After spending years testing security products I've learned an important lesson. Don't get infected by malware.
In other words, put maximum effort into preventing infection rather than detecting and removing infection.
This statement may seem bland and unremarkable but there's more to it than you think.
The traditional way of adding additional protection
Many people protect their PC's by using multiple signature scanners based on anti-viruses, anti-spywares, anti-trojans and anti-rootkits.
It is not as secure as many people think and for most folks, the cost is too high and the additional protection afforded too little.
The cost here is not so much financial though that is an issue, but rather the serious impact adding many security layers can have on the performance of your PC.
There is also a cost in complexity. The more security programs you run the more chance they will either interfere with each other or with other programs.
Each additional layer you add increases your protection but by an incremental amount only. A good anti-virus program may offer 70% protection. Adding a good anti-spyware utility may increase this to 85%. The addition of an anti-trojan may take it to 90%.
This is because today's security products overlap in function much more than they used to. A modern anti-virus program will detect a lot of spyware while a modern spyware program will detect some viruses, worms and trojans as well.
Although the protection achieved only goes up incrementally with each layer added, the processing load on your PC will rise more or less in proportion to the number of layers. So adding an anti-spyware layer to your anti-virus layer will double the load on your PC. Adding in an anti-trojan as well may well triple it.
So folks, while layering is a good thing we are faced here with a law of diminishing returns.
But that's not the only problem with the traditional layering approach to protection. If an aggressive malware program is allowed to run on your PC it may disable all your layers of protection rendering them useless.
I've seen it happen many times and it is a frightening sight to see all your security program icons disappear from the system tray.
Thankfully some security programs resist termination by hostile agents but the majority don't. And even those that do resist may well prove vulnerable to new, more advanced termination methods yet to be developed by malware programmers.
My approach these days is simple: if you allow malware programs to run on your PC don't expect your security programs to fully protect you. If you are lucky they will but with security, you shouldn't rely on luck.
So how do you prevent infection?
Good Safe Computing Practices
Ensure you keep Windows and MS Office (if you use it) completely up-to-date by applying the latest fixes from the Microsoft Update Service. Make sure the automatic update settings are Automatic (or at least not turned off).
Make sure your other software products are also fully updated, particularly popular products like Firefox, Opera, Adobe Reader, Sun Java, Flash plug-ins and media players. The easiest way to do this is to use the free Secunia Personal Software Inspector.
Switch to alternative programs. They can be better in functionality or lighter in resources than more popular programs, and are targeted less by malware writers. Using Firefox instead of Internet Explorer and Foxit Reader instead of Adobe Reader can greatly improve your security.
Be careful where you surf. In particular stay away from sites offering commercial software serial numbers, keygens or other hacked material. Avoid accidentally wandering to hostile sites by installing WOT and AVG LinkScanner. These are free plugins that append site security ratings to search engine listings and sites.
Never click on email attachments from untrusted sources however tempting and attractive such attachments may seem. Similarly, never click on links in email from unknown correspondents.
Never install programs unless you are fully confident they are clean. In particular, only download files from trusted sources and never install programs that friends give you on removable media unless you have verified that they are clean by submitting them to free web based signature scanning services such as Jotti or Virus Total.
Make sure Windows Firewall is turned on. If you are running Vista, you can use the free Vista Firewall Control to enhance the security and usability. Firewalls with outbound protection can also be used, however, the added complexity is not suitable for beginners.
Disable AutoRun with the free Panda USB Vaccine.
These measures can protect your PC from infection a great deal. However, sticking to these rules is not easy; it requires a level of discipline most users don't have. Who hasn't been tempted to open a funny PowerPoint email attachment or install a free game?
And it's not only a question of discipline. These days you can easily get infected simply by innocently surfing to a trusted web site that has been hacked or opening a "loaded" MS Office document. You need more protection than the basic security rules can provide.
Protection is better than cure
The best way to increase your level of protection is to make sure that if a malware program sneaks its way on to your PC that it is never allowed to run on your PC in a normal Windows environment.
A normal Windows environment is a user account with full administrator rights. It's probably what you are using right now as it is the default setup in all recent versions of Windows up to but excluding, Windows Vista.
There are many ways you can keep malware well away from your normal Windows account. Here are four:
1. Use a Windows limited user account for your daily work
2. Run all high risk programs with limited rights
3. Run all high risk programs with policy restrictions
4. Run all high risk programs in a sandbox or virtual machine
Each method has its pros and cons so let's look at them individually:
Option 1: Use a Windows limited user account for your daily work
Using a limited user account can be very effective in preventing malware infection as most malware products need full administrator rights to install themselves. In a limited account they just can't get a foothold.
It's easy to set up a limited user account. Just go the Control Panel, select User Accounts and create a new user account as a limited user. Then sign in to this account for your normal computer work rather than the account you are currently using.
Setting up a limited account may be easy but using it can be a real pain. For example you won't be able to install most programs. You won't be able to update others. You won't be able to access any part of the PC other than your own documents and the shared documents area. Heck, you won't even be able to change the system date!
Some folks can work with these limitations or work-around them by swapping to a full privilege administrator account when they need to install programs or do other more advanced tasks. Others use the Windows "Run as" command and similar utilities to temporarily elevate their privileges when needed.
Most users though, find using a limited account to be simply too awkward and inconvenient. Sure. their computer is safe but that's little comfort if their PC is only barely usable.
That said using a limited account is an excellent solution for advanced users prepared to tolerate the inconvenience or ordinary users with basic computer needs. If Granny never does anything but check her mail and browse to newspaper sites to read the headlines than setting her up with a limited account is a good way to go. Do expect phone calls though; one day even Granny is going to need to do something that requires administrator privileges.
Option 2: Run all high risk programs with limited rights
This is a more practical strategy. Run as a full administrator user but restrict the rights of all programs such as your browser and email client that can be sources of malware infection.
Getting this to work could be a complex business but thankfully there are some free utilities available that were written to perform this exact task.
The best known of these is DropMyRights. It allows users to easily create special versions of their browsers, email clients IM client, media player or other internet facing programs that run from a full administrator account but with the restricted rights of a Windows limited user.
It's a simple and neat solution that provides good protection from infection yet doesn't inconvenience the user in the same way as working from within a limited user account. I've written a practical guide to running programs using DropMyRights. You can find it here.
The approach however has some weaknesses perhaps the worst of which is downloaded files. Yes you are safe from infection while using a browser but if you run any files you download then you can easily be infected if those files contain embedded malware.
However, if you add Software Restriction Policies you restrict your computer even more so most malware will not be able to install. This guide has excellent instructions on how to set up Software Restriction Policies on your computer.
Option 3: Run all high risk programs with policy restrictions
GesWall free is an excellent option. It is similar to DropMyRights, but provides better security. GesWall works by restricting what your internet applications can do to your computer.
GesWall requires no user intervention (but advanced users can configure it for better security); it is truly set-it-and-forget-it. It does not restrict your usability (unlike using a Limited User Account) and is not as intrusive as Sandboxie.
Option 4: Run all high risk programs in a sandbox or virtual machine
The strange name "sandbox" derives from the Java world where it refers to the highly contained and restricted environment in which Java programs (applets) are allowed to run. They are allowed to "play in the sandbox" but not go outside it. The important point is that while running in the sandbox, the programs have no access to your real PC.
So it is with sandbox security programs. While browsing or engaging in any computer activity within the sandbox you are totally corralled off from your other parts of your PC. Any files you download are isolated to the sandbox. Similarly, any programs that are executed only do so within the sandbox and have no access to your normal files, the Windows operating system or indeed any other part of your PC.
That means that if you get infected by malware while using the sandbox your "real" computer is not affected. Furthermore you can close the sandbox and all that's within it is erased including any infections, leaving your real PC in a pristine state.
Sandboxing is a great security solution for preventing infection. There are also some excellent sandboxing programs around including my favorite, the donationware utility "Sandboxie." It is very light on resources, provides very strong protection and has a well-supported forum.
There are some downsides. Sandboxing creates a two-worlds view of your computer and this confuses some users. They could get it wrong and think they are surfing in the sandbox when they are not - and then it's possible to become infected. This confusion is particularly evident with downloaded files. Files in the sandbox are not really permanently on your computer unless you deliberately move them from the sandbox to your real PC. If you shut the sandbox without moving them they will be lost forever.
This two-worlds view is simply too confusing for some users. A confused user is an unsafe user.
Also, if users are not thinking, they could allow every alert, which would recover files to your real environment.
And like every single other security software, some malware can still break out of sandboxes.
There are other problems too. Sandboxing is only available for PCs running Windows 2000 and later. Furthermore sandboxing can create problems on some PCs. Indeed I've known PCs to seize up totally with a sandbox installed. Luckily though, this is not common.
Another option is Returnil Virtual System Personal Edition. It works by virtualising partitions (only the local drive). When you turn the protection on (this does not require a reboot), your whole partition is virtualised and all changes made to it are lost. When you want to turn the protection off you have to restart your PC. This sounds like a great idea and it is, but there are several drawbacks. One is that it is not very flexible, all your data will be lost too (unless you manually configure some files to be excluded, but this reduces the security). Another reason is that it can still be bypassed - recently there have been several well-publicized malware exploits which can bypass its protection.
Virtual machines such as VMWare, Microsoft's Virtual PC and Sun's VirtualBox are similar to sandboxing but take the idea one step further by completely separating the virtual machine from the real PC at a conceptual level. Rather than have a sandbox as part of your real PC you have a virtual PC that is notionally fully distinct from your PC.
This difference aside these virtualization models have a lot of similarities. Infections that are incurred in the virtual machine cannot affect the real PC. Similarly shutting down the virtual PC removes all trace of infection.
Unfortunately they also share the same user confusion: "Am I in my real PC or the virtual one?"
The greater separation provided by the virtual machine approach does offer a more robust security model than sandboxing but it comes at a cost. Virtual machines consume a lot of memory and have a fair degree of processing overhead compared to sandboxing. And moving between the real and virtual machines can be more awkward than with sandboxing. Like sandboxing virtualization can be troublesome on some PCs.
From a user's perspective sandboxing or partition virtualisation are more attractive options though IT professionals would probably prefer the greater flexibility and superior isolation offered by virtual machines. I've written a practical guide to surfing using a sandbox which you can find here.
Security wise all three offer excellent protection from malware infection. The protection is so good that disciplined users don't need any other security products to protect them.
What about on-demand scanning?
OK I've come out heavily against running multiple active security products but what about passive security products like on-demand scanners?
An on-demand scan is one you manually initiate. It may be an anti-virus scanner, an anti-spyware scanner, a rootkit detector or a keylogger scanner.
I'm all for on-demand scans as, unlike using products that employ active monitoring, they don't impose an on-going overhead on your computer. They only consume computer power while they are actually performing a scan.
Take for example a good anti-spyware scanner like the free version of SUPERAntiSpyware or the excellent free Panda Anti-rootkit detector. They consume no computer power unless you actually run the programs. And because they are not constantly running they are less inclined to cause any problems with other programs.
So by all means run on-demand scans periodically: weekly, monthly whatever. They are a good backstop to your anti-virus program.
Conclusion
When it comes to today's aggressive malware programs, preventing malware from ever getting on your PC is a better strategy than trying to intercept it when it tries to run.
Make sure to use a blend of different technologies and products when you use security software, not just signature scanners. Remember, absolutely no product provides 100% protection.
You can prevent malware getting on your PC by combining safe computing practices with other techniques such as reducing the privileges of high risk programs, policy restriction programs, sandboxing and the use of virtual machines.
Reducing the privileges of high risk programs is a simple workable solution for most users. Policy restrictions offer greater security and usability than reducing privileges, but can slow down your internet connection speed drastically. Sandboxing, virtualization and policy restrictions offer a more complete solution but are not entirely free of practical problems. For those who can work with these problems, sandboxing, other virtualization solutions and policy restrictions offer the best way currently available to prevent malware installing itself on your PC.
With these elements in place the only active security software you really need are an inbound firewall and any good anti-virus program. That said you can, indeed should, supplement these with periodic on-demand scans of your PC with a good anti-spyware product and a good rootkit detector. These on-demand products won't impose the on-going overhead you would incur with security software that uses active monitoring.
This set up provides better security than employing multiple layers of real-time signature scanners. Even better your PC will run much faster; a complete contrast to machines running multiple real-time security products.
None of this comes without cost. Defensive computing requires time and discipline. Users not prepared to put in the effort are advised to stay with a layering strategy using multiple security products.
Saturday, 30 November 2013
How to Remove Google Text Ads
It seems that almost every web page you view these days has Google AdSense texts ads spread across the top or down the side.
These ads have never bothered me. They are easy enough to ignore and besides, website owners are entitled to earn a living just like the rest of us.
However, lately some sites have started embedding the Google ads in the center of the page or worse still, right in the middle of a block of text. So I decided enough was enough and started looking for ways to block the ads.
It turns out that it's dead easy to stop them. In fact there are many ways you can do it. For example Firefox users can use the AdBlock or CustomizeGoogle extensions to kill the ads while Internet Explorer users can use one of the many ad-blocker add-ins such as AddSubtract, WebWasher or the excellent freeware program IE7Pro.
Perhaps the simplest and most universally applicable method is to use the Windows Hosts file to block the address of the Google ad-server.
There is another advantage in using this technique; it will help you develop an understanding of the Hosts file and its many uses.
The Windows Hosts file
This a file on your computer that can be used to locally translate the names of web sites into IPs. IPs are sets of four numbers separated by dots like 65.109.128.16. They are the real addresses of the internet not web site names (URLS). Names are only a convenience and have to be translated into IPs. For example, the name (URL) of my website is techsupportalert.com but its IP, its "real" address on the internet, is actually 72.52.134.218.
