Monthly Archives: July 2009

Which Antivirus Program is Best?

Computer Security,

I’ve heard that question so many times from customers and friends alike. It usually follows “Why didn’t my antivirus detect this?” right after I clean up their computers of malware (malicious software). So I figured I should write my take on the subject. Of course, I too have been intensely looking  for the answer to the same question.

Short answer: NONE. Another one: ANY. Before you conclude I’ve lost my marbles, read on. You do want to know which you should install in your computer or if you should change the one you have installed, right? (You do have something installed, correct?)  Well, here goes the full answer.

First of all, you should have read my article that goes over a brief history of viruses and malware in general.

Then read my essay on how much security is needed in your computer.

Now remember, the main principle upon which traditional antiviruses work is they’re basically programs that compare files in your computer to a signature file.  This file contains the different characteristics of all known viruses, and thus it can detect if a particular file is infected or not, AS LONG AS THE IDENTIFIABLE CHARACTERISTIC OF THE MALWARE STRAIN IS INCLUDED IN THE SIGNATURE FILE. Typically the antivirus will then try to clean the infected file, move the infected file to a place where it’s rendered harmless (quarantine) or delete the file altogether.

Here’s the little secret the antivirus companies are not telling you, which I have mentioned before: they are overwhelmed and unable to keep up with the rate with which malware is being produced in recent times, which keeps accelerating.  And there is no reason to believe it’s going to slow down. Want numbers? Here we go:

New unique samples added to AV-Test.org’s malware collection in Sept 2006: 87,577.  In May 2009: 1,078,882! *

So malware is being produced at a higher rate than the antivirus companies’ ability to generate updated signature files to recognize such new malware.

Malware techniques are also getting more and more sophisticated.  Even if the antivirus program has a particular strain of virus listed in its signature file, a virus can be delivered to target computer(s) in such a way that it stays out of view.  To make things worse, as part of its payload (what the virus does when it becomes active or executes) it can cripple the antivirus program’s ability to detect it and remove it, especially if the logged-in user has administrative privileges. Not a pretty picture.

Sure, built-in “behavioral recognition”, present  in most antivirus programs today, will try to deal with unknown, recently created malware that is not yet included in your antivirus signature file. It does so by trying to recognize the way malware behaves when active in your computer and designating it a malicious label even before the malware is in the official wanted list (signature file). That’s either limited or, if overdone, can lead to false positives where programs that are not malicious are labeled as malicious.

Some antivirus companies, such as Panda Security, have recently been approaching the problem with collective intelligence servers to speed up the detection process by making it happen on their servers and using the cloud (the internet) as one big entity to get lots of samples to analyze from. This proposes to improve the detection rate of recently created malware because of the much larger capacity of the servers sitting remotely and the much higher amount of  data being processed. Other companies have tried that approach. Microsoft  is piloting its own version of that model right now (They call this feature “Dynamic Signature Service”) with Microsoft Security Essentials. As one of the first ones using it, so far I like it (it’s been out for about a month now).

But my point is that, even with such new approaches, antivirus programs alone are no longer effective enough by themselves to keep you malware-free. Mind you, I’m not saying you should not have an antivirus program installed, and I’m not saying all antivirus are the same either. I’m just saying that NO antivirus by itself is good enough for the reasons stated above – no matter which one you choose.

I’m going to emphasize this boldly because it is the key datum to understand in this article: The big hole left open with the antivirus inability to deal with the newest malware makes the differences in their detection rates of known malware irrelevant. In other words, who cares if Brand X antivirus has a 98% detection rate of known malware and Brand Y has 99% while Brand Z has only 70%, when all of them miss about 50% of the unknown malware? These are close to actual figures by the way, not just random numbers.

So the question “Which Antivirus Program is Best?” actually becomes “What would it really take to keep your computer as close to virus free as possible?” The answer is a 4-pronged approach:

1. Install an antivirus program that can detect and remove/clean all old and relatively recently created malware. I have tried many of them. Symantec, McAfee, Trend Micro, Panda, Bit Defender, Superantispyware, Malware Bytes, Microsoft, and these are not all.  Take your pick, all good enough, none good enough by themselves. (And that doesn’t mean you should have more than one antivirus program installed at a time – don’t. For technical reasons that’s counterproductive).

2. Install a firewall to curb the inflow and outflow of unauthorized data. It’s just an additional protection layer. Different good free ones exist, like Comodo. In my opinion and specially with Windows  7, the built-in firewall is sufficient for the purpose of this layer in this 4-prong approach.

