Spyware removal is a very tricky business. Once spyware gets into your system, it will be very hard to blast those spyware. You might need specific spyware removal tools. While some spyware can be fixed by your anti-spyware software, others are much more difficult to disinfect specially if they got installed before the anti-spyware software. In such cases, you might need a spyware removal tool for that particular spyware.

Smitfraud and Vundo, for instance, are spyware which are very difficult—if not impossible—to clean using conventional means. You have to use a specialized spyware removal tool for each. And if you’re unlucky enough, you might even have to do a manual spyware removal of these spyware. Those who are not familiar with spyware removal—much less, manual spyware removal—are normally instructed to download and install HijackThis. HijackThis is not a spyware removal tool but an enumerator. HJT is then run and the resulting HJT log is sent to forums specializing on spyware removal where a human will read the log, give instructions, and ask for a fresh log. This cycle goes on until the spyware is finally removed.

So, the next time you download free movies that ask you to install some codecs before you could watch, think of how pleasant spyware removal can be.

Forums are full of questions like: “What is the best antivirus firewall software?”. You need to know that there is NO such thing as an antivirus firewall software; much less, the best antivirus firewall software. If you peruse the archives of this blog, you’ll find out that an antivirus and firewall software are two different programs with different purposes.

An antivirus software does three main things:

• It checks new downloads and files to see if they are viruses;
• It scans your computer every now and then for viruses; and,
• It attempts to clean or remove viruses when any are found.

A firewall, on the other hand, acts as a checkpoint at your computer’s entry points. It determines which message is allowed to pass through.

There are also Internet security suites that contain both antivirus and firewall software. (Though most only include anti-spyware and antivirus software) But while some Internet security suites contain both antivirus and firewall software, they are still different programs packaged together—not one antivirus firewall software.

So, if you reached this page searching for antivirus firewall software, please let me guide you to Internet security suites instead. They provide a more complete protection for your computer and give you a safer Internet browsing experience. As to what Internet security suite to buy, there are a lot of good programs but you can’t go wrong with these:

• Eset Nod32 Antivirus System (current favorite)
• Kaspersky Internet Security (another favorite)
• Norton Internet Security (I used to hate this but after checking around, the latest versions are actually good)
• Vipre Antivirus with Anti-spyware

So stop searching for antivirus firewall software now and go get a good Internet security suite.

Searching for celebrities can get you into deep trouble and is another reason why you need updated anti-spyware, antivirus, and firewall software. Mashable.com just pleaded: Whatever You Do, Please, PLEASE Don’t Search for Jessica Biel. They said that danger hides beneath a pretty face. You could end up with computer viruses and spyware where you didn’t expect it. Tech.Blorge also gives out a warning: Google Jessica Biel at your own risk. Searching for Jessica Biel, according to them, gives you a one-in-five chance of getting infected by a computer virus or spyware.

Jessica Biel, however, is not the only celebrity search query that can load you up with computer viruses, spyware and other malware. In Cnet News, you can see the top 15 most "dangerous" celebrities according McAfee's report. I suggest you check out that list. And if you’ve ever searched for any of those celebrities in the recent past, you better scan your computer for spyware and malware ASAP. Then, perform spyware removal procedures when necessary using your favorite spyware removal tool.

Oh, the world we’re in! People search for beauties and what they get are beasties.

In a previous post, I told you to be wary if you choose to download free antivirus software. In another post, I said that just because you will buy antivirus software instead of downloading a free one doesn’t mean you’re already safe—you must buy antivirus software only from a reputable antivirus company. But how does that relate to the former president of the Philippines?

If somebody uses a particular search term about the late president in the past few days, they would have been presented with these highly optimized malware sites in the results page: (these sites had been blocked already)

• http://{BLOCKED}-gonzales.redxhost.com/corazon-aquino-death.html
• http://{BLOCKED}sa.20x.cc/corazon-aquino-death.html
• http://{BLOCKED}rank.0adz/corazon-aquino-death.html
• http://{BLOCKED}-1.0adz.com/corazon-aquino-died.html

When the user clicks on any of those links, they’d be redirected to different sites containing malware that would then lead to the download of a fake antivirus software detected as TROJ_FAKEALRT.FK. The fake antivirus software would then possibly download more malicious files and fake antiviruses. While the sites probably would not work anymore, you need to watch out for similar tactics when searching for other terms with breakout popularity.

