Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here

                  

 

Gizmo's Guide to Securing Your PC

In today's climate what is the best approach to avoiding getting your PC infected with malware? Gizmo lays out some simple steps you can take to ensure viruses, trojans, keyloggers and other nasties don't take control of your PC


After spending years testing security products I've learned an important lesson. Don't get infected by malware.
 
In other words, put maximum effort into preventing infection rather than detecting and removing infection.
 
This statement may seem bland and unremarkable but there's more to it than you think.
 
The traditional way of adding additional protection

Many people protect their PC's by using multiple signature scanners based on anti-viruses, anti-spywares, anti-trojans and anti-rootkits.

It is not as secure as many people think and for most folks, the cost is too high and the additional protection afforded too little.

The cost here is not so much financial though that is an issue, but rather the serious impact adding many security layers can have on the performance of your PC.

There is also a cost in complexity. The more security programs you run the more chance they will either interfere with each other or with other programs.

Each additional layer you add increases your protection but by an incremental amount only. A good anti-virus program may offer 70% protection. Adding a good anti-spyware utility may increase this to 85%. The addition of an anti-trojan may take it to 90%.

This is because today's security products overlap in function much more than they used to. A modern anti-virus program will detect a lot of spyware while a modern spyware program will detect some viruses, worms and trojans as well.

Although the protection achieved only goes up incrementally with each layer added, the processing load on your PC will rise more or less in proportion to the number of layers. So adding an anti-spyware layer to your anti-virus layer will double the load on your PC. Adding in an anti-trojan as well may well triple it.
So folks, while layering is a good thing we are faced here with a law of diminishing returns.

But that's not the only problem with the traditional layering approach to protection. If an aggressive malware program is allowed to run on your PC it may disable all your layers of protection rendering them useless.

I've seen it happen many times and it is a frightening sight to see all your security program icons disappear from the system tray.

Thankfully some security programs resist termination by hostile agents but the majority don't. And even those that do resist may well prove vulnerable to new, more advanced termination methods yet to be developed by malware programmers.

My approach these days is simple: if you allow malware programs to run on your PC don't expect your security programs to fully protect you. If you are lucky they will but with security, you shouldn't rely on luck.
So how do you prevent infection?
 
Good Safe Computing Practices

  1. Ensure you keep Windows and MS Office (if you use it) completely up-to-date by applying the latest fixes from the Microsoft Update Service. Make sure the automatic update settings are Automatic (or at least not turned off).
  2. Make sure your other software products are also fully updated, particularly popular products like Firefox, Opera, Adobe Reader, Sun Java, Flash plug-ins and media players. The easiest way to do this is to use the free Secunia Personal Software Inspector.
  3. Switch to alternative programs. They can be better in functionality or lighter in resources than more popular programs, and are targeted less by malware writers. Using Firefox instead of Internet Explorer and Foxit Reader instead of Adobe Reader can greatly improve your security.
  4. Be careful where you surf. In particular stay away from sites offering commercial software serial numbers, keygens or other hacked material. Avoid accidentally wandering to hostile sites by installing WOT and AVG LinkScanner. These are free plugins that append site security ratings to search engine listings and sites.
  5. Never click on email attachments from untrusted sources however tempting and attractive such attachments may seem. Similarly, never click on links in email from unknown correspondents.
  6. Never install programs unless you are fully confident they are clean. In particular, only download files from trusted sources and never install programs that friends give you on removable media unless you have verified that they are clean by submitting them to free web based signature scanning services such as Jotti or Virus Total.
  7. Make sure Windows Firewall is turned on. If you are running Vista, you can use the free Vista Firewall Control to enhance the security and usability. Firewalls with outbound protection can also be used, however, the added complexity is not suitable for beginners.
  8. Disable AutoRun with the free Panda USB Vaccine.

These measures can protect your PC from infection a great deal. However, sticking to these rules is not easy; it requires a level of discipline most users don't have. Who hasn't been tempted to open a funny PowerPoint email attachment or install a free game?

And it's not only a question of discipline. These days you can easily get infected simply by innocently surfing to a trusted web site that has been hacked or opening a "loaded" MS Office document. You need more protection than the basic security rules can provide.

Protection is better than cure

The best way to increase your level of protection is to make sure that if a malware program sneaks its way on to your PC that it is never allowed to run on your PC in a normal Windows environment.

