Best Virus Scanner if you like to surf porn or download free music

My sister asked the other day what virus scanner I like to use.  My answer surprised her:  None.  More to the point, a virus scanner is not that important. 

The issue is this:  Virus scanners are behind the curve.  By the time the scanner can catch a particular virus, you were already infected.  If you hadn't yet caught the virus, it mutated and won't be caught by your scanner anyway.

Besides, one company's scanner is good at catching one type of virus, while another company is better at another.  This makes it a Russian roulette on whether your scanner is the top-dog that day, so you can never be sure.

And then there is the problem with performance.  Symantec's and McAfee's antivirus programs are so bloated, your poor computer struggles to breath. On many-a-computer where I thought there was a virus, I found no problems.  However, once I uninstalled the anti-virus software, the machine ran like a champ.

McAfee is particularly troublesome because of their sneakily installed program called "McAfee Security Scan Plus", found when ever you install Adobe Reader or Flash.  McAfee Security Scan Plus does nothing to stop a virus and once you are infected, it advertises their product.  See Keyliner article "Time to Remove Adobe Flash and McAfee").


The Key is This:

Most viruses sneak in because other programs (such as Adobe Flash, or your browser) are buggy -- or because you allow the virus to install!

The key to the virus problem is this:  Surf Carefully!


Here are hints:

* If you didn't ask for the program, don't allow it to install.  Click "Cancel" on all unexpected or surprise pop-ups. 

* "You are infected with a virus" popups are always a virus asking you to install.  No matter how important the message looks, cancel - or better - close the browser.  If you say yes to the message, you will be infected.  

* If Windows displays a grey screen with a UAC prompt "do you want to allow the following program to make changes to this computer", click Cancel -- especially if you are surfing.  (Of course, if you *know* you asked for the install, allow it).

* If the screen says a browser plugin is missing or you cannot play this video or game without installing a new Codec or Video Player, cancel.

* Coupon-printing programs are evil.

*  Free games are not free, you will get unexpected visitors when installed.

* Free "ToolBars" (even from reputable vendors), are spyware and are universally bad.  This includes Yahoo Toolbar, "Ask" toolbar, and "Google Toolbars."  If you have any of these toolbars installed on your browser, all good anti-virus programs will remove them!  Why?  They are spying on you.

* Free music and video programs (Torrents) are infested.  My friend and I call free music programs "virus installers."  I call them a pain in the ***".

What to do:

If you need a program or a plugin, go to the vendor's site and install it yourself.  Do not accept an invitation to install from a third-party webpage or email.  Trust your source.

Surf around to see if the program is bad.  See what people comment about.  If in doubt, don't.

General software download sites such as "CNET", "SourceForge", and "PC-Mag" are not trustworthy.  Go to the author's or publisher's home page to do the download and even then, research.



What I do:

I am a safe surfer and I have taught my family to cancel all installation prompts.  But I still use a virus scanner. You will laugh -- I use Microsoft's Security Essentials (MSE). MSE is free and un-intrusive. 

More importantly, it has never found a virus on my computer -- and some would say on any computer.  Yes, the program is that bad.  By all accounts, it is the worse program on the market, but the price is right and it is not a pig.  But even Microsoft of ashamed of their program; it had so much promise when it started, but then as the years passed, it has fallen.  Mr. Satya Nadella, are you reading this?  Make us proud and fix this!

Never-the-less, I still use Microsoft's virus scanner -- but I also have safe surfing habits.  And importantly, I have lots of backups in case I am wrong.  If my computer caught fire and burned to the ground, I would not care.  How many backups?  Four to be precise, and you should too: 

1.  A constant backup of all data, using something like a Western Digital Drive.  Keyliner reviewed here.

2.  A frequent full-computer disk image (/backup) using Acronis.  Keyliner reviewed here.

3.  A periodic USB disk backup, copying my data folder - then, disconnect the disk.

4.  A periodic Google or Microsoft One-Drive backup offsite for the most important files.  Then disconnect the auto-sync feature or close the program (you do not want a virus to infect your machine and then infect the backup through the sync folder).


What if you are a loser?

