antivirus

The Nlite-d Compaq revisited

Dave Farquhar Windows , , , , ,

I installed antivirus software on the Compaq today. As expected, it weighed things down–boot time doubled, to 40 seconds, and memory usage approximately doubled, to 212 MB.

I can’t do much about the memory usage. But half the system memory is still available for apps, which should be fine. Upgrading the memory is always an option for the future. The boot time was fixable.I ran Jk-Defrag, which is probably my favorite utility now. Full optimization didn’t take long on a system with so little on it. I used the option -a7 to sort by filename, which works surprisingly well.

To help the memory usage a little, I yanked the Microsoft Office stub out of the startup group. All that does is preload some of Office at boot time, so Office apps load faster. But modern hardware negates it. With that running, Word loads in about two seconds. Without it, Word loads in about two seconds. Windows XP’s prefetching gives the same benefit for free, so there’s no point in wasting memory on the Office startup piece.

The two changes dropped the boot time to 30 seconds, which is pretty good, especially on a conventional drive. A minute is typical for a stock Windows XP system, even on new hardware. Solid-state drive manufacturers brag about how their products can boot XP in 30 seconds.

I wonder how fast they’d boot if they’d been installed off my Windows CD?

Memory usage and boot time will jump some more when it comes time to actually use the system–scanner drivers and digital camera software need memory and take time to load. But that’s OK. My goal was just to reduce the overhead somewhat, since antivirus software is an absolute requirement these days, and its overhead is only going to go up. I ran across a year-old stash of virus definition files recently, and today’s files are more than 50% larger. The number of viruses out there is growing, and they are becoming more complex.

Nlite and Windows XP

Dave Farquhar Windows , , , , , , ,

Well, I had my first major experience with Nlite and Windows XP tonight. I installed a new 160 GB Seagate hard drive into Mom’s Compaq Evo 510 and I used Nlite to slipstream SP2 into Windows XP, since SP2 is necessary to properly use a drive that big.

The resulting image was far too big to fit on a CD, so I started pulling stuff out.Mainly I pulled out stuff like Outlook Express, MSN Explorer, and Media Player. I thought about removing Internet Explorer, but since Mom is going to use MS Office, I thought twice about that. Office uses IE for some things. If I’d been building the system for me, I’d pull that too.

I also removed most of the international support. I saw no need for anything other than US English and maybe Spanish, so I pulled the rest.

Installation went fast. Really fast. I laid down Windows XP, Office 2000, and Firefox in less than an hour. I used the Nlite CD to install the OS, and I installed Office and Firefox from a USB flash drive. All I need now is antivirus software and the system would be usable.

It boots lightning fast–we’re talking 20 seconds from POST to a desktop with no hourglass. Installing antivirus software will slow that down, but it’s impressive. Part of that is due to the new hard drive, but it’s a Seagate 7200.10. It’s newer and faster than the five-year-old Western Digital drive the system came with, but the 7200.10 isn’t exactly new technology anymore.

Memory usage isn’t bad either–100 megs at boot. That’ll double or triple once I install antivirus software, but at least I’m starting lower than usual.

I didn’t check disk usage, but I’m sure it’s much lower than the typical 1.5 GB.

I’m a believer. The results make me wonder just how old and slow of a computer I could get away with XP on.

Meet Robocopy

Dave Farquhar Windows , , , ,

If you remember the days of DOS, you know the difference between COPY and XCOPY. For those times when XCOPY won’t cut it, there’s ROBOCOPY, part of the Windows resource kit.If you just need to sync up two directories, Robocopy does it happily. Type ROBOCOPY source destination, and it will happily copy new and changed files over, while leaving identical files alone. This can save lots of time.

ROBOCOPY.DOC will give you lots of tips and ideas for using the program.

I have to do a lot of work over a WAN, and sometimes the network conditions are less than optimal, to put it politely. By that I mean sometimes I get nostalgic for the 9600 bps modem I had in high school, because it was faster and more reliable. Robocopy will detect errors and retry, which is a huge help in these conditions.