Normally this kind of translation takes place at your ISP. They have a special server dedicated to the task called a DNS server. Whenever you type a URL like www.techsupportalert.com into your browser address window, the DNS server translates the name into the corresponding IP 72.52.134.218. It's automatic and requires no involvement from you.
However, you can also do it locally on your own PC and that's where the Windows Hosts file comes into play.
The Hosts file is just a plain text file containing a simple list of web site names (URLs) and their corresponding IPs. Here's an example of what a Hosts file might look like:
216.109.118.69 www.yahoo.com
72.52.134.218 www.techsupportalert.com
216.239.115.141 www.cnet.com
You can think of this like an address book. In an address book you look up a name and find the address. With the Hosts file you look up a web site name (URL) and find the address (IP). In the example above, any reference to the name www.yahoo.com will directed to the address 216.109.118.69.
Now, the Hosts file on most computers has nothing in it. That's fine because the DNS translation is usually handled by your ISP.
If your Hosts file does have entries then these are used for the DNS translation for those sites instead of your ISPs DNS server. This is actually fractionally quicker as it saves a step. In fact. some web accelerators store thousands of popular sites in your Hosts file to take advantage of this slight increase in speed.
But there's another common usage for the Hosts file: to block addresses. This is done by using a dummy address, typically 127.0.0.1, that goes nowhere. For example, consider this entry:
127.0.0.1 wwww.yahoo.com
With this entry in the hosts file, any reference to www.yahoo.com will be redirected to the address 127.0.0.1. Now that address is not a valid web address for any real web site. In fact, by convention it refers to your own computer.
If you have this entry in your Hosts file and you type www.yahoo.com into your browser, you'll get an error message: "Host cannot be found."
This is the very technique that we can use to block Google text ads.
Stopping Google Ads with the Hosts File
All the Google text ads seem to come from the addresses pagead.googlesyndication.com or pagead2.googlesyndication.com. If we place these names in the Windows Hosts file and point them to a dummy address then the Google ads will not appear.
First though, we need to locate the hosts file. Here is the usual location for the major Windows versions:
Windows 9x, ME C:\WINDOWS
Windows NT (and some 2K) C:\WINNT\system32\drivers\etc
Windows 2K, XP, 2003, Vista C:\WINDOWS\system32\drivers\etc
The Hosts file is simply called "HOSTS" and has no file extension.
It's a simple text file and must only be changed with a plain text editor like Notepad and never a word processing program such as MS Word.
First, we need to open the Hosts file in Notepad. If you don't know how to do that then locate the Hosts file in Windows Explorer and right-click on it. Select "Open" and then check "Select the program from a list." You'll then be presented with list of programs; select Notepad. You should now see a simple text file.
Go to the first blank line at the bottom of the file and type in ( or copy and paste) these two lines:
127.0.0.1 pagead.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
Make sure you leave no blank lines before this entry.
Just save the file and you are finished. Saving this change may spark an alert from your anti-spyware software but it's OK, just approve the change.
If you've followed the instructions carefully you should never see Google AdSense text ads again. If at a future stage you want to see the ads again, just use Notepad to delete the line you just added.
The same technique can be used to block other advertising servers, malicious spyware or sites containing inappropriate material. In fact a number of folks offer free downloads of Hosts files containing thousand of entries of such unwanted sites.
These ads have never bothered me. They are easy enough to ignore and besides, website owners are entitled to earn a living just like the rest of us.
However, lately some sites have started embedding the Google ads in the center of the page or worse still, right in the middle of a block of text. So I decided enough was enough and started looking for ways to block the ads.
It turns out that it's dead easy to stop them. In fact there are many ways you can do it. For example Firefox users can use the AdBlock or CustomizeGoogle extensions to kill the ads while Internet Explorer users can use one of the many ad-blocker add-ins such as AddSubtract, WebWasher or the excellent freeware program IE7Pro.
Perhaps the simplest and most universally applicable method is to use the Windows Hosts file to block the address of the Google ad-server.
There is another advantage in using this technique; it will help you develop an understanding of the Hosts file and its many uses.
The Windows Hosts file
This a file on your computer that can be used to locally translate the names of web sites into IPs. IPs are sets of four numbers separated by dots like 65.109.128.16. They are the real addresses of the internet not web site names (URLS). Names are only a convenience and have to be translated into IPs. For example, the name (URL) of my website is techsupportalert.com but its IP, its "real" address on the internet, is actually 72.52.134.218.
Normally this kind of translation takes place at your ISP. They have a special server dedicated to the task called a DNS server. Whenever you type a URL like www.techsupportalert.com into your browser address window, the DNS server translates the name into the corresponding IP 72.52.134.218. It's automatic and requires no involvement from you.
However, you can also do it locally on your own PC and that's where the Windows Hosts file comes into play.
The Hosts file is just a plain text file containing a simple list of web site names (URLs) and their corresponding IPs. Here's an example of what a Hosts file might look like:
216.109.118.69 www.yahoo.com
72.52.134.218 www.techsupportalert.com
216.239.115.141 www.cnet.com
You can think of this like an address book. In an address book you look up a name and find the address. With the Hosts file you look up a web site name (URL) and find the address (IP). In the example above, any reference to the name www.yahoo.com will directed to the address 216.109.118.69.
Now, the Hosts file on most computers has nothing in it. That's fine because the DNS translation is usually handled by your ISP.
If your Hosts file does have entries then these are used for the DNS translation for those sites instead of your ISPs DNS server. This is actually fractionally quicker as it saves a step. In fact. some web accelerators store thousands of popular sites in your Hosts file to take advantage of this slight increase in speed.
But there's another common usage for the Hosts file: to block addresses. This is done by using a dummy address, typically 127.0.0.1, that goes nowhere. For example, consider this entry:
127.0.0.1 wwww.yahoo.com
With this entry in the hosts file, any reference to www.yahoo.com will be redirected to the address 127.0.0.1. Now that address is not a valid web address for any real web site. In fact, by convention it refers to your own computer.
If you have this entry in your Hosts file and you type www.yahoo.com into your browser, you'll get an error message: "Host cannot be found."
This is the very technique that we can use to block Google text ads.
Stopping Google Ads with the Hosts File
All the Google text ads seem to come from the addresses pagead.googlesyndication.com or pagead2.googlesyndication.com. If we place these names in the Windows Hosts file and point them to a dummy address then the Google ads will not appear.
First though, we need to locate the hosts file. Here is the usual location for the major Windows versions:
Windows 9x, ME C:\WINDOWS
Windows NT (and some 2K) C:\WINNT\system32\drivers\etc
Windows 2K, XP, 2003, Vista C:\WINDOWS\system32\drivers\etc
The Hosts file is simply called "HOSTS" and has no file extension.
It's a simple text file and must only be changed with a plain text editor like Notepad and never a word processing program such as MS Word.
First, we need to open the Hosts file in Notepad. If you don't know how to do that then locate the Hosts file in Windows Explorer and right-click on it. Select "Open" and then check "Select the program from a list." You'll then be presented with list of programs; select Notepad. You should now see a simple text file.
Go to the first blank line at the bottom of the file and type in ( or copy and paste) these two lines:
127.0.0.1 pagead.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
Make sure you leave no blank lines before this entry.
Just save the file and you are finished. Saving this change may spark an alert from your anti-spyware software but it's OK, just approve the change.
If you've followed the instructions carefully you should never see Google AdSense text ads again. If at a future stage you want to see the ads again, just use Notepad to delete the line you just added.
The same technique can be used to block other advertising servers, malicious spyware or sites containing inappropriate material. In fact a number of folks offer free downloads of Hosts files containing thousand of entries of such unwanted sites.
How to Know If Your Computer Is Infected
These days malicious software is becoming an epidemic. It seems like it’s everywhere. Also, sadly, there's been a change in the way malware acts. It used to be that it would slow down your computer, or display annoying popups, but now malware is becoming increasingly discreet. You could be infected right now and not even know it. Also, sadly, it often seems as if the only way to make sure you’re not infected is to scan your computer with numerous anti-malware programs. Doing this can be time consuming and, while scanning, may even slow your computer to a crawl. Even after that you still can’t be sure you're clean. This is because scanners cannot recognize all new malware.
Because of these difficulties I have come up with a better method. This uses multiple programs, not to remove files, but just to analyze the computer. Each of these programs is very effective and easy to use. They are all portable applications and will not cause any conflicts on your computer because they are only running when you're using them. However, they do require an active internet connection to function properly. Don't worry, this guide will also help you to fix your internet connection in the event that it is not working. After you have already gone through the below process once, and had all files whitelisted, this approach is much faster, much more certain, and much easier than any other approach I've seen. No active malware can escape this process. However, inactive pieces of malware may not be flagged by this approach but may be found by other scanners. Rest assured that these are not direct threats to the safety of your computer and thus do not constitute a failure of this article.
This article is meant for those who believe it's possible, but are not sure, that malware is running on their computer. If you strongly believe that malware is running on your computer I would advise that you immediately reboot the computer into Safe Mode and follow the advice in this section of my article about How to Clean An Infected Computer. The reason I say that is that some malware will immediately start doing things such as encrypting files. Thus, the longer your computer is running in normal mode the greater the damage will be. However, if you only have fleeting suspicious that something may be amiss on your computer I recommend that you follow the below advice to find out for sure.
I also want to stress that in order to make sure that your computer is not infected you must follow each step. None is meant to be used independently. Each depends on the others to account for different infection scenarios. Also, if any step shows definite evidence of an infection you should move directly to the section which explains How To Clean Infections From Computer. There is no reason to continue your investigation if your computer is already found to be infected.
1. What To Do If Computer Is Unbootable
Note that if your computer is able to boot into Windows you should skip directly to the next section. However, if your computer is not able to boot into Windows I would first advise that you follow the advice I give in this section of an article I wrote about How to Fix a Malware Infected Computer. It may be able to help make your computer bootable again. Then, once it's fixed, you can begin following the advice in the next section to see if your computer is infected.
Note that if the advice in that section of the other article is not able to fix your problems you should not follow part D in that article, but instead follow the advice given in this section of an article I wrote about How to Clean An Infected Computer. It's possible that the reason that your computer cannot boot is because of malware. Thus cleaning it may be the only way to get the computer running again.
2. Check for Rootkits
It's important to ensure that there are no active rootkits on your computer. To do this first scan your computer with Kaspersky TDSSKiller. It can be downloaded from this page. Note that if the file from that link is not working correctly try right-clicking on it and choosing to Save As. If even this doesn't work then you can instead download a zip file containing the same scanner from this page. At this same time download the zip file for Comodo Cleaning Essentials from this page. Make sure to select the correct version for your operating system. If you're not sure if your computer is running a 32 or 64 bit operating system then please see this FAQ. Note that if neither will not download correctly, or your internet connection is not working, you should download them on another computer and transfer them to the infected one via a flash drive. Make sure there were no other files on the flash drive. Be careful with the flash drive as the malware may actually infect it when you plug it into the computer. Thus, don't plug it into any other computers after transferring these programs.
Kaspersky TDSSKiller will scan your computer for some of the most common types of rootkits. I've found it to have relatively few false positives and a very high detection rate. By the way, some scanners, including Comodo Cleaning Essentials, may detect this file as a dangerous file. It is not. This is a safe download link. If it is flagged as dangerous you can safely ignore the detection. As with every program in this article, I recommend that you do not quarantine any files using this program. A false positive on the wrong file could destroy your computer, even if you’re not infected.
To use this it open the file called TDSSKiller. Then select the option to “Start Scan”. This scan should take less than a minute. If it does find anything then it's likely that your computer is infected. However, if you believe the detected files are not dangerous you can investigate them to see if they are false positives. However, if it does appear that the files are dangerous I would suggest that you skip to the last section of this article in order to deal with this infection. However, if it does not find any rootkit activity then you should next check your computer with Comodo Cleaning Essentials.
Unzip the folder for CCE. Then double click on the file called CCE. This will open the main program for Comodo Cleaning Essentials. If it refuses to open then hold down the shift key and, while still holding it down, double click on the file called CCE. After CCE has successfully opened you can let go of the shift key. However, do not let go of it until the program has fully loaded. If you let go of it even during the UAC popup it may not be able to forcefully open correctly. Holding down shift should allow it to open, even on heavily infected computers. It does this by killing most of the unnecessary processes that could be interfering with its launch. If it still will not launch then download and run a program called RKill. This can be downloaded from this page. This program will terminate known malicious processes. Thus, after running it CCE should be able to open fine. Do not remove or disable anything with CCE as it can be very dangerous if used improperly. We are only using its analytical abilities. Please do not use it to try and clean up any infections or you could inadvertently harm your computer.
Now select the option to do a smart scan with CCE. It will immediately begin downloading the most recent virus database, which may take a long time to complete. Once it has completed downloading, the scan will begin immediately. This will scan your computer for all types of malware. The scan should not take too long to complete. As before, I recommend that you do not quarantine any files using this program. One problem with this program is that I do find it to have a few false positives. Thus the best option, in order to be sure of the results from its scan, is to report any files detected as dangerous, which you believe may be safe, to Comodo for analysis.
Sadly there is no easy way to navigate to the files detected by the scan. You will have to manually navigate to the path indicated in the scan results in order to get to them. Note that if you do not want to investigate them right now you can select the option to ignore each detection. Then allow finish and restart your computer. Next time you open CCE you can go to "Tools" and choose "Browse logs". The detections you chose to ignore, along with their file paths, should be stored in the most recent log. To report the detected files as false positives you should go to this page. Then select false positive, upload the files in question, fill out the required information, and select submit. Comodo analysts will send you an email with the results of their analysis.
