• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 621
  • Last Modified:

Any security software I can run from outside Windows (XP)?

I'm about to wipe my PC and reload everything, mostly for security purposes.  I currently have Norton Internet Security 2011 and MalwareBytes Anti-Malware loaded and always running.  I'll probably add Super Anti-Spyware.  Right now, I also have a not updated version of CounterSpy; this program has been discontinued.  Anyway, all of these run within Windows.

Since this will be a good time to download more software, that is to say right after I reformat the drive--anything else I should do at that time, for example checking for rootkits?  how?--can I get some suggestions about programs I can store on a CD/DVD, boot to, and run from outside of Windows?  My DOS knowledge is very limited, and my Linux knowledge is non-existent.  I presume you get why I want to run some kind of scan(s) from time to time outside of Windows.

Can any evil software survive a total reformat using the PC manufacturer's discs?  I read something on Wikipedia about (I think) rootkits living in the PC's BIOS, or something like that.  Also, if I have an infected, external hard drive, will Norton and MalwareBytes (and maybe Super Anti-Spyware) protect the PC from becoming infected during the installation of the "new" (to the PC) process?

Thanks.
0
therearestupidquestions
Asked:
therearestupidquestions
6 Solutions
 
bdsuserCommented:
If you delete the partition on the drive and create a new one, I don't think anything is likely to survive that.  With all the security software you run I'm surprised your computer runs at all.  If Norton isn't doing the job then get something else that will.  

If you are having problems with lots of spyware and adware then its time to change your habits.  No amount of security software will protect you from bad user habits.

The newest Internet Browsers have secure browser windows available (eg. Chrome calls it Incognito Window, IE calls it InPrivate browsing).  Learn to use these secure browsers for high risk internet browsing.  If you are into internet games I recommend learning how to use Virtual PC, so you only damage the virtual environmental and not the main OS.  

Advertisers have no morals, so website with lots of ads are great candidates to get adware and maleware.  In my opinion Facebook and My Space are among the worst.  

There is nothing free on the internet, everything has a cost, you just can't always see the cost.  By all means stop downloading free software on the internet.  
0
 
therearestupidquestionsAuthor Commented:
bdsuser:

You said, "There is nothing free on the internet, everything has a cost, you just can't always see the cost.  By all means stop downloading free software on the internet."

This strikes me as black-and-white thinking.  The real world is shades of grey.  Mozilla Firefox, for example, is free.  Do you have a problem with that program?

I'm not trying to be hostile.  I'm just trying to get at a reliable answer.

Thank you for your input, despite what I just said...and despite the fact it didn't answer my question.
0
 
LlanoVCommented:
Morning,

Yes there is help for free!
Check out the following link http://www.avg.com/za-en/avg-rescue-cd

My company is a register Gold Partner and reseller of the AVG product range. I would suggest using the AVG Rescue CD as added security check for your system after the format. The product can be used on a live system as well.

Just download the ISO and create a CD as instructed. Once this is done, you can simply boot from the drive of choice directly to the AVG menu, where you can scan for viruses, edit files, test your drive, or even edit the registry. You can also access a number of common Linux tools to make changes to your system

Hope this helps
Have a great day!
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
phototropicCommented:
There is a good list of  av boot discs here:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

These are ALL free, and operate in the way you describe - boot to the disc and run scans from outside Windows.

There are also PE (Preinstallation Environment) bootdiscs.  Of these, UBCD4Win is possibly the most popular:

http://www.ubcd4win.com/

Good article about this here:

http://www.experts-exchange.com/Storage/Misc/A_3038-Boot-Disks-UBCD-UBCD4Win-and-SARDU.html?sfQueryTermInfo=1+30+boot+disk

Bear in mind that a lot of contemporary malware will evade capture by this method.  Boot discs and slaving hdd's are not as effective as they once were.  There is an article about this here:

http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html

Good luck!!!
0
 
younghvCommented:
Many (most?) current variants of malware run using randomly named processes and files, so scanning 'outside' of Windows is nowhere near as effective as it once was.

The best scanner tools are designed to run while Windows is booted - and the rogue processes are actually running on you system.

I suggest that you re-think your choice of tools for protecting your system. Norton/Symantec products have been off my personal use list for many years; based on their inference with the basic Windows OS's and the poor results of blocking basic malware.

Microsoft Security Essentials (MSE) and Malwarebytes (Pro) are loaded on every system that leaves my repair shop. MSE is fully free and is configurable for both updating and scanning. MBAM (Pro) will cost you about US$25 for a lifetime license.

Both products give you 24/7 'on-access' protection so that files transferred to/from your external drive - as well as Internet and Email activity - are being scanned.

There is no need to run the other programs you mention. They are redundant and a waste of system resources.

