Mike, u wrote:
Hi Jackie;
I am going to take this topic back to one from earlier today. There was
a
discussion about whether or not to run Microsoft Security Essentials&
Super
Anti Spyware in Real Time mode at the same time. In your professional
opinion, if you were running both of these programs how would you run the
2?
Meaning, would you run 1 in Real Time& not the other or, run both in
Real
Time?
Mike, much depends on what the 2 programs do. Let me give a bit of
background,& then perhaps, by way of that, address your question.
In the not so very distant past, spyware& viruses were pretty much
distinct entities,& the programs designed to protect the computer
from each did quite different things. Antivirus programs tended to
look for what's called "file signatures", e.g., certain strings in
files that were suggestive of a virus, while antispyware programs
tended to monitor things like registry changes, where the browser was
being taken to, etc. That's fairly oversimplified, but the crux was
that 1 antivirus& 1 antispyware program could generally run together
in realtime w/o conflict.
Malware has, unfortunately, become much more sophisticated. Viruses
drop trojans which create a backdoor into your computer& allow all
kinds of information to be passed to some1, e.g., spyware. Thus, the
distinction between viruses& spyware--& other types of malware, for
that matter--have blurred considerably over the past few years. The
result is that antivirus programs have evolved to become
antivirus/antispyware programs, trying to become, as it were, all
protection for all malware, all things to all people, etc.
The answer to your question is that it really depends on what the
programs do. If the antivirus program confines itself to looking for
file signatures, etc., while the antispyware program monitors registry
changes& browser redirects, then it's probably safe. If, on the other
hand, the 2 programs monitor for similar things, then conflict can&
does result. The problem further arises when both try to quarantine
something at the same time, obviously,& it is for this reason that
malware experts suggest running only 1 realtime security suite type
program, e.g., antivirus/antispyware program, at any given time. What
I personally do is to run my antivirus/antispyware program (Avast) in
realtime. Then I scan w/Superantispyware or MalwareBytes weekly or so,
just to get rid of tracking cookies& other annoying nasties that may
have popped up. BTW, 1 thing that can really help keep the bugs in
check is to simply delete your temporary internet files often--lots&
lots of crap-ola gets in there.
So what I personally would do would be to run Microsoft Security
Essentials in realtime,& let SAS be an on-demand scanner. I know some
listers have run both w/o difficulty, but I can't help wondering what
would happen if both try to quarantine the same threat--neither 1
might win& your protection may well be compromised. I remember
getting this as a first exercise of my malware removal training,&
this is pretty much how I answered it then, too,& passed, so
hopefully it'll suffice.
I hope I've made myself sufficiently clear,& invite further queries
if I haven't.
Blessings for a wonderful holiday season.
On 12/27/10, Mike& Barbara In Arcadia<[email protected]> wrote:
Hi Jackie;
I am going to take this topic back to one from earlier today. There was
a
discussion about whether or not to run Microsoft Security Essentials&
Super
Anti Spyware in Real Time mode at the same time. In your professional
opinion, if you were running both of these programs how would you run
the
2?
Meaning, would you run 1 in Real Time& not the other or, run both in
Real
Time? Personally I am not a heavy user of the Internet except for
emailing
and would like to hear a professional opinion on what the pros& cons
might
be. I am not trying to discredit any of the ideas/opinions of others
that
contributed to this topic earlier but, as a amateur computer user and
having
learned most of what I've learned via trial& error,& lists' like this,
I
would like to hear from someone who deals with this type of issue on a
professional basis. All advice/information will be greatly appreciated.
Thanks much. Take care.
Mike
----- Original Message -----
From: Jackie McBride
To: [email protected]
Sent: Monday, December 27, 2010 7:56 PM
Subject: Re: [Blind-Computing] removing a virus
Andre, if I were working in the environment your nephew is working
in,
I'd do it that way as well. But u& I both know that most residential
& soho customers do not walk around w/recent images of their OS or
even backups of their data on a thumb or even an external drive.&
it's not possible for us to have clean installation discs of all
windows versions, never mind trying to use Magic Jellybean or some
such to retrieve the key, cuz half the folks lost their restore
discs.
& then there's data to back up, etc. Then there's always the rare
but
interesting forensics issues of some1 trying to sabotage a company&
has a virus set to reformat the particular hard drive to try to
destroy evidence or bring down a network when certain actions are
performed. The best thing to do in cases like this is just to
dismount
the drive. The way u suggest is easiest but not always practical.
