Raj Agrawal

Learnings from software and technology

  • Home
  • Technology
  • Software
  • Work
  • Play

Connect

  • GitHub
  • LinkedIn
  • YouTube

Powered by Genesis

You are here: Home / Archives for malware

Stay Fully Protected Without Using An Anti-Virus Program – Part I

August 1, 2010 by Raj Agrawal 2 Comments

This article covers on How To Stay Completely Safe on the web.

From a very long time I wanted to share with you the fact behind our over dependence on anti-virus, anti-malware programs. It is one of the reasons why malware continues to disease the computer world. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software.|Wiki|

hacker man

Everyday hundreds, if not thousands of new malware are created intentionally. Anti-virus programs are constantly upgrading their virus signatures to protect their users from the latest infections. And the average user is convinced that the computer system is now protected with the newly updated anti-virus. They are totally unaware of something called ‘Zero Day viruses’ who exist like space black holes are wandering somewhere invisibly in the cyber space and attack the victim without the victim’s knowledge. A Zero day virus is a previously-unknown computer virus or other malware for which specific anti-virus software signatures are not yet available.|Wiki|

Nowadays there are anti-viruses that are designed and structured to protect the system from zero day attacks too. But, again they come at a price. Not every body prefer spending money on buying anti-virus products.

Now, i am sharing a tutorial to you that will help you keep your system fully protected, including from zero day viruses without any “realtime” anti-virus protection for FREE.
Freeware tools needed:

  • Sandboxie and,
  • Malwarebytes (This program “will not” run in your memory and automatically protect the system, but you can use it to scan directories and files for infections)

Points to Remember before we start:

  • Use this method for experimental purpose. If you are not comfortable implementing it then stop using this method right away and use an anti-virus program to stay safe.
  • Take responsibility for websites you visit, links you click on and things you download, if you wish to stay safe.
  • No virus can harm your system unless it is executed and running.
  • This article has nothing to do with using a firewall. If your computer is connected to any network like the internet itself, then it is 100% important to use a firewall.
  • Smarter techniques always require some effort for implementation.
  • Use Malwarebytes freeware as it does not run in the background thus saving your resources and use it to scan new media like USB drives, CDs, DVDs, e.t.c
  • Skills required to understand and implement this guide: Intermediate to Experienced user.
  • This tutorial is suitable only for Windows Operating Systems: Windows XP and later.
  • This tutorial will teach you to set up your computer to “not use anti-virus protection is background” and in such a way that you run applications, whether infected or not, in a safe and fake environment and whenever your end up executing a infected program, you can easily stop and reverse the actions of the program with just closing it.

Benefits of implementing this method:

  • You won’t have to buy anti-virus, anti-malware programs.
  • Your computer would be much safer than what you would get with the anti-malware programs.
  • Your computer will run faster as more RAM will be available without the anti-virus running in the background.

The Tutorial:

  • Perform a re-installation of windows or if not, you can still continue using the same windows setup, though i recommend a re-installation to stay clean.
  • Now that your system is ready, install the freeware Malwarebytes program, update the malware definitions and perform a full system scan.
Screen 1
  • Install Sandboxie. To know how Sandboxie works, click here to read the article on it. Now you can safely run all your programs infected or not infected in this way:

Watch the video demonstration of Sandboxie:

  • Run any program of your choice inside Sandboxie. Lets consider running an internet browser, since majority of the malware spread through the internet.
sandboxie 2
Screen 2
sandboxie 3
Screen 3
  • Even if you are surfing a malicious website that intends to infect your computer, you can easily ignore each downloaded file from bring copied to your “real system”. As soon as any file is downloaded into the “fake browsing environment” you will be asked for a path to recover the downloaded file, in case that file is important for you. If not important,  select ‘Don’t prompt again…’ and close the recovery box. Any file downloaded from this browsing session will be simply deleted from the “fake environment”.
sandboxie 4
Screen 4
  • That is all to it!

Primarily, this article has a lot to cover and adding more factors and situations will make this article more lengthy and uncomfortable to read. This article might also be difficult to understand for some. If you have any questions about any part of this article, please drop in a comment. I will be  happy to help you.