In all cases involving malware, prevention is much better than repair...which is why I wrote this EE Article:
MALWARE - "An Ounce of Prevention..."
0
 
therearestupidquestionsAuthor Commented:
I'm bumping up the points value, in this case from 250 to 350.  If I get more responses, there will no doubt be more than one correct answer.  So, I want to make sure that everybody who gives helpful answers will get a significant number of points.

Therefore, I suspect I'm going to end up bumping up the points value again.

I thank everybody for their comments so far.
0
 
therearestupidquestionsAuthor Commented:
LlanoV and phototropic:

Good answers!

Thanks.
0
 
therearestupidquestionsAuthor Commented:
bdsuser:

I forgot to mention another issue regarding your post.  Before I do, let me re-emphasize that my prior reply to you (ID: 37036124) was truly, sincerely not intended to be hostile.  However, on re-reading my reply, I realize that it could be interpreted as such, but the reader would really have to be kind of looking to be offended.  (I know at least one person who could be described this way.)  Anyway, I hope you weren't, offended that is.

Anyway, here's my other issue.  When you said, "If you delete the partition on the drive and create a new one, I don't think anything is likely to survive that," I need to know what kind of expertise you have.  Is this just a semi-educated guess, or are you a security expert (with solid academic credentials in the field), Etc.?  Does anybody else agree or disagree?

I actually have another issue related to your post.  You said, "If Norton isn't doing the job then get something else that will."  That's sound advice for sure.  However, my concern is that I don't know if Norton is doing the job or not.  That's why I want to run periodic scans using other programs...to see if something bad slipped past Norton.  This seems like sound reasoning to me.  There's no real need for you to comment on this paragraph, but if you have something to say, I'd be interested in reading it.

Thanks.
0
 
therearestupidquestionsAuthor Commented:
Younghv:

You raise some interesting points, including calling into question the basic assumption behind my question.  My thinking/assumption was that running security software from within Windows on an infected PC would give this infection the opportunity to defend itself against security software, so better to run a periodic scan where Windows is not running.  Does anybody else agree with Younghv that my reasoning here is wrong?  Regarding Microsoft Security Essentials, I don't think I've ever read a review showing it to be anything but inferior to Symantec (and Kaspersky) products, but you seem to disagree.  Can you explain why you're right and every review I've ever read is wrong...or why I'm wrong, and there is no real conflict between the opinion you just expressed and the endless reviews I just mentioned?

You also said, "Norton/Symantec products have been off my personal use list for many years[,] based on their inference with the basic Windows [OS] and the poor results of blocking basic malware."  1st, I agree that Norton just takes over one's computer.  I suspect that it might be to blame for my ongoing problems in getting certain Adobe software, notably Flash and Adobe Reader, to update.  For example, it severely impairs, maybe even destroys, WinXP's "System Restore" feature.  Unfortunately, my PC came preloaded with the version of Norton Internet Security that existed around the time just before Vista got released, and, as I'm sure you know, it's just impossible to fully get rid of Norton products once they're on your PC.  Symantec offers a tool claiming to do this, but I've seen evidence--I don't recall what it was--that this tool does not fully get Norton uninstalled.  So, anyway, I'm inclined to stick with NIS, but I'm open to explanations about why this is a bad idea.

Finally, you also said, "The best scanner tools are designed to run while Windows is booted...."  Superantispyware, if I recall--and I think I do--does have this feature.  So does MalwareBytes' Anti-Malware, again, if I recall.  Agreed?

Thanks.
0
 
therearestupidquestionsAuthor Commented:
To all:

I'm still very interested the questions I originally posted, especially one.  When plugging in a new (actually already used), potentially-infected, external hard drive, is this a special opportunity for problems to be transferred from such a hard drive to my PC, or will my security software protect my PC?  If the former is the case, which I suspect it is, how to get around this especially nasty vulnerability?

Also, and this is partially based on Younghv's comments, what do people suggest as programs that do run from within Windows but don't provide active protection?  That is to say, they won't protect the PC from getting infected with malware, but, by running a scan with one of them, I may be able to detect that malware got into my system; ideally, they'll then try to clean that off of my system.  Cost is a big factor, but I'm still interested in programs one has to pay for.

Thanks everybody.
0
 
younghvCommented:
I will compose a detailed response for you, but you would do well to read the EE Articles that have been linked up above.

The whole idea behind writing Articles on EE is to provide a source of "Subject Matter Expert" (SME) approved documentation for our Members. In order to be published, one of our Page Editors and at least one SME review the submissions for accuracy and technical correctness.

MALWARE - "An Ounce of Prevention..."
Malware Fighting – Best Practices
0
 
younghvCommented:
"If you delete the partition on the drive and create a new one, I don't think anything is likely to survive that,"

Yes, there are malware variants (MBR infectors) that can survive a format/reinstall. I don’t know of anything that can evade being identified by the top of the line scanners though.

