Admitting Defeat
November 29, 2006 11:07 PM   Subscribe

Windows Update.
No beta software.
Run msconfig and remove everything from startup, and disable all non-microsft services.
posted by blue_beetle at 11:22 PM on November 29, 2006

First thing I do is get Firefox.

Second thing I do is disable any services I don't need. Anything running on your PC, windows services included, is just another thing that can crash or bog the system down. Disable everything that isn't essential to system operation and isn't needed for your pattern of use.

Then I go poking around in C:\Program Files and delete things like Outlook Express, Online Services, and whatever other cruft Microsoft felt like installing by default.

Finally, hit Windows Update and make sure you're all patched up against the latest security and stability bugs.
posted by knave at 11:25 PM on November 29, 2006

firewall
posted by sophist at 11:34 PM on November 29, 2006

I would personally make an nlite cd with all the current service packs and security updates integrated. It is easy nowadays and i believe it takes less time than if you went the windowsupdate route.
the site is http://www.nliteos.com/
if your current windows cd is not sp2, i would recommend you download the sp2 file and integrate it to nlite (theres a really good guide at the site above)
then get this http://www.ryanvm.net/msfn/updatepack.html and also integrate it. Now, after you install, you will not have to spend hours on downloading and installing the service packs and security updates.
posted by killa62 at 11:49 PM on November 29, 2006

Nuke and pave won't fix flaky hardware issues. Before I went too far down the re-install road, I'd definitely stress test the hardware, using something like Smith Micro's CheckIt, or some of the freeware suites like memtest86. I'd have a look at the hard drive's low level sector remap, and S.M.A.R.T. statistics, to see if there were any early indications of drive issues, and I'd format the volume as NTFS partitions as appropriate to your use, and then I'd run chkdsk several times, with random write patterns between runs, to verify the disk integrity.

Install Windows XP SP2 (create a slipstreamed SP2 installation disc if you need to before starting the install), and immediately install a commercial virus protection product and up to date virus definitions. The lifetime of an unprotected PC attached to the Internet is around 4 minutes these days, so you haven't time to do Windows Update if you install SP 1 or before you install virus and malware protection. You really need SP 2 with firewall enabled, and a commercial antivirus product running with up to date virus definitions, before you connect to the Internet, if you are to be in any position to connect to Windows Update over the Internet, and survive with a clean installation.
posted by paulsc at 11:50 PM on November 29, 2006 [1 favorite]

What paulsc said.... three times I have had a laptop get infected within 5 minutes of hooking up to a (1) hotel internet and (2) dialup internet. No problems behind a router though... knock on wood.

Back up your Firefox bookmarks (if you use Firefox)... it will get trashed if the OS is reinstalled, even if the HD is left alone.
posted by chef_boyardee at 12:00 AM on November 30, 2006

I just read a Slashdot article on bootable or Live CD's - for windows you might try building a BARTPE or have a Hirens CD on hand so that when things go awry you will be prepared. As long as you use your PC connected directly to the cloud you will face many dangers. Carry around a router (not wireless) and use it as your first line of defense.
posted by ptm at 12:26 AM on November 30, 2006

Regarding a free firewall many people recommend/use Zone Alarm - http://www.zonelabs.com.
posted by vac2003 at 12:30 AM on November 30, 2006

I second vac2003's recommendation of Zone Alarm.
Also download ClamWin if you need a freeware antivirus program.

I have used both with great success on my Windows XP sp2 system.
posted by blister at 12:33 AM on November 30, 2006

EatTheWeak: ZoneAlarm is usually recommended. Although I'd look at physical firewalls as well especially if you have a WiFi router.
posted by keijo at 12:33 AM on November 30, 2006

Yay! everyone here is right! Honestly, I do this shit for a living, and the advice here is spot on. Get Firefox, or whatever non IE browser floats your boat. IE is just to compromised to be worth using anymore.

Get a good anti-spyware tool. I like Ad-Aware, but opinions vary on this. Whatever you do, make sure that it's a legit anti-spyware tool. The clever bastards that make the cruft that infects your machine have been smart enough to develop "spyware removal tools" that actually do nothing more than install more spyware. Lavasoft is the original developer and as far as I'm concerned, still the best in the game.

Firewalls: don't bother. Software firewalls are your enemy. If you must, use the one built into Windows, as it's not actually half bad. But a vastly better choice would be to get a router. For $20 or so American, you can get a hardware firewall (built into your router) that will work better than any piece of software you can install.

