Windows 7 All-in-One
®
For Dummies
Book 6/Chapter 5: Fighting Viruses
and Other Scum
ISBN: 978-0-470-48763-1
Copyright of Wiley Publishing, Inc.
Indianapolis, Indiana
Posted with Permission
Chapter 5: Fighting Viruses
and Other Scum
In This Chapter
✓ Understanding how antivirus products work with Windows
✓ Downloading and installing AVG Free, a free-for-personal-use antivirus
program
✓ Using Windows Defender and other scumbusters
✓ Considering Microsoft Security Essentials, the latest member of the
antivirus/antispyware/antimalware genre
✓ Reining in programs that start automatically whenever you start
Windows 7
E very single Windows user should install, update, and religiously use an
antivirus program — no exceptions, no excuses.
One question I hear all the time is “Which antivirus program is the best?”
My answer: They all work well, but the one I like best is the one that costs
the least: Microsoft Security Essentials. MSE is absolutely free, and never,
uh, bugs you to upgrade or spend more money. If you don’t trust Microsoft
to protect its own software, there’s always AVG Free. I talk about AVG Free
briefly in this chapter. But for most people, most of the time — and for me,
and all my PCs, all the time — Microsoft Security Essentials does it all.
The second question I hear, right after the first: “Don’t I need one of those
fancy antivirus-firewall-spyware-kitchen-sink scanner packages? It’s hard
to find a simple antivirus program any more.” Yes, it’s true. The companies
that used to sell antivirus software now offer monstrous Swiss Army knife
mega-protection software, and they charge two arms and three legs for it.
I say bah. Actually, I say something a little less printable.
Although you definitely need a firewall, Windows 7 has a perfectly usable
one. (Yes, it’s only a one-way firewall; see Book VI, Chapter 3 for details.)
Microsoft Security Essentials covers the other bases. I also run Spybot–
Search & Destroy, right alongside MSE. Spybot–S&D is free. I tell you more
about this product in this chapter, too.
672 Making Sense of Malware
These days, first-class antivirus software is available at no cost for personal
use. You don’t have an excuse any more. I show you how to install and use
AVG Anti-Virus Free in this chapter. The free product from Avira named
AntiVir Personal (free-av.com) and Alwil’s Avast! Antivirus Home Edition
(avast.com) work quite well, too.
The best choice, far as I’m concerned, is Microsoft Security Essentials.
Although it’s a relative newcomer to the AV game, MSE consistently rates
highly in head-to-head tests. It installs easily, runs like the wind. It never,
ever tries to get you to spend more money on a different version. And, it
doesn’t cost a sou.
The upshot: You don’t need to spend the money or endure the hassle trying
to figure out those fancy-schmancy anti-everything products. Your computer
doesn’t need to spend half its waking hours running the sludge. What you
need is simple, fast, easy — and free. This chapter shows you how to put it
all together.
Making Sense of Malware
Although most people are more familiar with the term virus, viruses are only
part of the problem — a problem known as malware. Malware is made up of
the elements described in this list:
✦ Viruses: A computer virus is a program that replicates. That’s all.
Viruses generally replicate by attaching themselves to files — programs,
documents, spreadsheets — or replacing “genuine” operating system
files with bogus ones. They usually make copies of themselves whenever
they’re run.
You probably think that viruses delete files or make programs go belly-
up or wreak havoc in other nefarious ways. Some of them do. Many of
them don’t. Viruses sound scary, but they really aren’t. Most viruses
have such ridiculous bugs in them that they don’t get far “in the wild.”
✦ Trojans: Trojans (occasionally called Trojan horses) may or may not be
able to reproduce, but they always require that the user do something
to get them started. The most common Trojans these days appear as
programs downloaded from the Internet, or e-mail attachments: You
double-click an attachment, expecting to open a picture or a document,
and you get bit when a program comes in and clobbers your computer,
frequently sending out a gazillion messages, all with infected attach-
ments, without your knowledge or consent.
✦ Worms: Worms move from one computer to another over a network.
The worst ones replicate very quickly by shooting copies of themselves
over the Internet, taking advantage of holes in the operating systems (all
too frequently, Windows).
Understanding Antivirus Software 673
The first truly big virus
The world changed when John McAfee The Big Day arrived and . . . nothing. A few thou-
appeared on the Today show in March 1992 sand systems got clobbered, here and there,
and told Bryant Gumbel that the Michelangelo but Michelangelo turned into a dud of aston-
virus infected more than a million PCs. One ishing proportions. McAfee made millions. The
week later, the PC world was supposed to end. wire services fell silent. We all got huckstered.
All the major wire services ran alarming pre- Does history repeat itself in Internet time?
dictions — millions of dollars were forecast
to be lost in the wake of the largest computer
virus of all time. Book VI
Chapter 5
Fighting Viruses
and Other Scum
Some malware can carry bad payloads (programs that wreak destruction
on your system), but many of the worst offenders cause the most harm by
clogging networks (nearly bringing down the Internet itself, at times) and by
turning PCs into zombies, frequently called bots, which can be operated by
remote control. (I talk about bots and botnets in Book VI, Chapter 1.)
The most successful pieces of malware these days run as rootkits, programs
that evade detection by stealthily hooking into Windows in tricky ways.
Some nominally respectable companies (notably, Sony) have employed root-
kit technology to hide programs for their own profit. Rootkits are extremely
difficult to detect, and even harder to clean.
All these definitions are becoming more academic and less relevant, as the
trend shifts to blended-threat malware. Blended threats incorporate elements
of all three traditional kinds of malware — and more. Most of the most
successful “viruses” you read about in the press these days — Conficker,
Mebroot, and the like — are, in fact, blended-threat malware. They’ve come
a long way from old-fashioned viruses.