One thing I do frequently is copy single large files. The documentation file isn’t very clear on how you do this, and the syntax is tricky. Here’s how to copy a single file between two servers or directories:

ROBOCOPY source destination file(s)

Here’s a line I use a lot, to shoot out new virus definitions to my management servers:

ROBOCOPY . "\\servername\c$\program files\symantec\symantec antivirus" *.xdb

This is just a glorified copy command, but if any part of it fails, it will retry until it works.

In the past I’ve also used Robocopy to move file shares when upgrading file servers. I’ll create the share on the new server, copy everything over, and then, in off hours the night before the cutover date, use Robocopy to sync them up. Here’s an example:

robocopy \\oldserver\accounting \\newserver\accounting /MIR

Of course, since Windows has had DFS for 8 years now, you’re using DFS for everything now, right? Of course not. So for the times when you have to replace a fileserver and migrating to DFS isn’t an option for whatever reason, Robocopy is your fastest and easiest option for a cutover.

How to use your computer skills to earn some extra money

Dave Farquhar Windows , , , ,

If you’re in need of some extra money and you’re computer-savvy, the scumbags of the earth have a deal for you. You see, they load unwitting computer owners’ PCs up with loads of junk, and they can render a new, state of the art computer useless very quickly. That’s an opportunity for you to use your computer skills to earn some extra money.

If you can learn to clean up the mess, you can probably have as much after-hours work as you want.Assuming you’re pretty good at fixing your own computer (don’t go into business fixing computer problems if your computer runs like garbage), cleaning it up is pretty easy.

Keep copies of Ad-Aware, Spybot Search & Destory, Bazooka, and Avert Stinger handy on a CD or USB flash drive. Install the programs and then run them. I run Bazooka first and last because it’s fast and gives a good overview of the health of the system.

Run all of the antispyware programs and let them do their thing. Then run Stinger in case they aren’t keeping up with their virus definitions. Once you clean the system up, update the virus defs (install antivirus software if they don’t have any–AVG strikes a good balance between effectiveness and ease of use, and it’s free) and defragment the hard drive.

Most IT people I know charge about $50 for the service. Have the customer bring the PC to you since a good spyware scan takes several hours. Let Spybot scan overnight, then clean it, then led Ad-Aware run while you’re at work and let it clean.

Keep an extra monitor, keyboard and mouse around so you can just plug in your customer’s CPU and go.

If the computer is in such bad shape you don’t get a start menu, boot it in safe mode and clean from safe mode.

And there you go. An easy side business. Hopefully you’ll have a booming business so fewer people will call me.

How I became interested in system optimization

Dave Farquhar Windows , , , , , , ,

I’ve talked system optimization a lot over the past week. I think I’m done for now, so I’ll talk about why you would want to do these things, and how I got interested in it.My first computer was a Commodore 64. With Commodores, all optimization was software. The hardware was all finely tuned and the timing was precise, so you couldn’t just ramp up the clock speed of the CPU to make the system go faster. But there were lots of things you could do in software to do things like improve the speed of the disk drive.

I moved to an Amiga in the early 1990s and I became interested in a project called ARP, short for AmigaDOS Replacement Project. The Amiga had a command line, and its command line tools were mostly ports of old tools from an obsolete operating system called Tripos, written in BCPL, a predecessor of C. ARP tools were written in either C or 68K assembler and gave the functionality of the originals, but they were smaller, so they loaded and ran faster. I always looked for ways to make my Amiga run faster and use less memory.

In 1994 I took a job selling PCs. My boss talked about how his 16 MHz 386sx felt more responsive than the 33 MHz 486s we sold so many of. So I started learning about PC optimization too. There was a lot you could do just in software.

So I’ve remained interested in this idea for probably 20 years.

Just this week I put an old Windows ME box through the regimen, and it’s definitely a lot peppier now.

I talked about registry optimization and file cleanup, defragmentation, antivirus, firewalls, and defragmentation again.

Do these things, and in most cases you can squeeze at least an extra year out of the life of a system. I squeeze more like five.

