NOTE: If you'd prefer to view this information as a blog post, check out this entry in our Five Apps blog.
Protecting a PC against malicious software is a never-ending battle. The second you think you have your machine clean, something else appears -- no matter what piece of software you use to combat this plague. Even so, you still need to have some protection installed. Here are the five tools I prefer for keeping Windows as malware-free as possible. They don't cost a dime, and they're about as reliable as a malware removal tool can be.
Jack Wallen is an award-winning writer for Techrepublic and Linux.com. As an avid promoter/user of the Linux OS, Jack tries to convert as many users to open source as possible. His current favorite flavor of Linux is Bodhi Linux (a melding of Ubuntu and Enlightenment). When Jack isn't writing about Linux he is hard at work on his other writing career -- writing about zombies, various killers, super heroes, and just about everything else he can manipulate between the folds of reality. You can find Jack's books on Amazon, Barnes & Noble, and Smashwords. Outnumbered in his house one male to two females and three humans to six felines, Jack maintains his sanity by riding his mountain bike and working on his next books. For more news about Jack Wallen, visit his website Get Jack'd.
Hitman Pro is a great utility. Downside is you have to be Internet-connected to run it, and actually "cleaning" the malware costs you a license. However, it gives you the full path to the malware, so you can manually clean it yourself. Also Drive Unlocker, allows you to unlock locking handles on running files, so they can be deleted.
I really wish that when TechRepublic puts out articles such as these that they inform the readers that some of these products (and likely most of them) are only "free" for home use. Granted some of the software publishers make it really difficult to determine this by either not publishing the EULA on their site or creating some other sort of vagueness. Two Cents stated not being able to find the EULA for malwarebytes on their site and from that made the assumption that it is indeed "free" even for business use. Your co-workers are correct, it is not free for business use: http://forums.malwarebytes.org/index.php?showtopic=68008 It is not even free for government use. We made a direct inquiry to them and were told that it can only be installed on the number of computers you license it for.
Combofix, Malwarebytes, Spybot - top 3. AVG - not so much (ever tried installing the last few iterations of it? Requires a special tool to remove it most of the time and you SHOULD uninstall it because it doesn't work worth a hoot). Avast - just so-so. Microsoft Security Essentials blows away both AVG and Avast and it's free, too, and I'd place it at number 4 on your list. After that lineup, who needs number 5? :)
After trying multiple times to get Microsoft Security Essentials to be less of a resource hog on Windows 7, I uninstalled that and went back to AVG on all of our home computers. In over 5 years, the only "infection" we've had to deal with was one or two cases of "scareware" that (in my experience, also including 1000+ computers supported at work) no anti-malware tool is capable of preventing (and luckily, are very easy to remove). Malwarebytes is defnitely an excellent tool. Some of my co-workers believe the free edition can't be used except for personal (home) use, but I've scoured the web site (http://www.malwarebytes.org/) and didn't find any information to support that. I would say that Combofix should only be used as a last-resort, when everything else fails and for some reason you don't want to start with a new load/image. Some co-workers report good results with Norton Power Eraser (NPE), but I've found better results using Symantec Endpoint Protection, which we have licensing for on all of our work computers. Though technically not a utility/program, another indispensible resource is the Bleeping Computer web site: http://www.bleepingcomputer.com. They have very detailed instructions for removing most malware (both manual and automated methods). In most cases I've seen, the automated recommendations usually involve RKill and Malwarebytes. One last opinion: Secunia PSI is excellent for keeping your computers up-to-date on Windows patches & lets you know if an installed app needs to be updated.