A normal Windows environment is a user account with full administrator rights. It's probably what you are using right now as it is the default setup in all recent versions of Windows up to but excluding, Windows Vista.

There are many ways you can keep malware well away from your normal Windows account. Here are four:

   1. Use a Windows limited user account for your daily work
   2. Run all high risk programs with limited rights
   3. Run all high risk programs with policy restrictions
   4. Run all high risk programs in a sandbox or virtual machine

Each method has its pros and cons so let's look at them individually:
 
Option 1: Use a Windows limited user account for your daily work

Using a limited user account can be very effective in preventing malware infection as most malware products need full administrator rights to install themselves. In a limited account they just can't get a foothold.

It's easy to set up a limited user account. Just go the Control Panel, select User Accounts and create a new user account as a limited user. Then sign in to this account for your normal computer work rather than the account you are currently using.

Setting up a limited account may be easy but using it can be a real pain. For example you won't be able to install most programs. You won't be able to update others. You won't be able to access any part of the PC other than your own documents and the shared documents area. Heck, you won't even be able to change the system date!

Some folks can work with these limitations or work-around them by swapping to a full privilege administrator account when they need to install programs or do other more advanced tasks. Others use the Windows "Run as" command and similar utilities to temporarily elevate their privileges when needed.

Most users though, find using a limited account to be simply too awkward and inconvenient. Sure. their computer is safe but that's little comfort if their PC is only barely usable.

That said using a limited account is an excellent solution for advanced users prepared to tolerate the inconvenience or ordinary users with basic computer needs. If Granny never does anything but check her mail and browse to newspaper sites to read the headlines than setting her up with a limited account is a good way to go. Do expect phone calls though; one day even Granny is going to need to do something that requires administrator privileges.

Option 2: Run all high risk programs with limited rights

This is a more practical strategy. Run as a full administrator user but restrict the rights of all programs such as your browser and email client that can be sources of malware infection.

Getting this to work could be a complex business but thankfully there are some free utilities available that were written to perform this exact task.

The best known of these is DropMyRights. It allows users to easily create special versions of their browsers, email clients IM client, media player or other internet facing programs that run from a full administrator account but with the restricted rights of a Windows limited user.

It's a simple and neat solution that provides good protection from infection yet doesn't inconvenience the user in the same way as working from within a limited user account. I've written a practical guide to running programs using DropMyRights. You can find it here.

The approach however has some weaknesses perhaps the worst of which is downloaded files. Yes you are safe from infection while using a browser but if you run any files you download then you can easily be infected if those files contain embedded malware.
 
However, if you add Software Restriction Policies you restrict your computer even more so most malware will not be able to install. This guide has excellent instructions on how to set up Software Restriction Policies on your computer.
 
Option 3: Run all high risk programs with policy restrictions

GesWall free is an excellent option. It is similar to DropMyRights, but provides better security. GesWall works by restricting what your internet applications can do to your computer.

GesWall requires no user intervention (but advanced users can configure it for better security); it is truly set-it-and-forget-it. It does not restrict your usability (unlike using a Limited User Account) and is not as intrusive as Sandboxie.

Option 4: Run all high risk programs in a sandbox or virtual machine

The strange name "sandbox" derives from the Java world where it refers to the highly contained and restricted environment in which Java programs (applets) are allowed to run. They are allowed to "play in the sandbox" but not go outside it. The important point is that while running in the sandbox, the programs have no access to your real PC.

So it is with sandbox security programs. While browsing or engaging in any computer activity within the sandbox you are totally corralled off from your other parts of your PC. Any files you download are isolated to the sandbox. Similarly, any programs that are executed only do so within the sandbox and have no access to your normal files, the Windows operating system or indeed any other part of your PC.

That means that if you get infected by malware while using the sandbox your "real" computer is not affected. Furthermore you can close the sandbox and all that's within it is erased including any infections, leaving your real PC in a pristine state.

Sandboxing is a great security solution for preventing infection. There are also some excellent sandboxing programs around including my favorite, the donationware utility "Sandboxie." It is very light on resources, provides very strong protection and has a well-supported forum.

There are some downsides. Sandboxing creates a two-worlds view of your computer and this confuses some users. They could get it wrong and think they are surfing in the sandbox when they are not - and then it's possible to become infected. This confusion is particularly evident with downloaded files. Files in the sandbox are not really permanently on your computer unless you deliberately move them from the sandbox to your real PC. If you shut the sandbox without moving them they will be lost forever.

