Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Operating Systems Software Windows Worms

Free, Near-Foolproof Way to Evade Windows Spyware 72

adam wenner writes "I have typed up instructions for 'non-computer people' on how to remove spyware and malware (and viruses for that matter). I have tested this procedure on about 40 computers and have never had any problems with any of it. Most people would say a nice 'format c:' would solve the problem, but for most people, that isn't good, and it's a headache reinstalling and migrating stuff over to a freshly formatted machine." I could have used this a few months ago while trying to mitigate malware damage to a friend's system.
This discussion has been archived. No new comments can be posted.

Free, Near-Foolproof Way to Evade Windows Spyware

Comments Filter:
  • Step 1 (Score:4, Funny)

    by lexarius ( 560925 ) on Saturday April 02, 2005 @01:59PM (#12120691)
    Remove network card and modem.
  • Expected Linux/10 (Score:2, Insightful)

    by jZnat ( 793348 )
    Considering this is a /. article, I figured the perfect method to do so would be installing Linux. It fits the description perfectly!
    • Damm , you beat me too it by a minute .
      i was going to post

      Step one :Install linux
      .
      But to be (as in this thread)origional i will say .. Buy a Mac (que
    • Did you read the very first sentence of the summary?

      I have typed up instructions for 'non-computer people'

      Don't get me wrong, Linux is a good OS. But the vast majority of users would be unable to use it, and probably unwilling to even try it. I can't even get my parents to give up IE in favor of FireFox.
    • "Considering this is a /. article, I figured the perfect method to do so would be installing Linux. It fits the description perfectly!"

      Dammit. I just tried that and now my games don't work! grr
    • Nah,

      Linux is too much work, especially for non-technical people. Heck, even techies get frustrated with the myriad of config files.

      What you *really* want to do is go install MacOSX, using say, a mac mini, or maybe even an older mac sourced from ebay.


      XW
  • format C: (Score:3, Insightful)

    by EnderWigginsXenocide ( 852478 ) on Saturday April 02, 2005 @02:12PM (#12120767) Homepage
    Most people would say a nice 'format c:' would solve the problem, but for most people, that isn't good

    Because we're focused on helping 'non-computer people.'

    They might not be able to understand the command line interface to type such a command, nor find the format option in the menu and successfully slection the right options from the dialog box.

    • nor find the format option in the menu and successfully slection the right options from the dialog box

      Not to mention that Windows won't let you format the C: drive using the GUI "Format" dialog. It probably won't let you do it from cmd.exe either, but I don't have the balls to test that theory. ;-)
      • It doesn't. What happens, in the same fashion the format GUI does, is that Windows realizes that it is a currently booted-into volume, thus disallowing the format command on it.

        As an alternative (and I only offer this in jest), I present you the true way to 'clean out' the C: drive whilst in Windows:

        rd /s /q

        RD is another call for RMDIR, the /s is for all subdirectories and /q is quiet mode, no prompt. What will really happen is all files not in use (basically all except vital system files) will of c

  • by A beautiful mind ( 821714 ) on Saturday April 02, 2005 @02:12PM (#12120773)
    this article gives new information how exactly?

    Also, if adware/spyware/virus infections are really that big of a problem you can always switch to a better designed system. Like linux (yeah i know).

    Still, the best solution would be simply to educate users, specifically educate enough users so that spam/virus infections would not reach critical mass to be able to survive.
    • a) The good thing about the linked list is that it gives a step-by-step for those not much familiar with Windows (like me), but sometimes asked to help with someone else's crippled machine.

      b) Not everyone's ready to give up Windows; the grandmother whose machine I (very slightly) helped clean up this winter likes Windows well enough, when it's working, and she brings home work from the office to do on it. Her husband's machine, though, I just replaced with one running Knoppix. Progress, progress. They both
      • "I have typed up instructions for 'non-computer people'" and "Slashdot - News for nerds"

        I believe these statements are slightly in conflict.
        About point b), i agree, although i think that c) missed the target audience. Also i would like to point out that there are much better written articles, checklists existing already.

        Don't get me wrong, i wouldn't care if i would see 5 stories about this topic next week, i'd just skip them over, the only reason i posted is that i felt a little bit let down. I read
  • by OneDeeTenTee ( 780300 ) on Saturday April 02, 2005 @02:18PM (#12120814)
    Run windows on a livecd.

    Just reboot, and POOF! all the spyware is gone.
    • Of course, things like installed software and settings and the registry will have to reside on a HDD or some other re-writable media.

      And it's those things (installed software: virused, malware, adware, spyware)(settings and registry: facilitate the auto-starting nature of previously mentioned installed software) that will get Windows users back into trouble.

