.) Sbybot S&D
I run this manually to find more stuff that I thought the anti-virus was supposed to find. deja vu

5.) WinPatrol - to track registry changes. I think?

6.) Ccleaner - for further registry examination? Looks like it would break something if I tried to fix stuff with it, though.

7.) The MVPS host file - to block some sites, same as the AVG link scanner?

8.) Sitehound - again, to block some sites

9.) Mike Lin's Startup Monitor and Startup Control Panel. I think the Ccleaner can already do the same thing, though.
http://www.mlin.net/StartupCPL.shtml
http://www.mlin.net/StartupMonitor.shtml
These were recommended to me aside from this forum.

10.) Firefox add-ons NoScript, FoxFilter, and FlashBlock. I guess NoScript should probably cover everything Flashblock would, but I already had it.

Anyway, my question is, do I have anything redundant that I shouldn't? Should I have turned off some part of AVG? Should I have turned on more parts of Zonealarm? I see warnings once in a while not to install two of this or that, and I don't know if I have one of those redundancies. Anti-virus, anti-malware, resident scanner, adware, spyware, and outbound process firewalling are all stuff I thought would be handled by a single anti-virus program, but I guess not.

[Gary R]

I'd like to give a simplified overview of how your defensive systems work.

The average home computer has approximately 64,000 ports through which it can communicate. By default these ports are open and can be used by any programme which cares to access them, either from within the computer or from without. If you were to go online with a computer in this condition you would quickly be attacked and your computer would be infected.

To prevent this you install a Firewall. A firewall will close all open ports and you then open the ones you need by setting "rules" for them according to the instructions supplied with the Firewall programme. Usually you will have ports open for your Internet Browser, your e-mail client, and the update functions for various programmes.

These "open" ports will not be fully accessible, in that they will only allow a communication if it was instigated from within your computer. Any unsolicited communications from outside are blocked.

However if you are tricked into starting the communication, then as far as your Firewall is concerned it is a legit transaction and it will open the port. So by clicking on malicious links, replying to unsolicited e-mails and attachments, and downloading from unsafe sources, you are effectively bypassing any protection your Firewall supplies.

At this point your Anti-Spyware and Anti-Virus programmes take over. The real-time-protection in these constantly scan the data stream in your open ports looking for things that match with items in the database they have within them. If they find something then they will alert you, or quarantine it, or delete it, according to the rules set within the programme.

However as you can see, if the database does not contain details of the infection that's attacking you, then your Anti-Virus or Anti-Spyware programmes will not protect you. There are new infections (or new variations of old infections) created every day, which is why it's vital to keep your programmes up to date. Even with a fully updated database though, you are still playing catchup, which is why your Firewall, Anti-Virus and Anti-Spyware programmes cannot ever give you 100% protection.

Adding more and more programmes will not give you more and more protection, it's up to you to take some responsibility for your online actions, and modify them to give your programmes the best chance of protecting you.

Be careful what you click on.

• Don't download anything from a site you do not know and trust. Remember, there's no such thing as a free lunch, if something seems too good to be true it is. Malware purveyors love to offer out freebies as bait knowing full well that one unguarded click is all it takes.
  
• Don't reply to unsolicited e-mails.
  
• Don't open e-mail attachments (even from friends) without checking with the source to ensure they actually sent them.
  
• Don't use P2P file sharing programmes. Even the ones that don't come bundled (and many do) are not safe. By using them you are effectively downloading from an unknown source, with all the dangers described above.

OK, lets look at your own set up, and see how it relates to the situation above.

You're using a hardware firewall/router, and as far as unsolicited incoming communications are concerned it will block them fine. However, if you are tricked into downloading something malicious, or clicking on a malicious link that loads a script onto your computer, then your hardware firewall will not protect you. Any infection now on your computer can "phone home" and invite some "friends" to the party. Hardware firewall don't monitor out going calls.

Having a software firewall which monitors outgoing communications may give you the first indication you're infected, when it flags an unknown process trying to call out. Which is why we recommend you have one.

So having Zone Alarm is a good idea.

Anti-Virus and Anti-Spyware scanners look for different things, so it's necessary to have real time protection from both. As AVG contains both type of scanner in one package, it satisfies the requirement for both.

As I said earlier, definitions based detection is always playing "catch up", so it doesn't do any harm to have another free standing anti-spyware scanner, but it must not be running real-time protection or it will conflict with AVG. I would recommend you keep Malwarebytes Anti-Malware, the free version does not have RTP, so you can just run the occasional scan with it without problem.

I'd get rid of Spybot, it's surplus to requirement. In my opinion MBAM has the better record for removing infection. You really don't need more than one free standing AS scanner on your computer.

CCleaner is a useful utility for cleaning out temp files ....... period. Do not use the Reg Cleaner function. In fact DON'T USE ANY REGISTRY CLEANERS. They're a complete waste of time. At best they will do absolutely nothing to improve the running of your computer, at worst they'll turn it into an expensive doorstop.

WinPatrol is a useful utility for inspecting and monitoring various areas on your computer. It will notify you if changes are made to those areas. It is limited in what it can do to prevent any serious attacks, but the warnings it flags may give early indication of an infection, allowing you to take action. I personally find it more handy than essential (I do have it on my computer).

MVPS Hosts file, and Site Hound, serve a similar purpose, but in a different way. They're both there to stop you landing on malicious or compromised web sites.

MVPS hosts does it by blocking access to the sites contained in its list.

Site Hound does it by accessing a database containing the results from scanning millions of web sites for suspect activity, when you go to these sites (or Google about them) the SiteHound utility gives indication which ones are clear or not, so you can decide which to visit.

I'd keep both.

Mike Lin's applications are just duplication of what WinPatrol already does (CCleaner also has some of these functions), personally I'd keep WinPatrol and remove Mike Lin's applications.

Firefox add-ons are pretty much a personal call on what you find convenient. If your add-ons sit harmoniously together, and you're used to using them I'd leave them be.

Personally I use NoScript and AdBlockPlus, and I recommend them to users of Firefox.

Hope this answers your questions and helps you a little.