Understanding Antivirus Software
Antivirus (AV) software protects your computer from viruses, right? Well,
yes and no. Every AV product these days also protects your computer from
other forms of malware — Trojans and lions and bears, oh my! Most AV
products have turned into humongous “security suites” that ooze into every
Windows pore, gumming up systems and giving you untold headaches,
while demanding money on an all-too-regular basis. (Ever see Little Shop of
Horrors? Think of the line, “Feed me, Seymour!” But I digress.)
Most AV software packages these days work in two very different ways:
674 Understanding Antivirus Software
✦ Signature matching: The antivirus software looks inside files to see
whether any portion of the file matches a big database of known “bad”
snippets of data. When a new virus or worm is discovered, characteris-
tic parts of the infecting program are added to the signature database.
Signature matching still forms the backbone of the antivirus industry,
but the black-hat cretins are getting better at writing malware that modi-
fies itself, rendering signatures useless.
Some industry pundits observe (rightly) that a steady flow of updated
signature files drives revenue for the antivirus industry: If you drop your
subscription, you don’t get any new signatures. The antivirus software
industry has one of the few software products that becomes nearly
obsolete every few days. Powerful economic incentives exist to stick
with the signature-matching model — which, by its very nature, works
only after a new virus has been identified.
✦ Heuristic analysis: The antivirus software relies on the behavior (or
the expected behavior) of a program to catch the destructive software
before it has a chance to run. Although an enormous amount of research
has gone into heuristic analysis, a black box that determines whether a
file will mess up a PC is still a long way off. In fact, there are sound theo-
retical reasons why a perfect black box of that ilk can never exist.
When an AV program detects a bad piece of software, it normally asks
whether you want to quarantine the offending file — stick it in an out-of-the-
way place where the AV program can retrieve it if you need to — or simply
delete it.
Using Microsoft Security Essentials
Although Microsoft Security Essentials is a the best pieces of software Microsoft has ever
Johnny-come-lately on the AV scene, it rings made.
my chimes: It’s fast, easy (it has almost no
If you really, truly don’t trust Microsoft, you
options), effective, and free as the breeze. I’ve
can always use AVG Free — I talk about it
converted all my PCs to MSE — Windows XP,
later in this chapter. Whatever you do, dump
Windows Vista, and Windows 7 — and never
the bloated anti-everything-ware program that
looked back.
came with your PC. There’s no reason to pay
To get your copy, go to microsoft.com/ for protection over and over and over again. Get
security_essentials and watch the MSE or AVG Free and break the pay-pay-pay
installation video. Click the Download Now habit.
button and you’re on your way to using one of
Understanding Antivirus Software 675
Antivirus software typically watches for infections (using both signature
matching and heuristic analysis) in one of three ways, and each of the ways
hooks into Windows in a different manner:
✦ A complete scan: Typically, you schedule full scans of all your files in
the middle of the night, or shortly after you download a new signature
file. The antivirus program runs a full scan as soon as it’s up-to-date. A
complete scan runs just like any other program.
✦ On the fly: When you open a file or run a program, Windows alerts Book VI
your antivirus software, and the AV software kicks in to scan the file Chapter 5
before it’s run or opened. Similarly, if you download a program from the
Internet or run a program on a Web page, Windows has your AV soft-
Fighting Viruses
and Other Scum
ware check before you have a chance to shoot yourself in the foot.
✦ Lurking: Good antivirus software runs in the background, looking for
specific events that may be indicative of an infection. Some AV packages
include firewalls, spam blockers, and other components that take lurk-
ing to a higher level, but almost all AV software watches while you work,
running as a separate Windows task in the background.
In addition, all AV software scans e-mail messages and attachments for
infected files. Some scan before the mail reaches the e-mail program; others
scan as you open attachments.
Identifying the challenges for antivirus software
Antivirus software manufacturers face many pressures, but aside from
detecting all known viruses (and trying to catch some that aren’t yet known),
one top priority is performance. It takes time to scan a file, and computer
folks, impatient by nature, don’t like the idea of waiting while the AV soft-
ware does its thing. The next time your computer goes out to lunch while
you’re trying to open a file, take heart: The PC you save may be your own.
Another problem facing antivirus software and its creators is the ever-
changing nature of the game. Virus and worm writers can go to great
lengths to hide their malicious creations. The polymorphic virus illustrates
the point. A polymorphic virus changes every time it infects, so signature
matching doesn’t work well, if at all. One favored method for making a virus
polymorphic: Encrypt it using a key that changes every time the virus
infects. When the virus runs, its first job is to decrypt the main part of the
virus. After it’s decrypted, the main part goes out and infects, but the mali-
cious code it passes on is encrypted with a different password. Thus, no
676 Understanding Antivirus Software
two copies of the virus look the same, and signature-matching on anything
but the (typically very small) decrypting part of the virus doesn’t work.
Heuristic analysis of files to try to detect malware suffers from one near-
fatal flaw. By its nature, heuristic analysis looks at a program’s behavior
or expected behavior and draws conclusions about the program based on
what it looks like it’ll do. There’s no black-and-white, no signature-matching
“AHA! I got a real one!” finality to the analysis. Instead, heuristic programs
live in a world of shades of gray, where there’s a 60 percent chance that this
type of behavior is worm-like and a 78 percent chance that that behavior is
worm-like. Antivirus software analysts have to turn that kind of soft data into
an up-or-down “This is a virus” or “That isn’t a virus” result. Frequently, the
analysts (or, more correctly, their programs) don’t guess right.