This program also scans for system changes which may have been caused by malware. These will also be shown with the results. If you did not make these changes yourself then this could possibly be evidence that there is malware on your computer. I would recommend letting CCE fix these items, but not anything else, and continuing with the rest of the article to see if there is any more evidence of infection. I would not consider unwanted system modifications to be definitive evidence of an infection.
After the scan is complete it will ask you to restart your computer. Allow it to restart. Do not open any unnecessary programs as this will make the next step simpler. Once again I will remind you to not quarantine any files with this program. Once it restarts it will pop up with the final results. If it did not find anything, and neither did any of the above methods, then you can continue on to the next step. However, if it did find infections, and Comodo analysts also found them to be malicious, then I would advise that you skip to the last section in order to clean the infections.
Also, if your internet connection was not working please check again to see if it is now working. If not then you should go to this section of my guide about How to Fix a Malware Infected Computer and follow the advice given to fix your internet connection. A working internet connection is required for the remaining steps of this guide.
3. Use KillSwitch
A) Use KillSwitch To Investigate Running Processes
If the above steps did not find any malware activity then you should again open Comodo Cleaning Essentials (CCE). However, this time you should go to "Tools" and select the option to "Open KillSwitch". KillSwitch which will immediately begin analyzing all of your running processes. This analysis should only take a minute or so. Without waiting for the analysis to complete you can go to “View” and select “Hide Safe Processes”. This will hide all processes that are verified to be safe by Comodo. The reason I asked you not to open any other programs in the above step is because malware will nearly always run on system startup, while many legitimate programs will not. Thus there will be fewer processes to examine.
Once the analysis is complete all that are left are those programs which are either believed to be dangerous or are not in Comodo's whitelist. The latter type is denoted as FLS.Unknown. Be aware that unknown does not mean dangerous. It only means that the file has not yet been whitelisted by Comodo.
B) Analyze KillSwitch Results
If KillSwitch now shows that “There are no items to show”, then your computer passed this part of the tests. You can move on to part 3. However, if there are files remaining in the list then you should investigate them. In order to do this you first need to navigate to the files. To do this right click on the process in question and select “Jump to Folder”. This will open up the folder where the associated file is located and select the file as well.
For files which are flagged as dangerous or suspicious, but which you believe may actually be safe, I would recommend that you report them as a false positive on this page. Just select false positive and fill out the required information. Comodo analysts will get back to you by email with the results of their analysis. In this way you can easily find out for sure if the files really are dangerous or not.
However, for those files which you think may be dangerous, but are only flagged as FLS.Unknown, you can check them yourself by following the methods discussed in my article about How to Tell if a File is Malicious. Also, if this verdict does in fact indicate that the files are likely safe, you can then submit them for addition to the Comodo Whitelist by following the advice given in part C.
C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting
For those files which are flagged as FLS.Unknown, but which you believe are probably safe, the most efficient way to analyze them is to submit them to Comodo for whitelisting. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forum. Make sure you read through the first post entirely and follow all recommendations. This will ensure that your request is completed as quickly as possible. However, do note that in order to submit programs, or files, you do need to have an account on the Comodo forums. If you don't already have one then it's very easy to get one. There is an option to register on the top of any page on the Comodo forums. Also, if you cannot locate the folder indicated in the KillSwitch results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
These submissions will be analyzed by Comodo staff and, if appropriate, added to the whitelist. However, do note that it may take the analysts days, or even a few weeks, to complete their analysis. This all depends on how many submissions they are also trying to analyze. If you feel that you cannot wait for their analysis then you also have the option of analyzing them manually by following the advice I give in How to Tell if a File is Malicious.
That said, the greatest advantage to the whitelisting approach is that you won't have to do any analysis of your own and the next time you check your computer the files will already be whitelisted and nothing will need to be done. In fact, you submit all the safe programs on your computer for whitelisting then, once they're whitelisted, the next time you scan with KillSwitch there should not be any more unknown processes for you to examine. Thus, it becomes an incredibly easy task to ensure that your computer is still clean of infections. In fact, my computer always shows a completely blank screen after selecting the option to “Hide Safe Processes”. This allows me to ensure that my system has passed this test in less than one minute. Please note that depending on your computer, and your internet connection speed, this time may vary. Once you're done with this part you can close KillSwitch.
4. Use Comodo Autoruns
A) Use Comodo Autoruns To Investigate Registry Entries
Now, through CCE, which should still be open, again go to the "Tools" menu. This time select the option to "Open Autorun Analyzer". This program will analyze the registry and show you the files associated with each item. Almost all malware will write to the registry. Thus, by scanning for all files associated with registry entries, this program can identify malware and unknown files, even if they aren't running. It may even be useful in identifying rootkits, although that is not its primary purpose. The downside to using this program is that it will potentially give you more files to check than the above methods. However, if you really want to be sure that your computer is clean then this step is also necessary. As before, do not delete/disable anything with this program as it can be very dangerous if used improperly. We are only using its analytical abilities. Please do not use it to try and clean up any infections or you could inadvertently harm your computer.
After Comodo Autoruns opens it will immediately begin compiling the list. This process could take a couple of minutes to complete. Without waiting for the list to finish being compiled you can go to “View” and select “Hide Safe Entries". Note that this option will now be pre-checked every subsequent time you run the program. Once the list is compiled Comodo Autoruns will automatically begin analyzing each entry. Wait until all entries have been analyzed. If this is the first time you have run this program, you should now close it and then open it again. I find that this often allows Comodo time to analyze some of the unknown files so that this time there will be less to check.
If Autoruns now shows that “There are no items to show” your computer passed this part of the tests. If it also passed all of the above steps then there is definitely no active malware on your computer.
If your computer passed all of the above steps, but you are experiencing problems with your computer, it's possible that the problem that you're experiencing is due to hardware or software issues. I would recommend that you first try searching online for symptoms similar to what your computer is suffering from to see if they match something other than malware. Also, an article I have written about How to Fix a Malware Infected Computer may be of use to you. It was written mainly to fix probelms due to malware, but the advice given should be able to fix many other types of software problems as well.
B) Analyze Comodo Autoruns Results
However, if there are still entries left over you should begin analyzing them. However, note that there is currently a minor bug with Comodo Autoruns. This sometimes causes the program to flag files which are actually known safe as FLS.Unknown. Thus, I would advise that if you see many files flagged as unknown, which you believe should be flagged as safe, that you close Comodo Autoruns and then open it again to see if the files are still unknown. Also, note that making sure the virus database is fully up to date, by always running a Smart Scan with CCE just before checking with Comodo Autoruns, makes this problem much less rare.
To get to the files which these entries are associated with, right click on an entry and select “Jump to Folder”. This will open up the folder where the associated file is located and select the file as well. Also, with this program you will find that often a single file has numerous entries, which means that often there’s not nearly as much analysis to be done as there would seem to be.
Just as was done for KillSwitch, for files which are flagged as dangerous or suspicious, but which you believe may actually be safe, I would recommend that you report them as a false positive on this page. Just select false positive and fill out the required information. Comodo analysts will get back to you by email with the results of their analysis. In this way you can easily find out for sure if the files really are dangerous or not. Also, if you cannot locate the folder indicated in the results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
However, for those files which you think may be dangerous, but are only flagged as FLS.Unknown, you can also check them yourself by following the methods discussed in my article about How to Tell if a File is Malicious. Also, if this verdict does in fact indicate that the files are likely safe, you can then submit them for addition to the Comodo Whitelist by following the advice given in part C.
C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting
For those files which are flagged as FLS.Unknown, but which you believe are probably safe, the most efficient way to analyze them is to submit them to Comodo for whitelisting. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forum. Make sure you read through the first post entirely and follow all recommendations. This will ensure that your request is completed as quickly as possible. However, do note that in order to submit programs, or files, you need to have an account on the Comodo forums. If you don't already have one then it's very easy to get one. There is an option to register on the top of any page on the Comodo forums. Also, if you cannot locate the folder indicated in the Autoruns results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
These submissions will be analyzed by Comodo staff and, if appropriate, added to the whitelist. However, do note that it may take the analysts days, or even a few weeks, to complete their analysis. This all depends on how many submissions they are also trying to analyze. In addition, if you feel that you cannot wait for the analysis of Comodo staff then you also have the option of analyzing them manually by following the advice I give in How to Tell if a File is Malicious.
That said, the greatest advantage to the whitelisting approach is that you won't have to do any analysis of your own and the next time you check your computer the files will already be whitelisted and nothing will need to be done. In fact, you submit all the safe programs on your computer for whitelisting then, once they're whitelisted, the next time you scan with Comodo Autoruns there should not be any more unknown processes for you to examine. Thus, it becomes an incredibly easy task to ensure that your computer is still clean of infections. In fact, my computer always shows a completely blank screen after selecting the option to “Hide Safe Entries”. This allows me to ensure that my system has passed this test in just a few minutes. Please note that depending on your computer, and your internet connection speed, this time may vary.
5. How To Clean Infections From Computer
If any of these methods does show that your computer is infected you should check out my article about How to Clean An Infected Computer. The advice in this article will allow you to remove almost any infection and get your computer back to working order.
Because of these difficulties I have come up with a better method. This uses multiple programs, not to remove files, but just to analyze the computer. Each of these programs is very effective and easy to use. They are all portable applications and will not cause any conflicts on your computer because they are only running when you're using them. However, they do require an active internet connection to function properly. Don't worry, this guide will also help you to fix your internet connection in the event that it is not working. After you have already gone through the below process once, and had all files whitelisted, this approach is much faster, much more certain, and much easier than any other approach I've seen. No active malware can escape this process. However, inactive pieces of malware may not be flagged by this approach but may be found by other scanners. Rest assured that these are not direct threats to the safety of your computer and thus do not constitute a failure of this article.
This article is meant for those who believe it's possible, but are not sure, that malware is running on their computer. If you strongly believe that malware is running on your computer I would advise that you immediately reboot the computer into Safe Mode and follow the advice in this section of my article about How to Clean An Infected Computer. The reason I say that is that some malware will immediately start doing things such as encrypting files. Thus, the longer your computer is running in normal mode the greater the damage will be. However, if you only have fleeting suspicious that something may be amiss on your computer I recommend that you follow the below advice to find out for sure.
I also want to stress that in order to make sure that your computer is not infected you must follow each step. None is meant to be used independently. Each depends on the others to account for different infection scenarios. Also, if any step shows definite evidence of an infection you should move directly to the section which explains How To Clean Infections From Computer. There is no reason to continue your investigation if your computer is already found to be infected.
1. What To Do If Computer Is Unbootable
Note that if your computer is able to boot into Windows you should skip directly to the next section. However, if your computer is not able to boot into Windows I would first advise that you follow the advice I give in this section of an article I wrote about How to Fix a Malware Infected Computer. It may be able to help make your computer bootable again. Then, once it's fixed, you can begin following the advice in the next section to see if your computer is infected.
Note that if the advice in that section of the other article is not able to fix your problems you should not follow part D in that article, but instead follow the advice given in this section of an article I wrote about How to Clean An Infected Computer. It's possible that the reason that your computer cannot boot is because of malware. Thus cleaning it may be the only way to get the computer running again.
2. Check for Rootkits
It's important to ensure that there are no active rootkits on your computer. To do this first scan your computer with Kaspersky TDSSKiller. It can be downloaded from this page. Note that if the file from that link is not working correctly try right-clicking on it and choosing to Save As. If even this doesn't work then you can instead download a zip file containing the same scanner from this page. At this same time download the zip file for Comodo Cleaning Essentials from this page. Make sure to select the correct version for your operating system. If you're not sure if your computer is running a 32 or 64 bit operating system then please see this FAQ. Note that if neither will not download correctly, or your internet connection is not working, you should download them on another computer and transfer them to the infected one via a flash drive. Make sure there were no other files on the flash drive. Be careful with the flash drive as the malware may actually infect it when you plug it into the computer. Thus, don't plug it into any other computers after transferring these programs.
Kaspersky TDSSKiller will scan your computer for some of the most common types of rootkits. I've found it to have relatively few false positives and a very high detection rate. By the way, some scanners, including Comodo Cleaning Essentials, may detect this file as a dangerous file. It is not. This is a safe download link. If it is flagged as dangerous you can safely ignore the detection. As with every program in this article, I recommend that you do not quarantine any files using this program. A false positive on the wrong file could destroy your computer, even if you’re not infected.
To use this it open the file called TDSSKiller. Then select the option to “Start Scan”. This scan should take less than a minute. If it does find anything then it's likely that your computer is infected. However, if you believe the detected files are not dangerous you can investigate them to see if they are false positives. However, if it does appear that the files are dangerous I would suggest that you skip to the last section of this article in order to deal with this infection. However, if it does not find any rootkit activity then you should next check your computer with Comodo Cleaning Essentials.
Unzip the folder for CCE. Then double click on the file called CCE. This will open the main program for Comodo Cleaning Essentials. If it refuses to open then hold down the shift key and, while still holding it down, double click on the file called CCE. After CCE has successfully opened you can let go of the shift key. However, do not let go of it until the program has fully loaded. If you let go of it even during the UAC popup it may not be able to forcefully open correctly. Holding down shift should allow it to open, even on heavily infected computers. It does this by killing most of the unnecessary processes that could be interfering with its launch. If it still will not launch then download and run a program called RKill. This can be downloaded from this page. This program will terminate known malicious processes. Thus, after running it CCE should be able to open fine. Do not remove or disable anything with CCE as it can be very dangerous if used improperly. We are only using its analytical abilities. Please do not use it to try and clean up any infections or you could inadvertently harm your computer.
