Terminally Incoherent

Utterly random, incoherent and disjointed rants and ramblings...

Friday, August 20, 2004

Tools for Survival

Windoze sucks! But we use win2k on 80% of our company machines, and the remaining 20% has XP... And since our financial alalysts are outlook/excell addicts, and all of the templates and other shait they use is done using the dredfull combo of office + vb macros I'm stuck with it...

Funny thing - these shitty macro templates make word and excell constantly display security warnings so the instructions for "installing" a template usually make users switch off all macro/vb script security alltogether. Great! Combine that with outlooks "feature" of auto opening attachments and we have a trully explosive mix...

Better yet - not so long ago I had the doubius pleasure of installing a set of Work Papers on one of the laptops. I do not know who coded this crap, but this nifty cd requires you to have win2k, full version of adobe (ie. read+write) and insists on putting 30-something keys in the registry god knows why... The installer is briliant too - after I clicket through the setup screen, and pressed the install button I got thrown back to the desktop... Here CPU usage went up to 100% and stayed there for few minutes effectively freezing my machine. No progress reporting, no nothing! I didn't even get "done" dialog - the CPU ussage just dropped, and after waiting 15 minutes I decided that this must have been it. Geez...

So to make my life easier I was scouring the web in search of usefull tools to add to my arsenal in the war against mallware. I want to make a semi definite list of them so that I have bunch of links at one place... And putting them here seems like a good idea.

Spyware Cleanup and Recovery Tools:

  1. Spybot S&D - unconditionally the best spyware scanner around. I love it and recomment it to everyone I know.
  2. AdAware - also a very decent spyware remover. I have noticed that it nicely complements Spybot as it sometimes picks up things that Spybot has missed, and vice-versa.
  3. Bazooka - I haven't used this one alot yet but it seems usefull. The scan itself is really quick, so I don't think this software is very through. However these guys have an impressive online spyware ecyclopedia which I used for manual removal instructions. And this tool apparently bases on that database and simply points out problems, and gives removal tips. It does not remove spyware automatically as Spypot and Adaware.
Spyware Prevention Tools:

  1. SpywareBlaster - a live protection suite which blocks active-x attacks, tracking cookies, and limits what malicious scripts can do to your browser. And it actually supports cookie monitoring for moz/firefox which is awesome.
  2. SpywareGuard - blocks malicious executables from running, prevents instalation of bho's and other garbage and generally protects you from spyware. Great app!
  3. WMP scripting fix - disables the windows media player scripting. This prevents all these pr0n movies from your favorite p2p from installing shait on your machine. ;)
  4. RegProt - a cool app which monitors all changes to the registry and prompts you before doing anything. Very usefull, but might also be anoyance during big installs. Also, this is probably not a good tool to give to (l)users because it requires a little knowledge of registry. A dumb user will either block everything and screw up the instalation, or aprove everything and will get spywerized anyway...
  5. Use non MS Apps - replace IE+Outlook combo with Moz/Firefox+Thunderbird or Opera. Using IE+Outlook is not safe so don't!

General Diagnostics & Manual Removal Tools:

  1. Hijackthis - Excellent diagnostics tool! It also has ability to automatically remove files and reg keys. I didn't put it in the removal section though because it is more of a diagnostic tools. In other words, it does not seek out spyware - it simply displays information about all running procs, live reg keys, bho's, startup programs and etc. You have to go through all this info and decide which entries are legit, and which are malicious. Telling this software to simply "fix" all listed entries will mess up your system for sure. Still, saves you hours of digging through registry and other places where spyware netsts, by putting all this info in a nicely formated log form. And you can then check problematic entries and delete them all at once, instead of doing the regedit "crl+f, enter, delete, enter, ctrl+f" dance for an hour...
  2. TCPview - an awesome app from Sysinternals showing all active TCP and UDP connections. This tool is great for quickly finding and identifying any downloaders or those anoying processes that like to "call home" all the time.
  3. OpenPorts - a command line tool which shows all the open TCP/UDP ports on this system. Just like TCPview, this is extremely usefull in detecting apps that connect to the internet without your knowledge.
  4. Process Explorer - windows task manager on acid. Really cool app which does preaty much what a win2k/xp task manager does only better (more indepth information about each process including associated files, reg keys and etc).
  5. RegMon - great toy for finding and identyfying suspecious registry keys responsible for respawning the malware processes. It dumps out a list of all live reg keys along with the files they use/refer to and other information. Very helpfull.
  6. Autoruns - a briliant app that searches the system for programs that are set up to autostart on your machine. This is yet another tool which can save you an hour or two of groing through all the "Run" reg keys and "Startup" folders on the machine by putting them in one place. Very helfull in finding and disabling the nasty apps that load at startup.
  7. APT - an interesting tool which claims that it can kill nearly any process regardless of any tricks used to prevent you from doing it. It has 9 different kill techniques, and seems preaty nifty. Fortunately I never really had to resort to using it, so I cant vouch for it's effectiveness. But, it might come very handy one day!
  8. WinUpdateList - Not really spyware specific, but it is a good way to quickly check the patch status of the machine. If it finds nothing we know we are in deap trouble :)
This is by no means a complete list, but an attempt at creating one. These are the tools I like - your milage may vary.

0 Comments:

Post a Comment

<< Home