Understanding false positives
The bane of antivirus software’s existence, a false positive, occurs when
a perfectly good file is identified as infected. Most frequently, simply by
chance, part of an uninfected file may contain the same sequence of charac-
ters as a virus, which triggers a signature match.
This all sounds like a gentlemanly mix-up, old chap, stiff upper lip and all
that, until you come across a file that appears to be infected but isn’t. One
major antivirus package recently flagged a perfectly valid Windows file as
infected — and of course, it wasn’t. The vendor fixed the screwy signature
file immediately, as you might imagine, but not before thousands of people
dutifully deleted the Windows system file.
Oh yeah. It happens all the time, with all sorts of files.
Be aware of the fact that antivirus software isn’t absolutely foolproof. Some-
times the identified bogeymen exist only as a figment of a pattern-matching
program’s imagination. Although you should take your antivirus program’s
recommendation as highly indicative of problems, remember that nothing is
infallible. If you see a virus warning that doesn’t make sense, quarantine the
problematic file (don’t delete it) and contact the company that created the
file, to see whether something has run afoul of an errant antivirus program.
Caring for your antivirus software
McAfee calls them DAT files. Symantec (Norton) calls them virus definitions,
as does Microsoft. F-Secure and Kaspersky both use the term antivirus data-
base, whereas Grisoft (AVG) goes the other way, with virus database. Trend
Micro (maker of PC-cillin) says pattern file. Panda uses signature files, and CA
has virus signatures. For Sophos, they’re IDEs. Microsoft Security Essentials
calls them virus and spyware definitions.
Understanding Antivirus Software 677
No matter what you call them, the signature-matching database
file lies at the center of every antivirus product’s capabilities.
Ground zero Windows before Microsoft patches it, we’re all
in a world of hurt. We’ve already seen several
Most Windows worm outbreaks — including 0day attacks, primarily based on Microsoft
the Slammer worm, which infected at least Excel, Word, and PowerPoint. But the first big
75,000 computers within ten minutes of its 0day worm that goes for Windows will wreak
release in January 2003 — rely on a known, havoc.
already-patched security hole in Windows.
A precedent exists. Way back in November
Conficker, which took the world by storm in
1988, Robert Morris, Jr., a grad student at Book VI
early 2009, similarly used unpatched systems
MIT, released a worm that brought down 6,000 Chapter 5
for its initial entrée. Systems that get infected
Unix machines — quite a large percentage
are frequently vulnerable because the people
of all computers connected to the Internet,
who run the systems don’t apply a patch that
Fighting Viruses
and Other Scum
such as it was. By all accounts, Morris wasn’t
was readily available from Microsoft. (I discuss
trying to hurt anything. He only wanted to see
patching in Book VI, Chapter 4.) The cretins
what would happen if a program could move
who write worms watch Microsoft patches
from machine to machine. The “version 1.0”
closely and try to create programs that exploit
worm that got out had mistakes in it — pro-
the patched holes, knowing full well that a
gramming bugs — that made it clog up every
large percentage of all systems connected to
infected machine, and the rest is history. The
the Internet aren’t updated often.
Computer Emergency Response Team (CERT;
Someday soon, that will change — and not for www.cert.org) was created in response to
the better. Morris’s worm.
A 0day worm (or zero day worm or ground Every antivirus software manufacturer now
zero worm) would use a previously unknown, tries to protect against 0day attacks, primarily
and therefore unpatched, hole in Windows. using heuristic analysis. The state of the art is
If the really clever guys in black hats ever
get smart enough to find a wide-open hole in
evolving. Right now, your best protection is to stay patched (see Book VI, Chapter 4) and to keep your antivirus
software up to date.
In normal use of your antivirus software, you should update its signature file
daily. I suggest that you do it in the morning, just before you start to work.
Most antivirus programs automatically run once a day. Here’s the security
schedule I recommend for most Windows 7 users:
✦ Keep an eye on Microsoft updates to Windows 7, but don’t install
them automatically (see Book VI, Chapter 4). Instead, wait until the
other pioneers have arrows in their backs, and then make sure that
your system won’t end up in worse condition after the patch. Check the
MS-DEFCON level on AskWoody.com for help.
✦ Download antivirus signature files daily. Your first job each morning
should be to verify that your AV software has been updated properly
678 Downloading and Installing AVG Free
and that the program’s icon is visible in your system tray, next to the
clock.
✦ Check for massive new outbreaks daily. Most AV software companies
have e-mail newsletters that can warn you of major new problems.
Checking your AV software manufacturer’s home page every day to
see whether any news is breaking is also worthwhile. Just keep in mind
that your AV manufacturer has a vested interest in getting you to buy
software.
Be leery of mainstream press reports of new, pending, or possible
infections. The folks who write those breathless newspaper articles
frequently don’t know what they’re talking about — they get the details
wrong and hype nonexistent problems. It’s far better to rely on more
trustworthy news sources, such as the SANS Internet Storm Center,
isc.sans.org, or Ryan Naraine’s articles on ZDNet, blogs.zdnet.
com/security.
✦ If you think you have a virus, report it to your antivirus software
manufacturer. See the nearby sidebar “How to report a virus” for
instructions.
✦ If a major outbreak occurs, don’t — I repeat, don’t — send e-mail to
all your friends. That only makes the problem worse. Pick up the phone
and call anyone who needs to know. Don’t worry. If it’s a big virus out-
break, they probably know already.
✦ Use your antivirus program to run a complete scan of your system
once a month. If you have your signatures updated and your antivirus
software is working properly, you don’t need to do a full scan very often.