Now select the option to do a smart scan with CCE. It will immediately begin downloading the most recent virus database, which may take a long time to complete. Once it has completed downloading, the scan will begin immediately. This will scan your computer for all types of malware. The scan should not take too long to complete. As before, I recommend that you do not quarantine any files using this program. One problem with this program is that I do find it to have a few false positives. Thus the best option, in order to be sure of the results from its scan, is to report any files detected as dangerous, which you believe may be safe, to Comodo for analysis.
Sadly there is no easy way to navigate to the files detected by the scan. You will have to manually navigate to the path indicated in the scan results in order to get to them. Note that if you do not want to investigate them right now you can select the option to ignore each detection. Then allow finish and restart your computer. Next time you open CCE you can go to "Tools" and choose "Browse logs". The detections you chose to ignore, along with their file paths, should be stored in the most recent log. To report the detected files as false positives you should go to this page. Then select false positive, upload the files in question, fill out the required information, and select submit. Comodo analysts will send you an email with the results of their analysis.
This program also scans for system changes which may have been caused by malware. These will also be shown with the results. If you did not make these changes yourself then this could possibly be evidence that there is malware on your computer. I would recommend letting CCE fix these items, but not anything else, and continuing with the rest of the article to see if there is any more evidence of infection. I would not consider unwanted system modifications to be definitive evidence of an infection.
After the scan is complete it will ask you to restart your computer. Allow it to restart. Do not open any unnecessary programs as this will make the next step simpler. Once again I will remind you to not quarantine any files with this program. Once it restarts it will pop up with the final results. If it did not find anything, and neither did any of the above methods, then you can continue on to the next step. However, if it did find infections, and Comodo analysts also found them to be malicious, then I would advise that you skip to the last section in order to clean the infections.
Also, if your internet connection was not working please check again to see if it is now working. If not then you should go to this section of my guide about How to Fix a Malware Infected Computer and follow the advice given to fix your internet connection. A working internet connection is required for the remaining steps of this guide.
3. Use KillSwitch
A) Use KillSwitch To Investigate Running Processes
If the above steps did not find any malware activity then you should again open Comodo Cleaning Essentials (CCE). However, this time you should go to "Tools" and select the option to "Open KillSwitch". KillSwitch which will immediately begin analyzing all of your running processes. This analysis should only take a minute or so. Without waiting for the analysis to complete you can go to “View” and select “Hide Safe Processes”. This will hide all processes that are verified to be safe by Comodo. The reason I asked you not to open any other programs in the above step is because malware will nearly always run on system startup, while many legitimate programs will not. Thus there will be fewer processes to examine.
Once the analysis is complete all that are left are those programs which are either believed to be dangerous or are not in Comodo's whitelist. The latter type is denoted as FLS.Unknown. Be aware that unknown does not mean dangerous. It only means that the file has not yet been whitelisted by Comodo.
B) Analyze KillSwitch Results
If KillSwitch now shows that “There are no items to show”, then your computer passed this part of the tests. You can move on to part 3. However, if there are files remaining in the list then you should investigate them. In order to do this you first need to navigate to the files. To do this right click on the process in question and select “Jump to Folder”. This will open up the folder where the associated file is located and select the file as well.
For files which are flagged as dangerous or suspicious, but which you believe may actually be safe, I would recommend that you report them as a false positive on this page. Just select false positive and fill out the required information. Comodo analysts will get back to you by email with the results of their analysis. In this way you can easily find out for sure if the files really are dangerous or not.
However, for those files which you think may be dangerous, but are only flagged as FLS.Unknown, you can check them yourself by following the methods discussed in my article about How to Tell if a File is Malicious. Also, if this verdict does in fact indicate that the files are likely safe, you can then submit them for addition to the Comodo Whitelist by following the advice given in part C.
C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting
For those files which are flagged as FLS.Unknown, but which you believe are probably safe, the most efficient way to analyze them is to submit them to Comodo for whitelisting. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forum. Make sure you read through the first post entirely and follow all recommendations. This will ensure that your request is completed as quickly as possible. However, do note that in order to submit programs, or files, you do need to have an account on the Comodo forums. If you don't already have one then it's very easy to get one. There is an option to register on the top of any page on the Comodo forums. Also, if you cannot locate the folder indicated in the KillSwitch results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
These submissions will be analyzed by Comodo staff and, if appropriate, added to the whitelist. However, do note that it may take the analysts days, or even a few weeks, to complete their analysis. This all depends on how many submissions they are also trying to analyze. If you feel that you cannot wait for their analysis then you also have the option of analyzing them manually by following the advice I give in How to Tell if a File is Malicious.
That said, the greatest advantage to the whitelisting approach is that you won't have to do any analysis of your own and the next time you check your computer the files will already be whitelisted and nothing will need to be done. In fact, you submit all the safe programs on your computer for whitelisting then, once they're whitelisted, the next time you scan with KillSwitch there should not be any more unknown processes for you to examine. Thus, it becomes an incredibly easy task to ensure that your computer is still clean of infections. In fact, my computer always shows a completely blank screen after selecting the option to “Hide Safe Processes”. This allows me to ensure that my system has passed this test in less than one minute. Please note that depending on your computer, and your internet connection speed, this time may vary. Once you're done with this part you can close KillSwitch.
4. Use Comodo Autoruns
A) Use Comodo Autoruns To Investigate Registry Entries
Now, through CCE, which should still be open, again go to the "Tools" menu. This time select the option to "Open Autorun Analyzer". This program will analyze the registry and show you the files associated with each item. Almost all malware will write to the registry. Thus, by scanning for all files associated with registry entries, this program can identify malware and unknown files, even if they aren't running. It may even be useful in identifying rootkits, although that is not its primary purpose. The downside to using this program is that it will potentially give you more files to check than the above methods. However, if you really want to be sure that your computer is clean then this step is also necessary. As before, do not delete/disable anything with this program as it can be very dangerous if used improperly. We are only using its analytical abilities. Please do not use it to try and clean up any infections or you could inadvertently harm your computer.
After Comodo Autoruns opens it will immediately begin compiling the list. This process could take a couple of minutes to complete. Without waiting for the list to finish being compiled you can go to “View” and select “Hide Safe Entries". Note that this option will now be pre-checked every subsequent time you run the program. Once the list is compiled Comodo Autoruns will automatically begin analyzing each entry. Wait until all entries have been analyzed. If this is the first time you have run this program, you should now close it and then open it again. I find that this often allows Comodo time to analyze some of the unknown files so that this time there will be less to check.
If Autoruns now shows that “There are no items to show” your computer passed this part of the tests. If it also passed all of the above steps then there is definitely no active malware on your computer.
If your computer passed all of the above steps, but you are experiencing problems with your computer, it's possible that the problem that you're experiencing is due to hardware or software issues. I would recommend that you first try searching online for symptoms similar to what your computer is suffering from to see if they match something other than malware. Also, an article I have written about How to Fix a Malware Infected Computer may be of use to you. It was written mainly to fix probelms due to malware, but the advice given should be able to fix many other types of software problems as well.
B) Analyze Comodo Autoruns Results
However, if there are still entries left over you should begin analyzing them. However, note that there is currently a minor bug with Comodo Autoruns. This sometimes causes the program to flag files which are actually known safe as FLS.Unknown. Thus, I would advise that if you see many files flagged as unknown, which you believe should be flagged as safe, that you close Comodo Autoruns and then open it again to see if the files are still unknown. Also, note that making sure the virus database is fully up to date, by always running a Smart Scan with CCE just before checking with Comodo Autoruns, makes this problem much less rare.
To get to the files which these entries are associated with, right click on an entry and select “Jump to Folder”. This will open up the folder where the associated file is located and select the file as well. Also, with this program you will find that often a single file has numerous entries, which means that often there’s not nearly as much analysis to be done as there would seem to be.
Just as was done for KillSwitch, for files which are flagged as dangerous or suspicious, but which you believe may actually be safe, I would recommend that you report them as a false positive on this page. Just select false positive and fill out the required information. Comodo analysts will get back to you by email with the results of their analysis. In this way you can easily find out for sure if the files really are dangerous or not. Also, if you cannot locate the folder indicated in the results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
However, for those files which you think may be dangerous, but are only flagged as FLS.Unknown, you can also check them yourself by following the methods discussed in my article about How to Tell if a File is Malicious. Also, if this verdict does in fact indicate that the files are likely safe, you can then submit them for addition to the Comodo Whitelist by following the advice given in part C.
C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting
For those files which are flagged as FLS.Unknown, but which you believe are probably safe, the most efficient way to analyze them is to submit them to Comodo for whitelisting. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forum. Make sure you read through the first post entirely and follow all recommendations. This will ensure that your request is completed as quickly as possible. However, do note that in order to submit programs, or files, you need to have an account on the Comodo forums. If you don't already have one then it's very easy to get one. There is an option to register on the top of any page on the Comodo forums. Also, if you cannot locate the folder indicated in the Autoruns results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
These submissions will be analyzed by Comodo staff and, if appropriate, added to the whitelist. However, do note that it may take the analysts days, or even a few weeks, to complete their analysis. This all depends on how many submissions they are also trying to analyze. In addition, if you feel that you cannot wait for the analysis of Comodo staff then you also have the option of analyzing them manually by following the advice I give in How to Tell if a File is Malicious.
That said, the greatest advantage to the whitelisting approach is that you won't have to do any analysis of your own and the next time you check your computer the files will already be whitelisted and nothing will need to be done. In fact, you submit all the safe programs on your computer for whitelisting then, once they're whitelisted, the next time you scan with Comodo Autoruns there should not be any more unknown processes for you to examine. Thus, it becomes an incredibly easy task to ensure that your computer is still clean of infections. In fact, my computer always shows a completely blank screen after selecting the option to “Hide Safe Entries”. This allows me to ensure that my system has passed this test in just a few minutes. Please note that depending on your computer, and your internet connection speed, this time may vary.
5. How To Clean Infections From Computer
If any of these methods does show that your computer is infected you should check out my article about How to Clean An Infected Computer. The advice in this article will allow you to remove almost any infection and get your computer back to working order.
How to Install Comodo Firewall
This guide was written for version 6.3, also known as 2013, of Comodo Internet Security (CIS). This guide will work equally well for configuring Comodo Firewall, but the screenshots are from CIS.
Please note that in terms of system protection this article is not really meant to be viewed in isolation. Please read my article about How to Stay Safe While Online in order to get an overview of what you can do to protect your computer. Comodo Firewall provides rock solid protection and is entirely free. If you like you can even download Comodo Internet Security, which comes with Comodo Antivirus. This is also completely free.
1. Installation
Before installing security software designed to protect your computer I find it's best to first ensure that your computer is already free of malware. I know it sounds like strange advice, but this can prevent many problems further down the road. To do this please follow the advice I give in my article about How to Know If Your Computer Is Infected. Note that, as mentioned in that article, I would advise that you submit all unrecognized files to Comodo to be whitelisted. That article explains how to do this. If all of the files on your computer are whitelisted you will find Comodo Internet Security to be very quiet, except when there is a possible threat.
After this is done you can download the installer. Here are the download pages for Comodo Internet Security and Comodo Firewall. Please download whichever you would like to install. If, at a later time, you decide that you want to switch from one to the other you can accomplish this by going to the start menu, finding Comodo, and selecting the option to "Add and Remove components".
Options During Installation
During installation you will be given the choice to change your DNS servers to Comodo Secure DNS Servers. This will automatically block any websites that Comodo knows to be dangerous. Therefore, if you are currently using the default DNS server offered by your ISP I would recommend that you consider enabling this. However, if you would prefer to use another DNS server, as is mentioned in this section of my article about How to Stay Safe While Online, or just use the default one from your ISP, then you can deselect that option.
Also, I would strongly advise that you leave the option to “enable 'Cloud Based Behavior Analysis' of unrecognized programs” checked. This will upload all active unrecognized programs to Comodo for analysis. These files will then either be added to the whitelist or added to the definitions for the antivirus. This will make Comodo Internet Security both easier to use and more powerful against threats.
You can also uncheck the option to change your home page and search engine to Yahoo. Leaving it checked will help to support Comodo, but it is very easy to opt out if you do not wish to use Yahoo.
In addition you should select the small option near the bottom of the window that says "Customize Installer". This will give you the option to choose which components, and additional programs, you would like to install. You may wish to consider leaving the option to install Comodo GeekBuddy checked. This is a free trial program through which Comodo technicians can remotely diagnose, but not fix, problems with your computer. This trial period will only start once you first use it.
If at a later date you decide to purchase the product then the technicians can also remotely fix any problems with your computer. However, if this does not sound useful you can deselect it. Also, if you do choose to install it you can always choose to uninstall it later. You are also given the option to install the Comodo Dragon browser. If you do not wish to install this then deselect this option as well. Once you're done click on Back and then begin installation.
After this it will offer you the option to enable PrivDog for your browser. This is an addon which will by default remove all ads on webpages. It will then replace them with ads which are known to be safe. This is done so that you can be safe from dangerous ads, while still allowing website owners to profit from advertisements. This therefore protects you without destroying the ecosystem which allows much of the internet to profit from offering free products and services. This software will also block most tracking code, and similar nuisances, in such a way that you won't even notice the difference. More information can be found on this page. However, if you do not wish to use this you can uncheck the box during installation.