How to defrag when defrag just keeps starting over and over

Dave Farquhar Windows , , ,

I’ve seen many spyware-infested Windows 95/98 boxes that just won’t defrag no matter what you do. Defrag starts, gets part of the way through, then the disk changes and it starts over again. Leave the system alone for dozens of hours and it might finish, but probably not.Microsoft has some remedies, starting with hitting ctrl-alt-del and killing everything except explorer and systray, and disabling your quick launch bar (right-click on the gray bar on the bottom of the screen, select Toolbars, and de-select Quick Launch). That can help, but not always.

I’ve also heard of downloading the Windows ME version of Defrag.exe and running that instead of the older version if you’re running an older version of Windows 9x, since Windows ME’s defrag is supposed to work better. I guess that and the USB support were the only things in Windows ME that worked better.

Disabling your antivirus realtime scanning also helps, since it’s always accessing the disk.

But sometimes even doing those things won’t work. The system in my living room is a prime example. It’s clean, has no spyware or anything else but still won’t defrag. I could blow it away and reinstall, but I’m too lazy. For the most part the system works well enough for what I need it to do, so I’d rather not mess with it too much.

One thing you can do is reboot the system into safe mode, and run Defrag from there. The performance won’t be stellar since Windows will be using generic drivers rather than the optimized drivers for your particular computer, but Windows won’t be running anything else special, so the process will be able to finish without interference. Boot in safe mode, give your computer a few hours, and it will at least have a chance to finish.

Another option is to boot off a live CD, such as BartPE, and run JKDefrag on it. This would give you the advantage of a fully 32-bit environment with better drivers than Windows 9x safe mode, so the defragment will finish more quickly.

Defragmenting this way is terribly inconvenient of course, but like I’ve said before, it’s something you don’t have to do very often. Once a year will probably keep your computer running acceptably.

The best way to optimize your firewall: Use hardware

Dave Farquhar Windows , , , , , , , , ,

Let’s get back to talking about utility replacements. We last talked about antivirus programs, but what about the other component of what’s commonly now called a “security suite,” the firewall?

The answer is, don’t use firewall software if at all possible–which means every man, woman and child who has a cable or DSL connection. Use a separate device.There are several good reasons for this. First, there’s the fundamental problem with running your security on the same system you’re trying to protect. If your firewall software goes haywire and crashes, you run the risk of being unprotected. It’s much safer to rely on an external device that doesn’t have an Intel or AMD processor in it and isn’t running Windows. So when someone tries to send a Windows exploit or virus to it, it bounces off because the device just doesn’t understand.

The second reason is price. A plain no-frills cable/DSL router/firewall costs about $20 at Newegg today. The unit I generally recommend is the Linksys WRT54G, which sells for about $50 new or as little as $25 used and adds wireless capability. That’s about the same as the retail price of a software firewall anyway, and it gives you better protection without robbing your system of performance.

A cheaper alternative, which was what I used to do when these devices cost $200, was to take an obsolete PC, put in a couple of cheap network cards, and run Freesco on it. It will run on any PC with a 386 processor or better (I recommend a Pentium with PCI slots for ease of setup). A 100 MHz Pentium is more than powerful enough and if you don’t already have an obsolete PC to run it on, you probably won’t have to ask around very long before finding one for a very low price or free. Today I prefer a Linksys-type box though, since they take less space, consume less electricity, generate less heat and noise, and take less time to set up.

Performance is the third reason. Two years ago I was working at a large broadband ISP that will remain nameless. It provides a “high speed security suite” as part of the subscription price. The system requirements for this suite are ridiculous–the suite itself needs anywhere from 128 to 192 megabytes of RAM all to itself to function. Basically, if you have a PC with 256 megs of RAM (which is what a fair number of PCs out there still have), loading this security suite on it will bring it to its knees. But if your firewall is running on a separate device, 256 megs of RAM is a comfortable amount of memory to run Windows XP or 2000 and basic applications.

Reliability is the fourth reason. Every high-speed security suite I’ve ever dealt with, be it a freebie provided by your ISP, or an off-the-shelf suite, hooks itself into winsock.dll. Three of the last four computer problems I’ve fixed have been related to this problem, and the symptoms are difficult to diagnose unless you’ve seen the problem before. Basically the computer loses any and all ability to do any networking, but when you call tech support, enough things work that tech support will probably tell you to reload your operating system. Unfortunately, the WinSockFix utility doesn’t seem to be well-known at ISPs.