In the constant struggle between the malware writers and fighters, there are occasionally short periods of time when a new variant cannot be fully eradicated. I don’t currently know of anything that cannot at least be identified.

“…so better to run a periodic scan where Windows is not running.”

Current malware variants use a random naming process for both files and processes; meaning that dictionary type scans from a CD will not be able to identify them.

You must run your scans while the Windows OS is running in “Normal Mode” to allow (1) scanning, (2) identification, and (3) repair. With many variants you must run a rogue process stopper before the scanners can work properly.

“Reviews”

The reviews I see on-line are all a ‘pay to publish’ list. The developers have to pay the evaluators to do the work. There are also PC Magazines who ‘evaluate’ their advertisers. IMO we can all safely ignore any evaluation done while there is a fiduciary relationship between the developer and the evaluator. (Think “Consumers Report” for the way things should be done.)

“…as I'm sure you know, it's just impossible to fully get rid of Norton products once they're on your PC.”

No, I don’t know that. Well over half of the points I’ve earned in the Symantec Zone on EE have been from helping our Members eradicate any trace of a Norton/Symantec product.

FWIW – I’ve participated in several seminars/round tables with employees of Symantec and their arrogance is simply stunning. They quite publicly state that they know better than MS how the Windows OS’s *should* run and they build their product based on that knowledge. As evidenced by countless users, their products actively interfere with the way Windows *DOES* run and they show no signs of changing their approach.

We have 3-4 really top Experts here on EE who use and recommend those products and I respect their knowledge – but disagree with their conclusions.

“…it severely impairs, maybe even destroys, WinXP's "System Restore" feature”

The last time I checked, they were still advocating disabling the System Restore function BEFORE starting the disinfection process. Their corporate ignorance about how System Restore (and the files therein) is simply astounding.

For real information about this topic, read this EE Article from MS MVP ‘rpggamergirl’:
Viruses in System Volume Information (System Restore)

“I'm inclined to stick with NIS, but I'm open to explanations about why this is a bad idea.”

(1)      It is costing you money.
(2)      It is causing system problems.

A couple more Articles that might help:
Stop-the-Bleeding-First-Aid-for-Malware
Rogue-Killer-What-a-great-name

0
 
therearestupidquestionsAuthor Commented:
younghv:

"If you delete the partition on the drive and create a new one, I don't think anything is likely to survive that,"

"Yes, there are malware variants (MBR infectors) that can survive a format/reinstall. I don’t know of anything that can evade being identified by the top of the line scanners though."

And these "top of the line scanners" are named what?

Thanks.
0
 
younghvCommented:
The full URL's for the primary tools are in the EE Articles I keep giving you.

These are the primaries that come to mind:
Malwarebytes
ComboFix
TDSSKiller
FixTDSS
OTL
0
 
therearestupidquestionsAuthor Commented:
younghv:

Thanks.  I'll check out those programs.


everybody:

I'm bumping up the point value (again?).
0
 
younghvCommented:
Just a quick comment about the 'points'.

First of all, any Expert responding to points is here for the wrong reason.
If you look at the other pending questions, you will see that the vast majority are all the maximum of 500.

Premium Service members have unlimited points to offer and almost all of them offer the full 500 for every question they post.

What really matters (IMO) is posting interesting questions and responding quickly when we try to help. Dragging questions out for several days/weeks is a very common cause for Experts to "unsubscribe" and go help a more active asker.

Again, just "IMO".
0
 
therearestupidquestionsAuthor Commented:
OK, younghv.  Didn't mean to offend, which it sounds like I did.  I'm not sure what "unsubscribe" means.  This isn't sarcasm or anything like it.  It's a sincere question (well, statement, technically).

Nevertheless, I am going to raise the points value again, in case this means something to somebody.
0
 
younghvCommented:
I am not offended, I am just trying to help you help yourself - but I'm not doing a very good job.

Perhaps it would help if you were to read the tips here:
http://www.experts-exchange.com/questionTips.jsp

Since joining EE you have posted 12 questions - half of which are still open.
(http://www.experts-exchange.com/help.jsp#hs=23&hi=462)

You should be receiving email notifications from EE about every 3-4 days detailing all of your 'Open Questions' and a list of options you can take to resolve them.

In this question, I spent a great deal of time and effort composing a fairly extensive response for you (http:#a37050073) and so far your actions have been to completely ignore everything I posted for 9 days (and counting).

[I'm not sure what "unsubscribe" means.]
Anyone participating in your questions has a link embedded at the top of the page that is labeled "Stop Monitoring". If I click on that link, the email notifications of comments (for this question) will no longer be sent to my mailbox.

An active EE Expert will often be working on hundreds of Open Questions at any given time. If the 'Asker' does not stay active in the questions they post and/or allow questions to drag out over time, many Experts will simply disengage from participating by 'unsubscribing' from the question and focusing on other Askers.
0
 
younghvCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now