Any security software I can run from outside Windows (XP)?
I'm about to wipe my PC and reload everything, mostly for security purposes. I currently have Norton Internet Security 2011 and MalwareBytes Anti-Malware loaded and always running. I'll probably add Super Anti-Spyware. Right now, I also have a not updated version of CounterSpy; this program has been discontinued. Anyway, all of these run within Windows.
Since this will be a good time to download more software, that is to say right after I reformat the drive--anything else I should do at that time, for example checking for rootkits? how?--can I get some suggestions about programs I can store on a CD/DVD, boot to, and run from outside of Windows? My DOS knowledge is very limited, and my Linux knowledge is non-existent. I presume you get why I want to run some kind of scan(s) from time to time outside of Windows.
Can any evil software survive a total reformat using the PC manufacturer's discs? I read something on Wikipedia about (I think) rootkits living in the PC's BIOS, or something like that. Also, if I have an infected, external hard drive, will Norton and MalwareBytes (and maybe Super Anti-Spyware) protect the PC from becoming infected during the installation of the "new" (to the PC) process?
Thanks.
Since this will be a good time to download more software, that is to say right after I reformat the drive--anything else I should do at that time, for example checking for rootkits? how?--can I get some suggestions about programs I can store on a CD/DVD, boot to, and run from outside of Windows? My DOS knowledge is very limited, and my Linux knowledge is non-existent. I presume you get why I want to run some kind of scan(s) from time to time outside of Windows.
Can any evil software survive a total reformat using the PC manufacturer's discs? I read something on Wikipedia about (I think) rootkits living in the PC's BIOS, or something like that. Also, if I have an infected, external hard drive, will Norton and MalwareBytes (and maybe Super Anti-Spyware) protect the PC from becoming infected during the installation of the "new" (to the PC) process?
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm bumping up the points value, in this case from 250 to 350. If I get more responses, there will no doubt be more than one correct answer. So, I want to make sure that everybody who gives helpful answers will get a significant number of points.
Therefore, I suspect I'm going to end up bumping up the points value again.
I thank everybody for their comments so far.
Therefore, I suspect I'm going to end up bumping up the points value again.
I thank everybody for their comments so far.
LlanoV and phototropic:
Good answers!
Thanks.
Good answers!
Thanks.
bdsuser:
I forgot to mention another issue regarding your post. Before I do, let me re-emphasize that my prior reply to you (ID: 37036124) was truly, sincerely not intended to be hostile. However, on re-reading my reply, I realize that it could be interpreted as such, but the reader would really have to be kind of looking to be offended. (I know at least one person who could be described this way.) Anyway, I hope you weren't, offended that is.
Anyway, here's my other issue. When you said, "If you delete the partition on the drive and create a new one, I don't think anything is likely to survive that," I need to know what kind of expertise you have. Is this just a semi-educated guess, or are you a security expert (with solid academic credentials in the field), Etc.? Does anybody else agree or disagree?
I actually have another issue related to your post. You said, "If Norton isn't doing the job then get something else that will." That's sound advice for sure. However, my concern is that I don't know if Norton is doing the job or not. That's why I want to run periodic scans using other programs...to see if something bad slipped past Norton. This seems like sound reasoning to me. There's no real need for you to comment on this paragraph, but if you have something to say, I'd be interested in reading it.
Thanks.
I forgot to mention another issue regarding your post. Before I do, let me re-emphasize that my prior reply to you (ID: 37036124) was truly, sincerely not intended to be hostile. However, on re-reading my reply, I realize that it could be interpreted as such, but the reader would really have to be kind of looking to be offended. (I know at least one person who could be described this way.) Anyway, I hope you weren't, offended that is.
Anyway, here's my other issue. When you said, "If you delete the partition on the drive and create a new one, I don't think anything is likely to survive that," I need to know what kind of expertise you have. Is this just a semi-educated guess, or are you a security expert (with solid academic credentials in the field), Etc.? Does anybody else agree or disagree?
I actually have another issue related to your post. You said, "If Norton isn't doing the job then get something else that will." That's sound advice for sure. However, my concern is that I don't know if Norton is doing the job or not. That's why I want to run periodic scans using other programs...to see if something bad slipped past Norton. This seems like sound reasoning to me. There's no real need for you to comment on this paragraph, but if you have something to say, I'd be interested in reading it.
Thanks.
