The Virtual Future

Want to know where Microsoft’s virtual server tech is going, or are you just a VMware bigot? If the former, here’s the skinny: Virtual Server 2005 will ship by the end of the year and will be followed up by a Release 2 Beta, which supports some Longhorn server technologies. After that, Virtual Server will support new hardware virtualization tricks from AMD and Intel. More details here.

We’ve Got You SUSed
First there was Software Update Services (SUS), then Windows Update Services (WUS), then Windows Server Update Services (WSUS). If you’re an old-school SUS user, rest assured -- support and security updates have been stretched to the end of next year, six months longer than planned. After that, you’d best move to WSUS, Microsoft advises.

PCs for the Poor
Microsoft is aware of the digital divide, perhaps even more acutely due to Bill Gates’ philanthropic work in lesser-developed countries. And through its Unlimited Potential program, Microsoft hopes to bridge this gap by making PCs more affordable and available, as Akhtar Badshah, senior director of Microsoft Community Affairs explains in a Q&A on the Microsoft Web site. Microsoft is paying for training centers and giving away software.

I applaud this effort, but price and availability is only one concern; keeping third-world PCs actually running is another. What good is a $100 machine if it’s brought to its knees by viruses and spyware?

Intel Extends Battery Life, All Life with New Chips
Laptops are great, except when they’re lost, infected with malware, or run out of battery power. Intel’s new line of chips may not help the first two problems, but the chips can ease the third. The next generation of processors will run cooler and longer, using less energy. While I selfishly want this for my laptop, there is a deeper purpose. Less energy means less greenhouse gases, which means less global warming and pollution. And from a pure power-user standpoint, heat will be less of a limiting factor on performance, so your machine can be ultra fast -- and totally cool.

Halo, the Movie
Microsoft can’t help but make money. We told you about Microsoft patents that could force Apple to pay Redmond millions for iPod sales. Now Microsoft stands ready to pocket a cool $5 million for the movie rights to Halo, the popular Xbox game. Microsoft will also snag 10 percent of the gross.

Spyware: You Respond to Doug's Call to Action
My favorite part of many magazines is the letters, and my favorite part of Redmond Report is your comments. What follows are a whole bunch because in response to my spyware sob story Tuesday, I got lots of advice on blocking and removing the stuff. Suggestions ranged from different tools to remove or prevent spyware and what to do if you meet a spyware author.

“I had a home network of four to five computers for development work on Windows and Linux, plus my kids’ computers. It got to the point where I spent 30 or more hours a week on home tech support (viruses, spyware, Trojans, hijackers, Windows versions not playing well together, rebuilds and reinstallations) and couldn’t put 40 hours into my paid telecommuting work. Then I found a fix. Everything that used to run on five computers now run on two, I don’t get malware, everything works, I spend zero hours on tech support, I never reboot, and life is good.

I bought Macs, specifically a PowerBook for me and an eMac for the kids. I run Mac OS X, Linux, and three kinds of Windows (98, 2000, XP) on the laptop. The only things that ever crash on the Mac are MS Word and MS Virtual PC.”

-- Bayard

"I’m a reader of Redmond Report and read your story about spyware and the attempted removal thereof.

I have some suggestions that may or may not help you:

The first being Norton and McAfee are not worth their weight in salt for spyware and malware detection and/or removal. I had used over 30 different products (trial versions) to remove an ActiveX script my wife had contracted during a Web site visit. She knew immediately as soon as she clicked on the link that she was in trouble. Within seconds there were numerous Trojans, spyware and malware tools installed on her machine.

Keep in mind, installed on this machine and running were Lavasoft’s Ad-Aware, Norton Internet Security (with updated definitions for viruses and spyware), and the new [firewall] beta that Microsoft bought from the spyware detection company Giant. I thought I was fully protected against electronic diseases and realized that virus tools are great for virus detection but not spyware. I’m still pondering on the reason Giant allowed this type of activity when it’s supposed to prevent it. All of the files found were listed as files that would be removed by all of the majors previously listed.

The second is the fact that it takes multiple pieces of software to removal all traces of different spyware and malware software. These are my recommendations after six days of research and trial-and-error of trying to remove these 'utilities.'

Ewido Security is great at finding Trojans but nothing else.

Spybot finds most spyware and most trojans but not all.

Spy Sweeper found all of the remaining spyware and Trojans. I assume it would have found the same as Spybot, but I’m not willing to attempt a reinfection to test this theory.

This is a useless link in my opinion but thought you might want to experience what software shouldn’t do!

The last suggestion I have for you is to put something in place that will prevent this type of malicious software from being installed in the first place.

The last link will provide some great utilities for prevention and detection as well. This is the best of the best freeware and shareware, and there are a couple of really decent utilities that will help you prevent a reoccurrence of your scenario. I hope you find these utilities as effective and useful as I’ve found them."

-- Phillip

"I, too, have spyware sponges. I use Virtual PC with undo on. This way, all changes to the virtual hard drive are dumped each time I reboot the machine and all the sponge's clicks on 'OK' in the insidious 'You've just won' popups or blanket DIVs that so many sites now employ are expunged."