2. Changes To Configuration
Not long after the installation is complete, assuming you installed CIS, it will download the virus database and begin running a quick scan of your computer. Let this scan complete. Unless you have a slow internet connection this process should only take about 5-15 minutes. Either way, I would suggest letting it complete its scan. After the initial scan is completed any subsequent scans will be much faster due to Comodo's new caching technology. Once it's done you can close the scan window. However, note that once you close the scan window it will ask you to restart your computer. Do not yet allow it to restart your computer.
At this time you may also choose to disable User Account Control (UAC). Personally I do disable it. However, there are some reasons to leave it enabled. One problem is that disabling this will turn off protected mode in Internet Explorer. It will also disable file/registry virtualization for Windows Vista and Windows 7. In general, UAC controls who can run specified applications that require elevated Administrator privileges.
A) General Tweaks To The Configuration
Change Overall Configuration
One of the most important changes it to change the default configuration to Proactive Security. For an explanation of the differences between the configurations please see this page. To do this open the main window for Comodo Internet Security. Then click on the green task icon on the upper right hand corner of the Window, as shown in the screenshot to the right. This will flip the screen to show you the task window, which contains the configuration options. Click on the section for "Advanced Tasks" and then select the option to "Open Advanced Settings". Make sure the dropdown menu under "General Settings" is shown and then click on the Configuration option.
Now right-click on the option for "COMODO-Proactive Security" and select Activate. It will ask you whether you want to save changes, but at this point you can select no. It will then ask you to restart your computer. This time you should select the option to "Reboot Now".
Other General Steps
Once your computer has started up again open up the main screen for CIS. This time click on the icon on the upper left hand corner of the screen, as shown in the picture to the right, to switch CIS to advanced view.
Then click the icon at the bottom of the windows labeled Scan. Those with CIS installed should select the option to run a "Rating Scan". Note that if you did not install the antivirus component clicking on scan will automatically begin running a rating scan. Allow this scan to complete. Unless you have a slow internet connection it should not take more than a few minutes.
What this is doing is scanning the critical areas of your computer and compiling a list of which files are already known to be safe, dangerous, or unknown. No action is required on your part as long as you already followed my advice about how to ensure that your computer is not infected. The only reason I ask you to do this now is that it will help make Comodo Internet Security a little bit faster and less resource intensive than it otherwise would have been. Once the rating scan is complete you can close the rating scan window without selecting any action for the files, unless you would like to remove some bad files or trust some unknown files which you know to be safe.
Once the scan window is closed please once again look at the main window for CIS. For the section labeled Auto-Sandbox left-click on the text where it says "Partially Limited". A drop-down menu will appear. From this I would advise that you select Untrusted. This level will provide you with protection from nearly any malware I am aware of, including ransomware. The one exception is keyloggers. Some keyloggers may still be able to log data. However, even if they are able to access any information the firewall will stop them from being able to transmit it from your computer. Thus, as long as you are careful when answering any firewall alerts you will be safe. The one exception to this is if you run CIS in Game Mode. An explanation of what this mode is, and why it is dangerous, can be found in this section.
The left-click the text next to HIPS which reads "Safe Mode" and change this to Disabled. My configuration will actually not require you to enable the HIPS. This version of Comodo Internet Security is designed in such a way that you can achieve the same amount of security without enabling the HIPS. Everything we will need is actually now contained within the Behavioral Blocker, which will provide far fewer popups.
Then once again flip the screen to get to the Tasks window. Then go to the section for "Firewall Tasks" and click on the option for "Stealth Ports". In the window which pops up click the option to "Block Incoming Connections". Then go to the section for "Advanced Tasks" and once again click on the icon for "Open Advanced Settings". We will use this window to complete the rest of the changes which will be made to the configuration. I have broken the rest of the advice into that which is applicable for each of the main components of Comodo Internet Security.
B) Configure Antivirus
Assuming you chose to install Comodo Internet Security you also installed the antivirus component. Please open the Advanced Settings again. Then, make sure the dropdown menu under "General Settings" is shown. Then click on the Updates option. You will note that the virus database is set to automatically update every 6 hours. I would actually advise that you leave that at default. The only reason I pointed it out is that it may seem strange that the antivirus should be set to update so infrequently.
The reason for this is that any program running on your computer will automatically be checked against all signatures in the cloud. Thus, as long as you are constantly connected to the internet you always have up-to-date signature protection regardless of the last time your virus database was updated. Thus the infrequent updates don't actually decrease your protection. In fact, the infrequent updates may even help to make your computer more responsive.
Next make sure the dropdown menus under "Security Settings" are shown. Click on the one for Antivirus. Then click on the one for Scans. If you do not want your computer to run scheduled scans you can slide the toggle for both scans to deactivate them. Other than that there are not really any other changes which need to be made to the antivirus component.
All of the most important changes I would recommend for the Defense+ component have already been made. However, there are some optional changes which you may want to consider.
Optional Change
If you like you can disable the option to "Detect installers and show privilege elevation alerts". What this will do is ensure that the only popups you get are to let you know that an application has been sandboxed. The program will not ask you whether you want to allow an application or not. Thus if you select this option you will not have to answer a single Defense+ alert. Every program, even if it is an installer, will automatically be sandboxed.
If this is not disabled running most unknown installers will prompt an unlimited rights popup, which would ask you whether you trust them. However, do note that when sandboxed many installers will not be able to install correctly. Thus, disabling that option will ensure that you receive fewer alerts, although you will still receive a few from the firewall component, but it will also cause more of the unknown programs to fail. Thus, I would recommend making this change only if you are an advanced user and are prepared for the consequences.
D) Configure Firewall
Strongly Recommended Changes
Now minimize the drop-down menu for Defense+ and open the dropdown menu for the Firewall component. Click on "Firewall Settings" and check the boxes for "Filter IPv6 traffic", "Block fragmented IP traffic", "Do Protocol Analysis", and "Enable anti-ARP spoofing". Selecting these will likely not have any negative side-affects on your browsing experience. However, if you do find that you are having trouble with your internet/network connections please try unchecking these options as they are likely the culprit. Also, although it's preferable to leave it checked, in some cases the option to "Filter loopback traffic" may cause certain DNS services to not work correctly. This is rare, but if this happens you can uncheck the option to "Filter loopback traffic". However, as long as there are no problems I would advise that you leave it checked.
Optional Change
Also, if you do not want any unknown programs to be able to access the internet you can check the box for "Do NOT show popup alerts" and then change the behavior to "Block Requests". This will automatically block all unknown applications from accessing the internet. Thus, if you select this option, and the optional one for the Defense+ component, the only popups you will see are those for the sandbox. Also, note that the sandbox popups do not require any user input. Thus, Comodo Internet Security will now be entirely automated and will require no user input at all.
However, making this change to the firewall configuration will cause some unknown programs to not be able to operate correctly and will also result in any unknown installer, which must download files from the internet, failing. Thus, I would recommend making this change only if you are an advanced user and are prepared for the consequences. Note that if you do run into problems with this change, you should just uncheck the option.
When you are done making your changes select OK. This will save all changes and close the advanced settings window.
3. Advice On How To Use Comodo Internet Security
How To Answer Defense+/Sandbox/Firewall Alerts
In ter of how to use this program it's really quite simple, at least for the most part. The main problem is that although there are very few alerts which you will have to answer, there are still some decisions which will have to be made. For ordinary sandbox alerts no action will be required on your part. CIS will just show a small popup on the lower right-hand corner of the screen to let you know the application has been sandboxed. However, this popup will provide you with the option to trust the application.
For any popups, regardless of which component they are from, it is very important that you do not just allow an application because you want to get rid of the alert. If you do this you greatly decrease the protection offered by Comodo Internet Security. In general, regardless of what the alert is asking, you should only allow a program access to your computer if you are absolutely sure that it is safe.
If you're not sure whether an application is safe or not I would advise that before allowing it you take some time to check it by following the advice I give in my article about How to Tell if a File is Malicious. However, if you're not sure what to do I would advise that you select the option to block the request or, if it is a sandbox alert, do nothing and leave the application sandboxed. If you do otherwise you may inadvertently allow a malicious program access to your computer.
Overview of What Game Mode Is
CIS also has an option called "Game Mode". If you choose use this no Defense+ alerts, Firewall alerts, update popups, or scheduled scans will be shown or run. Thus, these cannot interfere with what you are doing. However, what enabling this will also do is create automatic allow rules for all running applications. Thus, running your computer in game mode will essentially put your computer in training mode, which I would not advise as I consider it to be dangerous. Thus, I would advise that you do not use "Game Mode".
Brief Overview of How the Behavioral Blocker Worksms
Also, I would quickly like to briefly mention the way in which Comodo's behavioral blocker works. If a piece of malware is not yet detected as dangerous by Comodo it will automatically be sandboxed. When in the sandbox it may be able to run, drop files in certain folders, display windows, and perform other actions which may seem alarming. However, do not worry.
The sandbox is watching every action the application tries to make sure that it will not allow it to do anything which can actually harm the computer. Also, the application will not be able to automatically start itself. Thus, once you restart your computer, regardless of how dangerous the malware might have been, the malware will be rendered completely inert upon restart.
However, those files dropped by it may still be sitting on your computer. Other malware scanners may flag these as dangerous and thus it would appear that Comodo Internet Security allowed the computer to be infected. This is not true. In truth, malware is only dangerous if it is active and able to harm your computer or steal information. Thus, since these files are completely inert, you can see that the approach Comodo Internet Security takes towards protecting your computer actually does protect it from all types of malware. Just because there are some leftover files on your computer does not mean that your computer is infected.
Overview of Comodo Kiosk
Comodo Kiosk creates a fully virtualized environment on your computer. It can be accessed by going to the tasks window, going to the "Sandbox Tasks" section, and clicking on "Run Virtual Kiosk". This starts the fully virtualized environment which is mainly meant to be used for web related activities. It is not really designed for installing other programs, although many programs will install correctly inside of it. In addition, any programs which are installed on your real computer, and have a shortcut sitting on the desktop, will be able to be launched from inside the Kiosk. However, note that in order to access them you will need to switch from the tablet screen to the desktop screen. This is done by flipping the window by clicking on the orange icon, just as you would with the CIS window.
Also, please do be aware that due to restrictions, which help protect you from dangerous malware, there are certain types of programs which will not be able to run inside the Kiosk. Also, note that if the Kiosk is closed and then started again no applications will initially be running. This would include any malware which may have been running. Thus, I would recommend that before performing sensitive actions such as online banking you at least close the Kiosk and then open it again just before you go to the banking site. If you like you can even choose the option to "Reset Sandbox", which will delete all information which was inside it and provide you with an entirely fresh sandbox the next time you run the Kiosk.
Also, the shared space folder, of which a shortcut is placed on your desktop during installation and an icon is placed in the main window for CIS, is the folder which is shared by both your actual computer and the Comodo Kiosk. Thus, any files placed in there will be shared between the two environments.
Optional Cosmetic Changes
If you would like to run your browser sandboxed, but would prefer not to use the Kiosk, you can instead use the widget. This is the small window which has been added to your desktop. This will automatically detect and display all browsers currently installed on your computer, along with other useful information. Clicking on the icon for that browser will cause it to be run sandboxed with full-virtualization. Note that you can also right-click on the CIS icon and either add or remove information from the widget.
Please note that any changes you make to the browser while sandboxed, such as bookmarking a page, will not be saved to your unsandboxed browser and will in fact be deleted when you reset the sandbox. Note that if you do not want to use the widget you can remove it by right-clicking on the CIS icon, selecting Widget, and unchecking the option to Show. Personally, I use it often, but if you find it an eyesore it is easy to remove.
Also, if you would prefer not to receive messages from the COMODO Message Center you can disable this by going to the CIS Task window. Then go to the "Advanced Tasks" section and click on "Advanced Settings". Then make sure the dropdown menu under "General Settings" is shown and click on "User Interface". Then disable the option to "Show messages from COMODO Message Center". These messages have nothing to do with the protection of your computer and, if you like, can safely be disabled. While in this same area you can also choose to disable the sounds which CIS now plays when an alert is shown, if you wish. When you are done select OK to save your changes and close the window.
The main window of Comodo Internet Security now provides you with the option to add task shortcuts to the task bar at the bottom of the window. To add additional task shortcuts you can flip the screen to the task window, navigate to the task you want to make a shortcut of, right click on the icon for it, and select "Add to Task Bar". I would suggest you do this for any tasks which you find you are using often. Note that you are also given the ability to drag the icons around on the main window.
4. What To Do If You Have Further Questions
Note that if at any time after installing this product you encounter serious problems with it, which running the diagnostics cannot fix, it may be helpful to reinstall it.
Please note that in terms of system protection this article is not really meant to be viewed in isolation. Please read my article about How to Stay Safe While Online in order to get an overview of what you can do to protect your computer. Comodo Firewall provides rock solid protection and is entirely free. If you like you can even download Comodo Internet Security, which comes with Comodo Antivirus. This is also completely free.
1. Installation
Before installing security software designed to protect your computer I find it's best to first ensure that your computer is already free of malware. I know it sounds like strange advice, but this can prevent many problems further down the road. To do this please follow the advice I give in my article about How to Know If Your Computer Is Infected. Note that, as mentioned in that article, I would advise that you submit all unrecognized files to Comodo to be whitelisted. That article explains how to do this. If all of the files on your computer are whitelisted you will find Comodo Internet Security to be very quiet, except when there is a possible threat.
After this is done you can download the installer. Here are the download pages for Comodo Internet Security and Comodo Firewall. Please download whichever you would like to install. If, at a later time, you decide that you want to switch from one to the other you can accomplish this by going to the start menu, finding Comodo, and selecting the option to "Add and Remove components".