How would you know, then, if a link would redirect you to malicious sites distributing malware? You probably won’t. That’s why it’s worth repeating that you need anti-spyware, antivirus and firewall software installed as it would only take a few minutes of browsing before you can be infected with viruses, spyware and other malware. Your security software should be able to immediately block the connection or quarantine any questionable downloaded binary or script. And if ever you’d be redirected to a site selling—or offering for free download—antivirus software, don’t buy it; or, at least, check it first. Buy antivirus software only from a trusted company.

Would you believe someone if he told you not to buy antivirus software? How about if that someone is a manager of an antivirus company? Yep, I’ve read somewhere (last year) that a manager of an antivirus company advised people not to buy antivirus software—including those from his company.

But before you think this guy is nuts, Let me assure you that he is right. What he was actually saying was not to buy antivirus software only because it is inadequate. According to him, you should buy antivirus software suites or Internet security suites instead.

And he is correct. Like I said in my previous post about essential security software, viruses are not the only threat to users anymore. In addition to antivirus software, you need spyware software, (more properly, anti-spyware software) and firewall software. Those are the essential security software. But If you also hate to be contacted by some long-lost relatives from Nigeria because of some estate settlement matters (amounting to Millions, I should add), I suggest you also get a good a spam blocker or spam filter. Finally, a popup blocker could also be a nice addition.

Do I buy antivirus software suites or Internet security suites? I don’t. I prefer my spyware software, antivirus software and firewall software to come from different security software companies. There are instances when security software company A updates their antivirus software more often than security software company B does, but the latter updates their anti-spyware software oftener than the former. It could also be that security software company A’s antivirus software rocks but their spyware software sucks. Another thing is that I want the flexibility to change my firewall software while retaining my anti-spyware software. Finally, Internet security suites just feel too bloated for me—specially considering that it always runs in the background.

For newbies, however, (or those who don’t want to spend too much time mixing and matching) I suggest they simply buy antivirus software suites or Internet security suites. It takes the guessing out of the equation. Anyway, Internet security suites are getting better and better than when I first tried them. So unless you know what you’re doing, buy Internet security suites instead of individual products.

If you decide to buy antivirus software instead of using those you can download for free, then you need to buy antivirus software from a reputable antivirus company. Don’t ever think that since you will buy antivirus software and not just download a free antivirus program, then you are safe. There are antivirus companies who are only too eager to lock you in their antivirus software lineup. Don’t buy antivirus software from them.

Research a company if you plan to buy antivirus software from them. If you are not familiar with antivirus software, determining which antivirus company is trustworthy could be hard. I found a list by Microsoft of antivirus software companies. Wikipedia also has its list of antivirus software. Wikipedia’s list is nice because antivirus programs are compared to each other by operating system availability and boot-time, among others. It also includes a list of antivirus programs free to download. Don’t buy antivirus software without checking these lists or that of reputable sites like CNet or PCMag. Your internet security depends on it.

If you are new to antivirus programs, it is safer to buy antivirus software. Don’t get me wrong; there are still risks even if you buy antivirus software as I’ll discuss in my next post. But the risk is greater if you download antivirus for free from some no-name site.

I know that there are good antivirus free to download. I even have a link to a list of free antivirus software which I’ll share with you tomorrow. I’ve used a couple of them, too. The problem is knowing a good free antivirus to download from a bad one. As one reader pointed out in a previous post, (Hi, Holly) some of these free antivirus software contain viruses themselves. I can’t agree more as I’ve encountered them myself. In one site I visited, it said “Your computer is infected. Click here to download our free antivirus”. (Or something along those lines.) Yeah, right. Their free antivirus did not even have a name.

But if you still plan to download free antivirus software, just be aware of the risk and research the antivirus software company. Check if there are any antivirus reviews mentioning them. There are good free antivirus programs out there. However, it is simply safer for newbies to buy antivirus software. It’s worth the cost.

I’ve already talked why it is desirable to install security software first. Now, let us talk of what types of security software to install. Actually, there are a bunch of them. There are keyloggers, password crackers, (yes, you need those to determine the strength of your own) port scanners, IDS, (with weird names like SATAN and SAINT. lol) and more. But don’t fret. Those security software are not essential for most users. I’ll try to discuss them in a future post on Network Security Software. Here, let’s focus on the essential security software that you really need to install on your PC.