-- Dave

" I would make a VMware (or Virtual PC) image before handing the PC to spyware an attractive target. Turn on snapshots, and if there’s a problem, roll back to a previous snapshot. Makes it easier to move the user to a different PC, too."

-- John

"I read your Redmond Report item 'Spyware Never Sleeps' on Aurora spyware. Aurora is part of a group [of spyware] from Direct Revenue that includes: ABetterInternet, ABI Network, Ceres, Aurora, WinFixer, Direct Revenue and Search Assistant. One can prune the registry and delete keys manually, but … I’ve discovered that Aurora changes the file names of the files it uses to reinfect the host. In this respect, I think, therefore, that it’s similar somewhat to a 'polymorphic' or 'mutation engine' virus that can modify itself with each new infection. Aurora also apparently hijacks some legitimate running processes.

I have a user [whose computer is] perpetually infested with this Direct Revenue group of spyware and am going to reformat. I’ve wasted way too many man hours (cumulative days) using software (Spybot) and manually pruning registry keys and files, only to see the spyware regenerate within one minute of reboot. Have you found software that deletes Aurora permanently?"

-- Robert

"The answer is very simple. Here in Belfast we have a shop called B&Q, which is a hardware/home/garden improvement type of place. Now, in there they sell nice handy lengths of timber. Sand one end until it’s rounded and provides a nice tight grip, allowing both hands to hold roughly 4 feet of 6x4.

Find out from the local authorities who the onion is that wrote the spyware code. Go around to his/her (you never know) workplace or home using transport of your choice, preferably a low-budget airline or bus as we are already out the price of the lumber. Apply the said piece of timber several times to the body of the numpty who is responsible for causing this irritation. Before he/her loses consciousness try to find out anything about his/her contacts and pass this info on to like-minded people you know. Hopefully, this will mitigate the cost of the timber and transport by spreading it about and eventually these people will give up their activities since it’s hard to type with broken fingers.

Incidentally, in order to comply with health and safety regulations, it may be prudent to wear some form of protective gloves and a visor just in case some loose splinters fly about."

-- Kevin

"I recently assisted a customer in removing 20 Trojans and numerous spywares on her system. The application that I found most useful, besides HijackThis, Spybot-S&D, Ad-Aware, Microsoft AntiSpyware and Bullet Proof Soft was Ewido. This was a slow process (taking three-plus hours to complete in Safe mode), but it worked wonders. As there were two separate accounts on the Windows XP Pro system, I made sure to run the apps under both profiles to catch any lurking bugs."

-- John

"I suspect most readers of your magazine have a few spyware horror stories to tell, but I've found a fun and effective technique that has worked on a number of stubborn magically reappearing processes.

While trying to scrub a machine of one of those processes which reappear shortly after they're killed, I found that a bit of clever dialog box arrangement and quick clicking can hose a feisty file and process quickly enough to break the cycle. Once I've identified the executable file that needs to be deleted, I open the task manager and find it in the process list. In another adjacent Explorer window, I navigate to the file in question, highlight it then press the delete key. With the delete confirmation dialog box up, I move over to the task manager, and end the process. I move the end process confirmation dialog box next to the file delete confirmation dialog, and in quick succession, ok the file dialog then the process dialog, usually with a combination of mouse click in one and the space bar in the other. With the timing just right, the file is deleted before the process can kick off again, and the cycle is broken.

This won't work in every case, but it can jump-start a cleaning session when the frustration level has reached a fever pitch."

-- Greg

"Run 'ntbackup' and backup system state (known good system). Restore when needed. Free!"

-- Robin

"You never mention which three anti-spyware tools you used. I general use three or more spyware removal tools: Spybot Search & Destroy, Lavasoft's Ad-Aware Plus, and Trend Micro's Anti-Spyware. I also use Avast anti-virus software that also finds malicious spyware. They also have what they call their BART CD (Bootable Antivirus & Recovery Tools CD). Give those a try and if you've used any of those, well best of luck to you!

Oh, and by the way, may I suggest you install Firefox on your son's computer and remove any links or shortcuts to IE."

-- Charles

"So your 9-year-old manages to find lotsa spyware, eh? Yeah, my sister-in-law still thinks that replying to spam messages to ask to be taken off the list will decrease the amount of junk in her inbox, no matter what I say and history reveals. Ugh ...

Nonetheless, I gotta tell ya that it’s so much easier to keep spyware from ever entering the box then cleaning it up afterwards. Two of the best ways to do this are: Javacool's SpywareBlaster, which uses the magic ActiveX 'kill bit' to lock out billions of known spyware programs from ever installing themselves and is updated all the time; and never logon as Administrator unless you're installing software.

No, it's not a panacea, but just these two steps will probably make a huge difference in avoiding spyware. Prevention is the key!

Of course, if you want to be all hardcore about it, there are lots of other things you can do. For example, I only browse with Firefox with the AdBlock extension and Filterset.G, which prevents ads and spyware-type content from loading. Then, I run a couple of other anti-spyware programs, including Lavasoft Ad-Aware and Spybot-S&D, both of which have some preventative measures as well. And I'm looking into downgrading my IE and Firefox process privileges, since I'm usually logged in as an administrator, and domain privileges, when at work."