Options During Installation
During installation you will be given the choice to change your DNS servers to Comodo Secure DNS Servers. This will automatically block any websites that Comodo knows to be dangerous. Therefore, if you are currently using the default DNS server offered by your ISP I would recommend that you consider enabling this. However, if you would prefer to use another DNS server, as is mentioned in this section of my article about How to Stay Safe While Online, or just use the default one from your ISP, then you can deselect that option.
Also, I would strongly advise that you leave the option to “enable 'Cloud Based Behavior Analysis' of unrecognized programs” checked. This will upload all active unrecognized programs to Comodo for analysis. These files will then either be added to the whitelist or added to the definitions for the antivirus. This will make Comodo Internet Security both easier to use and more powerful against threats.
You can also uncheck the option to change your home page and search engine to Yahoo. Leaving it checked will help to support Comodo, but it is very easy to opt out if you do not wish to use Yahoo.
In addition you should select the small option near the bottom of the window that says "Customize Installer". This will give you the option to choose which components, and additional programs, you would like to install. You may wish to consider leaving the option to install Comodo GeekBuddy checked. This is a free trial program through which Comodo technicians can remotely diagnose, but not fix, problems with your computer. This trial period will only start once you first use it.
If at a later date you decide to purchase the product then the technicians can also remotely fix any problems with your computer. However, if this does not sound useful you can deselect it. Also, if you do choose to install it you can always choose to uninstall it later. You are also given the option to install the Comodo Dragon browser. If you do not wish to install this then deselect this option as well. Once you're done click on Back and then begin installation.
After this it will offer you the option to enable PrivDog for your browser. This is an addon which will by default remove all ads on webpages. It will then replace them with ads which are known to be safe. This is done so that you can be safe from dangerous ads, while still allowing website owners to profit from advertisements. This therefore protects you without destroying the ecosystem which allows much of the internet to profit from offering free products and services. This software will also block most tracking code, and similar nuisances, in such a way that you won't even notice the difference. More information can be found on this page. However, if you do not wish to use this you can uncheck the box during installation.
2. Changes To Configuration
Not long after the installation is complete, assuming you installed CIS, it will download the virus database and begin running a quick scan of your computer. Let this scan complete. Unless you have a slow internet connection this process should only take about 5-15 minutes. Either way, I would suggest letting it complete its scan. After the initial scan is completed any subsequent scans will be much faster due to Comodo's new caching technology. Once it's done you can close the scan window. However, note that once you close the scan window it will ask you to restart your computer. Do not yet allow it to restart your computer.
At this time you may also choose to disable User Account Control (UAC). Personally I do disable it. However, there are some reasons to leave it enabled. One problem is that disabling this will turn off protected mode in Internet Explorer. It will also disable file/registry virtualization for Windows Vista and Windows 7. In general, UAC controls who can run specified applications that require elevated Administrator privileges.
A) General Tweaks To The Configuration
Change Overall Configuration
One of the most important changes it to change the default configuration to Proactive Security. For an explanation of the differences between the configurations please see this page. To do this open the main window for Comodo Internet Security. Then click on the green task icon on the upper right hand corner of the Window, as shown in the screenshot to the right. This will flip the screen to show you the task window, which contains the configuration options. Click on the section for "Advanced Tasks" and then select the option to "Open Advanced Settings". Make sure the dropdown menu under "General Settings" is shown and then click on the Configuration option.
Now right-click on the option for "COMODO-Proactive Security" and select Activate. It will ask you whether you want to save changes, but at this point you can select no. It will then ask you to restart your computer. This time you should select the option to "Reboot Now".
Other General Steps
Once your computer has started up again open up the main screen for CIS. This time click on the icon on the upper left hand corner of the screen, as shown in the picture to the right, to switch CIS to advanced view.
Then click the icon at the bottom of the windows labeled Scan. Those with CIS installed should select the option to run a "Rating Scan". Note that if you did not install the antivirus component clicking on scan will automatically begin running a rating scan. Allow this scan to complete. Unless you have a slow internet connection it should not take more than a few minutes.
What this is doing is scanning the critical areas of your computer and compiling a list of which files are already known to be safe, dangerous, or unknown. No action is required on your part as long as you already followed my advice about how to ensure that your computer is not infected. The only reason I ask you to do this now is that it will help make Comodo Internet Security a little bit faster and less resource intensive than it otherwise would have been. Once the rating scan is complete you can close the rating scan window without selecting any action for the files, unless you would like to remove some bad files or trust some unknown files which you know to be safe.
Once the scan window is closed please once again look at the main window for CIS. For the section labeled Auto-Sandbox left-click on the text where it says "Partially Limited". A drop-down menu will appear. From this I would advise that you select Untrusted. This level will provide you with protection from nearly any malware I am aware of, including ransomware. The one exception is keyloggers. Some keyloggers may still be able to log data. However, even if they are able to access any information the firewall will stop them from being able to transmit it from your computer. Thus, as long as you are careful when answering any firewall alerts you will be safe. The one exception to this is if you run CIS in Game Mode. An explanation of what this mode is, and why it is dangerous, can be found in this section.
The left-click the text next to HIPS which reads "Safe Mode" and change this to Disabled. My configuration will actually not require you to enable the HIPS. This version of Comodo Internet Security is designed in such a way that you can achieve the same amount of security without enabling the HIPS. Everything we will need is actually now contained within the Behavioral Blocker, which will provide far fewer popups.
Then once again flip the screen to get to the Tasks window. Then go to the section for "Firewall Tasks" and click on the option for "Stealth Ports". In the window which pops up click the option to "Block Incoming Connections". Then go to the section for "Advanced Tasks" and once again click on the icon for "Open Advanced Settings". We will use this window to complete the rest of the changes which will be made to the configuration. I have broken the rest of the advice into that which is applicable for each of the main components of Comodo Internet Security.
B) Configure Antivirus
Assuming you chose to install Comodo Internet Security you also installed the antivirus component. Please open the Advanced Settings again. Then, make sure the dropdown menu under "General Settings" is shown. Then click on the Updates option. You will note that the virus database is set to automatically update every 6 hours. I would actually advise that you leave that at default. The only reason I pointed it out is that it may seem strange that the antivirus should be set to update so infrequently.
The reason for this is that any program running on your computer will automatically be checked against all signatures in the cloud. Thus, as long as you are constantly connected to the internet you always have up-to-date signature protection regardless of the last time your virus database was updated. Thus the infrequent updates don't actually decrease your protection. In fact, the infrequent updates may even help to make your computer more responsive.
Next make sure the dropdown menus under "Security Settings" are shown. Click on the one for Antivirus. Then click on the one for Scans. If you do not want your computer to run scheduled scans you can slide the toggle for both scans to deactivate them. Other than that there are not really any other changes which need to be made to the antivirus component.
All of the most important changes I would recommend for the Defense+ component have already been made. However, there are some optional changes which you may want to consider.
Optional Change
If you like you can disable the option to "Detect installers and show privilege elevation alerts". What this will do is ensure that the only popups you get are to let you know that an application has been sandboxed. The program will not ask you whether you want to allow an application or not. Thus if you select this option you will not have to answer a single Defense+ alert. Every program, even if it is an installer, will automatically be sandboxed.
If this is not disabled running most unknown installers will prompt an unlimited rights popup, which would ask you whether you trust them. However, do note that when sandboxed many installers will not be able to install correctly. Thus, disabling that option will ensure that you receive fewer alerts, although you will still receive a few from the firewall component, but it will also cause more of the unknown programs to fail. Thus, I would recommend making this change only if you are an advanced user and are prepared for the consequences.
D) Configure Firewall
Strongly Recommended Changes
Now minimize the drop-down menu for Defense+ and open the dropdown menu for the Firewall component. Click on "Firewall Settings" and check the boxes for "Filter IPv6 traffic", "Block fragmented IP traffic", "Do Protocol Analysis", and "Enable anti-ARP spoofing". Selecting these will likely not have any negative side-affects on your browsing experience. However, if you do find that you are having trouble with your internet/network connections please try unchecking these options as they are likely the culprit. Also, although it's preferable to leave it checked, in some cases the option to "Filter loopback traffic" may cause certain DNS services to not work correctly. This is rare, but if this happens you can uncheck the option to "Filter loopback traffic". However, as long as there are no problems I would advise that you leave it checked.
Optional Change
However, making this change to the firewall configuration will cause some unknown programs to not be able to operate correctly and will also result in any unknown installer, which must download files from the internet, failing. Thus, I would recommend making this change only if you are an advanced user and are prepared for the consequences. Note that if you do run into problems with this change, you should just uncheck the option.
When you are done making your changes select OK. This will save all changes and close the advanced settings window.
3. Advice On How To Use Comodo Internet Security
How To Answer Defense+/Sandbox/Firewall Alerts
In ter of how to use this program it's really quite simple, at least for the most part. The main problem is that although there are very few alerts which you will have to answer, there are still some decisions which will have to be made. For ordinary sandbox alerts no action will be required on your part. CIS will just show a small popup on the lower right-hand corner of the screen to let you know the application has been sandboxed. However, this popup will provide you with the option to trust the application.
For any popups, regardless of which component they are from, it is very important that you do not just allow an application because you want to get rid of the alert. If you do this you greatly decrease the protection offered by Comodo Internet Security. In general, regardless of what the alert is asking, you should only allow a program access to your computer if you are absolutely sure that it is safe.
If you're not sure whether an application is safe or not I would advise that before allowing it you take some time to check it by following the advice I give in my article about How to Tell if a File is Malicious. However, if you're not sure what to do I would advise that you select the option to block the request or, if it is a sandbox alert, do nothing and leave the application sandboxed. If you do otherwise you may inadvertently allow a malicious program access to your computer.
Overview of What Game Mode Is
CIS also has an option called "Game Mode". If you choose use this no Defense+ alerts, Firewall alerts, update popups, or scheduled scans will be shown or run. Thus, these cannot interfere with what you are doing. However, what enabling this will also do is create automatic allow rules for all running applications. Thus, running your computer in game mode will essentially put your computer in training mode, which I would not advise as I consider it to be dangerous. Thus, I would advise that you do not use "Game Mode".
Brief Overview of How the Behavioral Blocker Worksms
The sandbox is watching every action the application tries to make sure that it will not allow it to do anything which can actually harm the computer. Also, the application will not be able to automatically start itself. Thus, once you restart your computer, regardless of how dangerous the malware might have been, the malware will be rendered completely inert upon restart.
However, those files dropped by it may still be sitting on your computer. Other malware scanners may flag these as dangerous and thus it would appear that Comodo Internet Security allowed the computer to be infected. This is not true. In truth, malware is only dangerous if it is active and able to harm your computer or steal information. Thus, since these files are completely inert, you can see that the approach Comodo Internet Security takes towards protecting your computer actually does protect it from all types of malware. Just because there are some leftover files on your computer does not mean that your computer is infected.
Overview of Comodo Kiosk
Comodo Kiosk creates a fully virtualized environment on your computer. It can be accessed by going to the tasks window, going to the "Sandbox Tasks" section, and clicking on "Run Virtual Kiosk". This starts the fully virtualized environment which is mainly meant to be used for web related activities. It is not really designed for installing other programs, although many programs will install correctly inside of it. In addition, any programs which are installed on your real computer, and have a shortcut sitting on the desktop, will be able to be launched from inside the Kiosk. However, note that in order to access them you will need to switch from the tablet screen to the desktop screen. This is done by flipping the window by clicking on the orange icon, just as you would with the CIS window.
Also, please do be aware that due to restrictions, which help protect you from dangerous malware, there are certain types of programs which will not be able to run inside the Kiosk. Also, note that if the Kiosk is closed and then started again no applications will initially be running. This would include any malware which may have been running. Thus, I would recommend that before performing sensitive actions such as online banking you at least close the Kiosk and then open it again just before you go to the banking site. If you like you can even choose the option to "Reset Sandbox", which will delete all information which was inside it and provide you with an entirely fresh sandbox the next time you run the Kiosk.
Also, the shared space folder, of which a shortcut is placed on your desktop during installation and an icon is placed in the main window for CIS, is the folder which is shared by both your actual computer and the Comodo Kiosk. Thus, any files placed in there will be shared between the two environments.
Optional Cosmetic Changes
If you would like to run your browser sandboxed, but would prefer not to use the Kiosk, you can instead use the widget. This is the small window which has been added to your desktop. This will automatically detect and display all browsers currently installed on your computer, along with other useful information. Clicking on the icon for that browser will cause it to be run sandboxed with full-virtualization. Note that you can also right-click on the CIS icon and either add or remove information from the widget.
Please note that any changes you make to the browser while sandboxed, such as bookmarking a page, will not be saved to your unsandboxed browser and will in fact be deleted when you reset the sandbox. Note that if you do not want to use the widget you can remove it by right-clicking on the CIS icon, selecting Widget, and unchecking the option to Show. Personally, I use it often, but if you find it an eyesore it is easy to remove.
Also, if you would prefer not to receive messages from the COMODO Message Center you can disable this by going to the CIS Task window. Then go to the "Advanced Tasks" section and click on "Advanced Settings". Then make sure the dropdown menu under "General Settings" is shown and click on "User Interface". Then disable the option to "Show messages from COMODO Message Center". These messages have nothing to do with the protection of your computer and, if you like, can safely be disabled. While in this same area you can also choose to disable the sounds which CIS now plays when an alert is shown, if you wish. When you are done select OK to save your changes and close the window.