Antivirus software manufacturers create new versions of their programs
from time to time, and, of course, they try to sell you the latest and greatest.
In my experience, “old” AV programs with properly updated signature files
are still effective six months or even a year after the “new” version comes
out. You may get zapped by a completely new piece of malware, but then
again, you might get zapped even if you’re running absolutely the latest
version of the antivirus software with up-to-the-second signature files.
Downloading and Installing AVG Free
I strongly recommend Microsoft Security Essentials as your AV program: it
provides all the antivirus and antispyware protection any normal Windows 7
user needs. (Okay, if you schlep around NSA secrets, thousands of credit
card numbers, or the 42nd Answer to the Ultimate Question of Life, the
Universe, and Everything, you may need more.) For almost everyone, MSE
does it all, and does it all well. See the earlier sidebar “Using Microsoft
Security Essentials.”
Downloading and Installing AVG Free 679
How to report a virus
Antivirus software manufacturers are con- ✓ McAfee: vil.nai.com/vil/submit
stantly looking for new malware. sample.aspx
Unfortunately, at least 90 percent (and prob- ✓ Symantec (Norton): symantec.com/
ably more like 99 percent) of what they receive avcenter/submit.html
is junk — requests for technical support, old
You don’t need to submit a new virus to more
hoaxes, viruses that have been around for a
than one manufacturer. They all talk to each
hundred years, and stuff that doesn’t bear any
other, regularly, vociferously, and new viruses
resemblance to real, infectious programs. Book VI
make their way rapidly from company to com-
If your computer has a new virus, your AV soft- pany. It’s a credit to the AV industry that the Chapter 5
ware manufacturer wants to hear from you. lines of communication have been kept open,
The instructions vary depending on the manu- even among fierce competitors, and that sam-
Fighting Viruses
and Other Scum
facturer (see the following list), but if you’re ples of “real” viruses are made available to
sure that you found a new creepy-crawly, by legitimate researchers, usually within hours of
all means submit it: being identified.
✓ AVG: virus@avg.com (Put the file in a You can also submit your suspected new virus
password-protected Zip file and e-mail it.) to Virustotal (virustotal.com) and have
it run scans of the infected file, using multiple
✓ F-Secure: analysis.f-secure.
antivirus products. Virustotal tells you whether
com/portal/login.html
your virus has been seen before.
✓ Frisk F-PROT: f-prot.com/virus
Check your antivirus software manufacturer’s
info/submission_form.html
site frequently. In fact, while you’re thinking
✓ Kaspersky: support.kaspersky about it, bookmark it or add the site to your
.ru/virlab/helpdesk.html Web browser’s Favorites list.
?LANG=en
If you don’t want to run a Microsoft antivirus product, I understand. Yes,
MSE has to reach deep into your computer and, yes, MSE may “phone home”
with details about viruses it has eviscerated. Yes, Microsoft has a horrible
track record with privacy. Yes, Microsoft updates are notorious for trigger-
ing system instability. (MSE updates itself automatically.) But in the short
time that MSE has been around, I’ve seen no significant problems in any of
those areas. On the contrary, MSE has been a model PC citizen and deported
itself well.
If you can’t stomach the idea of running another Microsoft product, though,
especially one so near to the heart of your machine, I commend to you the
antivirus program that I’ve used and recommended for many years: AVG
Free, from Grisoft.
Here’s how to download and install AVG Free:
680 Downloading and Installing AVG Free
1. Go to the Grisoft AVG-Free Web site (free.grisoft.com).
The main page should look something like the one shown in Figure 5-1.
Figure 5-1:
Start here
to download
AVG Free.
2. Click the Get It Now link on the left side of the page.
The people who make AVG want you to buy the Complete Internet
Security package. If you feel so inclined, by all means do so. But for most
people, the free “basic” antivirus protection works just fine.
Don’t be confused by offers of a “free trial.” You don’t want a free trial of
the AVG for-pay package. You want the free version, officially named
AVG Anti-Virus Free Edition.
3. At the bottom of the AVG Anti-Virus Free page, click the Free for
Private Use Only/Download button.
AVG opens an advisor page, where you’re once again given a choice
between the Free Edition and a “free” premium package that has many
strings attached (sponsored by TrialPay [trialpay.com]).
4. Click the Download Now link to download the AVG-Free .exe file.
You may find yourself diverted to the CNET Web site (cnet.com).
That’s okay. Follow the instructions to download the software. When the
download finishes, run the file, click through the User Account Control
prompt, choose your setup language, and click the Next button.
5. Accept the default settings (don’t install any toolbars, of course — no
need to add any more junk to your system), but when the installer
Downloading and Installing AVG Free 681
asks whether you want to perform a standard or custom installation,
choose Custom and click Next. Keep clicking Next until you see the
Component Selection window, shown in Figure 5-2.
Book VI
Chapter 5
Figure 5-2:
The
Fighting Viruses
and Other Scum
Component
Selection
dialog box.
6. In the Component Selection window, deselect the LinkScanner check
box. Then click Next, and then Finish.
I don’t like LinkScanner, so I suggest that you refrain from installing it. See
the nearby sidebar “What is LinkScanner?” for my take on the situation.
The AVG Free installer announces that it’s complete, but it isn’t.
7. When you see the Installation Is Complete window, click OK.
AVG immediately starts its First Run Wizard, shown in Figure 5-3.
Figure 5-3:
Installation
isn’t
complete
until you
complete
the First Run
Wizard.
682 Downloading and Installing AVG Free
8. Click Next. Follow along to set the time to update the signature files
every day. If AVG asks, of course you don’t want to provide informa-
tion about detected threats to AVG. Check for the latest updates. Skip
the Registration and you’re done.