      If you want Windows (not a windows act-alike version of linux) to be free of such problems you have three solutions, get the folks at MS to make a bet

    • Is this even really possible? And if it is possible (I'm sure someone's made i work), is it really a feasible option for anyone but the most hard-core geek?
    • by moosesocks ( 264553 ) on Saturday April 02, 2005 @04:15PM (#12121551) Homepage
      Nice, but not exactly practical or well-supported.

      There's a product called DeepFreeze [faronics.com] commonly used in academic computer labs that effectively has the same effect. Any changes written to disk are lost at the next reboot. You don't have the RAM limitations of a LiveCD, and you're immune to any virus or spyware under the sun.

      As far as I know, it's a very secure piece of software. The company used to have a challange that they'd pay $500 anyone who could disable the software without the password or booting off of a floppy and reformatting the hard drive.

      As you can imagine, it's a godsend for K-8 computer labs. Students can experiment and install whatever the heck they want, and if they screw something up, just shut down and reboot.
  • by SmallFurryCreature ( 593017 ) on Saturday April 02, 2005 @02:22PM (#12120848) Journal
    Is that nature will always be one step ahead with the latest model fool "NOW WITH EXTRA STUPIDITY" for your enjoyment.

    This list is nice and all and while laughable to those with a clue it could work for an idiot. Except for two tiny little errors he makes.

    The first is that his foolproof solution contains words. Multiple words some of them longer then one syllable. It even runs of the bottom of the page. Lets face it the average spyware attractor can barely read a newspaper headline without a rest.

    Second is that his solution is no magic bullet. Those who attract spyware want a shiny sparkly button to click. Not think or have to remember things.

    This list is ONLY of use to completly new computer users. Those who already been infected have already proven that they lack the mental skills to survive online. Only way to fix them is take away their internet OR just realize that techs worldwide are feeding their families by fixing those spyware infested computers.

    As long as I can remember consumer organisations have warned against pyramid schemes. That hasn't gone away and people can loose real money with them. There will always be stupid people. Don't hate spyware. See it as a sign so that you know the person you are dealing with is slightly denser then your cat. Now if only we could convince stupid people they can get a something free by wearing a sign.

    • As long as I can remember consumer organisations have warned against pyramid schemes.

      Too bad we can't get them to admit Social Security is a pyramid scheme.

      Don't hate spyware. See it as a sign so that you know the person you are dealing with is slightly denser then your cat.

      Yes, this will win you lots of friends. Step out of the computer lab into that big room with blue ceiling some time. If you don't start acknowledging it exists and is a good place to be, no one will like you and you'll be very l
  • Firefox is perfect (Score:2, Insightful)

    by brianmf ( 571620 )
    Mozilla Firefox is an open-source web browser that has been taking the internet by storm, it is the fastest browser out there, and is devoid of software holes that previously allowed spyware onto your system in the first place while you surfed with Internet Explorer

    Firefox has zero bugs???
  • No, honestly. Firefox is some of your best protection against spyware.

    I've used dozens of computers since 1999, and have received less then 5 pieces of spyware in that time-- all of it was injected into my system on those rare occasions that I used Internet Explorer. I've used Mozilla or Firefox as my primary browser since 2000 or so.

    My 60 year old parents used IE for years, and got spyware on his system every couple months. He switched to Firefox a year ago because he read an article Kiplingers or some o
  • by Mike McCune ( 18136 ) on Saturday April 02, 2005 @02:26PM (#12120875) Homepage
    1. Don't run as administrator. Create another account as restricted user for daily use. Most spyware requires administrator rights to install.

    2. Download and install Microsoft Antispyware http://www.microsoft.com/athome/security/spyware/s oftware/default.mspx [microsoft.com] . Sure is is still beta but it works pretty well. For those anti MS types out there, MS bought this software from Giant Software.

    Any other tips?
    • 1. Don't run as administrator. Create another account as restricted user for daily use. Most spyware requires administrator rights to install.

      No. This works real well in Linux and OSX, but not in Windows. It produces way more headaches than it solves, because the concept of not running with admin rights is still fairly new in the Windows world, and there's still a lot of software that will be problematic. Unless you're willing to spend a lot of time troubleshooting permissions, it's just not worth it

      • It works fine in Windows. I've been doing it since 2000 (the year, not the OS -- well OK, the OS too).

        Frankly, your "large amount of clients" point is the most bogus of them all. Do you actually work in a corporate environment? I do, with thousands of users. A handful -- 100 or so -- have admin permissions. Believe me, it solves more problems than it creates.
      • by Alwin Henseler ( 640539 ) on Saturday April 02, 2005 @04:54PM (#12121827)
        1. Don't run as administrator. Create another account as restricted user for daily use. Most spyware requires administrator rights to install. No. This works real well in Linux and OSX, but not in Windows. It produces way more headaches than it solves, because the concept of not running with admin rights is still fairly new in the Windows world (..)