Anti-virus, I dig AVG and Antivir Pro. Both are free (or at least have free versions) and both are as good as the software you can buy.

Most of this stuff can be found here.

The key thing is that all of your security needs can be met without spending a dime. (other than a router, and that is well spent money). Don't pay for anything you don't have to.

And the snarky response here is 1.) get a Mac. Really, they are good. and 2.) Try Ubuntu linux. Either will keep you safer than a Windows machine for the foreseeable future.
posted by quin at 12:35 AM on November 30, 2006

Ack. And by 'Firewalls: don't bother', I mean, don't bother with software firewalls.

A firewall is very important, just don't waste your time with a software version when a hardware variant is cheaper and will work better.
posted by quin at 12:38 AM on November 30, 2006

You will want to buy a new hard drive to make a backup of your old system. I used to do a backup of only My Documents, on CD. That had the annoying habit of missing the few files that were not inside of My Documents, as I would inevitably forget about them. And the CDs had the annoying habit of not reading back. Whole system backups on hard drive is much more reliable.

If you feel than an external hard drive is expensive, just remember, there are two kinds of computer users, those who do backups and those were never had a catastrophic hard drive failure. After the reinstall, you will use that external hard drive as a monthly backup.

Whenever I reinstall a new machine, soon after I make a whole partition backup with the free tool partimage. This way the next time Windows goes down because of viruses and bugs, the reinstall quick. It is much quicker to recover from a partimage backup than to reinstall Windows by hand.
posted by gmarceau at 12:41 AM on November 30, 2006

I use Acronis True Image, because it allows me to also do incremental backups, but aside from that, what gmarceau said.
posted by PeterMcDermott at 12:57 AM on November 30, 2006

The firewall that Microsoft provides with Windows XP SP2 is perfectly adequate.

Something else you should consider is how you partition your disk. On a typical 80GB drive, I like to use the Windows Setup CD to make a 20GB NTFS partition and install Windows XP SP2 into that. During installation, I create exactly one user, called Admin.

Once Windows is running, I create one or more Limited User accounts for day to day use. In my opinion (and I'm not alone) this is the most positive thing a Windows user can do to promote their system's security.

I then use Windows's Disk Management tool to make another 50GB NTFS partition. On that, I create \username\Documents folders for all users, then log on as each of the users in turn, right-click on My Documents, and use its Properties page to redirect it to the appropriate \username\Documents folder.

If I'm installing XP Home, I then use the Security for Files and Folders patch from this site to enable the Security tabs on file and folder property sheets, and set the security on the new Documents folders to match the settings of the standard My Documents folders.

Next, I shut down Windows, boot up the Trinity Rescue Kit, and use cfdisk to create a Linux partition that occupies all the remaining disk space. I format this with ReiserFS, then use partimage to make a compressed image of the Windows partition on it, broken into 650 MiB chunks. That way, if Windows gets screwed up while I'm doing whatever else I need to do, I can quickly restore it from the compressed image instead of going through the painful Windows installation process again; and the chunks are a convenient size for burning to either CD-ROM or DVD if I need to make more of them than I have room for on the ReiserFS partition.

Then I go back into Windows and install a bunch of stuff: motherboard drivers, AVG 7.5 Free Antivirus, Firefox (with extensions: mcm_ham's Adblock Plus, Adblock Filterset.G Updater, FireFTP, IE View, NoScript, SwitchProxy Tool, User Agent Switcher), Foxit Reader and all its addons, Flash Player, OpenOffice.org, QuickTime Alternative, Real Alternative, Spybot Search & Destroy, Sun Java, Thunderbird.

I use Set Program Access and Defaults to make Firefox the default browser, Thunderbird the default mail handler, Sun Java the default JVM, and disable access to Internet Explorer and Outlook Express. Then I check that all the net connections are firewalled, connect to the Internet, activate Windows, make AVG update itself, turn on Automatic Updates and let it do its thing until Windows is up to date.

Once I'm happy with the state of the Windows system partition, I'll shut Windows down, boot Trinity Rescue Kit up, use mountallfs -g to mount all disk partitions in read/write mode, delete pagefile.sys and hiberfil.sys from the Windows system partition, use umountallfs to unmount them all, re-mount the ReiserFS partition on /mnt0, then use partimage to make another compressed image of the Windows partition.