Antivirus Software

Prior to the Web—or before it became mainstream, at least—there is only one essential security software to install for the average home user; and that is the antivirus software. During those times, I’m not even sure if the term security software was already used because there is only one anyway. (vis-à-vis an average user) An antivirus software scans and removes computer viruses, worms, and trojan programs. A good antivirus software should prevent the infection in the first place. They detect these viruses either by signature or by behavior. Antivirus software can also be real-time or scan-based.

An antivirus software using signature-based detection checks the files in your computer and compares it to a database of known virus signatures. If there is a match, the antivirus software reports the file as a virus. This means that your virus signature database must be up to date. Otherwise, a new virus won’t be detected by your antivirus software as its signature is not yet in the antivirus software’s database. There will be misses in this system and its magnitude is proportionate to the age of your virus signature database.

If your antivirus software uses behavior-based detection, it observes the behavior of programs in your system. If it acts like a virus, the antivirus software flags it as so. Needless to say, there will be a lot of false positives with this system. The fun thing is that most antivirus software will be reported as a virus by other antivirus software using behavior based detection. The reason is that most of the functions of an antivirus software like reading all files in a directory, locking it, taking charge of main memory, etc., are very virus-like.

Most modern antivirus software, however, uses a combination of the two. Some call their behavior-based detection system as heuristics. What’s confusing is that other antivirus software use the term heuristics as an advanced form of signature-based detection. But let’s not bother you with that, shall we? Normally, they go through signature detection first so as not to waste time doing heuristics when the file’s signature is, in fact, already in the virus signature database.

As mentioned earlier, an antivirus software can either be real-time or scan-based. A scan-based antivirus software will only run if told to do so via right clicking a file to be scanned or by selecting it in the Programs menu. A real-time antivirus software, on the other hand, will load itself into memory as soon as your operating system starts and oversees all running processes.

You need one and only one antivirus software with real-time protection. If you install two or more, you will not be increasing your computer’s security. In fact, you will weaken it. That is because both antivirus software will be trying to kick and lock each other out. That’s just how they work. You can, however, install another scan-based antivirus software. There would be no conflict in that setup. You’ll end up with a real-time antivirus software and two scan-based antivirus software. (the real-time antivirus software almost always includes a scan-based antivirus software)

Spyware Software

When the Internet escaped from the educational institutions and military facilities and entered into the household, things got a little bit more complicated. People started to connect and viruses, worms, and trojans began spreading at a faster rate compared to the previous age of sneaker net. E-commerce emerged and credit card transactions followed. Then came a new breed of malware called spyware. These sneaky little pests are similar to viruses except that they mainly gather data instead of harming your computer.

Security software companies created spyware software to combat this specific threat. A lot of money is lost due to spyware and spyware software aims to prevent this. Spyware software operates similarly to an antivirus software. There are also real-time spyware software and scan-based spyware software. Since spyware hide in a lot of places, spyware software works double time in tracking them. A common place where spyware software hunts for spyware is in browser helper objects. Some antivirus software already include spyware software.

But even if spyware software is installed in your computer, you should still be very careful with what sites you visit. Spyware software is not yet as mature as antivirus software and new spyware pop up all the time. In addition, it seems to be easier to get infected by spyware than by a virus. Merely viewing a site can get you infected when you need to download and install something first unless it is just Flash or Silverlight. (Be wary of message like: click here to view this site.)

In addition to spyware software, you can also protect yourself by disabling scripting in your browser. (ActiveX, VBScript, or JavaScript) But you will also loose some website functionality if you do so. It’s a personal call and greatly depends on what sites you frequently visit. Me, I don’t disable it.

Firewall Software

The third security software that you’ve got to have is a firewall software. If your computer were a house it is one with a lot of doors. These doors are called ports and firewall software acts as the guard. There are 1,023 common ports or doors to your computer. Depending on installed software like messaging, chat and games, it could, however, go as high as 65,000! Not all of those will be open but a lot of them could be. And you have to know which. If you don’t guard your ports, hackers can easily enter your system while whistling a tune. Could you sleep at night if even one of your 65,000 doors are unlocked or open? How about a hundred? There is a reason why Microsoft included a built-in firewall software with their operating system.