This two-worlds view is simply too confusing for some users. A confused user is an unsafe user.
 
Also, if users are not thinking, they could allow every alert, which would recover files to your real environment.
 
And like every single other security software, some malware can still break out of sandboxes.

There are other problems too. Sandboxing is only available for PCs running Windows 2000 and later. Furthermore sandboxing can create problems on some PCs. Indeed I've known PCs to seize up totally with a sandbox installed. Luckily though, this is not common.

Another option is Returnil Virtual System Personal Edition. It works by virtualising partitions (only the local drive). When you turn the protection on (this does not require a reboot), your whole partition is virtualised and all changes made to it are lost. When you want to turn the protection off you have to restart your PC. This sounds like a great idea and it is, but there are several drawbacks. One is that it is not very flexible, all your data will be lost too (unless you manually configure some files to be excluded, but this reduces the security). Another reason is that it can still be bypassed - recently there have been several well-publicized malware exploits which can bypass its protection.

Virtual machines such as VMWare, Microsoft's Virtual PC and Sun's VirtualBox are similar to sandboxing but take the idea one step further by completely separating the virtual machine from the real PC at a conceptual level. Rather than have a sandbox as part of your real PC you have a virtual PC that is notionally fully distinct from your PC.

This difference aside these virtualization models have a lot of similarities. Infections that are incurred in the virtual machine cannot affect the real PC. Similarly shutting down the virtual PC removes all trace of infection.

Unfortunately they also share the same user confusion: "Am I in my real PC or the virtual one?"

The greater separation provided by the virtual machine approach does offer a more robust security model than sandboxing but it comes at a cost. Virtual machines consume a lot of memory and have a fair degree of processing overhead compared to sandboxing. And moving between the real and virtual machines can be more awkward than with sandboxing. Like sandboxing virtualization can be troublesome on some PCs.

From a user's perspective sandboxing or partition virtualisation are more attractive options though IT professionals would probably prefer the greater flexibility and superior isolation offered by virtual machines. I've written a practical guide to surfing using a sandbox which you can find here.

Security wise all three offer excellent protection from malware infection. The protection is so good that disciplined users don't need any other security products to protect them.
What about on-demand scanning?

OK I've come out heavily against running multiple active security products but what about passive security products like on-demand scanners?

An on-demand scan is one you manually initiate. It may be an anti-virus scanner, an anti-spyware scanner, a rootkit detector or a keylogger scanner.

I'm all for on-demand scans as, unlike using products that employ active monitoring, they don't impose an on-going overhead on your computer. They only consume computer power while they are actually performing a scan.

Take for example a good anti-spyware scanner like the free version of SUPERAntiSpyware or the excellent free Panda Anti-rootkit detector. They consume no computer power unless you actually run the programs. And because they are not constantly running they are less inclined to cause any problems with other programs.

So by all means run on-demand scans periodically: weekly, monthly whatever. They are a good backstop to your anti-virus program.

Conclusion

When it comes to today's aggressive malware programs, preventing malware from ever getting on your PC is a better strategy than trying to intercept it when it tries to run.

Make sure to use a blend of different technologies and products when you use security software, not just signature scanners. Remember, absolutely no product provides 100% protection.

You can prevent malware getting on your PC by combining safe computing practices with other techniques such as reducing the privileges of high risk programs, policy restriction programs, sandboxing and the use of virtual machines.

Reducing the privileges of high risk programs is a simple workable solution for most users. Policy restrictions offer greater security and usability than reducing privileges, but can slow down your internet connection speed drastically. Sandboxing, virtualization and policy restrictions offer a more complete solution but are not entirely free of practical problems. For those who can work with these problems, sandboxing, other virtualization solutions and policy restrictions offer the best way currently available to prevent malware installing itself on your PC.

With these elements in place the only active security software you really need are an inbound firewall and any good anti-virus program. That said you can, indeed should, supplement these with periodic on-demand scans of your PC with a good anti-spyware product and a good rootkit detector. These on-demand products won't impose the on-going overhead you would incur with security software that uses active monitoring.

This set up provides better security than employing multiple layers of real-time signature scanners. Even better your PC will run much faster; a complete contrast to machines running multiple real-time security products.

None of this comes without cost. Defensive computing requires time and discipline. Users not prepared to put in the effort are advised to stay with a layering strategy using multiple security products.

