PC Magazine® Fighting Spyware, Viruses, and Malware
Scans by ISPs have revealed as many as twenty-eight spyware programs running on the average home computer--like yours. That's a lot of people prying into what's on your PC, and a DSL or cable connection is a virtual welcome mat. But by following Ed Tittel's advice, you can learn how invasions occur, spot an infestation, repair damage that's already done, and slam the door on those who want to hijack your PC--along with your wallet.
Here's how you can
* Learn to recognize when a Trojan horse, a virus, adware, or spyware has invaded your PC
* Get the tools that can cure an infection
* Dig into the Windows Registry to remove the nastiest of bugs
* Prevent a recurrence with personal firewalls and protective software
* Deal with the onslaught of spam
* Keep your defenses up-to-date
Give it the boot
If you believe you've caught something and you're willing to kiss everything goodbye that you've added to or changed ... since the last time you booted up your computer ... try this. While Windows is first booting up, hit the F8 key .... Choose the Last Known Good Configuration option, and Windows should boot running the version of the Registry that existed the last time your system booted--that is, before you got infected.
-- From Chapter 4
Part I: Welcome to the Jungle!
Chapter 1: Unwelcome Intruders Seeking Entry.
Chapter 2: Understanding Malware.
Part II: How Good PCs Go Bad.
Chapter 3: Methods of Insertion and Delivery.
Chapter 4: Detecting and Repairing PC Infestations.
Part III: The Particles of Protection.
Chapter 5: Personal Firewalls.
Chapter 6: Pop-Up Blockers.
Chapter 7: Anti-Spyware and Anti-Adware Programs.
Chapter 8: Anti-Virus Programs.
Chapter 9: Spam Blockers.
Part IV: Commonsense Rules for Safe Computing.
Chapter 10: Practicing E-mail Safety.
Chapter 11: Practicing Web Safety.
Chapter 12: Practicing System Safety.
Part V: The Habit of Security.
Chapter 13: Safety Is a Matter of Routine.
Chapter 14: Safety Requires Constant Vigilance.
Appendix A: The Security Suite Life.
Appendix B: References.
In my book PC Magazine Fighting Spyware, Viruses, and Malware, you have no way to link directly to online content, nor can I take you there in any kind of meaningful way. Here, however, you need only follow my links -- which I maintain and update on a quarterly basis -- to jump directly from mention of any item to the item itself. In this online information, I follow the same layout and structure as in Appendix B of my book, which provides pointers to everything mentioned in the book that's available online. I hope you'll find this useful, and ask for your input and feedback, as well as your suggestions for items that should be added to this list (as well as items that should be removed, as long as you can give me a reason why this is a good idea). To that end, send me your comments, questions, suggestions and so forth via e-mail at firstname.lastname@example.org.
Microsoft Knowledge Base
Microsoft Knowledge Base (KB) articles are informative, usually well-written, and often provide technical details and information unavailable elsewhere. You can search the Knowledge Base online through support.microsoft.com (search on the KB article number for best results), or follow any of the links to specific articles cited in the book below.
A Description of the Changes to the Security Settings of the Web Content Zones in Internet Explorer 6 (Article 300443)
How To Configure Outlook To Block Additional Attachment File Name Extensions (Article 837388)
How To Disable Active Content in Internet Explorer (Article 154036)
How To Restore the Operating System to a Previous State in Windows XP (Article 306084)
How To Use Security Zones in Internet Explorer (Article 174360)
How To Use the Windiff.exe Utility (Article 159214)
Books and Articles
Comer, Douglas E. Internetworking with TCP/IP: Principles, Protocols, and Architecture, Volume 1, 4th edition. Pearson Education, Upper Saddle River, NJ, 2000.
Hafner, Katie and John Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York: Simon & Schuster, 1991.
Honeycutt, Jerry. The Windows XP Registry Guide. Redmond, WA: Microsoft Press, 2002.
Rubenking, Neil J. "11 Signs of Spyware." PC Magazine, March 2, 2004.
Schweitzer, Douglas. Securing the Network from Malicious Code. Indianapolis: John Wiley & Sons, 2002.
