Greater Lafayette Information Technology Society

Join the mailing list!

by Bob Verplank, Computer Visions

Malware: November 2009

Mark McIntosh, Joe Poremski and Jason Rubsamk

Corey Willis

After listening to the conversation, it seemed that all present had had some problems with malware or as someone else put it Rogue Ware. Rogue Ware would be roughly defined as a computer program that appears to be something it is not. A consensus of those present would indicate that perhaps 20% of the IT time was spent in cleaning malware from infected computers. Examples of rogue ware emulate well known companies, infect the machine, may bring in other outside infections and go so far as to bill the recipient and steal the credit card number.

Mark McIntosh says he tries to keep his customers up to date with complete Windows updates, and antivirus. His preference is AVG enterprise version. He points out that many of those who get infected are customers in the management class who do not take proper precautions. Some of the places that he would avoid include toolbars, weather bug, coupons, and other free offerings from the Internet. His usual method of cleaning is to spend 15 minutes or up to a maximum of 30 minutes and then erase a hard drive and start over. He has noted that some customers can get reinfected from their own restore files.

Joe Poremski noted that what gets infected is the operating system and the registry. He does not like Norton antivirus because it is too big and too complex and really does not provide the customer support that it used to do. He likes AVG but notes that if you ever have a problem you wind up in a location with poor phone connections and even poorer English. If he has to restore a computer he attempts to back up the e-mail, contacts, docs file, pictures file and then wipes out the hard drive and reformats.

Jason Rubsam likes to use Vipre antivirus and anti-malware. He typically spends 30 minutes of cleanup time and may scan the hard drive with a clean machine in order to disinfect the computer. He recommends that his clients use content filtering in order to keep everyone away from sites that are likely to be infected with Mal ware. One of the programs he likes for this is open DNS. He uses sonic wall, black lists, white lists, and edge malware scan. He notes that Rogue ware has had a big increase lately, and attributes this to programs like Facebook.

There was some discussion about the use of programs like deep-freeze by Faronics and their use to keep a computer in its original or pristine state. After the computer is shut off, it reverts to its original configuration. Someone indicated that they had still managed to get a computer with deep-freeze infected.

There was some more general discussion on backup systems and customer use of same. One of the good ones seem to be Carbonite. After a file has been backed up with Carbonite it shows a green dot indicating that the file has been backed up on a remote computer. The cost of this seem to be about $50 per year.

One of the methods of keeping flash drives from infecting computers is to disable the auto run feature of the machine. That way it does not automatically install every file from the flash drive

Windows 7 is still too early to consider. The ap locker or application locker and bit locker features seem to offer better security. One user described the use of the Tea. timer feature in Spybot. It shows any executable file before it runs and requests permission before it installs a new program. This can be either a delight or a pain in the fanny.

In some of the rogue ware programs the operating program can prevent the use of antivirus programs, malware removal programs, registry edit programs, and Internet explorer. If the icon can show the operating program such as"tsc.exe", then one can go into the processes window of Task Manager, shut that program down, and then remove the rogue Ware with something like malware bytes removal program. This works only if you are lucky.

There was some discussion about computers being reinfected and whether this was due to the fact that the computer was never properly cleaned or whether the end customer resumed his old habits and reinfected the machine.

There was talk of sandbox programs that might allow you to install a program, run , and then delete it back to its original configuration. No one could name such a program. It did sound like a great idea.

The Top 11 Ways to Slow Your Internet
( From Bill Ooms)