The main window of Comodo Internet Security now provides you with the option to add task shortcuts to the task bar at the bottom of the window. To add additional task shortcuts you can flip the screen to the task window, navigate to the task you want to make a shortcut of, right click on the icon for it, and select "Add to Task Bar". I would suggest you do this for any tasks which you find you are using often. Note that you are also given the ability to drag the icons around on the main window.
4. What To Do If You Have Further Questions
Note that if at any time after installing this product you encounter serious problems with it, which running the diagnostics cannot fix, it may be helpful to reinstall it.
Friday, 29 November 2013
How to Work With Audio CD .CDA Files
If you view the contents of a music CD from Windows, you'll see that it contains a number of .CDA files each corresponding to a song track. (CDA stands for Compact Disk Audio)
I regularly get letters from subscribers asking why can't they just copy these files to their PC rather than first having to rip them to .WAV, MP3 or other music files.
It's a good question with a simple answer: there are no .CDA files on a CD. In fact, from a Windows perspective, there are no "files" at all.
A music CD differs greatly from your hard drive or floppy disk drive in the way information is stored.
Hard drives and floppy disks store data in concentric rings called tracks. In contrast, music CDs store data in a continuous spiral starting from the inside of the CD and ending at the outer edge of the CD. Kind of like a vinyl LP in reverse.
The format of the data stored on CDs is also quite different; it's a continuous stream of raw digital data rather than a collection of individual files.
The reason the data is stored in this strange way is the music CD format was developed in the late 1970s long before the age of the home computer. CDs were designed to be played by CD players and at that time nobody even considered that one day they would be played on a computer.
So what are .CDA files that you see on a music CD when you place a CD in your computer's CD tray?
These files are created by the Windows CD driver. They are simply representations of the CD audio tracks and are not actually on the CD.
Each .CDA file is a kind of a pointer to the location of a specific track on the CD and contains no musical information. CDA files are all 44 bytes in length and each contain track times plus a special Windows shortcut that allows users to access the specific audio tracks.
So if .CDA files contain no musical information, what happens if you "copy" a .CDA from an audio CD to your hard drive and then double click it?
If the CD is still in the drive then the corresponding track will play from the CD. If you remove the CD you will get an error message. That's because the .CDA file contain no music, it only points to where the music is located on the CD.
To work with music tracks on your CD you need first to convert them to .WAV, .MP3 or another file format that computers understand. That's what a CD ripper does and that's why you must use a ripper before you can work with your music files on a computer. Simple as that.
The good news is that you don't need to buy a CD ripper as you can find some excellent freebies here:
http://www.techsupportalert.com/best-free-cd-ripper.htm
And if you want a free ripper that can handle both CDs and DVDs then check ot this list:
http://www.techsupportalert.com/best-free-cd-dvd-burning-software.htm
But what about DVDs?
The DVD format was developed in the computer age so DVDs contain regular files just like those on your hard disk. That means they can simply be copied from the DVD to your computer.
So why do you need a DVD ripper?
The reason people use a DVD ripper is usually to remove copyright protection so that the movies or files on the DVD can be played on their computer. DVD rippers also commonly allow users to compress the data or change its format so the DVD files take up less room on their computer.
In other words CD and DVD ripping programs do rather different things:
CD rippers convert the raw digital data on music CDs into files a computer can read. They don't have to worry about copyright protection as most music CDs are not copy protected.
DVD rippers are designed primarily to copy files from the DVD and strip out copyright protection in the process.
If this is sounding complicated then rest easy. Combined CD/DVD rippers usually do both these things without you having to worry too much about it.
How to Move the My Documents Folder
Most folks use the My Documents folder to keep all their personal data. Unfortunately, this folder is by default located on the C: drive, the same drive that contains the Windows operating system.
Storing these two things together on the same drive is not a great idea for several reasons. Here are just two:
First, your personal data is very likely to be growing in size while Windows is not. In this era of multi megapixel digital photos you are in real danger of filling up your C: drive. This progessively degrades Windows performance. Sooner or later you'll fill up the disk and have to make more space by deleting some of your personal files or get into the complex and problem- fraught exercise of increasing the size of your primary disk partition.
Second, it complicates backup. Your personal data is changing all the time while the Windows operating system changes much less frequently. That means your personal data needs to be backed up more frequently than Windows. With both on the same drive you'll end up making very large drive images and having to create them more frequently as well. Similar comments apply to disk defragmentation. Mixing your personal data with Windows increases the need for defragging and results in a slower defrag.
Nope, leaving your My Documents folder on the C: drive is like storing your washing powder with your vegetables. Quite possible, but not a great idea.
Now, many folks have only a single partition of their hard drive; that is, their only hard drive is their C: drive. These folks can't move their My Documents folder. They could of course re-partition their drive but that's a complex issue I'm not going to address here.
If you do have two or more partitions on your hard drive, or if you have more than one hard drive, it's quite easy to move your My Documents folder to another drive or partition.
You will, however, need enough free space on the second drive/partition to accommodate all your documents. To find out, go to My Computer and click on View/Details and make a note of the free space available on each partition or drive. Make sure you don't get confused by your CD drive. You can't move your My Documents folder there!
While still in My Computer, right-click on My Documents and select Properties. After a few seconds you should see the folder size shown. If two figures are shown with one in brackets, note the larger figure. That's the amount of disk space you will need.
Now make a decision which drive you'd like to move the My Documents folder to. Make sure there is enough disk space. Let's say you selected the D: drive.
Click on the Start button and then right-click on My Documents and select Properties. If there's no My Documents in your start menu then right click on the My Documents icon on your desktop instead.
When you've clicked on properties, select "Move" and then navigate to your D: drive. Select the drive letter and then click "Make New Folder." Enter "My Documents" as the folder name and hit Enter and then OK. Windows will then ask you whether you want to move your documents; click Yes.
Moving your documents make take some time. Once moved, though, you can access them normally from the "My Documents" icon on the desktop or elsewhere.
In the process you'll free up a lot of room on your C: drive. Defrag the drive so it can be utilized by Windows in the most effective manner.
For more information you can consult this Microsoft document: http://support.microsoft.com/?id=310147
The ideal time to relocate the My Document folder and other system folders is when you have just bought a new PC and have yet to load your data or applicattions.It's something to bear in mind when you get your next PC.
Storing these two things together on the same drive is not a great idea for several reasons. Here are just two:
First, your personal data is very likely to be growing in size while Windows is not. In this era of multi megapixel digital photos you are in real danger of filling up your C: drive. This progessively degrades Windows performance. Sooner or later you'll fill up the disk and have to make more space by deleting some of your personal files or get into the complex and problem- fraught exercise of increasing the size of your primary disk partition.
Second, it complicates backup. Your personal data is changing all the time while the Windows operating system changes much less frequently. That means your personal data needs to be backed up more frequently than Windows. With both on the same drive you'll end up making very large drive images and having to create them more frequently as well. Similar comments apply to disk defragmentation. Mixing your personal data with Windows increases the need for defragging and results in a slower defrag.
Nope, leaving your My Documents folder on the C: drive is like storing your washing powder with your vegetables. Quite possible, but not a great idea.
Now, many folks have only a single partition of their hard drive; that is, their only hard drive is their C: drive. These folks can't move their My Documents folder. They could of course re-partition their drive but that's a complex issue I'm not going to address here.
If you do have two or more partitions on your hard drive, or if you have more than one hard drive, it's quite easy to move your My Documents folder to another drive or partition.
You will, however, need enough free space on the second drive/partition to accommodate all your documents. To find out, go to My Computer and click on View/Details and make a note of the free space available on each partition or drive. Make sure you don't get confused by your CD drive. You can't move your My Documents folder there!
While still in My Computer, right-click on My Documents and select Properties. After a few seconds you should see the folder size shown. If two figures are shown with one in brackets, note the larger figure. That's the amount of disk space you will need.
Now make a decision which drive you'd like to move the My Documents folder to. Make sure there is enough disk space. Let's say you selected the D: drive.
Click on the Start button and then right-click on My Documents and select Properties. If there's no My Documents in your start menu then right click on the My Documents icon on your desktop instead.
When you've clicked on properties, select "Move" and then navigate to your D: drive. Select the drive letter and then click "Make New Folder." Enter "My Documents" as the folder name and hit Enter and then OK. Windows will then ask you whether you want to move your documents; click Yes.
Moving your documents make take some time. Once moved, though, you can access them normally from the "My Documents" icon on the desktop or elsewhere.
In the process you'll free up a lot of room on your C: drive. Defrag the drive so it can be utilized by Windows in the most effective manner.
For more information you can consult this Microsoft document: http://support.microsoft.com/?id=310147
The ideal time to relocate the My Document folder and other system folders is when you have just bought a new PC and have yet to load your data or applicattions.It's something to bear in mind when you get your next PC.
How to Disable Internet Explorer
There's no doubt that Internet Explorer has been a prime target of attack for spyware merchants and other ill-intentioned goons. That's why many folks have turned to alternate browsers for their web surfing.
If you are using another browser and don't use Internet Explorer anymore, there's a case to be made that you should remove it from your system. It is, after all, a potential security threat so, if you don't need it, why not get rid of it?
Except, getting rid of IE is not that easy. In fact, with later versions of Windows there's no satisfactory way of removing it completely without risking crippling Windows itself.
That hasn't stopped folks from trying to remove IE, however, and you can find several techniques documented on various web sites. Instead of removing IE I favor the simple and safer approach of disabling it. Sure, it may not provide the same degree of security as complete removal but that's a small price to pay compared to the cost of potentially de-stabilizing Windows.
There are several disabling techniques but I suggest the method below as it's simple, easy to reverse and doesn't interfere with the operation of the Windows Update service. Furthermore it should work with any modern version of IE.
Step 1. From IE select Tools/Internet Options/Connections/LAN Settings.
Step 2. Put a tick in the check box next to "Use a Proxy Server for your LAN ...”
Step 3. Type in "0.0.0.0" in the address box and "80" in the Port box. Don't type in the quote marks of course, just what's inside them.
Step 4. Click OK.
What you've done is set up a dummy proxy server 0.0.0.0 that goes nowhere. With these setting IE cannot make an HTML connection to the internet and vice versa. You have simply and effectively disabled IE.
There's no magic in the 0.0.0.0 address, any dead proxy address would work just as well. I've used that particular address to keep things simple.
If you ever need to re-enable Internet Explorer start it up and select Tools/Internet Options/Connections/LAN Settings from the toolbar and un-check the box "Use a Proxy Server for your LAN ...”
If you really want to remove IE more completely then you can check out these resources but, as I said, I don't recommend it.
If you are using another browser and don't use Internet Explorer anymore, there's a case to be made that you should remove it from your system. It is, after all, a potential security threat so, if you don't need it, why not get rid of it?
Except, getting rid of IE is not that easy. In fact, with later versions of Windows there's no satisfactory way of removing it completely without risking crippling Windows itself.
That hasn't stopped folks from trying to remove IE, however, and you can find several techniques documented on various web sites. Instead of removing IE I favor the simple and safer approach of disabling it. Sure, it may not provide the same degree of security as complete removal but that's a small price to pay compared to the cost of potentially de-stabilizing Windows.
There are several disabling techniques but I suggest the method below as it's simple, easy to reverse and doesn't interfere with the operation of the Windows Update service. Furthermore it should work with any modern version of IE.
Step 1. From IE select Tools/Internet Options/Connections/LAN Settings.
Step 2. Put a tick in the check box next to "Use a Proxy Server for your LAN ...”
Step 3. Type in "0.0.0.0" in the address box and "80" in the Port box. Don't type in the quote marks of course, just what's inside them.
Step 4. Click OK.
What you've done is set up a dummy proxy server 0.0.0.0 that goes nowhere. With these setting IE cannot make an HTML connection to the internet and vice versa. You have simply and effectively disabled IE.
There's no magic in the 0.0.0.0 address, any dead proxy address would work just as well. I've used that particular address to keep things simple.
If you ever need to re-enable Internet Explorer start it up and select Tools/Internet Options/Connections/LAN Settings from the toolbar and un-check the box "Use a Proxy Server for your LAN ...”
If you really want to remove IE more completely then you can check out these resources but, as I said, I don't recommend it.
32-bit and 64-bit explained
32-bit versus 64-bit
As the number of bits increases there are two important benefits.
More bits means that data can be processed in larger chunks which also means more accurately.
More bits means our system can point to or address a larger number of locations in physical memory.
32-bit systems were once desired because they could address (point to) 4 Gigabytes (GB) of memory in one go. Some modern applications require more than 4 GB of memory to complete their tasks so 64-bit systems are now becoming more attractive because they can potentially address up to 4 billion times that many locations.
Since 1995, when Windows 95 was introduced with support for 32-bit applications, most of the software and operating system code has been 32-bit compatible.
Here is the problem, while most of the software available today is 32-bit, the processors we buy are almost all 64-bit.
So how long will the transition from 32-bit to 64-bit systems take?
The main issue is that your computer works from the hardware such as the processor (or CPU, as it is called), through the operating system (OS), to the highest level which is your applications. So the computer hardware is designed first, the matching operating systems are developed, and finally the applications appear.
We can look back at the transition from 16-bit to 32-bit Windows on 32-bit processors. It took 10 years (from 1985 to 1995) to get a 32-bit operating system and even now, more than 15 years later, there are many people still using 16-bit Windows applications on older versions of Windows.
The hardware and software vendors learnt from the previous transition, so the new operating systems have been released at the same time as the new processors. The problem this time is that there haven't been enough 64-bit applications. Ten years after the PC's first 64-bit processors, installs of 64-bit Windows are only now exceeding those of 32-bit Windows. Further evidence of this inertia is that you are probably reading this tutorial because you are looking to install your first 64-bit software.