On my old Windows XP with .75 GB RAM - adaware seemed to be churning down too hard on the resources - removed Adaware and it runs better. I kept malwarebytes and Superantispyware. They have both helped to pull me out of situations with user's computers. From my experience I believe that Avast and Avira are two of the best AV programs. I currently use the Microsoft Security Essentials on one of my PC's - have heard it works pretty well - and should work well with Windows, but MS is a team so not sure it if would be better just because it was "made" by MS. Mr. Walen can choose what he wants, but I think he missed the boat on the Adaware over SuperAntiMalwre. I have had problems with updating SuperAntimalware on a Windows 7 box, I no longer have - when I installed the full paid for version - not sure if that has been fixed, several people were having the problem at the time, perhaps a couple years back.
https://www.botfrei.de/en/avira_down.html from Association of the German Internet Industry
Combofix Malwarebytes Norman Malware Cleaner (Free) MSE CCleaner SandboxIE (Sandbox your future browser or any program sessions after I clean your pc)
I use these in combination for several years now and find they work really well together to keep PCs virus & malware free. The paid version of MalwareBytes allows you to install it on several of your home machines under a single license. MalwareBytes is well worth paying for. I install the free versions of both AVG and MalwareBytes on to any PC that I work on. I agree that it would be nice to have the resident scanner in MalwareBytes, but I simply recommend that it is the one to buy!
I agree on AVG (it sure is not what it used yo be several years ago). AVAST IMHO is the BEST FREE Anti Virus and the Boot Scanner is a great feature. Malwarebytes & ComboFix are in a league all their own. I switched some time ago from SpyBot to SuperAntiSpyware FREE and find it a good compliment to Malwarebytes.
Its based on Kaspersky AV engine and its free as well. You can downlad it from http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV And the next one not to forget is the Kaspersky Rescue Disk, which is free and can be downloaded from their website
I'm sorry, have you actually looked at MBAM recently? There is an real-time component, you just have to PAY for it!
Jack, your list is a good starting place. I used to like the Malwarebytes and Spybot one two punch. Now, I usually go with Malwarebytes and Super Anti Spyware Free Edition.I think it works as a better stack. I would also recommend HiJack this. It has been around for a while, but is a really useful tool.
AVG turned into a real pig - too bad, since it absorbed Ewido Anti-malware, which was a great program (that's why the anti-malware side of AVG is so good). Avast, Avira and MSE are all more effective AVs. though, and much lighter on system resources. I use Avira myself, it's consistently at or near the top in tests. I also run Malwarebytes' and SuperAntispyware. Gave up on SpyBot S&D some time ago - it's old, tired and slow. If they ever work the bugs out of the new version I may revisit it.
Hey, what about Super-Antispyware??? Is fast easily updated...Has a run-time option and generally does a more in-depth cleanup job than Malwarebytes...Though I use both....its SUPER-antispyware that is my go to guy...I actually use AVG as my day-to-day protection...the other two I run manally as needed...along with S&D SPYbot....never really have any problems... I can also recommend CCleaner too...But of course it will clean up your stored passwords, so beware....otherwise has never caused any harm...and does speed things up!
was certain to see Microsoft's Security Essentials on the list. I've been installing it on home users' machines and it works great! Pretty seamless integration with Windows 7 and it's FREE from Microsoft!
I have Free AVG on one of my laptops (with Vista on it, don't laugh!) and it really hasn't been working for me lately, so tried to remove and it has been a bear! I am still trying to remove it! Not sure what is going on. I use to really like it, but I haven't been that happy with it and want to get it off so I can use something else. Any ideas?
I got the " Paid Version Life of the PC " for only $15, that isnt much these days, I have No complaints and everything is intuitive and I would actually pay for it every year, dont tell them that,,,,,,,,,,,,,,
You're a bit hard on Malwarebytes. The paid version does have a resident component, which sets it apart from the free one. But the free one is brilliant at what it does, and for MWB to keep it free is mighty generous, IMO.
You Are Wrong in what you say about having to remove AVG, you simply disable it until reboot then run Combofix as Admin and all works fine and no need to uninstall AVG and it will reactivate after Combofix reboots your system.
that the free version of almost all the products I've tested are better than the paid versions. The only exception to this rule is Emisoft's Mamutu, but then I might say the free version of their anti-malware suite is better also, as I couldn't get reliable performance from their full paid suite. Mamutu doesn't have a free version anyway - so it is fully an exception here. I have paid for full versions occasionally to see if they work, so I have supported many of the best tools many times; and many of my clients have too. I also encourage donations to the companies that take them, most of my clients can afford a few dollars toward the cause, and they are surprised when I recommend such small amounts - but then - if I didn't they wouldn't be able to support them anyway, as most of them are indigent.
that AVG has ruined machines for my clients - I just can't recommend it - friends just don't let friends do AVG!
