Helping people with computers... one answer at a time.
Someone's pointing me to a downloadable program as solution for a problem I'm having. I'm really hesitant to download and run unknown EXE files. Is there any way I can scan it with some program or otherwise ascertain if it's clean or riddled with subtle spyware, viruses, or what ever else could be bad?
•
I was somewhat taken aback by this question. It's a perfectly good question, and in fact one that people should be asking themselves more often.
No, my reaction was due to the lack of a good answer.
It turns out that it's fairly difficult to ascertain whether or not something you've downloaded is about to play havoc with your system.
•
This question exposes a very subtle, yet important difference between anti-virus scanners, and anti-spyware scanners.
Anti-virus scanners look at the contents of the files on your system to see if they have what look to be viruses or not. The files don't have to be installed or running, they just have to be accessible to the scanner.
Most anti-spyware programs, on the other hand, examine you system. They look to see if changes have been made to your system that could be the result of spyware. They monitor for changes that are commonly associated with spyware, and either alert you or block those changes.
In other words, most anti-spyware software checks what's running. There's no tool, that I'm aware of, that allows you to say "does this file contain spyware?" before you install it.
And that surprised me.
So, what do you do? What do I do, for that matter?
-
Only download from sites you trust. I know, knowing who to trust is a difficult problem as well. My recommendation, in general, is don't download from third parties. If a piece of software is created by XYZ corp, then download it from the XYZ corp website. If it's available directly from the creator, there's no reason to get it anywhere else. The same's true for open source software, shareware, freeware, or whatever else. Look for the creator's website and get it directly from them.
-
Only download from companies you trust. Even if you do download directly from the creator's website, not all software publishers are ethical or above-board. If you've not heard of the company before, it's often worth a quick Google to see if other people have experienced problems. Much free software is "free" because it's loaded with spyware and adware - it might all be legal, but it certainly can be annoying.
-
Never download illegal software. You shouldn't anyway ... because it's illegal ... but even if that doesn't stop you, the risks should. Illegal software is lucrative because it's free or dirt cheap. Spyware vendors know this, and often use it as an opportunity to shovel in all sorts of software you didn't want.
-
Virus scan your download. This is the easy one. Anti-virus software can easily and quickly scan a file, or a download, and tell you whether or not it contains any known viruses. Make sure to keep your virus program, and it's database, up to date.
-
Back Up. Even though you might well trust what you've just downloaded, for a moment assume that what you're about to install will cause your machine to crash and become unbootable. Will you lose important data? Then you better make sure that's backed up first.
-
Set a restore point. Some installs will cause this to happen automatically, but others will not. Using Windows XP's System Restore feature, set a restore point. The good news is that for most installs, if something goes wrong, reverting to a saved restore point will, in fact, restore you to the pre-install state.
-
Take an image. If you're installing something really risky, sometimes the best thing to do is to take a complete image of your hard disk as a backup first. If the worst happens, you can then reinstall that image. This is a bit of work, and requires appropriate imaging software, but makes the process totally recoverable in case the worst happens. Alternately, if you have a spare machine that you don't care about, consider installing on that machine first. If things don't work out, then simply wipe and rebuild that machine.
-
Run that spyware scan. As soon as you've installed and run your download once, make sure to run a spyware scan. If there is a problem, the sooner you know about it, the easier it will be to deal with it.
In some ways it's not surprising that spyware's as prevalent as it is - it appears that true prevention is difficult, at best. Most remedies fall into the realm of "damage control" once a machine is already infected. Part of it is because, unlike viruses, "spyware" is a much more vague term - what does spyware really mean? The complication is that spyware looks, and acts, much more like legitimate software, making it doubly difficult.
Article C2657 - May 18, 2006
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
I forgot to mention...you can always do a web search for the name of the .exe program, like abcd.exe and add a comma followed by virus, spyware, rogue, malware to see if anything bad about the program turns up in the search results.
Posted by: howiem at May 19, 2009 10:31 AMI use Avira and it's notified me when a file might contain a virus before it's opened. It's worked on .exe and zip files. Now I didn't open any of them to check, but a beep and a virus screen and came up asking me what I wanted to do with this file. Never had a .com or .bat beep yet.
Posted by: sirpaul1 at May 19, 2009 11:29 AMI use free Returnil to "screen" all applications (.exe's) before I run them "for real." By turning on Returnil everything that happpens thereafter happens only in memory. Nothing can be written to the C:\ drive.
I run or install the application, see what happens, and if I like it enough I then reboot (to turn off Returnil) and run or install the program on my hard drive.
Posted by: 1101doc at May 19, 2009 2:45 PMGreat article on "exe's" ~being able to tell if they are "safe" or not..Leo,could you expand,explain how to set up a "sandbox"-so that us newbie geeks can quickly,and safely check downloaded programs/apps...before they are "run",or opened,and installed to the hdd,thus preventing infected files from wreaking havoc on us.I understand that a "sandbox" thoroughly filters a application/program-sort of like running the app. through a sieve...is this accurate?? Would appreciate any feedback.Keep up the GeeK~~Brianisbeecube@yahoo
Posted by: Brian Hall at May 19, 2009 10:51 PMLike Howiem (May 19, 2009, post), I also thought smart-ip.net no longer had the online virus scan as I received a 404 page not found when going to the link. However, the link in ipodboy's post (July 22, 2008) works if one deletes the period which was apparently mistakenly underlined and thus included in the link. Try http://smart-ip.net/en/tools/virus-scan without the period at the end.
(I discovered this by checking "Tools" and then "Scan file for viruses" under "Tools" at the home page -- http://smart-ip.net/en/ -- and then comparing what I had found with what I had tried previously.)
Posted by: Merna B at May 26, 2009 7:24 AM