3. Install a program that will prevent unauthorized execution of malicious programs. This is the secret key I have found in my search for the complete answer: Blue Ridge Networks’ AppGuard.  I openly recommend it as a fundamental and key part of answering this newly posed question. Some antivirus companies might contend they have security suites with the same unauthorized execution prevention, but they don’t, at least not in the same way. The concept upon which this is based is, in my opinion, very clever.  It deals with the CRITICAL “zero-day exploit” problem in a very effective way, it’s very light (uses little computer resources) and requires minimal user interaction, so you don’t have to be an expert to configure it – it is more like a set-it-and-forget-it type application.  Although I recommend it, this article is not about this product, so for more specifics and how it works, go to http://www.blueridgenetworks.com/products/appguard.php.As I’m a professional in this field, I’ve purposely visited several infected Web sites to test this product, and it has protected me in every case. Kids, don’t try this at home!

And last but not least,

4.  By any means and as I’ve mentioned in a previous article:  exercise GOOD EMAILING AND WEB SURFING HABITS.

With all these 4 points in place, the probabilities of your computer getting infected are reduced to a minimum. And despite its apparent complexity, this approach actually results in the best result with the least computer resources usage.

That is my current full answer to the actual question. There might be other setups that achieve the same result. They might even be better. But this one is the best I know, and most importantly, it WORKS. And I believe in it so much that it is what I’m using right now in my own computer.

May your computer(s) live long and prosper in a malware-free zone.

 

* 6/30/11: Per the latest data available, between January and June 2011, AV-Test.org saw an average number of new malware samples averaging 1.6 to 1.7 million new unique samples per month. Click here for the May 2013 figures and prediction for the remaining of 2013.

87577

Why is my Computer so @!#?%^&* Slow? – Part III

Computer Security, Technical Tips,

This is the third article in this series. In case you missed them, here’s the first and second.

Malware

Malware, or malicious software, can be defined as a program designed to harm your computer or grant unauthorized access to it. One of the possible reasons for your computer being slow is malware running in it. In fact I’d dare say, if your computer is running at normal speed and it slows down all of a sudden, most likely it’s due to a malware infection. Conversely, not all malware slow computers down. At least not noticeably. In any case it holds true that one of the signs of an infected computer is sluggish performance. Probably the worst cause of a computer slowdown is malware, because not only will your computer be slow, but it won’t be totally under your control anymore! What to do? Naturally the computer needs to be disinfected. I’m assuming you have an anti-malware solution in place. Run a full scan. If nothing is found but you still suspect your computer is infected. you can try free online scanners such as Panda’s, Trend Micro’s, BitDefender’s, Kaspersky’s, Microsoft’s, Eset’s, to name a few. These can sometimes detect what your installed antivirus missed. Note that depending on the nature and severity of the infection, the malware might block access to security companies’ websites to prevent detection and removal. So if the above links don’t work, that’s probably the reason why. Once all the normal basic routines are unsuccessful in removing a resilient infection, it’s time to contact an expert to get the computer cleaned up. This is when the handling enters the realm of advanced manual malware removal techniques. Look for my soon-to-be-released article on how to best prevent getting infected in the first place and what is the best product to achieve that. Due to how relevant it is, that will be the next article to be published, and after that I’ll continue with the rest of this computer slowness series. Update 7/29/09: Here it is.

Why is my Computer so @!#?%^&* Slow? – Part II

Technical Tips

This is the second in the series of articles on computer slowness and what to do to speed it up. In case you missed the first, you can find it here.

Bloatware

Bloatware is another cause for computer slowness. There are two definitions of bloatware – both apply in the context of this article.

The first one is software (programs, applications) that come pre-installed in your computer when newly bought, mostly consisting of trials, that you didn’t necessarily asked for or will use. Nothing wrong with them except they tend to use computer resources and to that degree, they will slow it down.

Why? Contrary to common belief, a computer’s Central Processing Unit (its “brain”) cannot run multiple applications at the same time. It cannot execute more than one program at a time. In fact, it cannot run more than one instruction (command) of a program at a time. This is true of even the recent computers that come with “dual cores” that you might have heard about. Each CPU can only execute one instruction per time unit. How does the computer create the illusion of running multiple applications simultaneously?

Akin to a versed juggler, a computer can keep several balls in the air at the same time, so to speak. With several applications opened, it divides its capacity to execute programs by alternating among them. The priority of the programs running can be established so the computer executes more or less relative commands of one  before it goes to the next program. So it goes something like this: Application A: execute one command, jump to Application B, run one command, jump to Application C, run two commands, and so on. The trick is that a computer can execute commands and alternate between applications so fast that it gives the illusion of simultaneity.

What does all this have to do with bloatware or computer slowness? obviously the more applications installed and running in a computer, the less each individual application will have the computer’s “attention” and so too many programs running “at the same time” will slow down the execution of each program. So what can be done about it? I’ll circle back to that in a moment.

The second definition of bloatware is related to the “inside” of the programs (applications, software) themselves. Modern applications tend to heavily use computer resources and have features that are not needed, partially because programmers rely on modern computers being faster and being able to deal with sloppy programming as described above.

So what can you do about all this? On the first definition, uninstalling the bloatware is the obvious answer. Careful though if you’re going to try that yourself – make sure you are certain which programs are bloatware and which are essential programs your computer needs to run properly.