On 12/27/10, Betsy Whitney, Dolphin Press<[email protected]>
wrote:
> Hi Andre,
> I suspect that Jackie may work for multiple clients who have their
> individual networks and configurations. My brother-in-law does the
> same kind of work that I think Jackie does, and he also cleans up
> these things the way she does. He says it is because each of the
> networks is different and he finds it faster. He also said that
> everyone has their preferred way of doing things, and if he were
> working on his own network, he might very well do it your way if
he
> didn't have an alternative.
>
> Recently Andre Williams wrote:
>>Interesting. My nephew works for our city's power company and he
says
they
>>don't bother with any of those procedures as they take too long. He
says
>> his
>>tools consist of a bag full of operating system images and a thumb
drive
>>with hundreds of serial keys including a password override for
terminated
>>employees that "can't" remember their passwords. He said he carries
a
very
>>durable but very slow 10-hour battery life laptop when he's out on
the
>>streets, but when it comes to monitoring computers at work he uses
a
laptop
>>that breaks into 2 parts and becomes a type of mobile unit.
>>Andre
>>
>>----- Original Message -----
>>From: "Jackie McBride"<[email protected]>
>>To:<[email protected]>
>>Sent: Monday, December 27, 2010 7:02 PM
>>Subject: Re: [Blind-Computing] removing a virus
>>
>>
>>Andre, I *routinely* fix these problems because that is what I do
for
>>a living. As I said, I don't connect my computer that I use to
repair
>>others' machines to a network& therefore the integrity of that
>>network is not in question. I'm trained both in computer forensics
as
>>well as in malware removal. While I agree that there are times when
>>reformatting the operating system is necessary, it often is not. It
>>depends on the type of malware infection, how good the tools one
has
>>for doing such removal, the operator's proficiency w/those tools,&
a
>>variety of other factors.
>>
>>On 12/27/10, Andre Williams<[email protected]> wrote:
>> > While it might appear all is fine it might not be. You are the
best
>> > judge
>> > of
>> > the integrity of your network. I would be concerned about
"routinely"
>> > having
>> > to fix these problems. I'll act on the advice of security
experts and
do
>> > my
>> > best to insure any virus whether seemingly harmless to very
destructive
>> > is
>> > not an unknown factor in any of the often strange quirks in
Windows
>> > world.
>> > After an infection a reformat or image recovery gives me this
peace
of
>> > mind.
>> > Andre
>> > ----- Original Message -----
>> > From: "Jackie McBride"<[email protected]>
>> > To:<[email protected]>
>> > Sent: Monday, December 27, 2010 6:16 PM
>> > Subject: Re: [Blind-Computing] removing a virus
>> >
>> >
>> > I routinely fix these sorts of problems by taking the drive
out
of
the
>> > computer, hooking it up to an external device,& then putting
it on
>> > another computer& running malware scans. I very very seldom
have to
>> > reformat an OS.
>> >
>> > Sometimes I do it in Linux, sometimes in Windows. Generally I
>> > disconnect the machine from the network. It's also a "fix it"
drive
>> > w/nothing important in the event it becomes infected, but I've
never
>> > had that happen, either.
>> >
>> > On 12/27/10, Andre Williams<[email protected]>
wrote:
>> >> Yep, I'm right there with you 100%!
>> >> Andre
>> >> ----- Original Message -----
>> >> From: "Don Marang"<[email protected]>
>> >> To:<[email protected]>
>> >> Sent: Monday, December 27, 2010 4:28 PM
>> >> Subject: Re: [Blind-Computing] removing a virus
>> >>
>> >>
>> >> I agree with Andre completely! Reformatting the hard disk
and
>> >> reinstalling
>> >> the Operating System or recovering from a known good disk
image is
the
>> >> only
>> >> way to be sure the malware is removed. Anything short of
that
will
>> >> likely
>> >> have a small remnant left over that will infect the whole
computer
>> >> again
>> >> or
>> >> will damage necessary system files in the process.
>> >>
>> >> Most likely, your computer will run faster anyway, since
Windows
really
>> >> needs to be reinstalled about once a year just to clean out
the
clutter
>> >> and
>> >> the registry.
>> >>
>> >> Don Marang
>> >>
>> >> There is just so much stuff in the world that, to me, is
devoid of
any
>> >> real
>> >> substance, value, and content that I just try to make sure
that I am
>> >> working
>> >> on things that matter.