For me, the days of running five or more active security software products on my PCs are over. So your Grandmother was right: An ounce of prevention is worth a pound of cure.

Related Topics

Gizmo

Share this
4.525
Average: 4.5 (80 votes)
Your rating: None

Comments

by Ned Harkey (not verified) on 13. April 2012 - 14:45  (92019)

Another alternative to Panda USB Vaccine is Ninja Pendisk which works great!

by MidnightCowboy on 13. April 2012 - 16:41  (92036)

Ninja Pendisk is now obsolete, was last updated 3 years ago and does not support Windows 7.

by son0fhobs (not verified) on 28. November 2011 - 7:34  (84038)

I'm a techie. I've saved, recovered, and restored many of a computer. But after dealing with blue screens, frustrations, and this article reminding me of the extroardinary lengths required for safety - it's just not worth it. If for nothing else than the saved RAM, headaches, security scans, and near heartattacks, I'm going to get a Mac.

Not to mention, it took me a month plus to get my computer, brand-spankin' new out of the box, from a crippled machine to running optimally. I want my new machine to be new. I want it to be at it's best state, not half dead. Jeez, the more I use PC's, the more I'm becoming a mac evangalist. Crazy.

by J_L on 5. June 2012 - 22:53  (94465)

With no knowledge of disk imaging, a mac is just one newbie way out (not to mention the rip-off price). Saved RAM? How about you take a look at Mac OS X Lion's unreal 2 GB requirement. Headaches? Every computer user experiences them when something goes wrong. Security scans? Why shouldn't you do that when Macs are being exploited and shown to be insecure when on target. Heck, it's far from a techie's security. Near heart-attacks? You need to clam down.

It took me less than 40 minutes to restore my crashed system using a drive image. Preventing a machine from being half-dead is something a techie should have problems with. If you want a smart, free, technical alternative, use Linux, BSD, etc.

by Remah on 28. November 2011 - 22:17  (84075)

Gizmo's guide is not mandatory. The first recommendations for Good Safe Computing Practices are relatively simple and don't take long to implement if you haven't already.

The four options for reducing rights are more difficult for many people to implement. But if you want high security on a Mac then you'll still have to tighten up security there. There's just less Mac malware to worry about so it's not so pressing.

Sorry to hear you're new system was a two-legged dog - I've seen a lot of them. But nothing you've said is purely a PC issue. For example, a problem with your brand purchasing decision is not a problem with all PCs.

The same can be said for your experience optimizing it. My experience with PCs is that it usually takes a long evening or a day to completely sort out a PC - that could include a complete reinstall. Half an evening to sort out security. Even though I test a lot of software and have many PCs at home, the last time I saw a BSOD here was almost last century and I've used versions 95, 98, 2000, XP and 7 during that time.

Often the lack lustre experience on a PC is due to not spending enough money to get what is needed. Likewise, most people who buy a new Mac never spent that level of money on their PCs. A friend of mine spent more than 60% above an equivalent PC to get a Mac for his wife and it was worth every dollar because it was simpler. As an ex-Mac user I appreciate the advantages of that platform.

by WizWaz on 15. January 2011 - 14:45  (64613)

Good advice, but, I did not purchase my computer to be a limited user.

by Anonymous on 27. January 2010 - 10:42  (42203)

Long wanted to read about.

by Anonymous on 13. June 2009 - 9:38  (23766)

I like your "Good Safe Computing Practices" Point number 3. Use alternative software.
I do - I use an alternative OS - I use Linux - hehehe ;-)

by PsychEroc on 6. May 2009 - 21:27  (21164)

All good advice.
But I'm bored with being safe! I need a challenge!
Are there any virus collections or lists of bad websites that I can masochistically expose myself to?

by Anonymous on 10. June 2009 - 9:12  (23488)

To catch a tiger, you need to go into the jungle.
Google "crack software", "key generator", "free serials", or "sex", etc. and check out if you can expose yourself to any fierce tigers there :)

by J_L on 9. June 2009 - 23:18  (23456)

You won't be saying that if you catch a bad malware that cripples your OS and/or collects provide information and send it online. That is, of course, if you're stupid enough to use your main pc (no offence, but my mood is horrible today after an argument with my father).
If you want a challenge, play games or something else entertaining AND safe.

by JonathanT on 10. June 2009 - 11:57  (23495)

