The inevitable "What will keep this stuff off my computer?" question

[rivo99]

OK... I have a feeling this is going to start a long thread, but I get a lot of machines in for virus removal, especially the fraudware ones lately. After the customer picks up the machine, I aways get the inevitable question, "What do you recommend?" or "What will keep these virus's off my computer?"

Lately I'm at a loss as to what to recommend. The latest round of fraudware seems to go right through the usual anti-virus programs like, AVG, AVAST, NIS 2010, Trend & McAfee. I would like to be able to recommend something (either a package like AVG & SuperAnitSpyware possibily with Geswall) or a simple "Here is your free AV and be careful what you click on."

So here is my question: What programs / package combinations do you see that works the best? I'm in a small'ish community and I get a few customer's that bring there computer in after 3 - 4 months with a new infection and they have "that look" on their face because I sold them NIS 2010....

I do use MWB and SAS a lot for cleanup, but have not deployed them to customer's because the free versions are not real-time. Maybe time to recommend a paid versions of either?

Any comments?

 

[Xander]

I warn people that there are ways of getting infected that don't require going to nefarious sites (there was an incident of a google ad passing an infection). Like driving your car, you can be a careful driver and have air bags/seat belts/etc all in place but you still might be T-boned at the next intersection.
I remind folks that we've gotten better at not clicking links from strangers in emails but haven't transferred that mentality to links in Facebook.

I suppose I could leave them with RKILL on the desktop and tell them if they ever get a mysterious browser popup about infections to minimize everything, run RKILL, and reboot. :/

 

[HubCityPC]

"What will keep these virus's off my computer?" Any comments?

Sandboxie

<filler text>

Kevin

 

[kagman]

The problem is that not matter you say to people computers can be infected even if the system has all the latest updates, the best anti-whatever programs, etc etc.

I'm very honest with people and say "look nothing is 100%, you need to be careful as to what websites you look at, don't open email attachments, don' look for pirated stuff, stay away from porn sites (if possible), etc etc"

 

[iisjman07]

We install AVG and explain to the customers how to update it, as well as telling them they should do so once a day. We also explain that 'no one solution is perfect - if it was, then we'd sell it'

 

[xxsilk109xx]

I have a pretty good answer to that, which I have worked on tuning for some time and here it goes.

I tell them that when they brought me the computer, it needed updated, sometimes with even service packs, not just regular updates. This is the first step because if you think of your computer like a house and every now and then something tries to eat a hole in it. Well the updates are like patches that you put there to keep them from not eating in that hole again.

Then I explain to them that there are no perfect solutions to this problem and that more times than not, the people creating these programs are one step ahead of the anti virus community. So it is absolutely imparitive that they keep this updated. Most times I ask customers when the last time they ran their anti virus was and most of them say it has been over 6 months if they have done it at all. So informing them how to run it and how often to run it will keep most infections from becoming something that can be easy to remove to something that could make them loose all of their data.

Then I explain to them about how virus are spread through email, social networking, limewire, bearshare, etc. Most people that have virus's that I see come in here with an outdated if any antivirus and lime wire on the computer, or some other peer to peer sharing software. I tell them that this is the most likely place the virus came from. I also explain about sites that host virus like free porn sites and other free music download sites, etc.
People usually ask, well where do i get music and stuff from, I tell them iTunes.

I install MS Security Essentials, Malwarebytes and Super-Antispyware.

I tell them to keep MS up to date, which it does by itself and to update and run quick scans with both MB and SAS once a week.

This is my 2 cents, hope it helps

 

[Skyhooker]

I tell clients to treat the internet like a forest full of wolves. Assume that everything that sounds too good to be true is just that; that everyone you don't know personally is out to get you; that every attachment or link in an email, even from someone you do know personally, may be infected; that every sparkly, pretty, fun program or game may come with unwanted guests. In a combat zone, you never pick up a toy, because it's probably attached to a land mine. All of that will keep you from having to rely on virus/malware scanners, none of which are foolproof, and total reliance on which is like skydiving without a reserve 'chute.

Following these guidelines may make the internet a little less fun in the short run, but will save them time, money, aggravation, or worse in the long run.

If all of the above is too much trouble, then at least buy a Mac.

 

[rivo99]

Yup... these are all good things to say, which I do try to explain as well, but what I'm looking for are a few suggestions on software that "can help" keep things like Security Tool and other currently popular rogue anti-virus programs off a computer. I'm thinking that a sand-boxed browser might be the best solution. At least that way, if a virus makes it's way onto the computer, then you can simply throw out the sand and you are clean... if I understand that correctly.

