KDB Systems

These past two weeks have been crazy for mal­ware. I’m get­ting sev­eral phone calls a day about rogue secu­rity pro­grams. These pro­grams hijack your com­puter. The lat­est ver­sion is extremely hard to remove from XP. If Win­dows is run­ning it’s near impos­si­ble. The mal­ware gets into the sys­tem files and doesn’t let other pro­grams run. I have to remove the hard drive and scan it with another com­puter. Then I re-install the hard drive and run more scans. This mal­ware is con­stantly chang­ing. The anti-malware scan­ners are always behind. I find it’s best to wait for two or three busi­ness days after receiv­ing an infected com­puter before work­ing on it so the anti-malware scan­ners will hope­fully have the mal­ware in their sig­na­tures. Yes­ter­day I received an infected com­puter that was run­ning Win­dows 7. Win­dows 7 was run­ning with the default secu­rity set­tings. All the user accounts had pass­words. The mal­ware was the exact same as I’d had all the trou­ble with on XP com­put­ers. It took about five min­utes to remove it in Win­dows 7. Because of the bet­ter secu­rity in Win­dows 7 the mal­ware could not get out of the user account that clicked on the wrong web site. I had set this com­puter up. When I set up a com­puter I always set up a sec­ond admin­is­tra­tor account with a strong pass­word. This is espe­cially impor­tant in Vista and Win­dows 7. If you only have one account and it gets cor­rupted it’s very hard to fix it. I logged in with the sec­ond account, loaded the infected users reg­istry hive, deleted a cou­ple of entries, and deleted the files those entries pointed to. I was then able to reboot into the infected users account with no signs of the mal­ware. I waited a cou­ple of days then ran sev­eral dif­fer­ent scan­ners just to make sure. They did find a cou­ple of drop­per files in some temp fold­ers. If those files had inad­ver­tently been run the com­puter would have been infected again. I was very impressed with how well Win­dows 7 pro­tected the com­puter. It’s impos­si­ble to stop every social engi­neer­ing attack. Some peo­ple will always click on the wrong thing. Win­dows 7 with the default secu­rity set­tings did a great job of lim­it­ing the infec­tion and mak­ing it easy to remove.

One of the most fre­quent ques­tions I see on the Microsoft Answers forums is about prob­lems with IE8 being slow, crash­ing, or act­ing errat­i­cally. It’s usu­ally caused by a plug-in. I was going to write a tuto­r­ial about how to trou­bleshoot this. Dur­ing my research for the arti­cle I found this blog post by Ed Bott. It cov­ers the topic very well.

I usu­ally don’t rec­om­mend every­one imme­di­ately upgrade to a new ver­sion of any­thing. I’m firmly in the wait for oth­ers to find the bugs camp. I like to run the lat­est myself but for pay­ing cus­tomers if it ain’t broke why fix it. I don’t rec­om­mend they upgrade until ver­sion 1.1 or pos­si­bly with a hard­ware change. I’m chang­ing this posi­tion for Win­dows 7. It’s not that dif­fer­ent from Vista. Vista’s now at Ser­vice Pack 2 and is very sta­ble. For what­ever rea­son many peo­ple are still run­ning XP. The secu­rity ben­e­fits of Win­dows 7 com­pared to XP far out­weigh any cons about upgrad­ing. The Inter­net is worse than the wild west was. Surf­ing the net with XP is like show­ing up at the OK Coral naked with a water pis­tol. It doesn’t mat­ter what you do, you’re prob­a­bly going to lose. When you do lose you will become a zom­bie both­er­ing the local town­ies until they finally put you out of your mis­ery. Win­dows 7 puts you in the game. You’ve got as good of a chance as the bad guys. For this rea­son alone Win­dows 7 is worth upgrad­ing for. All the fancy UI, net­work­ing, media enhance­ments, etc, are just gravy. Secu­rity is the num­ber one rea­son to upgrade. Heck, even the Linux and Mac crowd should be urg­ing the Win­dows crowd to upgrade. The Inter­net will be a much bet­ter place when XP is forgotten.