If messing around with your Winsock isn’t bad enough, the security suite my former employer provided was overly paranoid about piracy. If you did any number of things, including but not limited to trying to install it on a second PC without getting a second key from the ISP, it would disable itself and not necessarily warn the user that it had left the PC unprotected. It was my job, when I was working there, to go through all of the disabled accounts by hand. It wasn’t an automated process. So if the security suite decided to go jump off a cliff sometime on Friday after I’d pulled the current report, it would be sometime on Monday before I would even be aware of the problem. Given that it usually takes about 20 minutes for some exploit to find an unprotected Windows box sitting on the Internet, that 48-72 hour window that you could be sitting unprotected is anything but ideal.

Things may have changed since I left that employer in November 2005, but if it’s my PC, I’m not willing to risk it. I’d much rather spend $20-$50 on a cable/DSL router to give myself firewall protection that I know I can just set up once and then ignore for a few years and won’t cause my PC to constantly fall behind on the upgrade treadmill.

And finally, the fifth reason to use a hardware firewall is apathy. Software firewalls tend to throw a lot of popups at the user, warning the user that this or that is trying to access the Internet, or come in, or whatever. Most users are likely to do one of two things: either allow everything or deny everything. The result is either a PC on which nothing works, or whose firewall is full of so many holes there might as well not be one. It’s much better to have a hardware firewall that just does its job. If you’re worried about unauthorized applications hitting the Internet, that’s the job of antivirus and antispyware software, not the firewall.

Replace your Antivirus software with this freebie and regain your performance

Dave Farquhar Windows , , , , ,

Antivirus software is the worst culprit in PC slowdowns. I am not alone in this belief. I don’t suggest going without (not completely) but it’s certainly possible to save lots of money, eliminate subscriptions, eliminate most of the overhead, and still practice (relatively) safe computing while running Windows.

Use Clamwin, the Windows version of ClamAV, and don’t engage in risky behavior (more on that later).Clamwin is free, GPL software, meaning you never have to pay for or renew it. It lacks a realtime scanner, which is the main resource hog for PCs. This may leave you vulnerable to infections, but think about where the majority of infections come from: E-mail, downloads, and drive-by installations. Clamwin comes with hooks into Outlook to scan e-mail attachments for you, and Clamglue is a plugin for Firefox that automatically scans all downloaded files. Of course you’re using Firefox, right? Using a non-Internet Explorer browser is the most effective way to prevent drive-by installations. I don’t use IE on my personal PCs for anything other than running Windows update.

Realtime protection made lots of sense when the main distribution point for viruses was infected floppies, but those days are long gone. This approach protects you against modern viruses without making your multi-gigahertz computer run like a Pentium-75.

I do suggest periodically scanning your system, something that even antivirus packages with realtime protection do. It makes you wonder how much confidence they have in that resource-hogging realtime protection, doesn’t it? Weekly scans are usually adequate; daily scans are better if you suspect some users of your computer engage in risky behavior.

Risky computer behavior

The last virus that ever hit any computer I was using was LoveLetter, which was way back in May 2000. The only reason I got that one was because I had a client who got infected and she just happened to have me in her address book. I don’t know the last time I got a virus before that.

It’s not because I’m lucky, it’s because I’m careful. There are lots of things I don’t do with my computers.

I stay off filesharing networks. Not everything on your favorite MP3-sharing site is what it claims to be, and there are people who believe that if you’re downloading music without paying them for it, they are entirely justified in doing anything they want to you, such as infecting you with a computer virus.

I don’t open e-mail attachments from strangers, or unexpected e-mail attachments from people I know. For that matter, if I don’t recognize the sender of an e-mail message, I probably won’t open it at all, attachment or no attachment.

I don’t run Internet Explorer if I can possibly avoid it. Internet Explorer’s tight integration into the operating system makes it far too easy for people to run software on your computer if you so much as visit a web page. Google tries to identify web pages that might be trying to do this, but a safer option is to use a different web browser that doesn’t understand ActiveX and doesn’t have ties into your underlying operating system.