        I think I should point out some practical experience here, that suggests the opposite. A number of months ago, I helped clean spyware off my parents' PC. Installed Firefox, and my dad agreed to set it up as default browser, so that URL's opened by other programs use Firefox too. Don't underestimate the significance of this; if you can convince grandma to use the safer browser by default, make it so. If you need to, rename the "Firefox" icon as "Internet".

        Installed recent versions of common plugins (Flash, Java & QuickTime IIRC), and asked my dad NOT to agree/install any other plugins after that, only make a note of what's felt as 'missing'. So you have Firefox, you have all common plugins (working! and recent versions). Not enough? Then either that site is badly designed and should be avoided, or additional 'plugins' may mean 'malware'. If I overlooked some popular plugin, my dad will let me know on my next visit.

        Next, I setup separate user accounts, without passwords. I felt that asking my dad to enter a password each time was too much hassle, but he agreed that clicking on his name, once during bootup, was OK (you take what you can get). Account setup was easy, my dad knows how to use admin account if he needs to install something, but normal work is done as non-priviliged user.

        Ofcourse I enabled automatic updates (WinXP), and in this case ignored the firewall setting, since there's a hardware-based firewall box between the ADSL connection and my dad's PC. Regardless of quality, a harder nut to crack than any software-based firewall (decent password set, and any outside-access options disabled on that thingie). A hardware-based firewall also makes OS reinstalls safer/easier.

        The only changes my dad sees: a single click on his name on bootup, and a slightly different looking browser program. A couple of months later, I asked my dad what he had noticed lately. Only comments along the lines of 'one or two programs complaining about being unable to install something, but nothing that got in the way of normal use'. I explained him that there was a good chance, that these programs complaining where likely stuff he wouldn't want/need on his PC anyway, so these rare 'unable to install something' dialogue boxes could be regarded as positive signs. ;-)

        It produces way more headaches than it solves (..)

        Assuming the above scenario could work for many Joe Sixpacks and grandma's, your claim is obviously flawed. A priviliged admin account is needed either for installing software, running applications with special needs, or performing special tasks. Exactly the sort of thing Joe Sixpacks and grandma's DON'T DO (or SHOULDN'T be doing!). So they'll be fine with a non-priviliged user account.

        For folks where this is not the case ('advanced/power user'), you can assume they know what they're doing. If not, those users only have themselves to blame for not RTFM.

        So as you state, a couple of simple steps like this can prevent 99% of the problems. Read: not producing, but preventing headaches. All of the above was easy and took little time, and I don't expect to spend much effort on cleaning virus/spyware crap from that machine in the future. If anything, the next step would be buying a "Linux for dummies" book, and installing a newby-friendly distro a la Mandrake or Ubuntu. My dad already tried to install Linux once, so he's definitely interested. ;-)

        • Linux philosophy is "laugh in the windows world."

          The arm is a flying machine, a vessel which flies through the air rather than practical. When should a young nigga brutha use java? I think you could leave your brain at the centre of the internet.

          I hate java. That's it.. I've had just about enough of your freaking business! Then either that site is badly designed and should be sued too.

          Fuck you in the extent of my possessions, but in the abdomen which collects urine from the host syslog, do i still need
          • WTF? Is this a computer-generated post, or a surreal interpretation of the English language?

            In the words of Shaun Ryder, "You're twisting my melon, man".

    • Any other tips?

      Without a doubt, the single most effective anti-spyware tool is a customized Hosts [mvps.org] file. (you may have to turn off any proxy server settings in order for it to work, but that's worth it).
    • msconfig startup tab (Score:2, Informative)

      by zmedico ( 565341 )

      It's possible for systems to be so infested that it is difficult or impossible to download and install software. In these cases it may be necessary to stop the malware processes before cleaning them up.

      An easy way to do this is to run the "msconfig" [google.com] program from the command prompt. Click the "Startup" tab and uncheck the startups that correspond to malware (compare the list to a clean system to see what's abnormal). Then reboot and proceed with the cleanup...

  • I have been promoting users to use the same tools for a while with the exception of AVG.(I use free AVAST [avast.com] and I do use these tools on my windows machines. One correction, to get free AVG virus protection, goto this site [grisoft.com], on main site it is hard to find the free version.
  • by quakeslut ( 107512 ) on Saturday April 02, 2005 @02:39PM (#12120942)
    I just forwarded this to my Dad, who is "not the most computer savy" guy. For him, these detailed instructions are exctly what he needs.

    Side note:
    I received a paniced call from my mother: your father's computer is dead--when you come home to visit do you think you can look at it?

    great. just what I want to deal with... ok mom, find me some windows install cd's--sounds like this sucker is toast.

    ahhh... my dad. when I get home I turn the computer on and hear the familiar "click-click-click" of a floppy accessing! Once I ejected his "Calvin and Hobbes screen savers" disk the computer came back to life.