Scrimger, Rod, et al. TCP/IP Bible. New York: John Wiley & Sons, 2001.
Skoudis, Ed and Lenny Zeltser. Malware: Fighting Malicious Code. Indianapolis: Prentice Hall PTR, 2003.
Safe Download Sites
CNET -- Outstanding source for all kinds of software
Free Downloads Center -- Popular freeware source
The Free Site -- Popular freeware source
Shareware.com -- Offers both shareware and freeware
Tucows -- The ultimate compilation of Windows software
Online Security Scanners
For malware, spyware, and adware
BitDefender -- Online virus scan. Follow prompts.
Housecall -- Click Scan Now. Follow prompts.
Pest Scan -- For spyware and adware. Follow prompts.
Spy Audit -- Scans for spy- and adware.
Symantec -- Virus detection and system security check. Click Check for Security Risks; follow prompts.
X-Cleaner ActiveX control -- Scans for spy- and adware.
Microsoft. "99,999 Innocent Bystanders Spammed."
Microsoft. "Outlook 2003 Junk E-mail Filter."
Microsoft. "Windows Script Host overview."
Other online security scanners
HackerWhacker -- Free Tools: click Run Test. HackerWhacker offers a one-week membership, with complete access to all scans, for $9.99.
Security Space -- Click Security Audit, select Single Test. Security Space offers a year's worth of end-user scans for a paltry $9.95; a great deal!
Steve Gibson Research -- ShieldsUP! (Gibson is very generous with his remediation advice to help you fix anything amiss that might pop up. Definitely worth a visit.
Symantec Security Check -- Offers AV and security check. Also worth a visit.
Pop-up Killer Review -- Sergei Kaul's Web site full of information, discussion, and additional information on pop-ups, including a comprehensive list of 116 pop-up blockers.
PopUpCheck.com -- Jim Maurer's Web site offers descriptions of 19 tests you can perform to check your browser's ability to block pop-ups. His standard pop-up test covers 9 of those items, his miscellaneous pop-up tests cover another 4, and his advanced pop-up tests cover the rest.
AI RoboForm -- Password generation, storage, and autotext application
HyperSafe -- Provides local or Web-based access to passwords
KeyWallet -- Provides local password storage and access
Password Safe -- Bruce Schneier's open source Password Safe
Secure Data Manager -- Open source password manager with annotations
Security Issues and Information
Anti-Virus Software Review -- TopTenReviews antivirus software ratings & rankings
CERT (Computer Emergency Readiness Team). "Browsing Safely: Understanding Active Content and Cookies."
CERT Coordination Center (Computer Virus Resources)
Charter Communications. "Understanding E-mail message headers." FAQ by Andy Olds.
Cowan, Crispin, et al. "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks." Department of Computer Science and Engineering, Oregon Graduate Institute of Science & Technology.
Definitive Solutions -- Larry Leonard's Web site is subject to periods of unavailability owing to access limits set by his ISP, but this is where to go for BHODemon and other of his tools.
Doxdesk -- Andrew Clover's excellent, but eclectic site, which includes great spyware/adware information and pointers under the general heading of parasites, but no bulletins or alerts.
eEye Digital Security -- This company shows up frequently in news reports when it breaks advisories or alerts on security threats and vulnerabilities.
International Computer Security Association (ICSA, now part of TruSecure Corporation) runs ICSA labs, which offers antivirus information and certifies antivirus products.
Internet Assigned Numbers Authority (IANA) TCP/UDP port numbers and assignments
Kaspersky. "Computer Virus Classification."
Kaspersky Labs -- Especially useful for information about threats, and access to viruslist.com's virus encyclopedia.
Kawamoto, Dawn. "Security-appliance market sees gains." CNET, September 2003.
Metz, Cade. "Spam Blockers." PC Magazine. February 17, 2004.
Metz, Cade. "Spy Stoppers." PC Magazine. March 2, 2004.
Microsoft. Developer note. "Avoiding Buffer Overruns."
Microsoft. "Internet Connection Firewall Overview."
Microsoft. Protect Your PC home page.
Microsoft. "What You Need To Know about Phishing."
