Re: Do I have TOO MANY antivirus, antispyware, etc
- From: "cquirke (MVP Windows shell/user)" <cquirkenews@xxxxxxxxxxxxxxx>
- Date: Wed, 11 Jan 2006 12:18:07 +0200
On Mon, 9 Jan 2006 19:39:52 -0600, "Steven L Umbach"
>Running in Safe Mode is always recommended if you believe you have
>malware/spyware as many times that is the only way they can be removed.
I'd put it a little more pessimistically than that; some malware can't
be safely and/or effectively tackled in Safe Mode, even Safe Mode
Command Only. The reason is because while Safe Mode suppresses some
intergration points, and Safe Command Only some more, neither
suppresses ALL such intrusion points. Plus, you're running the same
code base, so if the code base itself is infected, so is "Safe".
>I would suggest that you have only one antivirus program installed that
>automatically keeps itself current with updates
Agreed
>and does scheduled full system scans such at least weekly
Nah, that's just kicking sand in the malware's face and just asking
for a strikeback. If the av missed the malware and allowed it to go
resident, it's not that likely to catch and kill it later - even if it
has been subsequently updated. Most likely the malware will kill the
av and/or its updatability assoon as it goes active.
I do scheduled scans, but only of a subtree through which incoming
material is routed, before that material goes active. This strategy
works best if you avoid apps that hide incoming content, as most email
apps do (they hide attachments in mailboxes - Eudora is one that does
not). I don't try scanning "the whole system" from Windows, though.
I may prefer to use a different av, or a tier of such av, for this
"on-demand" scheduled scan, as that meshes better than using the same
av for everything. Else the only advantage the on-demand scan would
have, is a possibly more up-to-date signature database than the av had
at the time the malware first arrived and was created as a file.
>but it is fine two have two or more spyware detection and removal
>programs particularly if they are not using resources on your computer
>all the time. I use AdAware SE and it does nothing until I start it.
That's what I mean by "on-demand" vs. "resident" or "on-access".
>You can and should create a regular [may also be called limited] user
>account to logon to that you use for internet browsing and for any time that
>you do not need administrator powers such as for installing applications.
I haven't been a big fan of that, myself. I prefer to avoid the
perils of NTFS, and I don't have much faith in band-aids such as
account rights - especially if limiting these rights also destroys
other possibly more effective controls. Given a choice between a
limited account that hides file name extensions and "hidden" files,
and an admin account that doesn't lie to me, I'd pick the latter.
If you do a lot of malware clean-up, and especially if you offer this
as a paid-for service, then you really should get into formal scanning
tools such as Bart CDR-booted scanning - instead of hoping the malware
you are chasing is too stupid to integrate into Safe Mode and is
non-malicious enough not to defend itself against removal.
>---------- ----- ---- --- -- - - - -
Don't pay malware vendors - boycott Sony
>---------- ----- ---- --- -- - - - -
.
- Follow-Ups:
- Re: Do I have TOO MANY antivirus, antispyware, etc
- From: Steven L Umbach
- Re: Do I have TOO MANY antivirus, antispyware, etc
- From: David H. Lipman
- Re: Do I have TOO MANY antivirus, antispyware, etc
- References:
- Re: Do I have TOO MANY antivirus, antispyware, etc
- From: David H. Lipman
- Re: Do I have TOO MANY antivirus, antispyware, etc
- From: nursing major needs help
- Re: Do I have TOO MANY antivirus, antispyware, etc
- From: Steven L Umbach
- Re: Do I have TOO MANY antivirus, antispyware, etc
- Prev by Date: Re: YANDEX cookie
- Next by Date: Re: found a free service to browse the web anonymously..
- Previous by thread: Re: Do I have TOO MANY antivirus, antispyware, etc
- Next by thread: Re: Do I have TOO MANY antivirus, antispyware, etc
- Index(es):
Relevant Pages
|
