Several members asked me if there was any way to minimize risk when downloading unknown programs from the Internet, particularly programs that were associated with malware removal.
It’s no big secret that these types of programs are written by people who understand malware explicitly. It’s also well known that malware scanners imbed themselves deeply in the operating system. So, one tends to get a bit creeped out in having to trust these particular developers and their products? The good news is that there are simple precautions that will help minimize the risk. Here’s what I do.
Check out the word on the street
I check the Internet buzz (not going to say the G-word) about the product in question. For example, I trust CNET’s Download.com to give a good, detailed review of the application. Download.com also publishes editor/user ratings and the number of current downloads for each program, which are all good indicators of the program’s worth.
Still, I must admit that I look at reviews very conservatively. In my world, the review for Malwarebytes’ Anti-Malware (MBAM) only tells me:
- A reviewer tried the application and it didn’t negatively affect anything, otherwise it wouldn’t be available for download (something about site reputation).
- According to the description, there’s a chance that the application may fill my need.
If the initial Internet investigation is positive, I’m ready to give the application a try. I first set up as many safeguards as I can to prevent problems, especially being able to fall back to a known good set point on the computer I’m using.
Sandbox to be safe
To accomplish this I use an application by Ronen Tzur called Sandboxie. It’s sole purpose is to isolate applications and prevent any leakage from the sandbox to the main operating system. For more information, you can refer to Tom Olzak’s well-written article “Use Free Sandboxing Software to Isolate Risky Behavior.”
After installing Sandboxie, I start a Web browser (Firefox in my case) in a Sandboxie container. I then go to the appropriate Web site and proceed to download the program I want. Once the program is downloaded, I install the program while still in the protected confines of the Sandboxie container. I then analyze the program’s behavior, trying to see if the program or the operating system are acting abnormally in any way.
If I’m comfortable with the application’s behavior, I close Sandboxie and actually install the program on the computer. You may ask why not just run the program in Sandboxie? With many applications, that’s entirely possible. In this case we’re concerned with malware removal programs such as MBAM, and it’s been my experience that malware scanners don’t work well sandboxed.
That’s the process I use to download and test unfamiliar programs, especially malware scanners. It sounds like a bunch of extra work, but I would argue that it’s significantly less work than having to rebuild a computer that didn’t react well to a program load.
Need help keeping systems connected and running at high efficiency? Delivered Monday and Wednesday, TechRepublic’s Network Administrator newsletter has the tips and tricks you need to better configure, support, and optimize your network. Automatically sign up today!