On Sun, 19 Jun 2005 15:20:02 -0700, Alicia
I have a Hewlet Packard HP Pavillion 551 W. I have Windows Xp. I did a system
recovery because my internet wouldn't work and then when windows loaded
nothing would show up. I guess it was do to spyware.
Dio you mean System Restore, or re-using HP's "Recovery" (i.e.
"destroy everything and start over") CD?
If you meant the latter, and your XP is old enough to ship with...
....then you'd be stone dead as soon as you get back on the Internet.
See
http://cquirke.mvps.org/reinst.htm
The problem is that serious (some would say, unforgivable) weaknesses
were found in NT, or which XP is the current exponent, that allow
malware to enter the PC even if you run no programs at all.
I don't consider it unforgivable that there were such defects in the
code; these things happen, and by then, we should have known that.
What I consider unforgivable is that these defects were exposed to the
Internet, by design. Why does a stand-alone consumer computer have to
wave networking services such as LSASS and RPC at anyone in the world
who wants to take a poke at them? Why are these services entrenched
so deeply that they can't be turned off?
Windows has had problems like these repaired by a constant stream of
small patches, and every now and then these are rolled up into large
Service Packs (SP). SP1 didn't fix these defects AFAIK, but SP2 not
only fixes them, but protects against similar unknown defects by
turning on the firewall. That firewall was always there in XP, but it
was off unless you or your tech or your <ahem> value added system
builder had the clue to turn it on.
So what happens when you "just" re-install Windows?
Well, this is supposed to preserve your settings, so if you had the
firewall up (or an add-on firewall installed) then that would protect
you against these particular defects, but all your repairs to Windows
will be lost. So you'd be a lot more vulnerable than you were before;
it's as if I washed all the germs off your skin but also peeled your
skin off entirely, so you could get eaten alive.
So what happens when you "just" wipe and re-install Windows?
Large OEMs like HP suck in various ways, but one of the worst is that
they don't give you quite the same Windows CD that you'd get from a
generic system builder. Often you can't do the "repair" reinstall
described above, and are forced to wipe and accept the factory's
duhfault install - one big doomed C:, NTFS that makes formal virus
scanning very difficult and data recovery almost impossible, etc.
So after you wipe and rebuild, you lose *everything* - not just
patches and SPs, but firewalls, antivirus, and clueful protective
settings you or your techs may have applied, etc. You'd be left not
only with no skin, but in the middle of the bush and smeared with
honey. Malware tigers; dinner is served.
How to avoid this?
Firstly, DO NOT CONNECT TO ANY NETWORKS, especially the Internet,
WiFi, IR, etc. until you have enabled the firewall on all such
connections. Unless you use WiFi (and personally I would not), keep
that disabled entirely - that's what you need to know; figure out how.
Next, connect to the Internet, and start downloading patches. If
you're on a modem, you're basically stuffed; you'll never get the
whole of SP2 that way (or rather, it would take days, and if you're
paying phone changes, it's a non-starter).
The good news is that you don't have to install SP1 first; you can
just install SP2 and then catch up from there. The even better news
is that you may get SP2 on a CD from MS directly, or from the shop
that sold and <cough> added value to your PC. Delivery time.
Ideally, the patching process should have generated an up-to-date
replacement CDR for you (assuming your PC has a CD writer; from the
128M RAM era, it may be too old). But MS hasn't seem to have thought
of that; it's "just" go online and download everything all over again,
and hope you aren't attacked while trying to do this.
That's the result of totally brain-dead pagefile sizing logic. The
pagefile is HD space you use when you don't have enough RAM to hold
everything you're trying to do at once. Obviously, if your software
load wants 700M of memory, you'd need 200M with 512M RAM, 450M with
256M RAM and 600M with 128M RAM - i.e. the less RAM you have, the more
pagefile you need to get the same load done.
Obviously? Not to the XP programmers, apparently. Perhaps guided by
the space needed to accomodate memory dumps after system crashes -
which is a side-effect use of the pagefile, anyway - they allocate
more pagefile the more RAM you have, and the less RAM you have, the
less pagefile you get. By that logic, it's fastest to have no RAM at
all, because that way everything magically fits into this no-space and
there's no need for paging at all.
So to fix that, first defrag the PC, then set your pagefile to 512M
minimum and leave the max open, or also set to 512M. Things will
still be slow - 128M is criminally small for a modern XP PC, but large
OEMs would so that - but at least they'd work.
Back to getting safe - and this is a very simplified explanation, but
anyway - once you have (1) firewalled, and (2) patched, you need to do
step (3); install and update an antivirus utility (av). Update daily!
Free av is available from Grisoft (AVG), Avast, Anti-Vir and possibly
you'll have special offers from your bank, work or shops. Fee av
tends to die once a year unless you throw money again. Avoid Norton;
I know it's the duhfault choice, retail loves pushing it, and OEMs
sometimes give you a starter version that dies in a few months.
Free firewall is already there, but add-on firewalls can add other
value, such as watching what programs are trying to connect out to the
Internet. That's good if you want to get hands-on with this stuff,
but if you can't be bothered, stay with XP's firewall at least.
Yes, malware can drill through XP's firewall from the inside if they
get to run on your PC, but they also slam down a number of add-on
firewalls, av and other defensive tools anyway.
The final defensive add-on layer is to block, detect and kill
commercial malware (cm), also inaccurately called "spyware" just as
all traditional malware is called "viruses", "worms" or "trojans".
Once again, free tools; Spyware Blaster to block, and AdAware, Spybot
and Microsoft Antispyware Beta to detect and kill.
Final tip in this section: Use multiple tools against commercial
malware (as long as they aren't running at once - the ones I mentioned
don't run all the time, as an av does) but stick to one av and one
firewall. There are a LOT of fake and dubious "anti-spyware" tools
out there that cost money and/or only kill those cm that compete with
whatever cm cronies are punting the fake tool. I stick to those four.
But sometimes the best defences are more subtle; settings within the
programs you use, as well as avoiding programs that are so popular
that everyone attacks them, and/or are simply unsafe by design.
There's a lot you can do in this space, and that's the bulk of what I
do - the firewall's just the "front bumper"and the av is the "goalie
of last resort". Fill the space in between by clue that you teach
your humans as users, and your system as thier proxy.
The more custom settings and defences you apply, the safer you'll be,
but the more you will lose if you ever have to "just" re-install, or
(disasterously) "just" wipe and rebuild from the bulldozer CD.
Eventually, you will most likely come to hate large OEMs, and the
crippled Windows CDs that MS allows them to sell as acceptable within
the "Genuine Advantage" of legality. You may as well start now.
------------------ ----- ---- --- -- - - - -
The rights you save may be your own
What I don't understand is that before I did the