 

[Xander]

We install AVG and explain to the customers how to update it, as well as telling them they should do so once a day. We also explain that 'no one solution is perfect - if it was, then we'd sell it'

That's not much of a solution (especially since AVG auto-updates). Most antiviruses do nothing whatsoever against the plague of fake AVs I'm seeing ... because they aren't viruses.

That's like saying, "Here's a can of Raid for your rodent problems."

You've got to equip them with antispyware tools as well. Just giving them a stock AV is dropping the ball.

 

[kagman]

Well you could always have them as a limited user. Better yet make a new user, have it limited, and tell the client to use that when on the internet.

Did that for a relative of mine. Got tired to it being infected and redoing the clean ups so i decided to make her limited user. Also gave the person the admin password, but told them only use when you are installing a program and nothing else... Its not a prefect solution but it does help. Since October of last year I have not gotten any call backs

 

[RegEdit]

Microsoft Security Essentials because it's free and real time. If they want to pay then Norton.

 

[J-Bob]

I don't know about the rest of you guys, but limited User accounts, Sanboxed programs and non-automatic Malware protection doesn't cut it for a majority of my clients.
I no longer leave MBAM, Spybot or SUPERAntiSpyware on my client's machines because 95% of the time they never used them. I find that if it's not automatic, it doesn't protect my clients.

And as far as using Sandboxie or limited User accounts, that kind of stuff would frustrate and confuse nearly all of my clients.
They wouldn't know how to use Sandboxie and they'd call me constantly for help using it.
Same with limited User accounts, if their system didn't allow them to do something they'd think their computer was broken and/or probably get confused/upset.

If it isn't automated (scans AND updates) I no longer leave it on a client's machine [unless they request that I do].

I'm in the process of writing simple instructions for using Spybot, so I can add a least a thin layer of additional protection. (I know Spybot isn't what it used to be, but it still helps nonetheless)

 

[Alan22]

I'm wondering why nobody mentioned purchasing a license for MBAM or similar software and have it provide real time protection.....so I will. Sure, it's not 100% (nothing is) but it's better than having nothing protecting the system against malware that the AV programs do not detect. A single user license for MBAM is $25, or become a reseller and get it for 30% less. There's also programs like RollBackRX which will restore a system to a previous state - much more versitile than system restore which gets whacked with alot of these malware infections.

 

[Alan22]

I've considered that option and will be exploring it when current licenses expire. It's hard to convince clients to dump the AV they just paid a renewal on. . .even if it doesn't provide the best protection.

Don't use a program like MBAM instead of AV software, use it in conjunction with

 

[Xander]

I've considered that option and will be exploring it when current licenses expire. It's hard to convince clients to dump the AV they just paid a renewal on. . .even if it doesn't provide the best protection.

You were kidding when you said that, right?
You do know that antispyware is not the same as antivirus?

 

[trapped]

I'm curious is the full version of MBAM is any more effective than a standard antivirus program. Anyone with any direct experience?

I think the main thing is to educate the customer. One of the things I do is show people how to close out the initial pop-up window (red x, right-click on the taskbar and click close, or ctr-alt-del and end task) saying they have a million viruses. Generally they don't get infected until they click on something in that Window.

 

[tankman1989]

Well you could always have them as a limited user. Better yet make a new user, have it limited, and tell the client to use that when on the internet.

Did that for a relative of mine. Got tired to it being infected and redoing the clean ups so i decided to make her limited user. Also gave the person the admin password, but told them only use when you are installing a program and nothing else... Its not a prefect solution but it does help. Since October of last year I have not gotten any call backs

Shouldn't this be standard practice for all the computers that everyone works on? I never used to do this but with my new install of Windows 7, I only run a limited user and if I need to install something, I select "Run as Administrator" and away we go!

Does anyone see any issues with making this a standard practice for all users? As long as they have the admin password what could be the problem with it? Sure it makes some things a few seconds slower during installation, but isn't it worth it for the added security? I don't know many Linux admins that give all users root access which is what makes Linux much more secure.

 

[kagman]

Shouldn't this be standard practice for all the computers that everyone works on? I never used to do this but with my new install of Windows 7, I only run a limited user and if I need to install something, I select "Run as Administrator" and away we go!

Does anyone see any issues with making this a standard practice for all users? As long as they have the admin password what could be the problem with it? Sure it makes some things a few seconds slower during installation, but isn't it worth it for the added security? I don't know many Linux admins that give all users root access which is what makes Linux much more secure.

I think we need to start having people run in a limited user, but also give them the admin password.

The only other alternative is to have people use Google's new OS which is only a browser and kiss our tech business good bye. lol...