Does It Make Sense to Clean Infected PCs?
<p>Emsi Software, a provider of security software such as a-squared Malware 4.0, has taken up a current discussion topic in the IT security sector: Does it really make sense to clean a computer infected with damaging software? Can the user ever really trust such a system again? To clarify these questions, the technical feasibility of full cleaning must be examined.<br /><br />With even the simplest problems in their PCs, many users immediately suspect a virus. The printer is not working? Must be a virus! The Internet connection is ponderous? A spyware program must be sending personal user data to a country that cannot be found in a European atlas!<br /><br />Most users have little or no knowledge of the structure of damaging software, how it works or what it can do to the PC. They simply install a protection program and abdicate all responsibility to this program. The IT security sector is not happy with this level of protection and is asking itself the provocative question: Is it really worth the effort to clean an infected computer?<br /><br />In plain, this means damaging software is not so harmless that the PC user can simply ignore it. The question revolves around the issue of whether modern protection programs are truly capable of fully cleaning an infected system or if it is better to completely reinstall the system. To make this decision, one must delve somewhat deeper into the material.<br /><br /><strong>Basic Knowledge</strong><br />Viruses need other host applications to function. A virus appends itself to a “benign” program by inserting its own virus code into an existing executable file. The virus only becomes active and infects other programs when the benign program is executed.<br /><br />The major threat in the stampede to infect your hard drive is now represented by Trojans, backdoors, bots and worms.<br /><br />Trojans and bots are independent programs that hide in the depths of the system and attempt to attract as little attention as possible. They exist to provide an external hacker with a back door into the PC, thus allowing the hacker full control over the PC, such as secretly mass mailing spam. Trojans and bots are only dangerous when they are loaded in RAM. They therefore use various Autostart functions to ensure they are started every time the system boots.<br /><br /><strong>Spyware, Adware and Bogus Security Software</strong><br />Spyware programs secretly monitor the user and record online banking activity and the associated access data and then pass this on to the online mafia. These spy programs are becoming cleverer and cleverer. Sometimes they start multiple active processes that monitor each other. </p><p>When one of these processes is terminated, it is started again by one of the other processes. Bogus security programs pretend to hunt damaging software, although this is exactly what they are. Some of them inject themselves into essential system processes such as winlogon.exe. The system then crashes when an attempt is made to remove the damaging program.<br /><br />Rootkits are the most dangerous of all. These damaging programs manipulate the operating system to such an extent that they are no longer visible in the file manager or process manager. Anti-virus programs can then no longer detect these rootkits. They are even capable of hiding registry entries, open ports and active processes.<br /><br /><strong>Disinfection: Cleaning Is Sometimes Problematic</strong><br />Once damaging software has gained access to your computer and is active, the question must be asked as to whether it can be completely removed without leaving any traces or remnants.<br /><br />With simple malware it is possible to complete remove the damaging software from the system with a relatively high level of reliability. With viruses, the easiest method is to simply delete the infected files. This may mean that the infected programs can no longer run properly. No problem: These can be easily reinstalled. </p><p>With Trojans, it is enough to kill the active processes, delete the Autostart entries and delete the executable Trojan files. Classical spyware programs can simply be uninstalled. From this point of view, it seems that you too can restore your system back to its original condition when an infection is found.<br /><br />This is not the case with the latest spyware programs and bogus anti-virus programs. These dig themselves so deeply into the system that special tools are needed to delete these files before the system boots. These infections are very difficult to completely overcome. This also applies to rootkits, which have almost perfect camouflage properties. </p><p>A user can never really be sure whether all rootkits on his or her PC have been found. Given this fact, can he or she also be sure that a rootkit has been completely removed? Hackers are constantly finding new ways of hiding their damaging software.<br /><br />Often enough, a piece of malware can be removed, but the changes it has made to the system remain. For example, ports may have been opened that still allow a hacker access to the system from an external source.<br /><br />Once the PC is infected, install the system from scratch.<br /><br />Emsi Software in Austria provides protection software for Windows PCs. General Manager Christian Mairoll said: “In our experience, especially rootkits and bogus anti-virus programs cannot be removed from infected computers with absolute certainty. We therefore recommend all our customers to make a backup image of the entire partition after the initial installation of all important programs on their computers. In the case of an infection, this can then be copied back onto a freshly formatted hard drive.”<br /><br />Despite all reservations, it is of course still important to install a protection program on your computer that can signal the presence of malware as soon as it reaches your PC. The Emsi Software program Mamutu 1.7 monitors your computer for suspicious behavior and can detect completely new damaging software that is currently unknown in the security sector.<br /><br />a-squared Free 4.0 is free of charge for private users and is currently in beta-testing. This program scans the entire computer, detects existing infections and can immediately remove them.<br /><br />In the premier league is the program a-squared Malware 4.0. It uses two background scanners to detect all types of malware before they have a chance to dig themselves into the system. This is doubled real-time protection consisting of a signature scanner and an additional behavior analysis module (Malware IDS). Several updates per day make sure that this weapon is always sharp. <br /></p>