If your machine were infected, clean-up the mess after-the-fact using all of these (free) programs:

A.  MalwareBytes Free Scanner
B.  Kaspersky Offline (bootable CD) Scanner
C.  Microsoft Security Essentials (bootable CD)

See this Keyliner article for the steps: 
Virus Cleanup Steps


These three programs will almost always clean a machine -- but expect to spend two long days waiting for the scans to complete and you will need a second, un-infected computer to get the software.

Pray you do not get a ransom-ware virus because nothing will save the machine short of a backup/restore.  


What to do If you like to Surf Porn or Download Free Music or have Teenagers?

Like McAfee and Symantec, these vendors also sell programs that run in the background and monitor your computer in real-time.  If your machine is at risk because of poor surfing habits, teenager users or others who will click anything, install a better scanner than Microsoft's free MSE.

I have not purchased or tried these, but I have faith in the these two companies. Pick one or the other:

MalwareBytes "Full Protection"
Kaspersky "Total Security"

I often use their free programs to cleanup.  These two products ought to do the same in real-time.  Never install a second virus scanner without removing the other first.  

Related Articles:
Virus Cleanup Steps

Time to remove Adobe Flash

Adobe Flash has lead a moderately good life, but with security flaws, and because Adobe keeps tries to install malware with each Flash update (see Keyliner article: Adobe installs Aggressive McAffee Security Scan Plus), it is time to disable then un-install this product.

Will you miss Flash?  Probably not.  Most of the sites still using Flash are using it for advertising. Some web-games may use flash, often driving in-app purchases.  Finally, I have seen news video clips that still use flash.  Better sites have changed to HTML5, mostly to accommodate Apple. 

Follow these steps to disable Flash, then once satisfied, uninstall the program.  While disabled, if you find it is needed, it is only a click away to re-enable.  These steps were written for Microsoft Windows.

Disable Flash in Internet Explorer

Do this step, even if IE is not your default browser.


1.  Launch IE.  Open the top-line menu (File, Edit, View...) by pressing ALT, or by other-mouse-clicking just below the URL line and selecting "[x] Menu Bar"

2.  Select Top-menu "Tools", "Manage Add-ons"

3.  In Tools and Extensions, other-mouse-click "Shockwave Flash Object", choose "Disable"

4.  Click bottom "Close"

If you do not see Shockwave flash, you may be running IE11 and the Flash Player may not be installed.  Microsoft is calling this product "Shockwave Flash" -- this is the Flash Player, even though Adobe has another product called Shockwave.


Disable Flash in Mozilla Firefox

1.  Open the top-line menu (File, Edit, View..) by pressing ALT, or by other-mouse clicking a grey area next to the URL tabs and selecting [x] Menu Bar

2.  Select top-menu "Tools", "Add-ons"

3.  In the left-nav, select "Plugins"

4.  Locate the Shockwave Flash plugin.  Click the far-right button, changing from Always Ask (or Ask) to "Never Ask".

5.  Close the add-on manager tab to save the changes


Disable Flash in Google Chrome

1.  Launch Google Chrome.  In the URL, type chrome://plugins/  and press Enter.

2.  Locate Adobe Flash Player

3.  Click Disable

4.  Close the Tab


Testing
Open this site:
http://www.adobe.com/software/flash/about

If the top-section shows an animation, flash is still active.  If the area is blank, it has been disabled.  Ideally, test in each of your browsers.

If Flash is set to auto-update, it may re-enable the features.  I have not tested this thought.


Permanently Uninstalling Adobe Flash

For Windows 10:
Flash cannot be uninstalled (at least not through the control panel's Add-Remove).  Do the following to cripple it:
A.  In Control Panel, Flash, see the first [Storage] tab.
B.  Select "Block all sites from storing information on this computer
C.  click button "Delete All"

If you are more adventurous, continue with these steps.  However, be aware this leaves flash in a zombie state and future Windows updates Flash updates will have problems -- but it still helps cripple the product.

D.  On the Windows Start Menu, Search for COMMAND (a DOS Prompt).  Other-mouse-click and choose "Run as Administrator"

E.  Type this command:  CD \Windows\System32\Macromed\Flash

F.  Type this command:  Regsvr32 /u Flash.ocx

G.  Ideally, you would also unregister "FlashUtil_ActiveX.dll" and you would rename "FlashUtil_ActiveX.exe" to some other name, but you will find you do not have rights and no amount of 'rights-granting' will give you enough power to completely kill this program.


