You may want to print this post and save the hard copy for later use. If your computer does become infected by a virus, you might not be able to retrieve this information.
On one of the hobby web sites that I visit, I noticed a forum thread this morning. Several users complained that a web ad posted on that site gave their computers a virus infection - specifically, Trojan.Ducky.B or Bloodhound.Exploit.56. (Yes, there are several groups that name the same viruses, and it can be confusing.)
Web ad brokers such as ValueClick are supposed to provide clean, free web ads to sites. Web sites that display the ads earn commissions when users click through the ads. Unfortunately, these ad distribution networks are a sneaky way to infect Windows machines and turn them into zombies.
I don’t offer repair services for my students, but I can point you towards other reliable reosurces. So here’s some advice, no warranty expressed or implied, for home and personal Windows users.
Always consult your organization’s or company’s IT department if it’s their computer, because they already have software and procedures in place for you. Those policies and agreements are usually considered part of your employment contract. Also, their software may be part of a corporate or enterprise system.
I have talked to Windows users who refuse to run a virus program or use Windows Update. I try not to laugh or scold, but their behavior is like walking on the freeway. Sooner or later, if you have a cable modem, DSL, or WiFi connection, you will get hit, and your computer will receive a virus.
My computer’s security systems block several virus attempts every day. I didn’t do anything wrong. These viruses are out “in the wild”, attached to incoming e-mail and hidden on web sites.
Unless you paid for premium service that specifically includes virus infections, your warranty or service plan does not cover virus removal and data recovery. Your computer’s manufacturer and Microsoft won’t provide much help if you call them, especially if you haven’t taken steps to secure your computer.
Check with your Internet Service Provider
A few large Internet Service Providers (ISPs), including EarthLink, Road Runner, Hawaiian Telcom and AOL, provide free antivirus programs and limited support for subscribers. It’s worth checking out before you have a problem.
Why do ISPs give away software that you could buy in a local store? It’s in an ISP’s best interests to do so, as a major virus outbreak can compromise their connection quality and create a spike in call center volume.
Some ISPs and companies use network appliances that scan and clean incoming and outgoing network traffic. These are excellent tools, but they are expensive. Also, it is generally assumed that the final sender or recipient of a message is responsible for scanning it.
If there are viruses in the wild, then why don’t we scan the Internet itself? It makes little sense to scan traffic as it goes through the Internet. If the packets are encrypted, they probably cannot be scanned at all. Also, in the United States, there are regulations and privacy restrictions that prevent the casual snooping of data, except in the interests of national security.
The most compelling argument against a perpetual virus scan of the Internet is the cost. It’s more effective and efficient to place the traps at the points of entry and delivery.
In the end, if it’s your own computer, then it’s your data. This is why organizations and businesses have IT departments - to protect hardware, software and data before something bad happens. See our discussion of disaster recovery for more information.
If your Windows computer is already infected
If your computer is already infected by a virus, and you’re in Honolulu, disconnect the computer from the Internet and shut it down. You don’t want to spread the virus, and restarting the computer might make the situation worse.
If this is your own computer, consider calling a local computer reapir service such as CompUSA or Personal Touch Computers. SuperGeeks has stores on Honolulu, Kailua-Kona and Maui. They will remove the virus infection for a fee.
If this is your company’s computer, report the problem immediately to your IT staff. They will help you remove the virus.
If this is not a corporate computer, and you want to try cleaning it yourself, go to a clean computer, and visit your antivirus vendor’s web site. Here’s an example from Symantec. Some antivirus vendors post free cleaning programs that will disinfect some viruses. Son’t buy and install a new antivirus program on an infected computer. You can download the cleaner to a USB memory stick or other external media. Be sure that media is clean and free of viruses first!
If your antivitus program came with a CD, check the manual. That CD may also be a bootable disk that can be used to clean an infected computer. You may need to read your computer’s manual to change your BIOS settings first.
Windows Update vs Microsoft Update
One way to keep your Windows system secure is to run Windows Update and apply the patches regularly. Microsoft issues a set of patches on the second Tuesday of each month. Check your settings in the Control Panel’s Security Center, if you use Windows XP.
Better yet, do the free upgrade to Microsoft Update. Go to Windows Update, and if you see the Microsoft Update invitation, click on the link. Microsoft Update adds Microsoft Office updates to the patches. You may need your Office installation CDs if you installed that suite from disk.
You do need a legal copy of Windows and Office to qualify - pirated or cracked copies might not receive automatic updates.
Other security tools
I’ve seen one download that might prevent these ad-based infections. It’s called GreenBorder, and it works on Windows to protect Interenet Explorer from exploits. It’s not an antivirus program, so you can use it with your current antivirus setup.
My father tried GreenBorder after reading Walt Mossberg’s recommendation in the WSJ, and dad likes it a lot. I tried it, but I have been using Firefox as my web browser for a couple of years. Its extensions, like GreaseMonkey, give me a lot of control in blocking browser ads.
Another tool that I like is SpywareBlaster. It’s a free download for Windows, but it’s not an “always-on” scanner. This software finds and closes known holes in Internet Explorer and Firefox. I would install, update and run it once a month.
Free antivirus programs
I do meet students who say they can’t afford an antivirus program, or they let their update subscription lapse because it was too expensive.
If you need a free antivirus scanner and subscription, and you subscribe to Earthlink, HawTel, Road Runner, or AOL, see my recommendations above.
If you want to use something else, I can recommend two programs. They are free for home or personal use, and I like them better than McAfee or Norton.
Both programs will automagically update themselves if you set the preferences correctly, and have an always-on connection to the Internet.
freeav.com
avast.com
Only one at a time
Always, always UNINSTALL your previous antivirus before installing a new one, even if you are only “trying out” a new antivirus like avase or FreeeAV.
NEVER, EVER RUN TWO ANTIVIRUS PROGRAMS AT THE SAME TIME ON THE SAME COMPUTER.
I’ve heard users say that two antivirus programs must be better than one. It doesn’t work that way. If you install and run two antivirus scanners on the same computer, they will each act as if the other scanner is a virus. Every antivirus scanning program assumes that it is the only one scanning your computer.
An antivirus scanner works at a privileged level in your operating system, so that it can intercept, access and scan files before other applications can do so. That’s what these scanners are designed to do.
If a second scanner is monitoring the activity, the first scanner’s behavior will appears to be viral. Your files will be caught in the middle, and your computer might not restart properly.
Be aware that some “Interent security” suites like McAfee and Norton include antivirus protection along with software firewalls and other features. You may have to open your security suite and permanently disable its antivirus feature before installing another antivirus program.
Frankly, I would not run a security suite and a separate antivirus program. The risk to my data is too great.
Installing a new antivirus program safely
Download your new antivirus program and save it to your desktop, or to external media such as a USB memory stick.
Don’t run the new antivirus right away. Disable or unplug your Internet connection on the computer that requires the new antivirus program.
I recommend removing your old antivirus program. Disabling it not may not be enough - the new antivirus might recognize the old antivirus, even when the old program is disabled.
Go to the Control Panel and Add/Remove Programs to uninstall your old antivirus program. Restart your computer, then install the new antivirus.
Tags: API, Apple, browser, data, DSL, EarthLink, enterprise, example, Firefox, hardware, Hawaii, Honolulu, Internet, ISP, mac, Maui, Microsoft, mobile, monitoring, network, office, pda, privacy, security, software, student, traffic, USA, USB, WiFi, Windows
