KDB Systems

These past two weeks have been crazy for malware. I’m getting several phone calls a day about rogue security programs. These programs hijack your computer. The latest version is extremely hard to remove from XP. If Windows is running it’s near impossible. The malware gets into the system files and doesn’t let other programs run. I have to remove the hard drive and scan it with another computer. Then I re-install the hard drive and run more scans. This malware is constantly changing. The anti-malware scanners are always behind. I find it’s best to wait for two or three business days after receiving an infected computer before working on it so the anti-malware scanners will hopefully have the malware in their signatures. Yesterday I received an infected computer that was running Windows 7. Windows 7 was running with the default security settings. All the user accounts had passwords. The malware was the exact same as I’d had all the trouble with on XP computers. It took about five minutes to remove it in Windows 7. Because of the better security in Windows 7 the malware could not get out of the user account that clicked on the wrong web site. I had set this computer up. When I set up a computer I always set up a second administrator account with a strong password. This is especially important in Vista and Windows 7. If you only have one account and it gets corrupted it’s very hard to fix it. I logged in with the second account, loaded the infected users registry hive, deleted a couple of entries, and deleted the files those entries pointed to. I was then able to reboot into the infected users account with no signs of the malware. I waited a couple of days then ran several different scanners just to make sure. They did find a couple of dropper files in some temp folders. If those files had inadvertently been run the computer would have been infected again. I was very impressed with how well Windows 7 protected the computer. It’s impossible to stop every social engineering attack. Some people will always click on the wrong thing. Windows 7 with the default security settings did a great job of limiting the infection and making it easy to remove.

One of the most frequent questions I see on the Microsoft Answers forums is about problems with IE8 being slow, crashing, or acting erratically. It’s usually caused by a plug-in. I was going to write a tutorial about how to troubleshoot this. During my research for the article I found this blog post by Ed Bott. It covers the topic very well.

I usually don’t recommend everyone immediately upgrade to a new version of anything. I’m firmly in the wait for others to find the bugs camp. I like to run the latest myself but for paying customers if it ain’t broke why fix it. I don’t recommend they upgrade until version 1.1 or possibly with a hardware change. I’m changing this position for Windows 7. It’s not that different from Vista. Vista’s now at Service Pack 2 and is very stable. For whatever reason many people are still running XP. The security benefits of Windows 7 compared to XP far outweigh any cons about upgrading. The Internet is worse than the wild west was. Surfing the net with XP is like showing up at the OK Coral naked with a water pistol. It doesn’t matter what you do, you’re probably going to lose. When you do lose you will become a zombie bothering the local townies until they finally put you out of your misery. Windows 7 puts you in the game. You’ve got as good of a chance as the bad guys. For this reason alone Windows 7 is worth upgrading for. All the fancy UI, networking, media enhancements, etc, are just gravy. Security is the number one reason to upgrade. Heck, even the Linux and Mac crowd should be urging the Windows crowd to upgrade. The Internet will be a much better place when XP is forgotten.