I don’t install a lot of software downloaded from the Internet. A good rule is not to install any “free” software whatsoever unless it’s licensed under the GNU GPL or another similar open-source license. If you don’t know what that means, learn. Open source means the computer code behind the program is freely available and outside programmers can examine it. If a program distributed that way does anything malicious, someone’s going to figure it out really fast. If I’m going to download and install something that isn’t open source, I only do so when somebody I trust (be it a trusted colleague, a magazine columnist, etc.) recommends it.

I don’t rely on software firewalls. I have a separate cable/DSL router that acts as a firewall and sits between my computers and the Internet. So when the random virus comes around looking for a computer to infect, my firewall doesn’t even speak their language (it doesn’t run Windows and doesn’t have an Intel or AMD processor inside), so the potential infection just bounces right off.

Use a web-based e-mail service instead of a program like Outlook or Outlook Express if you can. If you use something like Yahoo Mail or Hotmail, that company’s servers scan your incoming and outgoing e-mail for viruses, so if someone sends a virus to your Yahoo account, you won’t get it. Does your ISP scan your e-mail for you? If you don’t know, you probably should consider getting your e-mail from someone else. Your antivirus should catch it, of course, but it never hurts to have someone else looking out for you too.

If you avoid these practices, you can join me in throwing out your commercial, for-pay antivirus software and reclaim a lot of computer performance too.

Microsoft buys and then discontinues Linux/Unix antivirus products

Dave Farquhar Servers and Networking , , , , ,

First GeCAD, now Sybari.

Microsoft has been buying smaller anti-virus firms and discontinuing their Linux and Unix product lines.

Trust, schmust. When your god is Big Business, that means Big Business can do no wrong, so when you’re the U.S. government, you let companies like Microsoft do whatever they want. The problem is that Unix antivirus products are extremely useful, especially in Microsoft shops. Unix viruses are rare, and the heterogenous nature of Unix–never knowing much about the underlying hardware, binary incompatibilities between various dialects even when running on the same hardware, and never knowing for certain which libraries are installed–creates a hostile environment for viruses anyway.

So what good is a Unix server that detects viruses that can’t survive in Unix anyway? It makes a great buffer between the hostile world and the soft and chewy Windows boxes inside corporate firewalls, that’s what.

I love to put Unix boxes in between the world and mail servers that may be running Windows. Just set it up to relay mail to your Exchange or Domino server, but have it scan the mail first. Better yet, have it running on weird hardware. A slightly elderly Macintosh or Alpha or Sun box works great. Since the Intel x86 instruction set is the most common, most buffer overflows use it. While non-x86 processors aren’t immune to buffer overflows, an overflow using x86 instructions will appear to be gibberish and it won’t run. It’s like telling me a lie in Japanese. You won’t fool me with the lie, because I don’t speak Japanese, so I won’t understand a word you’re saying.

Fortunately, there are still antivirus products for Unix and Linux out there. And once Microsoft establishes its antivirus product, it will be more difficult–I hope–for it to simply continue buying antivirus firms and discontinue their products, since now they would be buying off competitors, rather than just attempting to acquire technology that they don’t have the ability to develop internally.

And even if they do buy and discontinue everything, there’s always ClamAV.

Read this if you are using the free AVG 6.0 antivirus software

Dave Farquhar Viruses ,

Grisoft has offered a free edition of its AVG 6.0 antivirus software for several years. Unfortunately it has discontinued the product and will stop offering updates on 31 December.

The solution is to download their new free version.It’s a pain, but unfortunately, free things almost always have some kind of strings attached. To be entirely fair, for-pay antivirus software often has some strings attached too.

So if you’ve been using AVG, or you have friends who have been, download (or get them to download) the new version and update it.

Some people have been complaining lately about AVG not updating their definitions as quickly as the other vendors. The result is that some viruses that Norton Antivirus would catch go undetected by AVG. If you can afford better virus protection, buying it is probably worthwhile. If not, the AVG free edition is still better than no protection at all.