Y'know, every time I see something like this (or have to do such a cleanup myself), I wonder why we can't charge Microsoft for engineering bad software. If you have a bad car, you have lemon laws. If you have a defective appliance, you have recalls and warranties. If you have a dishonest professional service (lawyer, accountant, etc, etc), you have ethics boards.

But if you're in the software business and make a defective product then you get a free pass because your product is sold as-is.

Can you imagine how quickly Microsoft (and other software companies - let's be honest, Adobe's products leave a lot to be desired in the everything department) would clean up their code if they couldn't sell their products as-is and could have civil cases brought against them for their shoddy work? If Microsoft were charged even $0.02 per person, per incident (surely a gross underestimation for time wasted) for their bugs, it would take only a couple of incidents before Microsoft was bankrupt or their code was audited and fixed.

A few years back, a buddy called panicking about his laptop that would not boot up. I asked him if he renewed his McAfee when it expired after the free trial. No, he said. The I asked him if he was still downloading porn with an expired security software. Yes, he sheepishly admitted. I had him bring the machine by and got the viruses off his machine, bought the McAfee renewal (with his credit card), and told him never to bring it back to me if he let that protection lapse. It was his fault for unsafe browsing...not Microsoft's. You can't think of every potential hole in the OS before shipping. Granted, MS could always do better, but the sheer volume of threats out there really make it required for users to take responsibility for their internet security.

Great article and thanks for sharing your experience.

I already follow many of your suggestions, but have been trying to find the best free anti virus software available. Previously I paid for Norton/Symantec, but I don't think it is worth paying for it anymore with so good software available for free.

I have been looking at AVG (As mentioned in the article) and Avast, what are your experiences and reasons for choosing one over the other of these two.

I guess that it is not advisable to have both as they might cause some conflicts.

Y'know, every time I see something like this (or have to do such a cleanup myself), I wonder why we can't charge Microsoft for engineering bad software...
Well, it's not just Microsoft, but all application developers.

Realistically, things are only going to get worse as malware writers continue to sharpen their skills.

It would be great if EULAs could be changed to give some liability to software developers. But user education is also a very important part of the process. Sometimes I think people should be licensed to use a computer and computing devices should be registered like automobiles. But at least the latter isn't likely to happen.

I had him bring the machine by and got the viruses off his machine, bought the McAfee renewal (with his credit card), and told him never to bring it back to me if he let that protection lapse.
Good approach. I didn't give as strong a lecture to my neighbors. But I told them both that they needed to check the AVG tray icon every day and make sure that there were no alerts. I also told them to manually update AVG on their notebook when they booted up, because it isn't used every day.

I have been looking at AVG (As mentioned in the article) and Avast, what are your experiences and reasons for choosing one over the other of these two.
I have used AVG for a few years now and have installed it on friends and relatives' machines. I have no experience with Avast, other than encountering its spinning tray icon on my neighbors' system.

I have used AVG for a few years now and have installed it on friends and relatives' machines. I have no experience with Avast, other than encountering its spinning tray icon on my neighbors' system.

Tim

I use Avast and have had good success with it. In Avast's defense, the program does warn about 45 days in advance of its pending expiration. Once it has expired, it gives frequent warnings on screen. These warnings are in the form of a large square box that appears above the system tray.

Its simple to renew and Avast even includes a link in the warning to renew for free. People ignore it and that's their responsibility, not the AV.

I believe what happened in this case is that his Avast was expired and was out of date. Zlob got in and disabled parts of Avast from running and began doing its thing. Most malware programs will disable or partially disable out of date AV programs, no program is exempt from that rule, if its out of date.

Avast, Avira and to a lesser extent AVG are all good free solutions. Microsoft will be releasing their free AV/malware program, Microsoft Security Essentials in time for Windows 7 release. MSE will run on XP, Vista and 7 and early testing seems to indicate its easily as good, if not better, than all the current free solutions. Microsoft is running a beta program now, but its closed to new users.