Well according to McAfee the most dangerous word to search for is "screensavers".
http://blogs.zdnet.com/security/?p=3457

by PsychEroc on 10. June 2009 - 12:39  (23500)

Cool article!

by PsychEroc on 10. June 2009 - 2:07  (23466)

With good disk image backups (Acronis, but don't tell anyone!), I'm always safe from crippling. Unless of course my house catches fire.
Then, my images & OS (Win7 trialware) are toast, but I'll still have my personal files (Windows Live Sync freeware, which is curiously absent from this site).
With Sandboxie (freeware champion), I'm pretty safe against internet-based attacks if my Comodo freeware firewall and HIPS fails and the bad guy can slip in undetected by Avira limited freeware antivirus (another champ). Gizmo's got a great guide on internet security here: How to Surf More Securely.
I oftentimes do use my main pc, but for really delicate inspection of potential malware (for research purposes of course), I'll use a virtual machine (M$ Virtual PC freeware). Gizmo's Guide to Securing Your PC was a big help in learning about all of these security tools.
Stupidly yours,
The Freeware Marketing Hustler

by peter on 10. June 2009 - 9:36  (23489)

Please write about Live Sync.
You can ALWAYS write something like "PsychEroc's personsl guide to safe surfing" or "Condoms R'us"

by Anonymous on 12. May 2009 - 9:17  (21418)

Hmm...
Good idea!

by Anonymous on 6. May 2009 - 19:53  (21160)

Fabulous article - it seem's like every month, the threat of malware grow's more grave.

by Anonymous on 6. June 2009 - 12:42  (23171)

Every month, the number of paranoid, ignorant geeks grow higher if that's what you mean.

by peter on 6. June 2009 - 12:46  (23172)

WOuld you care to elaborate?

by Anonymous on 24. February 2009 - 22:28  (16757)

I was subscribed to Gizmo's Newsletter, received notice of your merger, and asked to receive the revision. But I haven't received anything since July.
Please plug me in for the current publication, including what I've missed if possible.

Tom Dark
bandzippy@aol.com

by ianjrichards (not verified) on 2. July 2009 - 22:45  (24582)

Email windowssecrets.com about your newsletter subscription and they will definitely sort it out for you. This site doesn't have a newsletter anymore but you can have our RSS feed delivered by email - see top left of this page.

by Anonymous on 28. December 2008 - 4:38  (12579)

I know ESET has great antivirus software, but I saw their Santa video on Viddler... http://www.viddler.com/explore/SantaFraudFilms/videos/1/

make sure to click through to the website.... very, very funny videos of fake santas being interrogated....

by JonathanT on 12. December 2008 - 7:14  (11800)

SuRun is a program that allows you to run programs as Administrator when you are in a Limited User Account. There's a tutorial on it here.

by Anonymous on 7. December 2008 - 4:06  (11556)

LOWEST TECH SOLUTIONS #2 & #3:
===============================
primitive, easy and effective means to stop malware, virus etc that some how snuck through your normal security lines of defense:

2)use an old slow computer - something that barely keeps up to your regular demands.
If a malware process starts running it often will bog down your slow computer... you will notice reduced performance, pull the plug right away - don’t wait to shut down and clean your computer: result- damaged minimized vs. a slick fast new machine with the same problem.

3)connect to the internet with dialup(painfull)
when malware starts downloading or something is spying etc on you the extra traffic on your connection often becomes immediately obvious... disconnect immediately and clean: result - malware download fails to complete its download, spy etc data sent minimized.

by Anonymous on 9. December 2008 - 21:56  (11698)

First of all it is silly to ask someone to use an old computer just so they can detect when they are infected. The point is you are taking steps to avoid Detection. Following the Steps listed above and you should not have to work from a slow machine.

Lets say you are working on your slow painful machine, and you notice your system bogging down. What is your advice to our users now? Download Super Anti Spyware on Dialup and hope that if picks it all up.

My point is, if you are infected it does take up resources and depending what you are infected with it may slow your connection but the fact is by the time you notice these changes you probably have been infected for a while now and it has been slowly getting worse and now you have a large mess to clean up.