AVG Free starts running.
9. In the notification area, to the left of the time display, click the up
arrow and choose the AVG icon.
The main AVG Free window appears, as shown in Figure 5-4. You can
click the X (Close) button, if you like, and AVG Free keeps running.
Figure 5-4:
You can
safely
ignore the
dire AVG
warning at
the bottom.
AVG Free always shows a dire warning at the bottom of its main window
about how you need to enhance your protection, or how there are a zil-
lion reasons why you need to pay for antivirus protection. If you want to
believe the marketing, go right ahead.
If you messed up and installed the AVG Free LinkScanner by mistake, you
can turn it off. Here’s how:
1. In the notification area, near the time display, click the up arrow and
then double-click the AVG Free icon.
Downloading and Installing AVG Free 683
If you have LinkScanner installed, a LinkScanner icon appears in the
middle of the AVG control window, as shown in Figure 5-5.
The privacy-robbing Link Scanner feature
Book VI
Chapter 5
Fighting Viruses
and Other Scum
Figure 5-5:
If you
installed
Link-
Scanner,
it appears
in the AVG
Free main
window.
2. In the main AVG control window, choose Tools➪Advanced Settings. In
the Advanced Settings dialog box, on the left, choose LinkScanner.
You see the LinkScanner settings shown in Figure 5-6.
Figure 5-6:
Disable
LinkScanner
by clearing
all these
boxes.
684 Downloading and Installing AVG Free
3. Deselect the check boxes marked Enable AVG Search-Shield and
Enable AVG Active Surf-Shield. Click OK.
You return to the main AVG Free control window, where you see the red
warning message, You may not be protected! Some components
report an error. Oh me, oh my — how will you ever sur-
vive without LinkScanner? (Okay, I fibbed about that last one.)
4. In the main AVG control window (again), choose Tools➪Ignore Faulty
Conditions. On the right, in the component area, select the check box
marked LinkScanner. Click OK.
AVG reports that you have decided to disable warnings about
LinkScanner (see Figure 5-7), you naughty computer owner.
Figure 5-7:
Mission
accomp-
lished —
LinkScanner
is both
disabled
and stifled.
5. Click the X button to close the AVG control window.
Don’t worry: AVG Free keeps working. The X only removes the control
window; it doesn’t stop AVG Free.
If you like AVG Free, tell your friends! Grisoft makes its money by selling cor-
porate licenses and by peddling the regular version, which includes several
additional features and a less-congested signature-file download site. While
you’re at it, tell your friends how to disable LinkScanner, too.
Dealing with Spyware 685
What is LinkScanner?
Grisoft, the company that makes AVG Free, That changed in July 2008, when LinkScanner
bought the LinkScanner technology in started using a blacklist that’s downloaded
December 2007 and incorporated it into AVG to your PC. AVG says that it now scans links
Free. only as they’re clicked, which means that
LinkScanner harvests only part of your Web-
The concept behind LinkScanner is straight-
browsing history — and AVG no doubt sells
forward: Every time you run a search (say,
the logs to one of the major data-collection
through Google), LinkScanner kicks in, looks at
companies.
all the Web sites returned by the search, and Book VI
gives you a quick thumbs-up-or-thumbs-down I don’t like LinkScanner. It sends information Chapter 5
take on each site, warning you if the site har- about my Web-surfing history to AVG. It has
bors malware. caused problems in the past. Google itself
Fighting Viruses
and Other Scum
now flags pages that are suspected to harbor
Many Webmasters complained that
malware. And Firefox does a better job in
LinkScanner was artificially inflating “hit” sta-
almost every respect, with little invasion of my
tistics for Web sites. Every time you looked at a
privacy.
new page of Google results, LinkScanner used
to run out to all the Web sites and check them.
Dealing with Spyware
If you take my advice and install Microsoft Security Essentials, the MSE
installer switches off the built-in Windows 7 antispyware program Windows
Defender.
You may know Windows Defender from its (brief) tenure in Windows Vista.
Defender drew a lot of fire for errors of both omission and commission.
Five years ago, both CNET and the New York Times reported anonymous
sources as saying that Microsoft was “in talks” to acquire Claria, a company
best known for its scummy product Gator. About the same time, Windows
Defender suddenly changed its treatment of Gator (see the eWeek story
at eweek.com/c/a/Security/Why-Microsoft-AntiSpyware-Is-
Untrustworthy). Was one related to the other? Who knows?
In the end, though, many people didn’t trust Windows Defender. Few
Windows customers will regret its passing: With the release of Microsoft
Security Essentials, Defender has well and truly been put out to pasture.
686 Dealing with Spyware
Here’s the bottom line: I strongly recommend that you use Microsoft
Security Essentials. It replaces and, in all respects, greatly improves on
Windows Defender. If you don’t want to trust Microsoft with antivirus duties,
use AVG Free, realizing that Windows Defender is still hanging around. In
either case, don’t get complacent with the Microsoft opinion of what consti-
tutes spyware. See the section on blocking spies with Spybot–S&D for
details.
Where’s Defender?
Although Windows Defender occupies a prominent place on the Windows XP
and Vista Start menus, in Windows 7 it’s buried. (If you’ve installed Microsoft
Security Essentials, Defender has been cut off completely.)
If Windows Defender finds something wrong, it raises an alarm in the Action
Center (see Book VI, Chapter 2). At that point, you can click a link and open
Windows Defender.
If you just want to see how Defender’s doing, it’s hard to find. Here’s how to
open it:
1. Choose Start, and then immediately type defe and press Enter.
Alternatively, you can choose Start➪Control Panel, and in the upper-
right corner, choose View By Large Icons, and then double-click
Windows Defender.
