Monthly Archives: October 2011

Not for Beginners: Locking Yourself Out of a Windows 7 Machine

Although it’s kind of an oxymoron, because you gotta admit one has to be a bit of a newbie to get into this situation… Anyways, I’m usually careful with writing at a “for dummies” level but this is one of the rare exceptions, and that’s what I meant by “not for beginners”. Read at your own risk.

So you find yourself right-clicking on a program to run as an administrator (you’re logged in as a standard user) and find you get prompted by UAC to confirm you want to run the program as an administrator, except the “Yes” is grayed out and so the only option is “No”. Why is this?

1. As it has been since Windows Vista,  the Administrator logon is disabled by default.

2. If your user was an administrator account, and you had the bright idea to change that to a standard user, OR

3. If you wanted to hide a user account with admin privileges by modifying the registry, and

4. There is no other active admin account,

Congratulations! you have locked yourself out of your own computer 🙂

Of course you know what I mean. You CAN log in as a standard user. But as far as been able to perform administrative tasks, elevated, you’re locked out. The reason why you see the “Yes” option grayed out is because there is no active visible admin account present in the computer. So know what do you do?

There are several ways to work around the problem, in different levels of “drasticallity”. C’mon that’s gotta be a word! The most drastic being of course to re-install the operating system from scratch. The lightest and probably most effective one is to use a Linux based boot CD with the right capabilities, which will allow you to activate the disabled administrator account, and the log in as the administrator and from there change your own user account back to being a member of the administrator’s group. That’s the best way out of the catch-22. An example of such tool is CHNTPW. Google it.

Test Drive – Lavasoft’s Ad-Aware Total Security Suite 2011

This week’s test drive is Ad-Aware Total Security Suite 2011. Also flaunting dual scan engines like last week’s test drive subject, The installer was a little intimidating at almost 400 Megabytes!

For the purpose of this test, I left all settings as they came when first installing, except the firewall, which I set to high security. And then the fun began. As usual, the test consists of trying to infect the test computer by visiting known malicious websites and observing the security product behavior when doing so.

Went to the first malicious website, containing a fake antivirus. Loading the website lagged momentarily (Ad-Aware was checking the content of the website before allowing access) and then denied access to the malicious website, announcing through a pop-up window there was malicious content and access had been denied. HOWEVER, I did get prompted to download a file (info.exe) and when, emulating a less than expert user, I clicked to download it and save it, it did so. And then when I tried to open it, there was no protest from Ad-Aware!

The only reason why the computer did not get infected when doing that was, well, a technical unrelated reason. Just to make sure the file was indeed malicious, I submitted it to a website that checks any given file against 36 different scan engines from different security companies. To be fair, only ONE scan engine labeled the file as malicious. So what we had here was a very new infection that had not made its way yet to the signature files of most scan engines. But regardless, it was a miss and the behavioral (heuristic) module should have detected it. Because of the technical reason that impeded its execution, we’ll give it the benefit of the doubt and not flunk it right away, but keep on testing.

Second try, malicious page on a youtube.com link (very popular these days). One of the scanning engines successfully spotted the maliciousness and denied access to the website altogether, both popping up a window and placing a message smack in the middle of the browser instead of the intended page, letting the user know the link was a malicious one. Pass on this one.

Third round: A Trojan hidden in a malicious website. Similar result to the first round. In fact, so similar, I took the malicious file and executed in a controlled, yet uninhibited environment (a “sandbox”) and soon realized it was basically the same file with a different name. Moving along then.

Fourth round: A different, very malicious type of Trojan, hidden in a Russian website. Ad-Aware successfully identified the malicious code and denied access to the website altogether. Good.

Fifth, sixth, seventh rounds: Like the second round.

 

Conclusion:

The test drive is considered a pass, since no infection occurred and no malicious payload delivery occurred, and no breach of data or behind the scenes connection happened, no matter the attempts to do so.