Best Advice,

1) Do not visit obvious sites that may be bad. Research what you are doing online on safe sites before going into a shady site. If you are reading this on this website then chances are you are someone who researches their products/sites/ and downloads first anyway.
2) Run as a limited user, prevent giving access to any potential viruses in the first place.
3) If you don't have a router, purchase a router. The physical firewall makes a huge difference over your active protection on your computer and it will not take up any resources on your computer.
4) Of course make sure you have a well known antivirus actively protecting your system, and keep it up to date. It is good practice to run a weekly scan and always manually check for an update before performing your scan. For those who are overly cautious, you can run a Malware removal tool once a week as well along with your Antivirus scan such as SuperAntiSpyware.

I don't agree with running a software firewall if you already have a router acting as a hardware firewall. It is redundant and I have seen many issues with running both at the same time. I think the windows firewall is fine if you have a router.

Now if you don't have a router, I would definitely suggest getting a software firewall, but bear in mind a routers hardware firewall will still protect you far better than the software versions on your computer so if you need to invest in security for your system and you Don't already have a router then invest in that first.

by Anonymous on 7. December 2008 - 4:02  (11555)

LOWEST TECH SOLUTIONS #1:
(in addition to and not in place of the security measures mentioned in article and comments)
=====================
Safe, near bullet proof internet surfing
-------------------
1)image your main drive to a backup drive
2)start computer
3)surf internet saving anything you want to usb flash memory
4)disconnect from internet
5)scan saved files on usb flash memory for malware virus, spy etc...
6)remove usb drive/flash memory etc.
7)shut down your computer
8)wipe your main hard drive
9)image backup drive to main drive
10)Start your computer
11)plug in usb flash drive and scan it for viruses, malware etc..
12)copy files from usb flash drive to main hard drive
13) sleep well!
-various ways to do step 1 & 8 that I wont get into.
-similar results to virtual and or restore strategies but maybe a bit more bullet proof--and more cumbersome..

by Anonymous on 9. December 2008 - 22:10  (11699)

I'm sorry but this again is redundant. You are asking people to back up their drives, download files to their USB then DISCONNECT from the internet and then scan the USB drive, Image their main drive from the backup then plug the USB back in and finally copy the files over.... And then you mention other methods may be more cumbersome....

Sorry to bark up your tree, but that is not a feasable option in my books. Especially looking at this from an average users Point of View. If this person knows how to download files from the internet to their USB then why not run firefox directly from your USB and download the files their. Of course make sure you trust your downloads and you are downloading from a trusted site so you won't have to worry about downloading viruses and creating a 2 - 3 hour process for downloading files.

It should be common practice to make sure your machine is being backed up or imaged ever couple weeks anyway in case you do need to roll back. So manually backing up your whole drive should not be neccesary.

If we are having our users going to far lengths to stay safe anyway, why not use a virtual machine such as VMWARE and load up firefox in the virtual machine when surfing then if you do catch any viruses just close out toss the image and no problems.

**********************

Here is what I do, I follow most of the steps in the above article. I don't have two firewalls running, I have a hardware firewall and windows firewall. I run a safe antivirus, and use a limited account for most of my work. I don't even run an active anti-malware. I only download from safe sites that are 100% clean, and I only visit safe sites. I research anything I am not sure about and keep my hard drive partitioned for my downloads.

So I have my C:\ as my local drive and I have a D:\ that I use as a backup/download drive where all of my internet files go. So if my C:\ fails on the hard drive then I reload windows without loosing any files, or vise versa if my D:\ fails then I just format it and I don't loose my C:\ with windows installed.

I only have one hard drive so this is a good solution for what I am working with. It will not protect against physical hard drive failures but that is a different ballgame and you can't really avoid when those types of things happened. If I had a second hard drive I would probably get a router to connect it to, and create a separate media drive on the router to act as my hub for downloading files and content so that way it is available all over my network and it does not affect my system directly.

by Nevi (not verified) on 11. December 2010 - 8:59  (62292)

You will be infected sooner or later.Today there are no "safe sites",and especially if you dont use any antivirus whatsoever..Why dont you just use Sandboxie,it dont use any resources worth talking about,and its very easy to work with.

by Anonymous on 11. December 2008 - 11:24  (11757)

you said "I don't have two firewalls running, I have a hardware firewall and windows firewall."

did you mean "I don't have two firewalls running, I have a hardware firewall and NOT A windows firewall." ?

by Anonymous on 7. December 2008 - 4:47  (11558)

with or in place of SOULTION #1

-use BartPE to: image drives, or run a browser, And/or scan/clean files on usb, and/or copy files from usb to hard drive.

-or run a live version of a browser and save files to a USB flash drive.