Computer savvy users will go as far as re-installing the computer’s operating system from scratch (a clean install)  to get rid of all the bloatware that comes with an average new computer. This is one of the reasons why (but not the only one)  reinstalling a computer’s operating system from scratch will always deliver a faster computer.

On the second definition, not much you can do about it, other than maybe pray. Seriously though, just be aware of the concept and try to choose applications that run lean on computer resources. Ask an expert as needed.

Getting rid of bloatware is another step towards operating a fast computer. Contact me if you need help doing it.

Zero-day Exploit

Glossary

The term derives from the age of the exploit (a piece of software that takes advantage of a bug or vulnerability in a computer). When Microsoft becomes aware of a security hole, there is a race to close it before more attackers discover it or the vulnerability becomes public. A “zero day” attack occurs on or before the first or “zeroth” day of vendor awareness, meaning Microsoft has not had any opportunity to disseminate a security fix to users of the software. This also applies to other software applications, not just the operating system.

Why is my Computer so @!#?%^&* Slow? – Part I

Technical Tips

This probably should have been one of the first subjects covered when I started writing about computers. It is without a doubt the most common complaint from any given user. It’s fascinating in a way when you consider that computers in general have done nothing but get faster and faster over the years. A fast personal computer’s Central Processing Unit or CPU (the computer’s “brain”) today is over 200 times faster than the fastest personal computer’ CPU in 1990. So why are people complaining?

Of course, someone will say, CPU speed is not the only factor in determining computer’s speed. True. But even so, what is behind those seemingly contrary facts? And what, if anything, can be done about it?

The answer is big enough to be covered in more than one article, hence the “Part I”. I will cover all the ones I know, in no particular order, in a series of articles.

I covered earlier the relationship between the amount of memory in a computer and its speed. That’s one.

Internet Connection and Speed

Here’s a good one. You’re browsing the Internet, and the website pages you are trying to access are taking forever to load. You ask yourself, why is this computer so slow? Well, in fact, chances are it’s got nothing to do with your computer – it’s likely to be your internet connection speed. In some cases, if your computer is connected wirelessly to the device that connects you to the internet, it can be “internal” in that way. But most likely the problem is outside your door.

Still, I’ll cover some things you can do, internally (inside your house or office) and externally.

To assert your connection speed and see if it’s the problem, you can first measure it. Here’s the website I normally use to measure internet connection speed: http://speedtest.net. Click on the link to go that website.

Once the website has loaded, click on the golden star, which indicates the server nearest to you. A brief test will follow that will measure latency – how long it takes for a particle to travel to the internet server and back to your computer, download speed (data coming into your computer from the internet like the websites you’re trying to access), and upload speed (data going from your computer towards the internet). After a few moments it will present you with the results.

Latency (ping) is measured in ms (miliseconds), download and upload speed are measured in Megabits per second or Mbps (the unit that measures the amount of data transmitted per unit of time).

NOTE:  Be careful with the links in that website that try to lure you into downloading programs that will speed up your computer. I don’t particularly endorse them and if you’re not an advanced user you might be over your head trying to download, install and run such programs.

As a rule of thumb I’d say if you have less than 0.5 Mbps download speed, your connection is probably slowing you down. More than 500 ms in latency it’d probably be noticeable when browsing.

Upload speed is not so critical for normal web browsing as it is for other activities such as uploading files to a website or playing online games.

Remember: the subject is extensive and there are many other reasons why you computer might be seemingly slow. I’ll cover all the others I know in future articles.

If you need help to improve your computer speed and performance, feel free to contact me for assistance.

Windows Basics: General Keyboard Shortcuts

Technical Tips

Readily available but not so known are Windows keyboard shortcuts. Most people know Control+C for copy and Control+V for paste, but did you know these? (this is not a complete list by any means, just a few not-so-known-but-useful ones):

Alt+Home: In Internet Explorer or Firefox, it will take you to your home page.

Alt+F4: Close the current active window. When no window is selected and you’re on the desktop. It will bring up the shutdown computer dialog.

Control+A: Select all the text or items in the current active window

Control+W: Similar to Alt-F4, but only on closing the current active window.

Control+Enter: When in Internet explorer or Mozilla Firefox (probably other web browsers too), go to the address bar (where you can type the website you want to go to) and type only the website name (i.e. yahoo). Press Control-Enter and it will make it http://www.yahoo.com and take you to that website.

Windows Key+D: minimize all open windows and show the desktop.

Windows Key+F:  Invoke Windows Search.

Windows Key+R: Invoke the “run command” window.

Windows Key+L: Locks your computer

Windows Key+E: Opens Windows Explorer (not to be confused with Internet Explorer).

Windows Key+Break: Opens the System Properties dialog box.

Shift+Control+Esc: Invokes the Windows Task Manager.

Shift: Press and hold down the Shift key while you insert a CD-ROM to bypass the automatic-run feature.

Try each one of these out and learn them – it will speed up your computer related work.