I'll do this little image-creation dance every so often, if I'm sure that Windows is stable at the time and I've modified it enough since the last snapshot to make saving an image worthwhile. Images that I particularly like I'll burn to CD.

The reason I put all the users' documents on a different partition is that this lets me completely blow away the Windows system/software partition from one of the stored images, without affecting any user-created files; and the reason I use whole-partition imaging tools for this instead of relying on System Restore is that in my experience, System Restore really ought to be called System Damage Beyond Repair - every time I've attempted to restore anything nontrivial with it, it's found some creative way to screw me over.

And after all this work, I have to say that the resulting Windows installations are very nearly as pleasant to use as the free Ubuntu Edgy Eft environment I'm using to type this note, which took me about a fifth of the time to set up and continues to impress in endless subtle ways.

Free software commercials aside: after setting up several tens of Windows boxes this way for assorted people, I've never actually had to re-image one. They just stay clean. Most of this, I'm sure, is because I teach people how to run as a non-admin and avoid using spyware and adware laden crap when there are good, clean, free alternatives available.

On preview: Zone Alarm used to be pretty good; now it's a horrid bloated piece of crap. I'm of the opinion that application-filtering software firewalls are not worth the trouble; they stop legitimate stuff from working far more often than they save your arse. If you're just careful what you install, and if you make a complete system partition image before trying anything doubtful, you don't need an application-blocking firewall; a stateful packet filter like the inbuilt XP SP2 firewall is plenty good enough.
posted by flabdablet at 3:09 AM on November 30, 2006 [6 favorites]

LitePC's XPLite lets you remove huge strips of bloat. There's a free trial, and since it's the sort of program you only use once or so, the trial is perfectly adequate. The website has a list of some of the stuff it can uninstall -- it's amazing what XP will install on your computer
posted by limon at 3:19 AM on November 30, 2006

The very first thing I do after nuking from orbit is to make a new non-administrator account, so I can do as much as possible without being an admin (aka LUA/Limited User Account/Least User Access). I set the desktop of the admin account to be red so I don't forget when I am using it. Sudowin helps a lot with running LUA.

Also, let me put in a vote against ZoneAlarm. I think it causes more trouble than it is worth. The Windows Firewall works well enough.

For antivirus, I recommend AOL Active Virus Shield. Despite being provided by AOL I found it less naggy and annoying than any antivirus software I have used recently (including AVG, Norton, and McAfee). It's totally free, and is just a re-branding Kaspersky Labs' product, which has been rated very highly for detection rates. It will also detect spyware, so I don't run Ad-Aware or Spybot.

To be honest, though, properly using Firefox, running LUA, and scanning software before installing means I never even get spyware or viruses installed.
posted by grouse at 3:35 AM on November 30, 2006

On posting, let I say that I agree with gmarceau when he says you need to back up more than Documents and Settings but this is only true unless you are running LUA. One more benefit of a properly-configured LUA system where your user can only write to %UserProfile% means that your apps can no longer write to %ProgramFiles% or %Windir%. Then you don't have to worry as much about missing some crucial data file there.
posted by grouse at 3:42 AM on November 30, 2006

I'd wholeheartedly second the recommendation for AVG's free antivirus, available through Grisoft (easily googleable). I would say, though, that they are the victims of their own success - their free software is so good that no-one's buying their paid version, so it is pretty difficult to find the free version on their website, and they will bombard you with messages about the features that are lacking in their free AV. Ignore them - the free version is very good.
posted by altolinguistic at 4:47 AM on November 30, 2006