For Windows 8 and older:
once your testing is complete, remove Adobe Flash Player with these steps:

A.  Download the Uninstaller from Adobe.com

http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

Save to a known location, such as your desktop.

Note, it is not recommended using the Control Panel 'Programs and Features'.

B.  Close all Browsers (IE, Firefox, chrome, etc.). 
C.  Close other programs, such as Yahoo Instant Messenger and any games that might use Flash.

D.  Using Windows File Explorer, locate the downloaded un-installer.  Launch the program and follow the prompts.

Next, follow these optional steps:

E.  Using Windows File Explorer, tunnel to these locations and delete all files and folders at these locations:

C:\Windows\System32\Macromed\Flash
C:\Windows\SysWow64\Macromed\Flash

F:  Using Windows File Explorer, type this address in the URL\file-line at the top of the screen:

%appdata%\Adobe\Flash Player  (note percents)
%appdata%\Macromedia\Flash Player  (note percents)

Delete all files and folders within these locations.

Source for this information was Adobe.com
https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

G.  Reboot


Recommended Next Steps

Consider removing Acrobat Reader / Acrobat Reader DC.  Acrobat Reader has become a pig.  It is big, complex and cumbersome and it too has had more than its share of security problems.  With all of its features, most of which you never use, it also loads slowly.

Adding further insult, Adobe Reader keeps trying to install McAfee's advertising program "McAfee Security Scan plus", which I consider to be malware (see Keyliner article: http://keyliner.blogspot.com/2012/06/aggressive-mcafee-security-scan-plus.html).  Because of this, I never allowed the program to auto-update.

A simpler program, "Foxit Reader" is a free PDF reader and it perfectly replaces Adobe's Reader. 

1.  Using the Control Panel's "Programs and Features", uninstall Adobe Acrobat Reader or Adobe Acrobat Reader DC.

optionally, use this recommended de-installer from Adobe.com.  Be sure to pick the correct version.  As of 2015.07, you probably want version "10.x and later"

http://labs.adobe.com/downloads/acrobatcleaner.html


2.  Download and install the Foxit Reader:

https://www.foxitsoftware.com/products/pdf-reader


As an aside, Adobe released the PDF format to the public domain and there are many other players in the PDF market.  I have been very comfortable with this change.  It displays all of my PDF's without issue.

It may seem I am on an anti-Adobe crusade with this article.  I am not.  It is just that Flash has become dangerous and Acrobat Reader has become unwieldy. 

Time to uninstall Acrobat Reader and use Foxit

Acrobat Reader is big, complex, and cumbersome, plus it has its share of security problems.  Because of all the features, it loads slowly.

Adding insult, Adobe Reader keeps trying to install McAfee's advertising program "McAfee Security Scan plus", which I consider to be malware (see Keyliner article: http://keyliner.blogspot.com/2012/06/aggressive-mcafee-security-scan-plus.html).  Because of this, I never allowed the program to update automatically.

These are all good reasons to replace Adobe Reader with a simpler program, "Foxit Reader".

Related:
Keyliner Article: Time to remove Adobe Flash

It is time to replace it.  Here is what I did:

1.  Using the Control Panel's "Programs and Features", uninstall Adobe Acrobat Reader or Adobe Acrobat Reader DC.

optionally, use this recommended de-installer from Adobe.com.  Be sure to pick the correct version.  As of 2015.07, you probably want version "10.x and later"

http://labs.adobe.com/downloads/acrobatcleaner.html


2.  Download and install the Foxit Reader:

https://www.foxitsoftware.com/products/pdf-reader

Foxit can be downloaded and installed without registering.  The program is free.