Firewall software allows you to monitor your ports, specify which ports are opened, specify which program can access which ports and which protocol can be used by what program in which port. The best firewall software will allow you a very fine grained control over the above variables. Windows has a built-in firewall software but it only allows limited configuration. For ordinary purposes, though, I think this built-in firewall software is enough. Your question is probably which port should you open and which should be closed. Ideally, all unnecessary ports should be closed in you firewall software. And what is necessary would depend on what software you have in your machine. Windows default firewall setting is a nice place to start.

Note that firewall software screens incoming and outgoing data transmissions. This means that a firewall software can augment your spyware program. Aside from making sure that hackers cannot enter your system from the outside through open ports, it also prevents unauthorized outbound communications. As I said, spyware is meant to spy and gather data like account information, browsing or purchasing history, and data for determining demographics. It has to send this data some time. When it does, your firewall software can flag it and prevent the connection. So, even if a spyware managed to pass through your spyware software undetected, it can hopefully be caught by your firewall software.

There are a lot of things I want to write about these topics. I am even considering separate blogs for each of the topics above. They are so deep and change so fast. What I am able to provide here is just a bird’s eye view of sorts. I’ll try to probe deeper in succeeding posts. Or maybe, I’ll just write a book. ;) (kidding)

I mentioned in a previous post how the word hacker had been inaccurately used to refer to a cracker who breaks into and compromises the security of computers and networks for personal gain or for the simple thrill of it. This confusion was started by the popular media. Given its influence and extensive reach, it’s too late to be able to do anything about that now. And while I defiantly resisted to go with the flow in the past, there are substantial reasons to give in finally.

One of the things I hope to do with this blog is to inform people about computer security, network risks, privacy, etc. With that, hopefully, they will have a better awareness of the dangers lurking in the unsavory regions of the Internet and hence, have better chances of survival. :) People do not often hesitate to visit a questionable site if they do not know, for example, that the site has the capability of storing some personal information including their browsing history and preference for a particular (ehem) cup size.

But before I could even think of informing, I need to reach out to them first. And I cannot do that if I use the correct term cracker instead of hacker because they mostly use the latter in their search queries. So, I finally decided to use the term hacker even when referring to crackers regardless of my feeling on the matter. Something’s gotta give and between me and the million, it’s not gonna be the million.

So, what do you think is the lesson in all this? For me, if enough people call a duck a dog, then that’s what it’ll be called. To the duck, all I could say is that it has my sympathy but that it should start learning how to bark. Now, imagine if enough people call you a Jedi Master… But you know I’m kidding, right? Seriously, there really are times when it’s sensible to give up even _ for a greater good.

I'm a bit of a paranoid when it comes to network security. The Windows installations in our home network, for example, is anything but a default installation—fine grained settings like local security and user permissions have been tweaked and tuned, and both operating system and router firewalls have been enabled. Additionally, an anti-malware software roam the premises to guard against viruses and trojan horses, while another guards against adware, spyware, keyloggers and such. On top of that, my Firefox browser have it's own anti-malware extensions like Adblock and NoScript. In a way, I built my system like a tank.

My concern for security started sometime in 1995 when I began learning about networks (particularly TCP/IP) and operating systems (Unix). In addition to all those alphabet soup, which would be sufficient to call the attention of the AAAAAAAA (American And Austral-Asian Association Against Acronym Abuse), I learned that the moment you are connected to the Internet, you are already a big, fat target. Specially if you are using a default installation of Windows in which you are running as a member of the Administrators group. And more specially if you are running Internet Explorer. (But I should say that the new IE8 has become a lot better) It is not a question of whether your system can be compromised or not but of when. Once you register as a blip in the network intruder's radar and she has set her sights on you, all you can do is pray.

But that's not the only reason for my online fears. There was a time when one of our computers got infected by a very nasty virus. You wouldn't know it was there. I just noticed it when the modem activity lights showed some kind of network activity even when I was not browsing. Then, the memory taken up by all declared running processes plus the available memory does not add up to the total memory; hence, some processes are running in the background undeclared. My anti-virus failed to clean my system and I ended up having to manually search and delete all infected files in safe mode by inspecting each alleged system file and checking its signature and file version. A tedious task. It is a very time consuming process that I do not wish to repeat again.