However you uncover Defender, it appears as shown in Figure 5-8.
Figure 5-8:
Windows
Defender —
if you can
find it.
2. To run a quick scan of your PC, click the Scan icon.
Dealing with Spyware 687
Windows Defender looks in the places that are most likely to harbor
spyware and reports on its findings.
If Defender finds any dicey programs, it shows you a list of the offenders
by alert level: Severe/High or Medium/Low. Windows Defender tells you
where the spyware appeared and gives you the option to ignore, quaran-
tine, remove, or always allow that item.
3. To see the results of your most recent scans, click the History icon. To
adjust the default settings, click the Tools icon (see Figure 5-9).
Book VI
Chapter 5
Fighting Viruses
and Other Scum
Figure 5-9:
The
Defender
tools.
Inside Windows Defender you see several references to Microsoft
SpyNet. At one time, SpyNet was a privacy-busting feature worth your
attention and, uh, benign neglect. Nowadays, it seems to function pri-
marily as a mechanism for collecting infection statistics — and even that
role may be going away. If I hear of any problems with SpyNet, I’ll raise
the alarm on AskWoody.com.
4. Click the X button to close Defender.
Windows Defender continues to work in the background.
Blocking spies with Spybot–S&D
Don’t rely on Microsoft Security Essentials alone to protect your computer
from scummy programs. Microsoft has shown an alarming, shall we say, flex-
ibility in the way it makes recommendations about quarantining or ignoring
specific pieces of junkware.
As of this writing, the best “second” antispyware program I’ve found —
which is to say, the antispyware program I use alongside Microsoft Security
Essentials — is Webroot SpySweeper (webroot.com), which costs $30 for
one year of $40 for two. Thorough, capable, and unobtrusive, it can work
688 Dealing with Spyware
side by side with MSE; and the manufacturer has a long record of protecting
consumers from big, rich, powerful scum companies.
However, I use a Webroot SpySweeper competitor: Spybot–Search &
Destroy. It’s free (for personal use) and works pretty darn well. Even though
I run Microsoft Security Essentials, and thus already have a free antispyware
program, I still run Spybot–S&D from time to time. Two spyware heads are
better than one.
Here’s how to get SpyBot–S&D going with Windows 7:
1. Crank up your favorite Web browser and go to spybot.com.
After selecting a country of origin, you’re redirected to safer-
networking.org, the home of Spybot–Search & Destroy (see
Figure 5-10).
Figure 5-10:
Spybot–
S&D —
my choice
of (free!)
antispyware
programs.
2. On the right, under Products, click the icon to the left of Spybot–
Search & Destroy. On the next page, scroll down and click the link to
download Spybot–Search & Destroy. On the next page, click one of
the Download Here links. On the next page, click Download.
Whew. Are you still with me?
3. Go through the usual machinations to download and run the installer.
Personally, I accept all the default settings, but you may not want
TeaTimer. See the sidebar “Spybot–S&D options” for details.
When the installer finishes, Spybot–S&D offers to create a Registry
backup (which I decline), introduces the tutorial (which I strongly rec-
ommend), and shows you the main Spybot–Search & Destroy window,
shown in Figure 5-11.
4. Click the button marked Check for Problems.
Dealing with Spyware 689
Spybot–S&D performs a full scan of your system. It can take an hour or
more, so be patient. The report (see Figure 5-12) will surprise you —
guaranteed.
5. When you’re done, click the X button to close the main window.
Be sure to take the tutorial. It introduces you to many Spybot–Search &
Destroy capabilities, including rootkit detection — good stuff.
Book VI
Chapter 5
Fighting Viruses
and Other Scum
Figure 5-11:
The Spybot–
Search &
Destroy
command
center.
Figure 5-12:
Spybot–
S&D finds
a bunch of
third-party
“tracking”
cookies.
690 Blocking Bad Autostarting Programs
Spybot–S&D options
When you install Spybot–S&D, you have a snapshot of important Registry settings
chance to install and run two ancillary applica- and monitors those Registry keys as pro-
tions. I run both, but you might not want to run grams run. If a program tries to change
TeaTimer, especially if you have a slower PC: one of the keys, TeaTimer tells you. It can
restore the Registry to its earlier state, too,
✓ TeaTimer is the resident part of Spybot–
if you so choose.
S&D. It runs all the time, in the background,
looking as Windows programs start ✓ Security Center Integration makes
and comparing them to its blacklist of Windows 7 aware of Spybot–S&D’s pres-
known scummy programs. TeaTimer takes a ence, by hooking into the Action Center.
If you use Spybot–Search & Destroy, recommend it to your friends and don’t
forget to drop off a donation.
Blocking Bad Autostarting Programs
Windows automatically runs certain programs every time you start it, and
those programs can prove cantankerous at times. So how do you prevent
scummy programs from running every time you start Windows?
Both the Windows XP and Windows Vista versions of Windows Defender
include the handy feature named Software Explorer, which lets you look at
and, optionally, throttle any or all of the programs that start automatically,
every time you boot Windows.
Unfortunately, Windows Defender in Windows 7 doesn’t have a Software
Explorer. Microsoft ditched it. Fortunately, there’s a better way — from
Microsoft, no less.
Microsoft distributes the Autoruns.exe program, which runs rings around
the old Windows Defender Software Explorer. Autoruns started as a free
product from the small company Sysinternals, and it owes its existence
to Mark Russinovich and Bryce Cogswell, two of the most knowledgeable
Windows folks on the planet. In July 2006, Microsoft bought Sysinternals.