So, I am wrapping up the Part 1 of this tutorial and will introduce other possibilities and configurations to deal with in the 2nd part soon.

Stay tuned. 🙂

Filed Under: Technology Tagged With: malware, virus

How To Safely Run Infected Files In Windows

October 11, 2009 by Raj Agrawal Leave a Comment

Apart from pirated programs, sometimes even the legitimate programs are reported to be infected by the Anti-viruses. This does not necessarily mean the reported program is really infected. It might be a false positive (False positive is a term to point out a faulty action by anti malware applications that report innocent programs as infected). You must have adequate knowledge and expertise to conclude the reported program as infected or not yourself, which might again not be a correct conclusion 🙂 All this is crazy and can be tolerated to an extent.

But, if you are keen to use the program, whether it is really infected or not, you can safely run it in an isolated environment created with the help of a freeware application called Sandboxie.

To run any program within Sandboxie, follow these step by step visual illustrations:

Click to enlarge
Screen 1
Click to enlarge
Screen 2
Click to enlarge
Screen 3

After running the concerned program with Sandboxie, all the files that will be created by the program will only be stored in an isolated space created by Sandboxie. All the actions taken by the infected program will be locked in that isolated space and hence keeping it’s actions away from your main system.  This results in better security. Also, it’s a fact that there exist some malware that Sanboxie can’t take control of, so if you are unable to fool the infected file with Sandboxie, make sure you forget about running it and not let the anti-virus take control instead! 🙂

Sanboxie features:

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.

Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

https://rajagrawal.com//wp-content/uploads/76617031.jpg

Filed Under: Technology Tagged With: malware, virus

How To Achieve Better Security

October 6, 2008 by Raj Agrawal Leave a Comment

Being infected with a malware or/and a spyware is one of the most common issues that every internet-enabled computer encounters, not to forget the annoyances if such infections. No Anti-malware or any Internet Security package is always up-to-date. There always is a fluctuation of performance of the Security software from time to time. This is something that might never change, you can’t control it!

Hacker!

There is a way where you can brick your security to level that it blocks any connection with the harmful websites, thus reducing the threat level in your computer. This can be achieved by adding the ip address followed by the web address of the harmful website (explained ahead) in the HOSTS file (Windowssystem32driversetcHOSTS).

If you do not wish to waste your time on manually adding each crappy website then install the Host File Updater.

What it does (via mvps.org)

The HOSTS file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local (your) machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems.

Example – the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Why? … because in certain cases “Ad Servers” like Doubleclick (and many others) will try to open a separate connection on the webpage you are viewing.

For XP SP2 users you should see a Security Center prompt about allowing this connection. [screenshot]
Simply click No and continue. Yes the prompts can be annoying but at least you’ll know, however you should not see these prompts if these entries are included in the HOSTS file.

Note: this prompt only occurs if (example) *.doubleclick.net is included in the “Restricted Zone“.

The downside of this great tweak is that after installing the new HOSTS file with the installer program it adds thousands of harmful websites to be blocked which even includes projectwonderful.com and some others that you might find important! That means, if you are a publisher or advertiser on projectwonderful.com, make sure you remove the website from the blocked section in the HOSTS file.

To unblock a useful website

  1. Disconnect the LAN and the internet.
  2. Open up the HOSTS file in the notepad program, Ctrl + F and type projectwonderful, after you find it, remove the entry and save it so that you can easily access your projectwonderful.com account!
  3. Restart you computer, if you do not see any changes.

Way to get around DNS Propagation

  1. Also, if you wish to access a website that is a victim of the Delayed DNS Propagation or any restricted website,
  2. Again, loose all the connections with the LAN and the internet and open the HOSTS file in the notepad
  3. Look for an entry that says ‘127.0.0.1  localhost’ in the very beginning of the list
  4. Go to the next line after the ‘127.0.0.1  localhost’ add the ip-address of the website to be un-restricted, leave a space and the web-address of the website without the ‘www’. Again, in the next line, add the same IP and the web address with the ‘www’  It should look like:

127.0.0.1 localhost
11.22.33.44 example.com

11.22.33.44 www.example.com

Filed Under: Technology Tagged With: malware, security