[quote]I would say that Combofix should only be used as a last-resort, when everything else fails and for some reason you don't want to start with a new load/image.[/quote] This. ComboFix is a hugely powerful program that has a ton of features. However, I would really advise that the average Joe really shouldn't use this as their go-to program every-time they think they have an issue with their machines. It is a very powerful program but could end up doing more harm than good if used unwisely.
but only recommend the free one to my clients, because it's true use is the crazy fast boost scan. It can make quick work of even a terabyte drive in boost mode! When I go on a rescue mission, it always finds even more malware, even after scans from many reputable brand names. The last time I used it in safemode, it made serious hay of many hidden malware variants - but a ZAccess backdoor new the jig was up, and blocked any subsequent boots. It was a zero day threat, and even Kaspersky's Rescue CD 10 couldn't get rid of it. Two days later, Avast was able to remove it from the backup folder.
If you use limited Windows accounts, only the IP blocking feature works. But I consider that worth the once-a-lifetime fee! AdAware was one of the few that actually kept malware from operating on the limited side(AdWatch), but I don't trust Lavasoft since they got bought out in January. When I tested AdAware in my honeypot lab, it would usually block known malware, even if it didn't need privileges to run. It would do this silently, unless you tried to force the issue, and then a warning alert would pop up. Too bad I can't trust it anymore. The RAM issues were challenging on older machines anyway.
I tried the new one, but it was no where near as good as the older Lavasoft AdAware. However, I don't trust Lavasoft since they got bought out in January. At least the old Spybot did block many cookies that you just don't need on your machine. I wasn't aware it had a host file, but it blocks a lot of troublesome ads that used to try loading malware on my honeypot lab. I always like the old SaferNetworking Tea Timer resident, but I agree, that it is old and tired and badly in need of modernization. The new release candidate, is apparently NOT free. As the trial ran out, my only recourse was to either donate or go back to the old SS&D!! I just don't feel it is good enough for a donation anymore.
Good point. I've been installing on computers other than mine. Jack's article is definately INCOMPLETE.
You're absolutely right that Combofix is great, but AVG in it's current form, blows. You should just uninstall it (if you can without having to resort to their removal tool - HINT - any program that has an uninstall built-in that doesn't work and requires you to get their extra special uninstall tool SHOULD be uninstalled from your systems!). If you wanna do it right, run CCLEANER, then COMBOFIX, then MALWAREBYTES, and install MSE - all you need to keep your PC running sweet! Just sayin'... :)
This machine is running: - Comodo Firewall - Vipre AV ( Not free, I paid for this) - Ccleaner - as mentioned it removes passwords, but a good registry cleaner - and Malwarebytes anti-malware Gave up on AVG, Spybot, Winpatrol, and it looks like Superantispyware has gone too.
I ran the AVG removal tool several times on an XP machine to remove AVG 7.5 on a customers machine in safe admin mode. Splash screen upon startup still comes on telling me product is not loaded and needs activation code! Can't seem to get rid of it! And i was amazed at all the files it removed from the registry!
because it is so trigger happy about the startup folder; in fact that is all I use it for. The reason, is that Zeus and its variants, inject into the startup folder upon reboot, shutdown, or log off - so it can survive to the next session - unless you happen to run CCleaner before hand, and then you might not ever need to worry about it. The only problem is that it is subject to malware manipulation, even on limited privilege accounts. I don't have a problem with that, because you can recognize the side affects of this attack. As long as the user is aware of what is going on in the "systray" (or similar), you can become aware of this condition and prepare for cleaning or scanning to rid the PC of the malevolent software. I still like SAS's crazy fast scanner - it is one of the best in the industry. That is also the only reason I use it, because it really doesn't offer anything to the limited account environment - unless you want to run it as administrator(Vista/Win7) all the time, which I still consider a bad practice - for now.