Home »
Viruses and Malware
Someone's pointing me to a downloadable program as solution for a problem
I'm having. I'm really hesitant to download and run unknown EXE files. Is there
any way I can scan it with some program or otherwise ascertain if it's clean or
riddled with subtle spyware, viruses, or what ever else could be bad?
I was somewhat taken aback by this question. It's a perfectly good question,
and in fact one that people should be asking themselves more often.
No, my reaction was due to the lack of a good answer.
It turns out that it's fairly difficult to ascertain whether or not
something you've downloaded is about to play havoc with your system.
This question exposes a very subtle, yet important difference between
anti-virus scanners, and anti-spyware scanners.
Anti-virus scanners look at the contents of the files on your system to see
if they have what look to be viruses or not. The files don't have to be
installed or running, they just have to be accessible to the scanner.
"There's no tool, that I'm aware of, that allows you to
say 'does this file contain spyware?' before you install it."
Most anti-spyware programs, on the other hand, examine you system.
They look to see if changes have been made to your system that could be the
result of spyware. They monitor for changes that are commonly associated with
spyware, and either alert you or block those changes.
In other words, most anti-spyware software checks what's running. There's no
tool, that I'm aware of, that allows you to say "does this file contain
spyware?" before you install it.
And that surprised me.
So, what do you do? What do I do, for that matter?
-
Only download from sites you trust. I know, knowing who to
trust is a difficult problem as well. My recommendation, in general, is don't
download from third parties. If a piece of software is created by XYZ corp,
then download it from the XYZ corp website. If it's available directly from the
creator, there's no reason to get it anywhere else. The same's true for open
source software, shareware, freeware, or whatever else. Look for the creator's
website and get it directly from them.
-
Only download from companies you trust. Even if you do
download directly from the creator's website, not all software publishers are
ethical or above-board. If you've not heard of the company before, it's often
worth a quick Google to see if other people have experienced problems. Much
free software is "free" because it's loaded with spyware and adware - it might
all be legal, but it certainly can be annoying.
-
Never download illegal software. You shouldn't anyway ...
because it's illegal ... but even if that doesn't stop you, the risks should.
Illegal software is lucrative because it's free or dirt cheap. Spyware vendors
know this, and often use it as an opportunity to shovel in all sorts of
software you didn't want.
-
Virus scan your download. This is the easy one. Anti-virus
software can easily and quickly scan a file, or a download, and tell you
whether or not it contains any known viruses. Make sure to keep your virus
program, and it's database, up to date.
-
Back Up. Even though you might well trust what you've just
downloaded, for a moment assume that what you're about to install will cause
your machine to crash and become unbootable. Will you lose important data? Then
you better make sure that's backed up first.
-
Set a restore point. Some installs will cause this to
happen automatically, but others will not. Using Windows XP's System Restore
feature, set a restore point. The good news is that for most installs,
if something goes wrong, reverting to a saved restore point will, in fact,
restore you to the pre-install state.
-
Take an image. If you're installing something really risky,
sometimes the best thing to do is to take a complete image of your hard disk as
a backup first. If the worst happens, you can then reinstall that image. This
is a bit of work, and requires appropriate imaging software, but makes the
process totally recoverable in case the worst happens. Alternately, if you have
a spare machine that you don't care about, consider installing on that machine
first. If things don't work out, then simply wipe and rebuild that machine.
-
Run that spyware scan. As soon as you've installed and run
your download once, make sure to run a spyware scan. If there is a problem, the
sooner you know about it, the easier it will be to deal with it.
In some ways it's not surprising that spyware's as prevalent as it is - it
appears that true prevention is difficult, at best. Most remedies fall into the
realm of "damage control" once a machine is already infected. Part of it is
because, unlike viruses, "spyware" is a much more vague term - what does
spyware really mean? The complication is that spyware looks, and acts, much
more like legitimate software, making it doubly difficult.
Related:
Article 10300 | Posted May 18, 2006
•
"....download it from the XYZ corp website."
One point. A fair number of devs will have their programs hosted by a download site such as tucows. A link to a thirdparty site from the author's website can be as trusted.
Posted by: Dan U at May 19, 2006 01:03 PMThe Question: Someone's pointing me to a downloadable program as solution for a problem I'm having. I'm really hesitant to download and run unknown EXE files. Is there any way I can scan it with some program or otherwise ascertain if it's clean or riddled with subtle spyware, viruses, or what ever else could be bad?
I sympathise ~ until recently I used Vexira AV, and an integral part of their program was a facility on the right click menu to scan the file clicked upon...
This was great for First line of defence stuff, simply because the exe or other was scanned before it was opened...
Sadly, I have moved on and I'm now using Prevx1 which replaces all and offers "just that" A First line of Defence to anything that wishes to run... whooo, now anything that moves gets to be cautioned and can't run until my specific say-so, and sometimes, if Prevx have it in their DB, not at all unless I request special permission from their DB staff... wow
But, to address the question: I now use Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 at
http://virusscan.jotti.org/
Just add the PC nav to the browse button, and off it jollywell jotts and returns info from about 10 AV engines - oui ou pas - yes or no - nix or nacht ooops sorry, me germans not very well - but yes, Jotti's search is in the German domain - Thanx Jotti
Thanx Leo
and viewers of Leo's Lunchtime leaflets & Letters ~ try it before you open that file
bon chance
Posted by: Lou Gascon at May 20, 2006 09:55 AMLou
At virustotal.com a single file is scanned by about 18 different antivirus products.
Also look into siteadvisor.com, a browser plugin that rates web sites as to their safey. Their green approval rating isn't a perfect guarantee, but if they say a site is bad, that's good enough for me. Their testing procedures are impressive.
Posted by: Michael Horowitz at August 15, 2006 10:17 PMHey, i read your article and I have few questions. Why do people care so much about scanning viruses if you can actually scan downloaded files before you download them. I've been using this nice tool for a while and I like it a lot - http://smart-ip.net/en/tools/virus-scan.
Posted by: ipodboy at July 22, 2008 02:56 AMIt does scan files really quick and I haven't got any viruses since I deleted Norton application from my PC :)
Agree, you have to be online all the time to do the scan but it doesn't require any updates.