>> >> Dean Kamen
>> >>
>> >>
>> >> --------------------------------------------------
>> >> From: "Andre Williams"<[email protected]>
>> >> Sent: Monday, December 27, 2010 6:34 PM
>> >> To:<[email protected]>
>> >> Subject: Re: [Blind-Computing] removing a virus
>> >>
>> >>> Tell him to reformat and reinstall the operating system.
With
viruses
>> >>> now
>> >>> a
>> >>> days you can never be sure if they're cleaned off completely
In the
>> >>> hours
>> >>> and possibly days he's going to spend trying to figure this
out and
>> >>> trying
>> >>> to clean his computer he can save himself the time and
trouble and
>> >>> reformat
>> >>> and reload windows in about 2 hours. This happened to me
sometime
back
>> >>> and
>> >>> from the time I realized I had a virus placing 300 items on
my
system
>> >>> tray
>> >>> until the time I reinstalled and image of my hard drive it
must
have
>> >>> been
>> >>> an
>> >>> hour. Image for Windows to the rescue! He also poses a
danger
to
other
>> >>> computers on the network at his job.
>> >>> Andre
>> >>> ----- Original Message -----
>> >>> From: "Lenny McHugh"<[email protected]>
>> >>> To: "blind computing"<[email protected]>
>> >>> Sent: Monday, December 27, 2010 3:23 PM
>> >>> Subject: [Blind-Computing] removing a virus
>> >>>
>> >>>
>> >>> I am trying to help a friend remove a virus from his work
computer.
>> >>> Avg
>> >>> did
>> >>> identify it and reported that it could not be removed
because
it
was
>> >>> in
>> >>> memory. He did not write the name down but it is in win32.
The
>> >>> computer
>> >>> can
>> >>> only be started in safe mode and if he lets it run it gives
a
message
>> >>> that
>> >>> chkdsk should be run with the f switch. That also will not
run when
>> >>> the
>> >>> machine is restarted. He turn system restore off and ran avg
and it
>> >>> did
>> >>> not
>> >>> help.
>> >>> He is using xp professional. He also ran kapersky and it did
not
help.
>> >>> Any
>> >>> quick suggestions?
>> >>> Thanks
>> >>> ---
>> >>> Please visit my home page, it is motivational, educational,
>> >>> inspirational
>> >>> with a touch of humor. There is also a very extensive
resource list
>> >>> for
>> >>> the
>> >>> blind.
>> >>> http://www.LennyMcHugh.com
>> >>> For answers to frequently asked questions about this list
visit:
>> >>> http://www.jaws-users.com/help/
>> >>>
>> >>>
>> >>> For answers to frequently asked questions about this list
visit:
>> >>> http://www.jaws-users.com/help/
>> >>>
>> >>
>> >> For answers to frequently asked questions about this list
visit:
>> >> http://www.jaws-users.com/help/
>> >>
>> >>
>> >> For answers to frequently asked questions about this list
visit:
>> >> http://www.jaws-users.com/help/
>> >>
>> >
>> >
>> > --
>> > Change the world--1 deed at a time
>> > Jackie McBride
>> > Scripting Classes: http://jawsscripting.lonsdalemedia.org
>> > homePage: www.abletec.serverheaven.net
>> > For technophobes: www.technophoeb.com
>> >
>> > For answers to frequently asked questions about this list
visit:
>> > http://www.jaws-users.com/help/
>> >
>> >
>> > For answers to frequently asked questions about this list
visit:
>> > http://www.jaws-users.com/help/
>> >
>>
>>
>>--
>>Change the world--1 deed at a time
>>Jackie McBride
>>Scripting Classes: http://jawsscripting.lonsdalemedia.org
>>homePage: www.abletec.serverheaven.net
>>For technophobes: www.technophoeb.com
>>
>>For answers to frequently asked questions about this list visit:
>>http://www.jaws-users.com/help/
>>
>>
>>For answers to frequently asked questions about this list visit:
>>http://www.jaws-users.com/help/
>
>
> For answers to frequently asked questions about this list visit:
> http://www.jaws-users.com/help/
>
--
Change the world--1 deed at a time
Jackie McBride
Scripting Classes: http://jawsscripting.lonsdalemedia.org
homePage: www.abletec.serverheaven.net
For technophobes: www.technophoeb.com
For answers to frequently asked questions about this list visit:
http://www.jaws-users.com/help/
For answers to frequently asked questions about this list visit:
http://www.jaws-users.com/help/