Mark became a Microsoft Demigod, er, Fellow. Microsoft promised that all
the free Sysinternals products would remain free. And, wonder of wonders,
that’s exactly what happened. Autoruns is updated frequently and works like
a champ — and it’s still absolutely free.
Blocking Bad Autostarting Programs 691
To get Autoruns working, download Autoruns.zip from technet.
microsoft.com/en-us/sysinternals/bb963902.aspx. Double-click
the file and click and drag Autoruns.exe to your desktop. (The other pro-
gram, Autorunsc.exe, is the command-line version of Autoruns. Chances
are good that you’ll never need it.)
Here’s how to use Autoruns:
1. Double-click Autoruns.exe.
You see a report like the one shown in Figure 5-13.
Book VI
Chapter 5
Fighting Viruses
and Other Scum
Figure 5-13:
Autoruns
lists all
programs
that run
automati-
cally in
Windows,
in the order
they’re
started.
The check box in front of each listed program controls whether
Windows starts the program automatically: Deselect the check box, and
the next time you boot Windows, that program gets left out.
2. To see details about an individual program, click its name once.
Basic information about the program appears at the bottom of the
window. For example, in Figure 5-13, I look at the details for the Adobe
Acrobat SpeedLauncher.
3. To find more information about an autostarting program, right-click it
and choose Search Online.
This step runs a search on the program’s name, using your default
browser (in my case, Firefox) and its default search engine (in my case,
Google).
When I right-click the Adobe Acrobat SpeedLauncher and choose Search
Online, the second Google result leads to the page shown in Figure 5-14.
692 Blocking Bad Autostarting Programs
Figure 5-14:
The
liutili
ties.
com Web
site says
that the
Acrobat
Speed-
Launcher
is a “non-
essential”
process.
4. If you find an autostarting program that you want to prevent from
launching automatically, deselect the check box in front of it.
Read the nearby “Don’t kill these” sidebar before you squelch anything
questionable.
5. To hide all the Microsoft programs on the Autoruns list, choose
Options➪Hide Microsoft and Windows Entries, and then click the
Refresh icon.
You see an abbreviated list that includes only non-Microsoft products,
as shown in Figure 5-15.
Figure 5-15:
Autoruns
lets you
suppress
the
Microsoft
programs.
6. When you’re done with Autoruns, click the X Close button to close it.
You have to restart Windows for your changes to take effect.
Blocking Bad Autostarting Programs 693
Don’t kill these
Of course, you shouldn’t disable an autostart- one at a time. That way when you reboot your
ing program just because it looks superfluous, machine, if something goes belly-up, you stand
or even because a blogger figures that it’s a good chance of identifying which program
contributing to global warming or slow start- was the culprit.
ups, whichever comes first. As a general rule,
In a nutshell, avoid messing with any of the
if you don’t know exactly what an autostarting
system settings. You can play with items in the
program does, don’t touch it. It’s not nice to fool
\CurrentVersion\Run Registry keys or
with Mother Nature.
the \Start Menu\Programs\Startup Book VI
You can find detailed, expert advice on what directories, but you can mess up your applica- Chapter 5
you should or should not touch with Autoruns tion programs if you zap entries willy-nilly. You
at forum.sysinternals.com/forum_ can disable Internet Explorer browser objects
Fighting Viruses
and Other Scum
posts.asp?TID=5226. if you think that they’re causing problems, but
be on the lookout for programs that go belly-up
As a general rule, when zapping auto-starting
the next time you start IE.
programs and background services, take out
694 Book VI: Securing Windows 7
Table of Contents
Introduction
About This Book
Conventions
What You Don’t Have to Read
Foolish Assumptions
Organization
Icons
Where to Go from Here
Book 1: Cranking Up Windows 7
Chapter 1. Windows 7 4 Noobs
Why do PCs Have to Run Windows?
Buying a Windows 7 Computer
A Terminology Survival Kit
Chapter 2. Windows 7 for the Experienced
What’s New for Vista Victims
What’s New for the XP Crowd
Do You Need Windows 7?
Chapter 3. Which Version? Pick a 7, any 7
Chapter 4. Upgrades, Clean Installs, Transfers
Product Activation
What if the Wheels Fall Off?