A note on system resources usage: I counted 9 different processes running in the background to make Ad-Aware Total Security Suite work, with over 400 Megabytes of system memory being used altogether. So needless to say, old computers with relatively low memory should stay away. Newer computers, with plenty of system memory, won’t mind (My test computer, for example, has about 8,000 Megabytes of memory, so it’s undisturbed by a process using 400 Mb).

So that being said, we can add Lavasoft’s Ad-Aware to the list of security suites that have survived unscathed my test drive. These are, in the order they have been tested:

 

1. Kaspersky Internet Security 2012.

2. VIPRE Antivirus Premium.

3. ZoneAlarm Extreme Security Suite 2012.

4. Avira Internet Security Suite 2012.

5. Emsisoft Internet Security Pack.

6. Lavasoft’s Ad-Aware Total Security Suite 2011.

Stay tuned for more test drives in the near future. Next one is probably going to be F-Secure, which releases its 2012 version next week.

 

 

Test Drive – Emsisoft Internet Security Pack

Following the series of test drives that I’ve been performing on the main brands’ security suites, this time I tested Emsisoft Internet Security Pack. As it is usual with the top security product from a company, Emsisoft’s security pack  includes anti-virus (2 separate scanning engines to be precise) a firewall, web filter and so forth.

After installing it, I put it to my classic acid test of visiting known malicious websites to observe how it behaves in a dangerous environment. I must say I tried multiple times to infect the computer, and all the attempts were thwarted by either the real-time protection module, or the web filter. Read on for what I found to be the problem with this product.

Although this product passed the test described above with flying colors, the problem I found with Emsisoft is its over-restricted and awkward approach to security. Every time ANY program tried to access the Internet, modify the registry, or otherwise perform any questionable action, a pop-up window came up alerting me to it and asking me to make a decision. And the worst part is, even though there was a checkbox to have Emsisoft remember my answer so I would not be prompted again when the same operation repeated, I kept being prompted again for a decision on things I had already decided what course of action to take, AND had told Emsisoft to remember my answer. Glitchy and awkward.

Along that line, I have tried the firewall before, as a stand-alone installation, and besides the above nuisance, I found the firewall to be very resource-hugging and a specific application installed in my computer, for no reason at all, decreased in performance about 2,000%. It was hard to track down too, as there was no evidence connecting the presence of the firewall to the degraded performance of the application, and only through a trial test was I able to ascertain that indeed the firewall was the culprit.

So although a pass on the test drive, I’d stay away from it in terms of the user experience.

Test Drive – Avira Internet Security 2012

Recently released, Avira Internet Security 2012 was taken for a ride. As usual, the test drive consisted of installing the tested program in my test computer, then accessing known malicious websites and their respective malicious files, and in general trying to infect the computer and see what the security program does to counter the effort.

When I first tested Avira (the 2011 version), it failed miserably. Not this time around. No sir. I installed it and left the firewall setting in its default setting, but did change the behavioral detection level to its highest sensitivity setting. And then the fun began.

First round: accessed malicious website, was prompted to download a file, did so. Successfully finished downloading the malicious file, proceeded to open it… And Avira’s real-time protection module jumped to alert me that the program I had just tried to open was a Trojan and should be quarantined. No infection got through. Pretty good.

Second round: similar scenario (but different website), this time WHILE downloading the file and before attempting to open it, the real-time protection module alerted to the maliciousness of the file. Wow, that was even better.

Third round: Somewhat similar, except this time when trying to ACCESS the malicious website, before being even able to start downloading the infection, I was denied access to it by Avira’s web filter module. This was getting better at every attempt!

Fourth to tenth rounds: same as 3rd round.

All different websites, not one infection got through. In fact, no malicious program was even allowed to open!

None of my attempts to infect the computer succeeded. Quite a change compared to the 2011 product!

Conclusion

A triumphant pass, making Avira Internet Security Suite 2012 join the ranks of those security programs that have pass my test. So the list now goes:

1. Kaspersky Internet Security 2012.

2. VIPRE Antivirus Premium.

3. ZoneAlarm Extreme Security Suite 2012.

4. Avira Internet Security Suite 2012.

All trustworthy and recommended.