Download: April/May 2007

Community Comments

To Quarantine Files or Not; New Malware Hunters; Surrond Sound Scoop

By Cheryl Leff

Q: When I run my McAfee Virus Scan, I often get a couple of files that it calls “Potentially unwanted programs”; for example, file name “C:/System Volume Information/restore with a Program Name of prockill-bu.” Another example: File name C:/Documents and Settings (owner) with a Program Name of “Exploit- MIME.gen.c.” I have the option of deleting, quarantining or leaving them. As I have no idea of what they are, I have been deleting, but now I wonder if I should quarantine them instead, just in case I ever figure what they are and might want them. What makes a program "potentially unwanted"? What would your advice be to do with them? I read the “help” file about quarantine but don’t fully understand it.

A: “Potentially unwanted programs” are programs that may not be harmful in and of themselves (not a virus, worm or trojan) but that may be able to be used in a malicious way if bundled with other code. The first example you give, prockill-bu, is a command-line utility used to terminate programs. If bundled with appropriate code, it could be used to terminate programs you want to run, possibly even including anti-virus or anti-spyware programs. Since it is embedded in System Restore information, it could be activated any time the system is restored – for example, after you removed something unwanted, you could wind up “restoring” this pesky piece of code that terminates programs you want to run.
     Your second example is a variant of Exploit-MIME.gen.exe, a piece of malware which exploits a Microsoft email vulnerability in the header information included at the beginning of email messages. It allows code in an attachment to be executed if the email recipient simply views the message even without opening the attachment. Many anti-virus programs, including McAfee, strip off dangerous attachments; this bit of code included in the header may slip through but will then be identified as a “potentially unwanted program.”
     Generally speaking, you’re usually safe deleting almost anything identified by McAfee as a “potentially unwanted program.” If in doubt, you can leave it in quarantine, where it does no harm other than taking up space. If you need more information, you can go online to McAfee’s site and search on the name of the item in their Virus Information database (http://us.mcafee.com/virusInfo/default.asp).

Q: I’ve got McAfee and SpySweeper to protect my computer from viruses and spyware, but it seems like constantly having to update the virus and spyware information is a real racket. Can’t somebody come up with a program that just spots code that does bad things and eliminate that? Then again, I suppose if the anti-spyware and anti-virus companies succeeded in doing that, they might kill off the proverbial goose that laid the golden egg. Makes you wonder just how motivated they really are to invent such a thing.

A: Good point. However, the question remains: Given that we aren’t privy to the motivation of either creators of malware or of products to combat it, are there any products that work without requiring the constant updating of malware “signatures”?
     There are some new products that attempt to do this, with varying degrees of success. The product rated best of a group reviewed by PC Magazine is Primary Response SafeConnect, from Sana Security ($24.95 from http://www.sanasecurity.com/), which is designed to complement and work with standard anti-virus and anti-spyware programs. It identifies suspicious behavior and roots out the code producing it. Some of the more devious malware programs out there put code in multiple places – the Registry, configuration and .ini files, the boot sector and dll libraries, as well as System Restore data – so that it may be activated whenever the system boots up and may come back after being removed. Sana claims that SafeConnect removes code from all of these places, a claim that appears to have been borne out in PC Magazine’s tests.
     Another product, Dynamic Security Agent, available free from Privacyware (http://privacyware.com/dynamic_security_agent.html), “trains” itself to recognize deviations from your usual pattern of computer usage. It spots suspicious behavior, such as attempts to make certain Registry changes or install rootkits, and blocks them. It does ask what you want to do about such behaviors when they are detected, which can get annoying, but the price is definitely right. (For a complete review, see the Feb. 6, 2007, edition of PC Magazine, p. 40.)

Q: What hardware and software do I need to have on my system in order to have surround sound?

A: You need a surround-sound card and a set of surround-sound speakers. These come in versions from 5.1 up to 7.1. Version 5.1 is a setup with one center speaker, four surround speakers (front and rear left-side and right-side) and a sub-woofer, which may also supply power and send sound signals to the other speakers; 7.1 adds an additional pair of speakers. You will need to follow the directions that came with your sound card to configure it properly to work with your system. And if you added the surround-sound card to an existing system, you may also need to disable the old sound card. In some cases, the old sound card is part of the main board and can’t be physically removed, but you can disable it in software through the Control Panel.

• Share
  • Digg This
  • del.icio.us
  • Newsvine
  • Facebook
  • Reddit
  • Furl It
  • !Y My Web
  • Google
• Email
• Print

Recommend This

Community Comments