Conficker: a good excuse for an early spring cleaning

Some of you have probably heard about Conficker.C, the computer virus/worm that is set to activate on April 1st.  Conficker.C exploits a particular vulnerability in Windows that was announced in October of 2008 which allows code to be remotely executed. Nobody exactly knows what Conficker.C is supposed to do on April 1st, other than receive and and execute instructions from various remote systems, but it is presumed that infected computers will become minions of some huge botnet, with some nefarious purpose such as a large denial of service attack on a singular or group of entities or perhaps steal huge quantities of personal information. Or wipe everyone's hard disks.

Chances are, if you don't hang out on peer-to-peer file sharing networks (or naturally, if you use Linux or Mac OS X, which are not susceptible to Windows viruses) and your system is up to date with all current Windows patches you're probably fairly safe from Conficker.C. But no matter how well prepared you think you are against a malware attack, I see Conficker.C as a good excuse to perform an annual "Spring Cleaning" of your PC, especially if you're finding performance to be sluggish and are experiencing what I commonly refer to as "Windows Crotch Rot" -- the natural deterioration of a Windows system after a period of lengthy use due to registry corruption and leftover junk. While admittedly Vista is less susceptible than XP to these types of issues,  it's certainly not immune to this type of degradation.

Click on the "Read the rest of this entry" link below for more.

Antivirus Software

I can't tell you how many systems I have encountered owned by friends and family members who have let their introductory subscription of whatever included antivirus software package runs out that comes with their new PC. I've never been able to figure this out, but I believe many people think that the "Your update subscription is going to run out, subscribe for $49.00 for 1 year of support"warning message is some kind of ruse into giving Symantec or some other company extra money for a newer version when their current anti-virus product is working perfectly, so they just ignore it.

Naturally, their virus definition update service stops working, and a year later, they get nailed, thinking their software has been protecting them all along. Or maybe they've been nailed long ago and they don't even know it, wondering why their PC has been misbehaving and running slowly for months.

Conficker.C is a particularly nasty virus as it is capable of scanning and killing processes for security products including disabling firewalls, patch deployment, as well as antivirus software. So it's essential that your antivirus software is kept up to date.

I have no problem with spending money on commercial anti virus systems -- such as Norton Antivirus 2009 (or Norton 360 3.0) and ESET NOD 32 Antivirus 4, which are very polished and effective products, but in this day in age I can completely understand why someone might think twice of pulling out their credit card when their computer suddenly prompts them to spend $50.00 -- and frankly, if you're a home user, there's several good free antivirus solutions out there.

First and foremost I would like to mention Clam Antivirus or CLAMAV, which is an Open Source antivirus product, and I happen to like it a lot because it is multi-platform -- it runs on all versions of UNIX including Linux and Mac OS, as well as on Windows. If you use alternative platforms such as Linux and Mac, you can still be a vector for spreading computer viruses even if the virus itself cannot affect you, so I still suggest you scan your systems on a periodic basis, at least once per day, particularly if you exchange files with Windows users. CLAMAV is a very fast virus scanner as it runs on the command line on-demand or via a scheduled cron process, but there are also GUIs available for it, such as KLAMAV for Linux KDE.

On Windows, the GUI-based, run on demand ClamWin is an excellent manual no-frills virus scanner, and it is fully capable of killing Conficker.C.

Should you be unlucky enough that your system becomes totally infected to the point where it has slowed to a crawl and malware processes are rendering it unusable, CLAMAV is built into a number of bootable Live CD Linux distributions, such as System Rescue CD and KNOPPIX, which are capable of read-write mounting your local NTFS filesystems and cleaning off the viruses. Conficker.C can actually block you from downloading antivirus software from the Internet should you actually become infected, so booting from one of these utility distros may be your best (and only) option for cleanup if you actually do get hit. I always keep System Rescue CD around just for this purpose if a Windows system is rendered unusable by a virus infection.

For fully integrated free virus scanners for Windows, I happen to be partial to Avast! Home Edition. When installed, Avast! is completely integrated into Windows with support for web browsers, P2P file sharing and instant messaging clients, runs resident and scans files, and doesn't bog down system performance. It automatically updates itself and provides scanning with a slick looking and easy to use GUI.