When Installing, I recommend these options:

[  ] Shell Extensions (do not select)
[  ] Foxit Reader Creator (or possibly the Word Plugin, if you don't mind the overhead and use Word)
     [  ] Windows Shell Extension
     [  ] Word Plugin  (or [x])
     [  ] PPT Plugin
     [  ] Excel Plugin
[x] Plugin used to open PDF files inside the browser  (recommended)
[x] Foxit Spell Check Language

Additional:
[  ] Create Desktop Icon  (you don't need the clutter)
[  ] Add icon to the Start Menu [x] or optionally check
[  ] Create Quick Launch Icon (you don't need the clutter)
[x] Set Foxit as the Default PDF Viewer
[x] Show PDF files in Browser

[x] Enable Safe Reading (Trust Manager)

(x) Don't install a free 30-day trial of Foxit PhantomPDF Standard  (shame this option is not default)


As an aside, Adobe released the PDF format to the public domain and there are many other players in the PDF market.  I have been very comfortable with this change.  I have been very pleased with the load times and have not problems with reading PDF's.

Related Articles:
Unsavory copies of Foxit from Scamming Sites: 
http://keyliner.blogspot.com/2015/09/yahoo-is-swindler.html

PSExec - Access is denied

Solution: PSExec - Access is denied

Symptoms:
Using Microsoft Powertool "PSExec" to execute a program on a remote server. This message is displayed on the source computer: Access is denied

Solution:
On the Remote (destination) server or workstation, the calling credentials must be in that machine's Administrator's group.

1.  On the remote server, see Windows Control Panel, Administrative Tools, Computer Management

2.  Still on the remote server, in Computer Management, under Users and Groups, add the userID to the Administrator's Group.  This is the source-machine's User-ID/Credentials (the machine launching PSExec).

On the remote server,
You do not need to build Shares, but they are handy to shrink path-lengths
You do not need to grant the remote ID "Execute" rights within the share
You do not need to worry about turning on File Sharing
Do not bother installing PSExec on the remote machine

This is regardless of whether -u and -p parameters are used.  Because the user is in the Administrator's group, it gets all of these rights, regardless.  To my knowledge, you cannot bypass the Administrator requirement.


Discussion:
The local PSExec temporarily installs a service at the remote machine and because it is building a new service "on-the-fly," it needs to have Administrative rights.  Because you have to grant Administrative rights, the elevated privileges trump all other rights.

The program literally copies a file, psexecsvc to the remote server's Admin$ share and starts the service on that device.  When the command completes, the service is de-installed.



Other helpful hints:

*  On the Source computer, copy PSExec.exe into C:\Windows\System32 so it will be on the path
*  On the Source computer, launch PSExec.exe with no parameters at least one time to approve the Legal-accept screen

Example, as typed on the Source machine:

psexec.exe  \\RemoteServerName  \\RemoteServerName\Share\Path\program.exe
psexec.exe  \\RemoteServerName  "C:\Program Files (x86)\program.exe"  param-1  param-2
psexec.exe -acceptULA \\RemoteServerName  "C:\Program......"  (etc.)

Different credentials can be used.  Naturally, this account must be defined in AD or as a local account on the remote server:

psexec.exe -u myaccountname -p mypassword   \\RemoteServerName  "C:\Program....."  (etc.)

use psexec.exe /? for additional help and parameters.


What is PSExec:

This is a tool developed by the talented Mark Russinovich, now of Microsoft, that allows system administrators to execute programs on a remote computer, without having to have direct control of the desktop or without using a remote console.  This is also known as Windows SysInternals or formerly "power toys".  The "ps" refers to similar Unix system commands.

When the remote program runs, it runs *on* the remote computer -- not from the calling computer. 

For example, this command retrieves the ipconfig.exe program from the remote computer and runs it on your local CPU -- giving you your machine's IP configuration -- probably not what you wanted.

\\RemoteServerName\Share\ipconfig.exe

while: 
psexec.exe  \\RemoteServerName  "ipconfig.exe"

runs on the remote server, getting the remote server's IP Config information and displays the results on your local computer.

Downloading PSExec

Download the program directly from Microsoft as a ZIP file.  An install is not required. 

From www.Microsoft.com, search for "PSTools" or "PSExec". 
Download the ZIP file.  
Open the ZIP and copy PSExec to C:\Windows\System32 or another directory of your choice. 
An install is not required.

It is helpful to have this program on the local workstation's path.  You do not need to install the program on the remote servers.