How to put together the ultimate Computer security kit?
April 8, 2006 12:48 AM   Subscribe

I want to put together the ultimate Computer security kit to fix my uncle's ailing computer. Suggestions?

Ok, so my uncle has a computer, either Windows XP or 2000, and basically because of user ignorance it is now infested with spyware at least from what he's told me about it. I haven't actually seen this computer, and I'm the resident computer expert in the family so I'm making the trip to try and get his machine running normally again. He only has dial-up so I wanted to put together a CD of essential software to get his computer clean as a whistle. I have a lot of stuff already (Ad-Aware, Spybot, Windows Defender, AVG Anti-Virus, hijack this, CW shredder, etc.), but I don't want to miss anything, so I'd like suggestions about free (free trials are ok) software and stuff that would help me in this task. Just to clarify, we're talking about a spyware and possibly virus infested computer. Also any tips, links, anything like that would be most welcome as well. I really do have a good start, but I'm thinking if I could get every available resource I could put together some sort of master PC cleaning kit for myself, and I'm just nerdy enough to want to do that.
posted by katyggls to Computers & Internet (22 answers total) 4 users marked this as a favorite
 
Bring a Windows CD and an external USB hard drive to back up and restore data. If it's far enough gone that you're making a special trip, wipe and reinstall that sucker.

Other than that, sounds like you've mostly got it covered.
posted by Malor at 12:53 AM on April 8, 2006


Add Eiwido Anti Malware. 14 days of the entire product free, then you can use it as an on demand scanner forever. It's updated daily too.

Tip: It picks up more nasties if you run it in safe mode.

This forum has an excellent faq for security issues.
posted by Arqa at 1:05 AM on April 8, 2006


All you need to do is set him up with a restricted user account. He won't be able to install anything and that includes spyware.

Just install all the programs he'll need, and if he wants anything else installed you can do that too.

You can setup windows terminal services or VNC to let you get in remotely and install any additional software he'll need.

Really, all those anti-spyware are just treating the symptoms of the problems, the most basic of which is giving novices root access to the machine.

Really, if you know what you're doing, you'll never get infected. And if you don't know what you're doing you shouldn't be root.
posted by delmoi at 1:11 AM on April 8, 2006


It's unlikely the computer will have had windows updates installed on it. If you poke around you can find downloads of the updates indepenant of the windows update site (for sysadmins etc) and this should be easier than downloading sp2 (say) over dial up.
posted by scodger at 1:20 AM on April 8, 2006


Don't even think of trying to clean up this system as it's running. Either use a BartPE boot disk and clean it from there or backup+wipe+reinstall. And make sure that whatever you do, when you leave you've installed all windows updates and tightened down the IE settings.
posted by Rhomboid at 2:22 AM on April 8, 2006


Yeah that's going to be a problem as he doesn't actually have the Windows CD, just a stupid OEM recovery CD (arggh!). That's why I'm really trying to avoid reinstalling.
posted by katyggls at 3:33 AM on April 8, 2006


Don't panic.

In my experience, it's often less trouble to clean up even a quite filthy system than it is to rebuild it from the ground up and get it back into a state the customer feels happy with.

First thing to do is create a new user account called Admin, then log into it. That alone will stop a fair bit of crap (the kind that runs from files stored in the user profile and starts via registry keys under HKCU).

Then cut your uncle's existing account back to a Limited User. Explain to him that the occasional Access Denied message for him is worth putting up with to stop malware getting system-wide installation privileges.

Spybot Search & Destroy 1.4 will get rid of most spyware just fine, even if the system is heavily infested. Install it from Admin, bring it up to date, make sure SDHelper is installed, run an Immunize, then use its Automation settings to make it run once at next startup and clean everything it finds, then reboot.

Once SS&D has run once from Admin, log on to Uncle and run it again from there (you won't need to update it, but you should Immunize again before running the scan).

You'll likely find nothing left for Hijack This! to do, but you should run it anyway from both accounts.

If he's clueless enough not to be able to tell you whether he's got 2K or XP, he's probably running the same Norton Antivirus they sold him when he bought the thing, and probably hasn't paid his subscription fee since 2003. So reef it out and put AVG in.

