Monday, October 5, 2009

10 more ways to detect computer malware

10 more ways to detect computer malware: "

TechRepublic members have spoken. Here are 10 anti-malware programs they find indispensable.




After writing 10 ways to detect computer malware, I received messages from members wondering why I didn’t include various other anti-malware programs. I was hoping that would happen, simply because of the many applications I am not aware of. Once I did some due diligence, I compiled the following list of additional programs.


Note: This article is also available as a download that includes a PDF and a PowerPoint version of these recommendations.


1: Avira AntiVir


When they learned that my antivirus program is Avast!, several members mentioned I should give Avira AntiVir a try. According to trusted reviews, AntiVir scores well on malware-locating tests. It also rates high on prompt delivery of new signature files. Both are important, with the proliferation of zero-day malware, making AntiVir a good choice.


2: Emsi a-squared


Emsi a-squared is another member favorite. I now understand why. The anti-malware scanner was reviewed favorably in respected third-party surveys. All of the reports mentioned a-squared’s user interface and fast scan times as valuable features. Note: The free version of a-squared is only a scanner, so additional real-time protection is needed.


3: Microsoft Security Essentials


Security Essentials needs to be mentioned, even though it hasn’t been released yet. I couldn’t test it because I missed the beta cutoff. But a CIO friend of mine is running tests and likes it. Her only issue is the slow scan rate.


She also commented, ‘It’s about time Microsoft offered an antivirus application.’ Her opinion makes sense. Having a built-in AV simplifies things and should eliminate problems like Windows Firewall did. There are plenty of rumors as to when Security Essentials will be released, all pointing to sometime in the fourth quarter of 2009.


4: Microsoft Event Viewer


While I’m on Microsoft, I want to mention Microsoft’s built-in Event Viewer. It should be the first place to look if something appears to be wrong. If an error shows up, double-click it and look at event properties to see what happened. If that’s not enough of an answer, check Randy Franklin Smith’s Ultimate Windows Security Web site for more detailed explanations.


5: X-RayPC


X-RayPC is a diagnostic tool similar to HijackThis. X-RayPC’s developers admit they like HijackThis and incorporated many of the same features. To enhance X-RayPC, they added a triage service. The service checks scan results against SpywareGuide, an online database. X-RayPC then reports back whether the file is known, unknown, or suspicious. This allows the user to make an informed decision before removing questionable files.




Note: I debated whether to include both SystemLookup and VirusTotal, because of their similarity. But SystemLookup represents the opinions of independent experts and VirusTotal represents the views of anti-malware companies. That difference convinced me each has its place.




6: SystemLookup.com


If you want more information about a certain process or file, SystemLookup.com is the place to go. Type the filename or CLSID into the search box, and an answer should appear. As of today, the site’s database contains more than 85,000 items, all verified by an independent community of anti-malware experts.


7: VirusTotal


VirusTotal is the go-to Web site if you have any apprehension about a file/program already on the computer or if you wants to load unknown software on it. In either case, it’s simple to find more information.


Upload the file to the VirusTotal Web site. After a few seconds, a detailed report will display. If one or more of the 32 anti-malware companies has an issue with the file, their comments will show up in red.


8: Third-party firewalls


I mentioned earlier that Windows Firewall was a welcome addition. Still, it’s limited in its functionality. That’s why I consider third-party software firewalls necessary, especially if the computer travels.


Most firewall applications offer additional services. They act as program guards, determining what software exists on a computer, learning what the software is doing, and preventing malware from altering application code.


There are many free firewall applications. I hope members will mention their favorites and why. I currently use Online Armor.


9: Wireshark


When other options aren’t working, using a network protocol analyzer like Wireshark may be the only way to recognize the existence of malware. Wireshark lets you determine if any unexplained data traffic is being received or sent by the computer.


The best way to use Wireshark is to run a baseline scan, trapping all traffic to and from the computer. Later on, if something appears suspicious, run another scan, comparing the results.


10: Bleeping Computer’s Combofix


Combofix is an efficient scanner capable of removing files designated as malware. It also allows you to create situation reports that can be used when seeking additional help. Combofix is one of those programs where you have to be careful about removing files. I recommend using it to create a baseline report when the computer is operating properly. That way, anything out of the ordinary will be obvious.


Combofix comes highly recommended by several TechRepublic members.


Final thoughts


As before, if I have missed your favorite anti-malware application, please let me know. For additional information, check out the first article in this series, The 10 faces of computer malware.




Check out 10 Things… the newsletter


Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic’s 10 Things newsletter, delivered every Friday. Automatically sign up today.








"



(Via 10 Things.)

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)