Building my system like a tank, however, is not enough. I also have to secure all my online accounts with strong passwords. That's not a problem though, because I have a program which could generate a password of any length with a random string of letters, numbers, punctuations and symbols. I prefer 14 characters—something like: 8%{tG7,dz;$F_4. Now, it would seem that remembering that string would be a problem specially because there are about a dozen more of them for all the email and online accounts I have. (I use different email accounts for blogging, friends, family, clients, throw aways, etc.) But my password generator can also store all of them encrypted with a master password. It even auto-fills the form in most login pages. So far, so good.

So I'm good, right? Wrong.

About three weeks ago, something came up which even my well thought of (at least that was what I thought it is) security precautions were not prepared to handle. Windows was doing its routinary downloading of updates while another software was indexing files in my hard disk. After the download and the automatic installation of updates, I turned off my computer and readied for bed. What I did not know was that my file system just failed at that moment. I do not know the cause either. It could be a clash between the system update and the indexing which had not been resolved since I had turned off my machine immediately, or maybe it's just the alignment of the stars that night.

What I do know, however, is that the next time I tried to boot up my system, it won't. It won't go past the NT boot loader because it cannot find a system file it needs—courtesy of a broken file system.

I used another machine to connect to the internet and consult Google. It has always been my friend. I'm sure it can help me out now. Most of the solutions I found recommend running Chkdsk with the F switch thrown in. I already know that but how can I run Chkdsk when I cannot even login to the system?

Unfortunately, I can't do all my troubleshooting in one sitting. There are other things on my list. But after some days and more Google search result pages later, I found another trick. It seems that one could boot up using the Windows Installation disc and do a repair from there. No need to do a reinstall; once the problematic Windows file system is detected, a new option to repair that partition would be added to the option of doing a fresh install.

That was just what I did. I booted the system up using my Windows Installation disc. But when the prompts came, there was not any option about repairing the broken file system. It looks like the file system was not only broken but was broken badly enough that it can't even be detected, much less repaired. At this point, I started thinking about my blog and all the comments I have not replied to yet. I started to panic and miss my friends in Twitter.

Then I had an idea. I thought about installing Linux in a separate partition of my hard disk. With Linux installed, I said to myself, I can run Firefox and hence tweet and manage my blog and my inbox from there. I would have liked a dedicated email client or a dedicated Twitter client but a browser would do for the meantime. For word-processing, I could use Google Docs also in Firefox. I could then repair my Windows file system when time permits. Or so, I thought.

The next evening, I had Linux installed (Jaunty Jackalope). Another evening after that, I had it updated, configured, massaged and ready to go. (I can't do everything in one sitting, remember? I do have a wife whose whims I need to take care of.) Wow, this is it, I said. First stop, Twitter. Uh, oh. It asked me for a password. I have not even thought of it since everything had been automatic in my previous environment. I didn't have to enter any passwords. And if you remembered the sort of password I described above, you now know that I have a problem, right? What about my email accounts or my JS-Kit? It looks like all of the things I did were useless. I still needed that Windows partition so that I can recover the passwords file.

Fast forward to a few days ago, I finally recovered everything; thanks to the advanced tools provided by Linux and the fact that the Windows file system, NTFS, is a journalized file system. I'll spare you the gruesome details of how I went through recovering it, like how I used a flame torch, a chainsaw and a sledgehammer on my system; (Just kidding. Kids, don't try this at home.) but suffice it to say that it took me almost as long as manually extracting the virus that infected our system in the past. Running Chkdsk alone almost took a total of 48 hours. (I also did it about three or four times though succeeding checks became a little faster as there were already fewer errors.)

Looking back, I spent a lot of time making sure that my system is almost impervious to external threats but failed to consider threats from within the system like a hard disk crash or failure, or a file system corruption. Those extra secure, incomprehensible passwords even made it more difficult for me after the system failed. In addition to locking out external threats, I should have considered a sound backup strategy in case of problems within the system. With a proper backup system in place, it would have been easier and much faster to do a reinstall and then to restore all the data.

Despite being a dull narrative of my misadventure with the Windows file system, I do hope you'll learn from this because it can happen to you too. And if it does, you might not be as lucky to recover any important files you may have. Anyway, a thumb drive or a dual-layer DVD, which are both portable and spacious, does not cost much nowadays.

My Windows system is now up but I'll still be sticking with Linux for a while until I'm totally sure that the Windows file system is healthy and won't thrash after an innocent write. So if your Google Analytics would show a couple of Jaunty Jackalopes, one of those might just be mine.