If you think SS&D, HJT and AVG between them have missed anything, have a go at it with Sysinternals' Rootkit Revealer.

Once it's clean, install SP2 (if it is indeed an XP box and that hasn't already been done) and make sure the Security Center is happy.

Visit Windows Update and turn on Microsoft Update so you get everything that Office needs to stay clean as well.

And don't worry too much about tightening down the IE settings when you've finished, either. Just use Set Program Access and Defaults to make Firefox 1.5 the default browser and remove access to Internet Explorer, and tell him he's not allowed to use IE any more or you won't work on his computer again. Put the Adblock Plus, Adblock Filterset.G Updater, User Agent and (if you're feeling generous) IE View extensions into Firefox and add all their buttons to the toolbar.

IMO, the Trinity Rescue Kit should be part of any Ultimate Security Toolkit, too. It's a bootable Linux CD with excellent hardware autodetection, full NTFS write support, a registry editor/password resetter, three different antivirus scanners with auto-update (F-Prot, ClamAV, AVG), partition imaging tools, and Windows file-sharing (CIFS) support. No GUI, all command-line goodness, about 90 megabytes to download.
posted by flabdablet at 7:55 AM on April 8, 2006


BTW if you don't already have XP SP2 on CD you can get it free from MSFT. They say there's a shipping and handling charge but they sent me mine (I'm in Australia) for nix.
posted by flabdablet at 8:11 AM on April 8, 2006


So why was my rather quick and simple suggestion deleted from this thread? I have spent several hours each time I visit my sister removing Adware and SpyWare from her Windows XP system. She has been so frustrated that on many occassions she finds it easier to use the OEM disc and restore her system to factory fresh. What a waste of both her time and mine. Not to mention the lost iTunes files and other data. A Macintosh is in fact the simplest and cheapest way to prevent adware and spyware from recurring. I say cheapest, because for about $300- to $400.00 a fine used G3 or G4 will do the job of email and surfing and Word processing quite nicely. Not to mention iPhoto for all those pics of the grandkids...Now I don't know about your time but my time over the past months has certainly added up to more than the cost of a used Mac.
posted by Gungho at 8:33 AM on April 8, 2006


Linux.

OSX.

NEVER open of IE.

the truth of it is that people who get spyware on a 'doze machine will continue to get spyware no matter what you do. Ive seen it a million times with my friends and it is the same thing over and over. He needs a Mac, or some kind of linux distro. Ubuntu is free.

how is he getting spyware with dialup?
posted by I_am_jesus at 8:44 AM on April 8, 2006


By browsing. The stuff is like cockroaches...
posted by Gungho at 8:49 AM on April 8, 2006


The following link has an article of what one person did to fix a similar situation, and good discussion of programs to install, including free.
http://scribbling.net/how-to-fix-moms-computer">

Try also this article from pcmagazine.com, how to keep your computer safe.

posted by sLevi at 9:44 AM on April 8, 2006


oops, don't know why that didn't work...

http://scribbling.net/how-to-fix-moms-computer
http://www.pcmag.com/article2/0,1895,1618797,00.asp
posted by sLevi at 9:45 AM on April 8, 2006


Gungho, I expect your "just get a Mac" comment was deleted because it's the standard kneejerk reaction to Windows problems from people who don't know how to avoid them, and is not much of an answer to a question about putting together a PC cleanup kit.

Yes, it's a fact that most Windows boxes are not set up securely. But that doesn't mean they can't be. It can be done pretty easily without spending a cent.

I often tell people that picking an OS is about choosing how to waste your time. Pick Windows, and you'll waste a lot of time stopping it from doing things you don't want it to. Pick Mac or Linux, and you'll waste about the same amount of time making it do all the things you do want it to.

The main things that stop Macs and Linboxen having the same kind of trouble with viri and spyware as Winboxen are these:

1. Lower market share
2. Restricted user rights by default

Of these, the second has only applied to Macs since OSX; the earlier, non-Unix-based systems had no notion of limited-rights user accounts. Unix, of course, has had them from day 1.