Antispyware Packages

Spyware and Adware protection is another area where end-users can get complacent. Like antivirus, there are a number of very good commercial antispyware packages out there such as Webroot Spy Sweeper (the current version of which comes with antivirus software from Sophos) but there are some free solutions that do a particularly good job.

The first of which is Spybot Search and Destroy, which is by far the most comprehensive free spyware scanning and cleaning solution available today. As of March 25, 2009, the software has over 1,525,689 fingerprints in 484951 rules for 4580 products which it can block and remove from your system. In addition to being able to thoroughly sweep your registry and file system for spyware signatures, the software includes an optional real-time registry change monitor known as TeaTimer which actively warns against registry changes to the system that may be malicious -- it should be noted, however, that TeaTimer alerts can be kicked off when doing something innocuous as installing software packages and regular software updates, so some users might find it it be a nuisance particularly if they do a lot of software downloads.

Another free antispyware product is Microsoft's own Windows Defender which comes included with Windows Vista and the current Windows 7 beta, and can be installed optionally as a free download on Windows XP. I personally feel that while Windows Defender isn't a detriment (although I find its usefulness on XP to be marginal at best) I don't find it to be nearly as effective as a dedicated spyware sweeper or as comprehensive a blocking tool as SpyBot Search and Destroy's TeaTimer, so I wouldn't rely on it exclusively.

System Optimizers and Cleaners

In addition to virus infections and spyware and other malware which can degrade performance, Windows's performance will degrade simply from everyday use and requires periodic maintenance to prevent performance deterioration. This includes cleaning up after regular Internet browsing, emptying temporary files that are no longer needed, and removing vestigial traces of applications that have been removed from the system. There are a number of applications on the market that will keep your system "Clean" but I have two particular favorites which won't cost you anything.

The first is Piriform Software's CCleaner, a freeware utility which I find to be invaluable for emptying out browser caches, removing uninstaller files and correcting registry errors. It's also an excellent program to use for quickly removing unwanted bundled applications (aka "Crapware") that get installed (such as the Yahoo toolbar which seems to be packaged with just about everything nowadays) and disabling various services on startup which run in the background that take up precious memory and chew up CPU cycles. Do you really need the Java updater service, the Google updater, the Apple Software updater, the Adobe updater, Picasa file monitor and nine other non-critical software processes running constantly? CCleaner is a great tool for that.

Another application that I heartily recommend is IOBit's Advanced SystemCare 3 Free, which is a one-button "Fix Everything" application that combines some of the functions of CCleaner (Browser Clean/Cache/Junk Clean/Registry Repair) with some of the functions of SpyBot (Spyware Sweep) as well as other system maintenance tasks (System Defrag/Memory Optimzation). IOBit also sells Advanced SystemCare 3 Pro, ($19.95) which runs in a "Set it and forget it" mode in the background, and includes a number of other optimization utilities (such as a file system defragmentation utility).

While not specifically a systems optimization or cleanup suite, I want to mention another invaluable utility that I just found out about (thanks Custard_over_2x_Pie)  a Free/Open Source program, WinDirStatwhich replaces the very similar $28 MoleSkinSoft Directory Size utility which I spoke about in an earlier draft. If your hard disk is running out of space, don't just immediately consider buying a new external or internal hard drive to fill it with more crap -- figure out what's eating all that space first. WinDirStat is useful for finding directories and files that are hogging up your system and will quickly identify the culprits, and show you graphically who the big hogs are. Got a giant pile of CD ISO files or scanned documents you don't need chewing up 60GB of space in some forgotten folder six levels down which you forgot about a year ago? Do you have invisible temp and uninstaller directories from previous Service Pack installs beneath your /WINDOWS directory (called $NTuninstall ) eating up hundreds of megabytes that can be freed up? This tool will help you find them so you can offload them or delete them from your drive.

Lastly, I'd like to mention the free Windows Installer Cleanup Utility from Microsoft. This program allows you to clean up directories from aborted installed products which use the MSI packaging format. This program should be used with caution, as it might require that you have to re-install other applications on your system.

Got any other good "Spring Cleaning" tips? Talk Back and let me know.