Microsoft. Windows XP Professional Product Documentation. "Nslookup."
Microsoft Boycott Campaign. "Replacements for Explorer."
OASIS -- Organization for the Advancement of Structured Information Standards
Ohio State University. Index of RFCs.
PC Magazine -- Reviews of antivirus and other software
Pisello, Tom. "The ROI for Antispam Initiatives." SearchSmallBizIT.com.
Registry Watch -- Windows Registry backup, restore, and management tool.
RFC 3000 -- Internet Official Protocol Standards (index of important RFCs, best practices, and more).
Rubenking, Neil J. "Can You Sniff Out Fraud?" PC Magazine. July 28, 2004.
SANS Institute -- Newsletters @Risk: The Consensus Vulnerability Alert and SANS NewsBites.
Secunia -- One of the most consistent breakers of early news and information on threats and vulnerabilities, especially for Windows platforms.
SecurityFocus -- Not only runs a vulnerabilities database, reports on security news, and operates various interesting newsletters and mailing lists, but it's also home to Russ Cooper's BugTraq, which aggregates bug, threat, exploit, and vulnerability reports from all over the world.
Spybot-Search & Destroy -- Operated by Patrick Kolla. You can find some news and articles there, plus lots of other interesting resources, but no alerts or bulletins on these pages.
Spy Sweeper -- Spyware information center provides access to all kinds of useful data.
Spyware Info -- Runs a set of well-used and moderated newsgroups and has a newsletter, Spyware Weekly.
Spyware Warrior -- Pretty nice general spyware site, but unfiltered.
StopSpam. "Reading EMail Headers: All About Email Headers."
SurferBeware -- Covers all kinds of Web-related security topics, including spyware, viruses, cookies, pop-ups, spam, Web safety, and firewalls.
Symantec. Virus Encyclopedia.
Symantec Security Response Center -- Latest virus threat information, updates, and security advisories
Topix.net -- Runs a thread on spyware that aggregates spyware-related stories from news feeds of all kinds; updated daily.
TopTenReviews. "Anti-Spyware Software Review."
Trend Micro Technical Note. "Spyware -- a Hidden Threat." -- Note: this is a PDF file and requires Adobe Acrobat or a similar reader to view its contents.
Ulanoff, Lance. "Opting into Identity Theft." PC Magazine. July 21, 2004.
Virus Bulletin -- Test results for more than 20 antivirus applications in the June 2004 issue.
Virus Bulletin tutorials -- Includes coverage of numerous topics including disabling restore, removing boot sector viruses, restoring system files, booting from DOS, removing the JS/KAK worm from a system, and disabling the Windows Scripting Host (WSH).
Wegert, Tessa. "Pop-Up Ads, Part 1: Good? Bad? Ugly?" March 14, 2002.
Wegert, Tessa. "Pop-Up Ads, Part 2: Usage Guidelines for Legitimate Marketers." March 21, 2002.
Zone Labs -- Security advisories, technical notes, and technical support information, including antivirus information, adware and spyware alerts, newsletters, and tutorials.
ActiveX Controls (Microsoft) -- See the MSDN Tutorial "About ActiveX Controls"
Norton Ghost (Symantec)
Opera (Opera Software)
Sun Microsystems (Java)
F-Secure Security Information Center -- Hoax Warnings
Jeff Richards' Virus Hoaxes and Netlore Web page
U.S. Department of Energy's Computer Incident Advisory Capability (CIAC) Hoaxbusters page
Can't Find Something?
If you find yourself clicking a link that doesn't take you where you think it should, or just plain doesn't work, there are a few things you can do about it. First, please e-mail me using the email address I gave earlier to let me know what's not working. Second, try visiting the root URL for the site to see if it's working (in other words, if something at Microsoft.com isn't available, try going to the home page at http://www.microsoft.com/ to see if it's available). If that works, and there's a search engine on the site, try using it to get as specific as you can to find what you seek. If that doesn't work, try a general search engine like Ask.com, Google, or Yahoo! and see if you can do any better. Ultimately, if you let me know what's going on, I'll figure things out and fix or replace them, but these strategies should serve you well in the meantime if you try them for yourself.