Chapter 5. Getting Essentials: The Rest of Windows 7
Understanding Live Essentials
Inventorying the Essentials
Installing Essentially
Book 2: Windows Boot Camp
Chapter 1. Running Windows from Start to Finish
Making the Desktop your own
Mousing with Your Mouse
Working with Files and Folders
Starting with the Start Button
Using Windows Explorer
Arranging libraries
Creating shortcuts and pinning
Sleep and Logoff
Chapter 2. Controlling Users
Logging On
Choosing account types
Adding Users
Setting Passwords
Enabling the Guest Account
Changing Accounts
Switching users
Working with User Account Control
Chapter 3. Maintaining Your System
Using the Control Panel
Removing Programs
Removing Windows Patches
Making Backups
Maintaining Disks
Scheduling Task Scheduler
Zipping and Compression
Creating Checkpoints and System Restore
Using the Windows 7 Resource Monitor
Chapter 4. Getting the Basic Stuff Done
Burning CDs and DVDs
Improving Your Experience Index
Getting Word Processing - Free
Calculating - Free
Painting
Sticking Sticky Notes
Using Sneaky Key Commands
Chapter 5. Getting Help with Windows 7
Tackling Windows Help and Support
Control Panel’s Troubleshooting Wizards
How to Really Get Help
Snapping and Recording Your Problems
Connecting to Remote Assistance
Getting the Most from Windows 7 Help
Getting Help on the Web
Book 3: Customizing Windows 7
Chapter 1. Personalizing Your Desktop
Recognizing Desktop Levels
Setting Themes in Windows 7
Get Yer Gadgets Here
Controlling Icons
Changing Mouse Pointers
Selecting Screen Savers
Seeing Desktop Text
Chapter 2. Organizing Your Interface
Taming the Taskbar
Adding Other Toolbars to the Taskbar
Customizing the Start Menu
Adding your own All Programs Entries
Controlling the Notification Area
Making Your Program Start Every Time
Chapter 3. Searching Your Computer
A Brief History of Finds
Searching Basics
Saving and Re-Using Searches
Windows Search Advanced Query Syntax
Chapter 4. Beating and Cheating Windows 7’s Games
Book 4: Joining the Multimedia Mix
Chapter 1. Jammin’ with Windows Media Player
What You Need to Know About CRAP Music and Videos
Adjusting WMP Privacy Settings
Playing with Now Playing
Copying from a CD: Also Known as Ripping
Organizing Your Media Library
Burning CDs and DVDs
Syncing with a Portable Player/Mobile Phone
Choosing a Skin
Customizing WMP
Chapter 2. iPod and iTunes in Win7
What You Can’t Do
iPod the Apple Way
Syncing
Copying Songs to Your PC
The iPod Ecosystem
Chapter 3. Discovering Digital Cameras and Recorders
Choosing a Camera
How to Buy a Camera/Camcorder
Moving Images to Your Computer
Sharing Your Pictures on the Web
Troubleshooting
Chapter 4. Setting up Media Center
Understanding Media Center
Setting Up a Media Center PC
Running Media Center
Getting the Most out of Other Media
Chapter 5. Managing Pics with Photo Gallery
Chapter 6. Lights! Action! Windows Movie Maker
Introducing Windows Movie Maker
Gathering Clips
Assembling a Movie
Publishing the Movie
Book 5: Windows and the Internet
Chapter 1. Getting the Most from the Internet
What Is the Internet?
Getting Inside the Internet
What is the World Wide Web?
Who Pays for All This Stuff?
Connecting with Fiber, Wire or Wireless
Setting Up an Internet Connection
Running WiFi in your office or home
Finding Internet Reference Tools
Chapter 2. Finding Your Way around Internet Explorer and Firefox
Exploring Internet Explorer Alternatives
Ready, Set, Browse!
Taking a Walk around the IE Window
Surfing with Style
Pick a Tab, Any Tab
Thwarting Phishers
Doing Stuff with Web Pages
Playing Favorites
Chapter 3. Making Internet Explorer Your Own
Getting the Most from IE
Making IE Run Faster
Using Links
Dealing with Cookies
Working with RSS Feeds
Chapter 4. Using Firefox: The Advanced Course
Tips and Tricks for Firefox
Best Add-Ins
Working with RSS Feeds
Chapter 5. Searching on the Internet
Choosing a Search Engine
Changing Search Engines
Googling Tricks
Chapter 6. Sending Windows Mail Live
Choosing an E-Mail Program
Getting Started with Windows Live Mail
Conversing with E-Mail
Chapter 7. Chatting with Windows Live Messenger
Exploring the Alternatives
Making Windows Live Messenger Work
Tweaking Settings in Windows Live Messenger
Sharing Folders
Book 6: Securing Windows 7
Chapter 1. Lock Down: Spies, Spams, Scams and Slams
Understanding the Hazards
Staying Informed
Getting Protected
Don’t Become Part of the Problem
Parental Controls
Bitlocker
Chapter 2. Action Center Overview
Entering the Action Center
Working with the Action Center
Looking for Godot… er, Scanning for Rootkits
Chapter 3. Windows Firewall
Comparing Firewalls
Understanding Windows Firewall
Speaking Your Firewall’s Lingo
Peeking into Your Firewall
Starting, Stopping and Goosing the Inbound Firewall
Making Inbound Exceptions
Coping with Windows 7’s Outbound Firewall
Chapter 4. Patching and Plugging
Choosing an Automatic Update Level
Setting Your Update Level
Selectively Patching
Getting what you Need from a Security Bulletin
Chapter 5. Virus Protection and the Big Defender
Understanding Antivirus Software
Caring for Your Antivirus Program
Downloading and Installing AVG-Free
Dealing with Spyware
Book 7: Networking with Windows 7
Chapter 1. Attaching to a Network
How Homegroups Work
Using Public, Private and Home Networks
Playing WiFi Hide-and-Seek
Chapter 2. Setting Up Your Own Network
Understanding Networks
Organizing Networks
Cutting Through the Terminology
Making Computers Talk
Chapter 3. Building Your Network
Planning Your Network
Installing Your Network
Troubleshooting
Chapter 4. Putting the Why in Wi-Fi
802.11g
Installing a Wireless System
Securing a Wireless Network
Chapter 5. Connecting to Windows Home Server
Book 8: Using Other Hardware
Chapter 1: Finding and Installing the Hardware You Want
Understanding Hardware Types
Upgrading the Basic Stuff
Choosing a New Monitor
Picking a Video Adapter
Upgrading Keyboards
Choosing a Mouse – or Alternatives
Key Drives, SuperFetch, and ReadyBoost
USB Hubs
Installing New Hardware
Chapter 2: Using Device Stage
Chapter 3: Adding a Second (or Third) Hard Drive
Choosing a Second Hard Drive
Interfaces for Disk Drives
Installing a new SATA Hard Drive
Troubleshooting
Chapter 4: Picking Printers/Scanners/Faxes
Evaluating Printers
Installing a Printer
Using the Print Queue
Troubleshooting