![]()
![]() |
Resources & Links for Security Now! Episode #7:
Spyware management can be broken down into three main areas:
Never is that more true than when dealing with spyware and malware. It is FAR better never to become infected than to need to deal with the consequences of being infected. The best advice for avoiding running unwanted software on a PC can be summed up with the following:
The top three spyware detection tools:
The war against spyware is escalating daily with spyware becoming increasingly difficult to both detect and remove. This problem has grown to the point that spyware removal is a full-time business for many computer consultants, and is truly more of an art than a science. It requires deep experience and knowledge about the inner workings of the operating system and key applications, as well as intuition informed by extensive experience with past successes and failures. The spyware removal challenge is a moving target because spyware is becoming extremely aggressive as the battle over the end-user's computer escalates. Today's spyware is much more resistant to automated removal tools, and it often goes so far as to prevent infected host computers from running anti-spyware tools, or even from visiting or downloading anti-spyware utilities. (It's difficult to use an anti-spyware utility that your already-infected computer refuses to run.) This means that a badly infested machine either needs to be reformatted and reinstalled from scratch <<shudder>> or restored from a (hopefully recent) backup which was made before the infection. Since, by far, the best solution is to restore the system from a recently made backup "snapshot", spending some time beforehand to optimize the system's configuration for easy baskups and restores can pay off tremendously if anything bad ever happens.
Optimizing a system for backup and restoration: |
This is unfortunate since only the main operating system files, configuration, and installed application software need to be preserved against an "installation attack" by malware. By mixing the "system" files together in the same partition with all of the user's data, backing up and restoring the "system" means backing up and restoring the ENTIRE hard drive's contents, which becomes daunting and time consuming, if not impossible.
A FAR better approach is what PC veterans have been doing for years deliberately dividing a large hard drive into several purpose-specific partitions, like this . . . |
Malware only infects the operating system's files and configuration, not the system's static data such as photos, music, or video. Since the operating system files are generally much smaller than modern hard drives, they can be contained within a small partition perhaps 8 gigabytes or so, depending upon your OS version and the size of your applications. Another partition can be created at the end of the drive to contain the systems multi-gigabyte virtual memory "swap" file, and a rotating collection of drive "C:" images. This should be large enough to contain several backup images representing snapshots of the system at various points in time, and the virtual memory swap file which is typically about twice the size of the system's memory. All of the remaining space in between the first and last partition is then available for storing all user documents and other non-program data.
Detailed instructions for re-partitioning a hard drive along these lines are beyond the scope of this page. If you are unfamiliar with doing this, please consult the web or a local expert. My favorite software for performing this sort of work has always been Powerquest's excellent, reliable, and safe "Partition Magic". One note: Your new "end of drive" partition containing your system's virtual memory "swap" file and main system backup image partitions should be formatted with the FAT32 file system and set to use 32k clusters. The use of the FAT32 file system will allow your backup images to be accessed from DOS, giving you the widest range of restoration options. The use of 32k clusters will be faster and more efficient than 4k clusters since this partition will only be used for storing large files. This will result in fewer accesses to the partition's FAT tables (which requires a slow head seek operation) and will minimize cluster fragmentation over time. Also, when moving the virtual memory file to this partition, its size should be fixed and locked at maximum size by setting the maximum and minimum to the same value. This will prevent the system from dynamically resizing the file and will further reduce cluster fragmentation. Moving the system's virtual memory to this drive is the FIRST thing you should do after creating this partition so that the newly created virtual memory file is a single contiguous block of clusters.
A free demo of Partition Magic 8.0 is available. Since you won't need to use it more than a few times, that should work for you.
What's more, offline drive images can be easily "mounted" as a fully readable, browsable and searchable read-only drive under Windows. This allows individual files to be retrieved from previously made images. And finally, drive Snapshot's support for command-line operation allows fully automated and unattended scheduled images to be made without operator intervention. It's a terrific utility.
The spyware problem requires the attention of everyone who uses Internet connected computers. With today's wide open and inherently trusting and unprotected operating systems which will run any program they are asked to without question the burden of keeping our computers safe falls to individual end users. There's no substitute for exercising safe computing. Stay away from high-risk out of the mainstream sites offering adult content, hacked and cracked software, and other shady deals. And choose your online tools such as web browsers and eMail with an eye toward which offer the most security. Finally, if the worst happens and it becomes necessary to disinfect a compromised system, some planning ahead by creating an effective, fast, and easy system backup "snapshot" and restoration capability can greatly lessen the damage done if something nasty does manage to creep into your system. |
![]() | Gibson Research Corporation is owned and operated by Steve Gibson. The contents of this page are Copyright (c) 2022 Gibson Research Corporation. SpinRite, ShieldsUP, NanoProbe, and any other indicated trademarks are registered trademarks of Gibson Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy. |
Last Edit: May 04, 2013 at 18:12 (3,800.92 days ago) | Viewed 1 times per day |