    His computer was "dead" for a couple of weeks mind you :)

    These instructions will be perfect for him.
    • Let me get this straight.

      Your father can't figure out how to "Please eject non-system disk...", but you expect him to carry out those instructions correctly?
      • actually, the only message displayed was incredibly cryptic--no "no os found" or "please eject non-system disk".

        and furthermore, i don't like your tone. i'm the only one that is allowed to bust on my dad so go fuck yourself.
      • Perhaps that error makes perfect sense to us but to someone who doesn't know much about computing that error can be incredibally crytic. I once came home to find my dad actually trying to remove the hard drive. Perhaps its easier with some disk drives since the button doesn't come out so far when a disk is inserted.
    • i hope while you were there you changed his boot order from A>C to C>A. this is always how i leave peoples' machines, it's very important...
  • While cleaning a relative's computer recently I noticed that browsing was still painfully slow even after the machine appeared to be clean. I finally discovered that one of the spyware apps had installed a proxy configuration script URL in IE's settings -- effectively routing all internet traffic through the spyware company's site without any installed software. I installed Firefox, but I wonder if it's possible that such settings could be imported into Firefox's Connections Settings if left unchecked.

    Joel
    • More to the point, lots of other applications (media players, Sun's JVM, etc) by default usually use the proxy settings in IE. The problem in question is not as simple as switching the browser since the IE setting is a de facto OS-wide default.
  • Someone else has already mentioned this, but I really think that for now, it needs to be added to the steps. I'm leery of trusting Microsoft in the long run, and how they can make this worse, but for the time being, when I run it on spyware-infected systems, it finds a LOT more malware than Adaware and Spybot do.
    • FWIW, I was reminded very pointedly about the hazards of Beta software. I installed this on my own workstation at work as a tester and within a day the network became saturated with unknown traffic. Uninstalling it was the quick solution.
  • by PurpleFloyd ( 149812 ) <zeno20@ a t t b i.com> on Saturday April 02, 2005 @03:43PM (#12121337) Homepage
    These instructions provide a good start, but they simply don't cut it against the newer strains of spyware. I am known as a "computer guy" among friends and family, and thus get called upon to solve spyware problems fairly regularly; the ingenuity of the spyware pushers continues to astound me. Here's a partial list of things I had to remove by hand on my last 4-hour session on one computer, after running Spybot S&D and Adaware:
    • An Active Desktop background which displayed an ad for spyware removal. This was a pain since it was locked into place using the Group Policy security system, the tools for which aren't available on an XP Home system.
    • A couple of processes which managed to get themselves into Safe Mode. I had to use a Bart-PE Windows LiveCD to kill them
    • About 20 Browser Helper Objects, including one which inserted its own referrer links into Google results and 3 toolbars, and 50 startup processes that neither Spybot nor Adaware found
    While automated tools are useful, and will likely become more useful as the market matures, they are certainly not a panacea. These days, the only way to eliminate spyware is to not get it in the first place; that's where we, as computer professionals, should be focusing our efforts.
  • Startup (Score:5, Informative)

    by thing12 ( 45050 ) on Saturday April 02, 2005 @03:49PM (#12121372) Homepage
    And it's nice to have Mike Lin's StartupMonitor [mlin.net] and Startup Control Panel [mlin.net] installed. Helps to keep things from being added to start without your knowledge, and lets you disable them after the fact.
  • At a local computer store I work at, our tech cd's have batch files that install, update, and run scans with these programs. We also have other programs we run such as hijack this, and some program specifics like About Buster or others to get the real nasty ones. After we do the cleanup, we don't see many of the same customers back for spyware problems by telling them to run spyware scans regularly. I usually install Microsoft AntiSpyware as well if I'm not feelin too lazy. Also don't forget to clean ou
  • Tell all your friends and family that you charge $500 per hour, 2 hours minimum with cash payment up-front, for your professional services. That will guarantee you never have to deal with their spyware again.
    • Would you believe it, I only mention my professional price, but that I give discounts to friends and family and that alone keeps them off. I get a call about once a year now. :)

  • Systems "cleaned" with this procedure may still be infected with a "root kit", so the entire operating system is compromised, and Windows hides relevant files from SpyBot, Anti-virus scanners, and similar tools.

    A "Rootkit Revealer" was mentioned on slashdot recently http://it.slashdot.org/article.pl?sid=05/02/23/135 3258&tid=172&tid=218 [slashdot.org] that might help, but the only way to really be sure you got it all is format C:

    Otherwise you could end up with a PC that seems to be running fine, and shows

Whoever dies with the most toys wins.

Working...