Use a U disk to fight against malicious software

Lawyers and doctors often do not like to tell others about their careers at the party, as long as someone hears about their status and consults on medical or legal matters. And now, if you say you're working in the area of computer security, there's a lot of people around you who will ask you about security.

This often happens when an information security professional needs to perform some quick fixes to find that there is no suitable toolset. To address this issue, we will discuss how to build a portable software toolbox for repairing infected computers in this month's application guide. There are plenty of free, very useful system analysis tools and Anti-malware tools available on the Internet. I recommend that the administrator download the software and burn the software to a CD-ROM, preferably on a cheap 1GB usb drive. Then carry the USB drive with you so you can save people from disaster like a superhero with information security.

First weapon: Antivirus and antispyware software

First, you need to be able to scan the system, detect and remove malicious software in the system antivirus and anti-spyware tools. My favorite free antivirus scanning software is ClamAV. This is an anti-virus tool that Sourcefire acquired in August 2007. However, you should download the virus feature library regularly and update it.

For Anti-spyware, my favorite free tools include Lavasoft AB's Ad-aware, Spybot Search and Destroy, and the hijackthis of trend technology. Although many commercial vendors buy many of these products, there is nothing wrong with using this software as long as it is free, high-quality, and up-to-date.

Second Weapon: Machine analyzer

One of the best resources for in-depth analysis of Windows systems is the Sysinternals that Microsoft acquired in July 2006. I hope that many of the Sysinternals tools will eventually be integrated into the Windows system. However, it is helpful to download these tools prior to this. Here are some important Sysinternals tools.

· The Process Explorer (processes browser) is actually a Windows Task Manager. It shows the processes running all, indicating their hierarchical relationships and the dynamic link libraries they load.

· Filemon and Regmon use file systems and the registry to record all interactions, and they can accomplish these tasks in real time.

• Streaming Process Monitor, a newly added tool in the Sysinternals tool, basically integrates the above three tools, detailing all the processes running on a single machine.

· The Autoruns program displays all programs that start automatically when the system starts or when the user logs on. Because spyware often modifies the automatic startup directory or registry, this program is important for analyzing the startup state of a machine.

· TCPView provides a picture of TCP and UDP port usage, associating each port with the process it is using.

· Strings displays a string of files on the screen. Careless malware authors leave strings in their code. This string is often an ASCII string. To have the Sysinternals program look up the ASCII string instead of the system default Unicode string. Use the-a parameter when running this program.

• Finally use RootkitRevealer to find rootkit to determine when a system will provide error messages about which file or registry key appears.

The information gathered using these tools, coupled with search engines searching for specific processes, dynamic link libraries, and file names, can help identify malicious activity on a single computer

Third weapon: Microsoft Baseline Security Analyzer (MBSA)

Microsoft's free and convenient diagnostics tool is able to view hundreds of Windows computer settings, determine its security status, and make recommendations. MBSA is able to disclose security vulnerabilities such as the expiration of patches that may allow malware infection. I also suggest that you carry a network security tool called Netcat. This tool can send arbitrary data on a TCP connection or UDP port. Netcat can move files (such as MBSA or ClamAV generated by tools) or archive remote access (shell access).

Fourth weapon: Lads

Frank Heyne's free software tool looks for additional data streams (adses) in NTFS-based file systems. Additional data streams are the default hidden files that hackers sometimes use to hide their malicious intent. One of the newly added options for Windows Vista operating system is the ability to display data streams with the built-in "dir" command plus the "/r" parameter. As Windows Vista's previous version of the system is still in use, tools such as lads should be another important tool in your toolbox.

Fifth weapon: VMware player/vmware Security browsing device

VMware Player is a free virtualization application. This software enables the client to run on a Windows computer. The VMware Security browsing device includes a free Ubuntu operating system that is configured with a Firefox browser.

Sometimes, Internet access requires downloading an additional tool. If there is no other machine on hand, VMware can be installed on the machine, running the virtual machine can access the Internet.

Once you have established a USB arsenal to eliminate malware, you must set this USB drive to read-only mode. Many USB drives have read-only access to the hardware switch, which opens this switch because we do not want malware to infect our arsenal. So I generally do not buy USB drive without hardware support read-only access.

Finally, do not allow these tools to be limited to just one USB drive analysis tool. You can add additional components to your needs. However, do not download the USB flash drive tool that you do not know what to use. Running a tool incorrectly may cause greater damage to the machine. You need to practice using these tools in a lab machine and think carefully about how each tool can help you repair an infected machine. With little planning and lots of practice, a USB flash drive that eliminates malware can serve you well.