Ah, the dreaded Windows half-life…
Since, like many, another Operating System is out of the question for day-to-day use, I instead focus on trying to make Windows XP as refreshably friendly as possible.
Wiping and starting over is a good way to introduce new practices that will help keep your system secure and stable.
Initially, if you have more than one hard drive and are still worried that you may not have backed up absolutely everything (double check My Documents, My Pictures, My Music, Favorites, your Mozilla Profile, every other nook and cranny that Windows could have potentially put your data), you can always copy over all your old files before beginning the process. After the reinstall, it is a good idea to move the defaults for these folders to another partition, keeping your data separate from the OS in the future can save you from many headaches.
Before crossing your fingers and rebooting with that XP disc in the drive though, it’s not a bad idea to make sure you have all of your hardware driver discs handy (and also, naturally your XP CD-key). I typically take the time to surf around and see if any of my hardware has updated drivers at this point, and shove them all on to a CD or DVD.
When I’m sure that all my important, irreplaceable data has been backed-up and that I have all the tools for the job assembled, only then do I reboot and brace for the reinstall.
There are ways to reinstall without wiping your OS partition completely, but to be sure there’s nothing left on the drive to mess me up later, I always do a full format, clean reinstall. The XP disc will walk you through.
Then, it’s just a question of sitting back and relaxing through the myriad of pointless screens for a few minutes. Maybe play some pinball if you’d like.
After the reboots, timezone, etcetera, you’re ready to install some drivers for internet connectivity and sit through (possibly an hour or so) of Windows Update. A router means avoiding software firewall bloat. Once I’ve updated, installed a few necessary programs (Firefox, my extensions, anti-virus, etc), removed many unnecessary programs, and tweaked a myriad of settings for performance I make an image.
flabdablat's system is pretty close to what I use. If you’re nuking this install, why not make it less painful for the inevitable future installs?
posted by ktrey at 6:09 AM on November 30, 2006

I hit autopatcher.com and download their full update pack, then MS to download the offline install of SP2. Install windows, install SP2, install autopatcher, THEN connect back to your internet. Two reboots and pretty much every service pack and hotfix is already installed.
posted by Dipsomaniac at 6:31 AM on November 30, 2006

Here's a list of things I install:

-The OS
-Microsoft Office and other programs (photoshop etc)
-The major patches/Service Packs
-Virus Software
-FireFox
-AOL Instant Messager (Forget Triton that sucks!)
-Winzip/WinRAR compression/zip utilities
-Firefox Plugins
-Any other drivers, video, mouse, sound etc
-Ad Aware or Microsofts Defender spyware program
-games :)
posted by PetiePal at 7:46 AM on November 30, 2006

In a single user environment, where nothing is installed that you didn't personally download and install, where only legitimate, trusted programs are used and you don't do silly things like browse porn sites using IE or use Outlook for email and click on every attachment, AND you have a good firewall in your router, there really isn't any need to worry so much about running as admin. Yes, your system can get hosed. Perfectly possible. In my experience though, every single time my system has had a problem it has been user error. Multi-user environments mean any admin user can screw your system by installing things. Unsecured networks and open shares mean anyone else on the network can screw your system. If you have to deal with these types of things, by all means try running as an unprivileged user. If not, you can run as the standard admin-level user so long as you know and understand the risk of doing so.

The paranoid-sounding advice you are getting above is the kind of thing I expect to hear from someone who has been burned before or someone who has the task of cleaning up after the mess. My less-paranoid advice is coming from one who has had to clean things up on shared computers, but has not had big problems on my own systems - where I know for sure who has access and what is or is not installed. If you have co-workers, kids, etc. who can and do access your machine, don't risk running as admin (but be prepared for the inevitiable "why the hell can't I change the clock now?" hassles due to Microsoft's inept application of security for non-admins. Yes, there are workarounds, but not all of them are especially easy even for someone like me who knows what the hell I'm doing.)
posted by caution live frogs at 11:04 AM on November 30, 2006

I really really like IZArc for a free compression utility. It integrates with the shell and doesn't have any awful ads.

Also, EditPlus for a text/HTML/whatever editor. Blows Notepad over the water (it's indefinite-use nagware, but if you don't want to pay you can just hit the "I agree" button on startup and not have to wait or anything more annoying).
posted by kdar at 11:52 AM on November 30, 2006

In my experience though, every single time my system has had a problem it has been user error.

Indeed. Running as non-admin makes it less likely that you will be able to commit some sort of user error that will hose your system. Additionally, as I brought up above, it enforces separation of user data that needs to be backed up, and installable stuff that doesn't.

the inevitiable "why the hell can't I change the clock now?" hassles due to Microsoft's inept application of security for non-admins.

Yeah, you will run into that sort of thing, although I think it is a lot better with XP SP2 and apps are getting better too as more people demand that they are written properly. Yes, it is a nuisance. I think the consequences of running as admin would cause more nuisances, but your mileage may vary (and probably will).
posted by grouse at 2:50 AM on December 1, 2006

Here is the workaround for "I can't change the clock now".
posted by flabdablet at 2:53 AM on December 1, 2006

BTW: Ubuntu's status-bar clock includes the date, and will display a calendar (including your appointments, if you've set any up) with a single click. Just sayin'.
posted by flabdablet at 2:57 AM on December 1, 2006

This thread is closed to new comments.