Windows has had limited accounts available since NT. The main reason they don't get used often enough, even today, is largely cultural; Windows boxes aren't shipped with limited accounts set up, Windows users are accustomed to operating with full access rights, and there's a lot of Windows software (older stuff, and games) that still needs tweaks and fiddles to make it run properly inside a limited account.

The Mac way to deal with this kind of thing is just to break most of the old stuff every time a new OS version comes out.

Windows, as most commonly installed, is a bit reminiscent of the goatse man. But if you use limited user accounts, he removes his hands from his anus; and if you shun Internet Explorer in favour of Firefox or Opera, he stands up.

Do both of those, stay up to date with automatic updates and make sure some kind of firewall is running, and your Winbox will most likely never get infected. None of mine have, and they spend most of their time being used by a teenager with no security judgement whatsoever.
posted by flabdablet at 9:49 AM on April 8, 2006


I get asked this question so often that I wrote a blog article about it. This isn't quite what you asked (it's about building secure XP from scratch), but it may be helpful.

I agree with flabdablet. Set up XP properly and spyware/viruses need never see the light of day.
posted by MotorNeuron at 10:30 AM on April 8, 2006


Do remember to visit the Windows Update site, and grab any significant updates before you go - such as IE 6 SP1 &tc. - the catalog site lets you download updates as self-contained installs.

Also remember to get the latest adaware - < ---note that link downloads the latest defs file as a zip archive) and a href="http://www.safer-networking.org/en/download/index.html">safer-networking.org (takes you to the Spybot S&D) sites to grab the latest, offline updates for your spyware packages. Antispyware definitions can be fairly large on an initial install, and you can save a lot of time by first installing the antispyware software, and then installing the updates from the CD as well.
posted by disclaimer at 10:43 AM on April 8, 2006


Sorry for the broken link - looked good on preview...
posted by disclaimer at 10:44 AM on April 8, 2006


If it hasn't been mentioned by name yet, the Microsoft Baseline Security Analyzer should be installed and run. It gives you a complete rundown of missing security patches and updates, misconfigured IE, and a bunch of other stuff. If you don't want to do that Genuine Advantage crap (necessary for the download,) go to a library or Internet cafe with a thumbdrive and get it there.
posted by trondant at 12:27 PM on April 8, 2006


I think the fact that Internet Explorer is part of the Win OS leads to a lot of these problems. For example in my office we often see there are spywares that even an admin can't remove without getting into the registry. That's pretty dangerous for most folks. However I will admit that after a careful scrubbing and using both SpyBot and Ad Aware (both free) the problem can be managed.
posted by Gungho at 12:30 PM on April 8, 2006


"the truth of it is that people who get spyware on a 'doze machine will continue to get spyware no matter what you do. Ive seen it a million times with my friends and it is the same thing over and over. He needs a Mac, or some kind of linux distro. Ubuntu is free."

False. One simple thing to do, once you've followed everyone's directions above and cleaned up the machine, is to replace the IE links everywhere with Firefox links. You might even want to put an IE skin or icon on Firefox. Then, remove admin rights from his user account so new applications can't be installed. That will go a long way towards mitigating these issues.
posted by anildash at 4:53 PM on April 8, 2006


Someone around here once mentioned HitMan Pro. It download and runs lots of stuff (i.e. Spybot, AdAware, etc.). I put it on my mom's pc and it is much eaiser for her to remember to use then all the different programs.
posted by nimsey lou at 7:55 PM on April 8, 2006


Wow, thanks for all the responses guys. And to the Mac/Linux evangelists, two points: one, since user ignorance was what got my uncle's computer into such a sorry state, I can't imagine asking him to deal with another OS. And two, in point of fact, it is possible to run a clean Windows machine. I've never had a spyware problem on my XP machine, simply because I'm knowledgeable about computers and run several anti-spyware programs, two anti-virus programs, a firewall, and I keep my software and OS updated. It's user ignorance that causes the majority of spyware and security problems, not the OS.
posted by katyggls at 10:29 PM on April 10, 2006


« Older My internet doesn't work   |   Seeking Vendetta Mask DIY Suggestions Newer »
This thread is closed to new comments.