Younghv:
You raise some interesting points, including calling into question the basic assumption behind my question. My thinking/assumption was that running security software from within Windows on an infected PC would give this infection the opportunity to defend itself against security software, so better to run a periodic scan where Windows is not running. Does anybody else agree with Younghv that my reasoning here is wrong? Regarding Microsoft Security Essentials, I don't think I've ever read a review showing it to be anything but inferior to Symantec (and Kaspersky) products, but you seem to disagree. Can you explain why you're right and every review I've ever read is wrong...or why I'm wrong, and there is no real conflict between the opinion you just expressed and the endless reviews I just mentioned?
You also said, "Norton/Symantec products have been off my personal use list for many years[,] based on their inference with the basic Windows [OS] and the poor results of blocking basic malware." 1st, I agree that Norton just takes over one's computer. I suspect that it might be to blame for my ongoing problems in getting certain Adobe software, notably Flash and Adobe Reader, to update. For example, it severely impairs, maybe even destroys, WinXP's "System Restore" feature. Unfortunately, my PC came preloaded with the version of Norton Internet Security that existed around the time just before Vista got released, and, as I'm sure you know, it's just impossible to fully get rid of Norton products once they're on your PC. Symantec offers a tool claiming to do this, but I've seen evidence--I don't recall what it was--that this tool does not fully get Norton uninstalled. So, anyway, I'm inclined to stick with NIS, but I'm open to explanations about why this is a bad idea.
Finally, you also said, "The best scanner tools are designed to run while Windows is booted...." Superantispyware, if I recall--and I think I do--does have this feature. So does MalwareBytes' Anti-Malware, again, if I recall. Agreed?
Thanks.
You raise some interesting points, including calling into question the basic assumption behind my question. My thinking/assumption was that running security software from within Windows on an infected PC would give this infection the opportunity to defend itself against security software, so better to run a periodic scan where Windows is not running. Does anybody else agree with Younghv that my reasoning here is wrong? Regarding Microsoft Security Essentials, I don't think I've ever read a review showing it to be anything but inferior to Symantec (and Kaspersky) products, but you seem to disagree. Can you explain why you're right and every review I've ever read is wrong...or why I'm wrong, and there is no real conflict between the opinion you just expressed and the endless reviews I just mentioned?
You also said, "Norton/Symantec products have been off my personal use list for many years[,] based on their inference with the basic Windows [OS] and the poor results of blocking basic malware." 1st, I agree that Norton just takes over one's computer. I suspect that it might be to blame for my ongoing problems in getting certain Adobe software, notably Flash and Adobe Reader, to update. For example, it severely impairs, maybe even destroys, WinXP's "System Restore" feature. Unfortunately, my PC came preloaded with the version of Norton Internet Security that existed around the time just before Vista got released, and, as I'm sure you know, it's just impossible to fully get rid of Norton products once they're on your PC. Symantec offers a tool claiming to do this, but I've seen evidence--I don't recall what it was--that this tool does not fully get Norton uninstalled. So, anyway, I'm inclined to stick with NIS, but I'm open to explanations about why this is a bad idea.
Finally, you also said, "The best scanner tools are designed to run while Windows is booted...." Superantispyware, if I recall--and I think I do--does have this feature. So does MalwareBytes' Anti-Malware, again, if I recall. Agreed?
Thanks.
To all:
I'm still very interested the questions I originally posted, especially one. When plugging in a new (actually already used), potentially-infected, external hard drive, is this a special opportunity for problems to be transferred from such a hard drive to my PC, or will my security software protect my PC? If the former is the case, which I suspect it is, how to get around this especially nasty vulnerability?
Also, and this is partially based on Younghv's comments, what do people suggest as programs that do run from within Windows but don't provide active protection? That is to say, they won't protect the PC from getting infected with malware, but, by running a scan with one of them, I may be able to detect that malware got into my system; ideally, they'll then try to clean that off of my system. Cost is a big factor, but I'm still interested in programs one has to pay for.
Thanks everybody.
I'm still very interested the questions I originally posted, especially one. When plugging in a new (actually already used), potentially-infected, external hard drive, is this a special opportunity for problems to be transferred from such a hard drive to my PC, or will my security software protect my PC? If the former is the case, which I suspect it is, how to get around this especially nasty vulnerability?
Also, and this is partially based on Younghv's comments, what do people suggest as programs that do run from within Windows but don't provide active protection? That is to say, they won't protect the PC from getting infected with malware, but, by running a scan with one of them, I may be able to detect that malware got into my system; ideally, they'll then try to clean that off of my system. Cost is a big factor, but I'm still interested in programs one has to pay for.
Thanks everybody.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
younghv:
"If you delete the partition on the drive and create a new one, I don't think anything is likely to survive that,"
"Yes, there are malware variants (MBR infectors) that can survive a format/reinstall. I don’t know of anything that can evade being identified by the top of the line scanners though."
