By Michael P.

Kassner

The members have spoken. Here

are 10 anti-malware programs they
find indispensible.
After writing 10 ways to detect computer malware, I received
messages from members wondering why I didn’t include a
certain anti-malware program. I was hoping that would
happen, simply because of the many applications I am not
aware of.

After some due diligence, I have compiled the following

additional 10 programs:
After learning my anti-virus program is Avast!, several members
mentioned I should give Avira AntiVir a try. According to trusted
reviews, AntiVir scores well on malware-locating tests. AntiVir
also rates high on prompt delivery of new signature files.

Both are important with the proliferation of zero-day malware,

making AntiVir a good choice.
Emsi a-squared is another member favorite. I now understand
why. The anti-malware scanner was reviewed favorably in
respected third-party surveys. All of the reports mentioned a-
squared’s valued features were the user interface and fast scan
times.

One thing to remember is the free version of a-squared is only

a scanner, so additional real-time protection is needed.
Security Essentials needs to be mentioned, regardless of not
being released yet. I couldn’t test Security Essentials, because I
missed the beta cut off. A CIO friend of mine is running tests
and likes it. Her only issue is the slow-scan rate.
 
My friend also commented, “It’s about time Microsoft offers an
anti-virus application.” Her opinion makes sense. Having a
built-in AV simplifies things and should eliminate problems like
Windows Firewall did.

There are plenty of rumors as to when Security Essentials will

be released; all pointing to sometime in the fourth quarter of
2009.
While I’m on Microsoft, I want to mention Microsoft’s built-in
Event Viewer. It should be the first place to look if something
appears to be wrong.

If an error shows up, double click the error and look at event
properties to see what happened. If that’s not enough of an
answer, check Randy Franklin Smith’s
Ultimate Windows Security Web site for more detailed
explanations.
X-RayPC is a diagnostic tool similar to HijackThis. X-RayPC’s
developers admit they like HijackThis , incorporating many of
the same features.

To enhance X-RayPC, the developers added a triage service.

The service checks scan results against SpywareGuide, an on-
line database. X-RayPC then reports back whether the file is
known, unknown, or suspicious.

This allows the user to make an informed decision before

removing questionable files.
I debated whether to include both SystemLookup and
VirusTotal, because of their similarity. The fact remains,
SystemLookup represents the opinions of independent experts
and VirusTotal represents the views of anti-malware companies.
That difference convinced me each has their place.
If more information about a certain process or file is desired,
SystemLookup.com is the place to go. Type the filename or
CLSID into the search box and an answer should appear.

As of today the site’s database contains over 85,000 items. All

verified by an independent community of anti-malware
experts.
VirusTotal is the go-to Web site if there is any apprehension
about a file/program already on the computer, or if someone
wants to load unknown software on your computer. In either
case, it’s simple to find more information.

Upload the file to the VirusTotal Web site. After a few seconds,
a detailed report will display. If one or more of the 32 anti-
malware companies has an issue with the file, their comments
will show up in red.
I mentioned earlier that Windows Firewall was a welcome
addition. Still it’s limited in its functionality. That’s why I
consider third-party software firewalls necessary, especially if
the computer travels.
 
Most firewall applications offer additional services. They act as
program guards; determining what software exists on a
computer, learning what the software is doing, and preventing
malware from altering application code.
 
There are many free firewall applications. I hope members will
mention their favorites and why. I currently use Online Armor.
When other options aren’t working, using a network protocol
analyzer like Wireshark may be the only way to recognize the
existence of malware. Wireshark allows the user to determine if
any unexplained data traffic is being received or sent by the
computer.
 
The best way to use Wireshark is to run a baseline scan,
trapping all traffic to and from the computer. Later on, if
something appears suspicious, run another scan, comparing
the results.
Combofix is an efficient scanner capable of removing files
designated as malware. The ability to create situation reports
that can be used when seeking additional help is another feature
of Combofix.
 
Combofix is one of those programs where you have to be careful
about removing files. I suggest using Combofix to create a
baseline report when the computer is operating properly. That
way anything out of the ordinary will be obvious.

I wanted to mention that Combofix comes highly recommended

by several TechRepublic members.
As before, if I have missed your favorite anti-malware
application, please let me know.
 
For those who missed the first article in this series here is the
link: The 10 faces of computer malware.