-- Eric

"I had the same problems except that it was my wife who caused the trouble. (Lots of tension followed, of course!) The solution that I found took a couple of days and involved using HiJackThis and posting the results on TomCoyote Forums.

There are some VERY generous souls who patrol these forums and look to help the novice spyware-infected unfortunates. I’m extremely grateful for the help that I received and was lucky to have stumbled into this Web forum."

-- Bill H.

"I've got a much better way than manually scrubbing or reloading a machine in the wake of your 9-year-old.

Schools, libraries and other computer labs often use a program called Deep Freeze. This allows users to make whatever mischief they think they can get away with, after which the admin can restore the computer to its original system state. Some labs have the systems automatically rolled-back every night to make sure everything will be working in the morning."

-- Steven

"Just an idea that nobody seems to be doing anything about: How about booting a live CD of Windows and using that as your boot volume. All data could be stored on the local hard drive, but the OS and necessary apps would reside on the CD, where they couldn't be harmed.

I'm not sure what's available in the way of full-function live Windows CD creation tools, but if the penguinistas can do it with their OS, why can't it be done with Microsoft's? I've thought for some time that the only sensible way to run a computer, in these days of rampant spyware, adware, viruses, worms and what-not, is to have all your apps and operating system files on a read-only medium. Maybe it should be a live DVD -- whatever, I don't care. But you're not going to be altering my programs by installing something bad if you can't write to the program folders.

If someone had half a clue, this would allow data to be stored where data should be, separate from code, and outbreaks of malware could be contained. Come on, rocket scientists, the current model of computer security is BROKEN. I'm tired of the same old excuses. Give us something better!"

-- Dennis

"I use several techniques to address the problem of spyware, aside from two spyware scanners. One is to use a removable disk tray like those from Addonics -- this way, I keep a separate drive for the kids, which I can reformat as needed and keep a drive for myself that I keep locked way from the kids. Another is once I get the machine set up the way I like, I create an image using Acronis True Image that I write onto several CDs or DVDs. That way I can easily re-create a drive as required.

Of course, I also disable every service I can as well as keeping my computers behind a NAT router and enabling software firewalls on all of them.

This doesn’t stop everything, but it helps."

-- Charles

"Regarding your 'Spyware Never Sleeps' column, I frequently have people come up to me at work and tell me about their problems at home and how their kids have wrecked their PCs. Even the latest and greatest systems only a couple months old are being brought to their knees with spyware and viruii in no time. Even when they have seemingly prevented it by reducing Windows permissions for their kids, it comes back.

Though Ad-Aware is in my opinion the best spyware removal tool around for its thoroughness and ease of use, there still remains the problem of virii and grayware that’s not detected. It comes as no surprise, then, when Ad-Aware keeps finding spyware scan after scan until I remove the virii with a virus scanner. As this is in itself often a difficult step due to the virii crippling the installed and online scanners and there being no command-line scanners for NTFS drives, this adds a whole new dimension to the problem. (Do you know of a bootable command-line scanner for Windows NX/2000/XP?)

Subscribe to Redmond Report

This column was originally published in our weekly Redmond Report newsletter. To subscribe, click here.

Two solutions immediately come to mind. The first is what I’ve been using: Instead of trying desperately to weed out individual components, which could take hours or even days, I simply pop the case of the PC, plug in a hard drive at least 4GB, make it the first bootable drive in the BIOS, and install a fresh copy of XP. After it comes up, I just need the network drivers and then I can use Trend Micro’s HouseCall and download a fresh copy of Ad-Aware. I can get 99 percent of the junk off the system this way. After that I just remove the hard drive and viola, clean PC.

The second solution isn’t ready yet, though. I’m preparing a BartPE ( disk with Ad-Aware and AVG on it so I can just boot from CD to clean the hard drive. The only caveat with this is that I have to keep updating the patterns. I could pull it off the network, a floppy or flash drive. It’ll still be faster than cleaning the PC manually or popping off the cover, and I’ll probably be able to update the pattern even from an infected PC."

-- Stephen

"Wow, you admit to having had an AOL account? I thought that was career suicide in the IT field. My bad."

-- John

"Sorry, but I don't have any better solutions because I’ve done the exact same things that you’ve done! The main thing I’m doing is educating my 9- and 12-year-olds about spyware and adware. They’re amazingly savvy about this sort of thing -- much more than the adults at work!

One helpful thing would be a list of Web sites that they go to that put spyware on the computer. My kids go to these online game sites that use Java stuff to play games online. My paranoid, conspiracy-theory mind leads me to think that these people who create spyware are using these sites made for kids to spread their malfeasance. I’ve warned my kids that if it continues, I will be forced to take Internet privileges off of their computer. That definitely got their attention!

Anyway, nice blurb in the newsletter about this! Any further info you gather would be great to hear!"

-- Juan

About the Author

Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.


comments powered by Disqus

Subscribe on YouTube