And these "top of the line scanners" are named what?
Thanks.
"If you delete the partition on the drive and create a new one, I don't think anything is likely to survive that,"
"Yes, there are malware variants (MBR infectors) that can survive a format/reinstall. I don’t know of anything that can evade being identified by the top of the line scanners though."
And these "top of the line scanners" are named what?
Thanks.
The full URL's for the primary tools are in the EE Articles I keep giving you.
These are the primaries that come to mind:
Malwarebytes
ComboFix
TDSSKiller
FixTDSS
OTL
These are the primaries that come to mind:
Malwarebytes
ComboFix
TDSSKiller
FixTDSS
OTL
younghv:
Thanks. I'll check out those programs.
everybody:
I'm bumping up the point value (again?).
Thanks. I'll check out those programs.
everybody:
I'm bumping up the point value (again?).
Just a quick comment about the 'points'.
First of all, any Expert responding to points is here for the wrong reason.
If you look at the other pending questions, you will see that the vast majority are all the maximum of 500.
Premium Service members have unlimited points to offer and almost all of them offer the full 500 for every question they post.
What really matters (IMO) is posting interesting questions and responding quickly when we try to help. Dragging questions out for several days/weeks is a very common cause for Experts to "unsubscribe" and go help a more active asker.
Again, just "IMO".
First of all, any Expert responding to points is here for the wrong reason.
If you look at the other pending questions, you will see that the vast majority are all the maximum of 500.
Premium Service members have unlimited points to offer and almost all of them offer the full 500 for every question they post.
What really matters (IMO) is posting interesting questions and responding quickly when we try to help. Dragging questions out for several days/weeks is a very common cause for Experts to "unsubscribe" and go help a more active asker.
Again, just "IMO".
OK, younghv. Didn't mean to offend, which it sounds like I did. I'm not sure what "unsubscribe" means. This isn't sarcasm or anything like it. It's a sincere question (well, statement, technically).
Nevertheless, I am going to raise the points value again, in case this means something to somebody.
Nevertheless, I am going to raise the points value again, in case this means something to somebody.
I am not offended, I am just trying to help you help yourself - but I'm not doing a very good job.
Perhaps it would help if you were to read the tips here:
https://www.experts-exchange.com/questionTips.jsp
Since joining EE you have posted 12 questions - half of which are still open.
(https://www.experts-exchange.com/help.jsp#hs=23&hi=462)
You should be receiving email notifications from EE about every 3-4 days detailing all of your 'Open Questions' and a list of options you can take to resolve them.
In this question, I spent a great deal of time and effort composing a fairly extensive response for you (http:#a37050073) and so far your actions have been to completely ignore everything I posted for 9 days (and counting).
[I'm not sure what "unsubscribe" means.]
Anyone participating in your questions has a link embedded at the top of the page that is labeled "Stop Monitoring". If I click on that link, the email notifications of comments (for this question) will no longer be sent to my mailbox.
An active EE Expert will often be working on hundreds of Open Questions at any given time. If the 'Asker' does not stay active in the questions they post and/or allow questions to drag out over time, many Experts will simply disengage from participating by 'unsubscribing' from the question and focusing on other Askers.
Perhaps it would help if you were to read the tips here:
https://www.experts-exchange.com/questionTips.jsp
Since joining EE you have posted 12 questions - half of which are still open.
(https://www.experts-exchange.com/help.jsp#hs=23&hi=462)
You should be receiving email notifications from EE about every 3-4 days detailing all of your 'Open Questions' and a list of options you can take to resolve them.
In this question, I spent a great deal of time and effort composing a fairly extensive response for you (http:#a37050073) and so far your actions have been to completely ignore everything I posted for 9 days (and counting).
[I'm not sure what "unsubscribe" means.]
Anyone participating in your questions has a link embedded at the top of the page that is labeled "Stop Monitoring". If I click on that link, the email notifications of comments (for this question) will no longer be sent to my mailbox.
An active EE Expert will often be working on hundreds of Open Questions at any given time. If the 'Asker' does not stay active in the questions they post and/or allow questions to drag out over time, many Experts will simply disengage from participating by 'unsubscribing' from the question and focusing on other Askers.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER
You said, "There is nothing free on the internet, everything has a cost, you just can't always see the cost. By all means stop downloading free software on the internet."
This strikes me as black-and-white thinking. The real world is shades of grey. Mozilla Firefox, for example, is free. Do you have a problem with that program?
I'm not trying to be hostile. I'm just trying to get at a reliable answer.
Thank you for your input, despite what I just said...and despite the fact it didn't answer my question.