That said, today's common infections, Zlob, Conficker, Sality, etc... Typically enter the system through known Windows security holes (and holes in 3rd party programs). If you want to protect your system, and not leave sole responsibility to your AV program, manually run Windows Update each month. Run it after the second Tuesday in each month to insure that you get the "in band" patches that MS releases. Install everything in the HIGH PRIORITY category and your protection from common "drive by" malware installs will increase by 99%. Also, if the Windows Update shield shows up mid month, don't ignore it for weeks, months, etc. Respond to it and let it install the patches that MS worked hard to write for your benefit!

My 2 cents.

Thanks for the comment and tips, claykin. I don't think my neighbors would have ignored a warning box popped up from the system tray. I only saw the system after zlob was in and saw only the spinning Avast logo.

You'll get no argument from me that users have an obligation to keep Windows updated, too. And at least I had weaned them off of using IE and they don't use Outlook.

Thanks for the comment and tips, claykin. I don't think my neighbors would have ignored a warning box popped up from the system tray. I only saw the system after zlob was in and saw only the spinning Avast logo.

You'll get no argument from me that users have an obligation to keep Windows updated, too. And at least I had weaned them off of using IE and they don't use Outlook.

OK, but why hadn't Avast updated itself for months? I think you said months in your original article... Maybe they installed the free version but never registered it? In that case after 60 days it would have stopped updating itself automatically (after several red box warning messages appeared and badgered them).

Nothing, except corporate AV with a perpetual license could help people who refuse to listen to early warning messages. Then, inevitably they would eventually be using a 3-4 year old AV engine and still have little protection from current malware (how many offices do you know that still run Symantec Corporate AV V9.x from 2004 and think they are protected?)..... Either be a responsible PC user, or get a Mac (and wait for the AV writers to target you)

I have been looking at AVG (As mentioned in the article) and Avast, what are your experiences and reasons for choosing one over the other of these two.

I guess that it is not advisable to have both as they might cause some conflicts.

Should never run more than 1x antivirus real time protection at a time, else they step on each others toes, cause system instability, etc.

www.av-comparatives.org

In my experience with working on computers for a living, of the freebie antivirus programs, AntiVir is heads and toes above the rest. Avast in second place, AVG is "so-so". AVG is popular as far as the freebies go, but I have to repair a lot of computers that get hit even through they are protected by AVG.

To be soon taking over the "king of the free antivirus programs" list...Microsofts Security Essentials (MSE). Currently still in BETA, it'll be out soon. Microsoft hit a home run with this one, I've been using it in cleaning infested rigs and it does VERY well. Doesn't bog down your system either. Even though, as I write this, the BETA is closed, you can still find the download out there via Google from legit sites and it will still update fine.

Of the paid products I'm a fan of Eset, Kaspersky, AntiVir Pro, and believe it or not...Symantecs 2009 and newer products are actually very good. Yes..I said it..coming from someone who loathed Symantecs products for a long time, they completely...from the ground up, re-wrote their antivirus and internet protection suites for the 09 product. In a complete 180, they are now one of, if not THE, lightest products out there, their AV takes under 8 megs...yes..under 8 megs. And its detection and cleaning ability is top notch.

On the subject of these current "rogue/fake-alert" Vundu trojans, there are quite a few tools out there which make removing them relatively easy. The makers of these trojans are releasing several new variants PER DAY to keep ahead of the antivirus programs. We come across PCs with this every week, and the tools are doing a good job. MalwareBytes, SuperAntiSpyware, TCP/Winsock repair utility, CCleaner, Spybot Search and Destroy, added to an antivirus scanner or two and it's done. Actually MalwareBytes usually gets it quite well in the first pass...but IMO it's good to run/scan/remove a few remnants with other tools first.

Thanks for the link to AV-Comparatives and your thoughts about AV products, Stonecat. As someone who uses and installs this stuff every day, your opinions are much more valuable than mine!