Solved

Anti-root, anti-virus

Posted on 2013-11-09
15
355 Views
Last Modified: 2013-12-02
I use rogue killer and rkill before using mbam.  Any other suggestions for a "new" used laptop I just bought?  Is MSE sufficient?  Does it hurt to  run an anti-spyware program every week or so?
0
Comment
Question by:RaiderNationDelegate
  • 6
  • 4
  • 3
  • +1
15 Comments
 
LVL 11

Accepted Solution

by:
Technodweeb earned 300 total points
Comment Utility
First, it never HURTS to run a good anti-malware tool on demand.
MSE is decent but I would not give it too much faith.
MBAM is the best of breed but I would not run it in real-time as it has some significant overhead.
A good AV in real-time and a selection of good tools to run on demand when needed is a good plan. Personally, I use the non-free version of AVG with MBAM and Super Anti-Spyware installed and ready to run if required. All three will allow safe mode use which is important to properly clean, if the bug gets past the AVG as first defense.

There is not much difference between the paid and full version of AVG except that you can only schedule one update per day but you can manually update as often as you like plus the scheduled scans can only be set for one time per day on the free version and the paid is schedule anything the way you want.
0
 

Author Comment

by:RaiderNationDelegate
Comment Utility
Thank you techno-
Few questions:
1-what is the value of rogue killer/rkill and any others? My sense was that they were good for pre mbam scans.
2-Should I run most scans in safe mode?

FYI, MSE is my firewall. It runs a scan every weeks at 2 am.  

Any other ideas?
0
 
LVL 11

Assisted Solution

by:Technodweeb
Technodweeb earned 300 total points
Comment Utility
I do not use RKill but have seen it. No reason other than I am happy with what I have always used. That said, I have no problem trying new things in a pinch and I get good community feedback. Go with what you know and then branch out if necessary.

I assume that MSE was Microsoft Essentials? Is this not what you are talking about? Unless you NEED a firewall on your computer, I would disable the personal firewall completely. If your IP address on your computer  begins with 192.168.x.x or 10.x.x.x or 172.16.x.x then you are behind a NATting router which is the only firewall protection that you realistically need. Exceptions to this rule exist and you should evaluate your needs based on your network. Do not take my advice on this exclusively. Example, your network is shared with others which you do not trust. Example, your computer gets a public IP address from the internet. Example, you connect to a lot of public internet access points. In these cases, having a firewall would be good. Maybe you can disable in your known safe spots but when you go to Starbucks for a Latte, for heaven sake, turn it on...
0
 
LVL 11

Assisted Solution

by:Technodweeb
Technodweeb earned 300 total points
Comment Utility
Sorry, the only way to remove most malware these days is in safe mode and even then some require more dramatic steps to remove. Very situational. I would not necessarily start an initial scan in Safe mode since it will take 3 times longer to complete. Run the initial scan in standard mode and if you find something that is not able to be removed, then scan and treat in Safe Mode.
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 150 total points
Comment Utility
Many people (in my opinion and experience) are protected sufficiently by MSE or WindowsDefender, if they practice safe browsing habits.

Most people use free antivirus programs (Avast, AVG, Avira, Panda Cloud antivurus, etc) in place of MSE and WindowsDefender.

In case they suspect an infection, they use MBAM to scan and clean (not from the safe mode, however).

I may be wrong, but from your question (re: Rogue killer and Rkill)  my guess is you are more of a risk taker, You know best, however, what is best for you. FWIW, my recommendation is to use Avira or Panda as a real-time protection and use MBAM in case of a suspected or a real infection. Also no harm in scanning with MBAM every week.

[If required, however, heavier guns are always available.]
0
 

Author Comment

by:RaiderNationDelegate
Comment Utility
It's a used computer. I have no idea where it has been.
0
 
LVL 11

Assisted Solution

by:Technodweeb
Technodweeb earned 300 total points
Comment Utility
In that case, an OS reload would be your best bet to set your baseline and give yourself peace of mind.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 24

Assisted Solution

by:aadih
aadih earned 150 total points
Comment Utility
Recommendation: Follow Technodweeb's advice. Then install a good antivirus software, and MBAM for occasional cleaning.
0
 

Author Comment

by:RaiderNationDelegate
Comment Utility
I'll do that. What's the best HD wiping method? DBAN?
0
 
LVL 11

Assisted Solution

by:Technodweeb
Technodweeb earned 300 total points
Comment Utility
Just kill the partitions during the install process. No extraordinary steps required.
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 150 total points
Comment Utility
As suggested by Technodweeb, no DBAN or any other disk-wiping software is required.
0
 

Author Comment

by:RaiderNationDelegate
Comment Utility
Techndweeb
 You said this:Just kill the partitions during the install process.
How do you do this?
0
 
LVL 11

Assisted Solution

by:Technodweeb
Technodweeb earned 300 total points
Comment Utility
when you get to the point of configuring the drive in the machine you will have an option to delete partitions. Just delete all partitions. Do not create any partitions or format them. Choose the one unpartitioned disk to install to. Good to go..!
0
 
LVL 38

Assisted Solution

by:BillDL
BillDL earned 50 total points
Comment Utility
RaiderNationDelegate

RKill is just as it describes here:
http://www.bleepingcomputer.com/download/rkill/
A program that kills known malicious processes that may otherwise prevent you from running other anti-malware scans.  A lot of viruses deliberately block applications to try and prevent their removal, which is why this program itself comes with different names and file extensions.

Rogue Killer (http://www.bleepingcomputer.com/download/roguekiller/) does the same thing but delves much deeper, concentrating on rootkits hiding in the boot sector of hard drives, hooked into other processes in memory, and so on.

It was said quite emphatically earlier: "the only way to remove most malware these days is in safe mode".   The idea behind programs like RKill is to suppress some malicious processes sufficiently so as to allow scanning, detection, and removal of malware that would otherwise probably have required doing a boot-time scan with a "Live CD" or a "Safe Mode Scan".  If you want to apprehend burglars in the act breaking into houses you usually have to go out in soft shoes at night while they are actively doing so, not treading heavily in the safety of daytime when the burglars are all in bed and you have to then try and find where they live.

Everybody has their preferred AntiVirus application, but how exactly do you prove that one is better than another?  it is almost impossible to evaluate this yourself unless you have a hornet's nest worth of malware to deliberately release on a computer running one AV application, guage how many it caught and killed, then wipe the computer and release the wasps on yet another AV application.  Most good PC Magazines have web versions of their publications in which AV applications are regularly tested and evaluated in this way.  That's about as close as you and I are going to get to knowing how good the various offerings are in terms of detection rate.  The rest is personal preference, such as how configurable the software is, how much it slows down the computer while you are using it normally, and so on.   Even a very highly regarded antivirus product can be as bad as one with a very low detection rate if it is not configured correctly and kept updated.

I think that Comment ID: 39636269 by aadih is a sensible one in this respect.

Personally I would be tempted to buy a brand new hard drive if I was to buy a 2nd-hand laptop at the moment.  If money was tight there is plenty advice above about flattening the hard drive and reinstalling Windows.
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
Thank you RaiderNationDelegate
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now