Your computer system in three parts
Now we'll look at those three components of your system. In simple terms they are three layers with the processor or CPU as the central or lowest layer and the application as the outermost or highest layer as shown below:
To run a 64-bit operating system you need support from the lower level: the 64-bit CPU.
To run a 64-bit application you need support from all lower levels: the 64-bit OS and the 64-bit CPU.
This simplification will be enough for us to look what happens when we mix the 32-bit and 64-bit parts. But if you want to understand the issue more deeply then you will also need to consider the hardware that supports the CPU and the device drivers that allow the OS and the applications to interface with the system hardware.
What 32-bit and 64-bit combinations are compatible and will work together?
This is where we get to the practicalities and can start answering common questions.
The general rule is that 32-bit will run on a lower level 64-bit component but 64-bit does not run on a lower level 32-bit component:
A 32-bit OS will run on a 32-bit or 64-bit processor without any problem.
A 32-bit application will run on a 32-bit or 64-bit OS without any problem.
But a 64-bit application will only run on a 64-bit OS and a 64-bit OS will only run on a 64-bit processor.
These two tables illustrate the same rule:
Table 1 — What is compatible if I have a 32-bit CPU?
Processor (CPU) 32-bit 32-bit 32-bit 32-bit
Operating System (OS) 32-bit 32-bit 64-bit 64-bit
Application Program 32-bit 64-bit 32-bit 64-bit
Yes No No No
Table 2 — What is compatible if I have a 64-bit CPU?
Processor (CPU) 64-bit 64-bit 64-bit 64-bit
Operating System (OS) 64-bit 64-bit 32-bit 32-bit
Application Program 64-bit 32-bit 32-bit 64-bit
Yes Yes Yes No
The main reason that 32-bit will always run on 64-bit is that the 64-bit components have been designed to work that way. So the newer 64-bit systems are backward-compatible with the 32-bit systems (which is the main reason most of us haven't moved to 64-bit software).
An example of backward compatibility is Windows 64-bit. It has software called WOW64 that provides compatibility by emulating a 32-bit system. See the article How Windows 7 / Vista 64 Support 32-bit Applications if you want to know more. One important point that is made in that article is that it is not possible to install a 32-bit device driver on a 64-bit operating system. This is because device drivers run in parallel to the operating system. The emulation is done at the operating system level so it is available to the higher layer, the application, but it is not available to the device driver which runs on the same level.
Hardware virtualization is the exception to the rule
Another question many people have is whether a 32-bit system can run 64-bit software. As more people are looking to use 64-bit Windows they are wanting to try it out on their existing systems. So we are getting more questions about whether they can run it on their 32-bit processor or under their 32-bit OS.
Following the general rule, we would expect that you cannot run 64-bit software on a 32-bit system. Except that there is one exception called virtualization.
Virtualization creates a virtual system within the actual system. Virtualization can be achieved in hardware or software but it works best if the virtual machine is created in the system hardware. The guest operating system is not aware that there is a host operating system already running. This is the way that a 64-bit operating system can think that it is running on 64-bit hardware without being aware that there is a 32-bit operating system in the mix.
Tables 3 and 4 illustrate the result. Provided that the virtual machine can actually be created and isolated by the virtualizing software then the host OS is effectively removed from the equation, so I've grayed it out. We can now apply the general rules for a non-virtualized system to the three remaining layers.
Table 3 — What is compatible if I have a 32-bit CPU and software virtualization?
Processor (CPU) 32-bit 32-bit 32-bit 32-bit
Host Operating System 32-bit 32-bit 32-bit 32-bit
Guest Operating System 32-bit 32-bit 64-bit 64-bit
Application Program 32-bit 64-bit 32-bit 64-bit
Yes No No No
Table 4 — What is compatible if I have a 64-bit CPU and software virtualization?
Processor (CPU) 64-bit 64-bit 64-bit 64-bit
Host Operating System 32/64-bit 32/64-bit 32/64-bit 32/64-bit
Guest Operating System 64-bit 64-bit 32-bit 32-bit
Application Program 64-bit 32-bit 32-bit 64-bit
Yes Yes Yes No
Before you hurry away to try running 64-bit in a virtual machine, you must check that your computer BIOS supports hardware virtualization. If it does not then hardware virtualization will not work even if the CPU does support it.
Emulation of the 64-bit CPU is not an option
All the feasible configurations that we have looked at so far have the processors (CPUs) running software that use the instruction set that is native to that processor. Running 64-bit software on a 32-bit processor doesn't work because the 64-bit instructions are not native to a 32-bit processor. But what if I could emulate a 64-bit processor using 32-bit software?
It is theoretically possible but practically impossible to emulate a 64-bit processor while running software on a 32-bit processor. Even if you can get non-native 64-bit emulation to work, the virtual machine that duplicates a 64-bit CPU would run very slowly because every 64-bit instruction has to be trapped and handled by the emulator. 64-bit memory pointers also have to be converted to work within the 32-bit address space.
Furthermore, my understanding is that the x86 (32-bit) processors used in PCs and Apple Macs are not able to completely emulate the x64 (64-bit) instruction set. Some 64-bit instructions cannot be trapped by the emulator. This causes the system to crash when the x86 processor tried to run those x64 instructions.
Answers to common questions about 32-bit and 64-bit systems
Will a 64-bit CPU run a 32-bit program on a 64-bit version of an OS?
Yes it will. 64-bit systems are backward-compatible with their 32-bit counterparts.
Will a 64-bit OS run a 32-bit application on a 64-bit processor?
Yes it will. Again, this is because of backward compatibility.
Can 64-bit applications contain 32-bit code?
Yes, many times 64-bit software will contain portions of 32-bit code.
Similarly 32-bit software (usually very old programs) can have some code in 16-bit which is why those 32-bit applications will usually fail to run properly on a 64-bit OS.
Can 16-bit applications or code run on 64-bit systems?
No, as we said previously. 16-bit code will NOT run on 64-bit OS because the designers did not provide backward-compatibility. This is one reason why some 32-bit programs will not work on 64-bit operating systems.
Can a 64-bit CPU with a 32-bit host OS run a virtual machine (VM) for a 64-bit guest OS?
Yes. It all depends upon the level of virtualization.
With software virtualization it is hardly likely to work, or if it does work it may be very slow.
Hardware virtualization will need to be supported by the CPU (e.g. with Intel-VT or AMD-V) and the BIOS.
Answers to common questions about 32- and 64-bit Windows
Can I run Windows 2000 and Windows XP on a 64-bit CPU, and use old software?
Yes, a 32-bit OS (Windows 2000 or XP) will run on a 64-bit processor.You should also be able to run older 32-bit software on a 64-bit OS.
Is a Windows Vista or Windows 7 license key valid for both 32-bit and 64-bit versions?
Yes, unless you have an OEM version. If it was installed on your computer when you bought it and you only have one Windows disk then it is almost certainly an OEM version and you will have to buy the other bit version if you want it. If you have two disks, one for 32-bit Windows and one for 64-bit Windows, then you have a non-OEM version so you get to choose which bit version you will use without having to buy another license. See Microsoft Answers for a discussion of these issues.
Remember, if you have only bought one license then, even if you have both bit versions on disk, you are only licensed to install and run one version on one computer.
As the number of bits increases there are two important benefits.
More bits means that data can be processed in larger chunks which also means more accurately.
More bits means our system can point to or address a larger number of locations in physical memory.
32-bit systems were once desired because they could address (point to) 4 Gigabytes (GB) of memory in one go. Some modern applications require more than 4 GB of memory to complete their tasks so 64-bit systems are now becoming more attractive because they can potentially address up to 4 billion times that many locations.
Since 1995, when Windows 95 was introduced with support for 32-bit applications, most of the software and operating system code has been 32-bit compatible.
Here is the problem, while most of the software available today is 32-bit, the processors we buy are almost all 64-bit.
So how long will the transition from 32-bit to 64-bit systems take?
The main issue is that your computer works from the hardware such as the processor (or CPU, as it is called), through the operating system (OS), to the highest level which is your applications. So the computer hardware is designed first, the matching operating systems are developed, and finally the applications appear.
We can look back at the transition from 16-bit to 32-bit Windows on 32-bit processors. It took 10 years (from 1985 to 1995) to get a 32-bit operating system and even now, more than 15 years later, there are many people still using 16-bit Windows applications on older versions of Windows.
The hardware and software vendors learnt from the previous transition, so the new operating systems have been released at the same time as the new processors. The problem this time is that there haven't been enough 64-bit applications. Ten years after the PC's first 64-bit processors, installs of 64-bit Windows are only now exceeding those of 32-bit Windows. Further evidence of this inertia is that you are probably reading this tutorial because you are looking to install your first 64-bit software.
Your computer system in three parts
Now we'll look at those three components of your system. In simple terms they are three layers with the processor or CPU as the central or lowest layer and the application as the outermost or highest layer as shown below:
To run a 64-bit operating system you need support from the lower level: the 64-bit CPU.
To run a 64-bit application you need support from all lower levels: the 64-bit OS and the 64-bit CPU.
This simplification will be enough for us to look what happens when we mix the 32-bit and 64-bit parts. But if you want to understand the issue more deeply then you will also need to consider the hardware that supports the CPU and the device drivers that allow the OS and the applications to interface with the system hardware.
What 32-bit and 64-bit combinations are compatible and will work together?
This is where we get to the practicalities and can start answering common questions.
The general rule is that 32-bit will run on a lower level 64-bit component but 64-bit does not run on a lower level 32-bit component:
A 32-bit OS will run on a 32-bit or 64-bit processor without any problem.
A 32-bit application will run on a 32-bit or 64-bit OS without any problem.
But a 64-bit application will only run on a 64-bit OS and a 64-bit OS will only run on a 64-bit processor.
These two tables illustrate the same rule:
Table 1 — What is compatible if I have a 32-bit CPU?
Processor (CPU) 32-bit 32-bit 32-bit 32-bit
Operating System (OS) 32-bit 32-bit 64-bit 64-bit
Application Program 32-bit 64-bit 32-bit 64-bit
Yes No No No
Table 2 — What is compatible if I have a 64-bit CPU?
Processor (CPU) 64-bit 64-bit 64-bit 64-bit
Operating System (OS) 64-bit 64-bit 32-bit 32-bit
Application Program 64-bit 32-bit 32-bit 64-bit
Yes Yes Yes No
The main reason that 32-bit will always run on 64-bit is that the 64-bit components have been designed to work that way. So the newer 64-bit systems are backward-compatible with the 32-bit systems (which is the main reason most of us haven't moved to 64-bit software).
An example of backward compatibility is Windows 64-bit. It has software called WOW64 that provides compatibility by emulating a 32-bit system. See the article How Windows 7 / Vista 64 Support 32-bit Applications if you want to know more. One important point that is made in that article is that it is not possible to install a 32-bit device driver on a 64-bit operating system. This is because device drivers run in parallel to the operating system. The emulation is done at the operating system level so it is available to the higher layer, the application, but it is not available to the device driver which runs on the same level.
Hardware virtualization is the exception to the rule
Another question many people have is whether a 32-bit system can run 64-bit software. As more people are looking to use 64-bit Windows they are wanting to try it out on their existing systems. So we are getting more questions about whether they can run it on their 32-bit processor or under their 32-bit OS.
Following the general rule, we would expect that you cannot run 64-bit software on a 32-bit system. Except that there is one exception called virtualization.
Virtualization creates a virtual system within the actual system. Virtualization can be achieved in hardware or software but it works best if the virtual machine is created in the system hardware. The guest operating system is not aware that there is a host operating system already running. This is the way that a 64-bit operating system can think that it is running on 64-bit hardware without being aware that there is a 32-bit operating system in the mix.
Tables 3 and 4 illustrate the result. Provided that the virtual machine can actually be created and isolated by the virtualizing software then the host OS is effectively removed from the equation, so I've grayed it out. We can now apply the general rules for a non-virtualized system to the three remaining layers.
Table 3 — What is compatible if I have a 32-bit CPU and software virtualization?
Processor (CPU) 32-bit 32-bit 32-bit 32-bit
Host Operating System 32-bit 32-bit 32-bit 32-bit
Guest Operating System 32-bit 32-bit 64-bit 64-bit
Application Program 32-bit 64-bit 32-bit 64-bit
Yes No No No
Table 4 — What is compatible if I have a 64-bit CPU and software virtualization?
Processor (CPU) 64-bit 64-bit 64-bit 64-bit
Host Operating System 32/64-bit 32/64-bit 32/64-bit 32/64-bit
Guest Operating System 64-bit 64-bit 32-bit 32-bit
Application Program 64-bit 32-bit 32-bit 64-bit
Yes Yes Yes No
Before you hurry away to try running 64-bit in a virtual machine, you must check that your computer BIOS supports hardware virtualization. If it does not then hardware virtualization will not work even if the CPU does support it.
Emulation of the 64-bit CPU is not an option
All the feasible configurations that we have looked at so far have the processors (CPUs) running software that use the instruction set that is native to that processor. Running 64-bit software on a 32-bit processor doesn't work because the 64-bit instructions are not native to a 32-bit processor. But what if I could emulate a 64-bit processor using 32-bit software?
It is theoretically possible but practically impossible to emulate a 64-bit processor while running software on a 32-bit processor. Even if you can get non-native 64-bit emulation to work, the virtual machine that duplicates a 64-bit CPU would run very slowly because every 64-bit instruction has to be trapped and handled by the emulator. 64-bit memory pointers also have to be converted to work within the 32-bit address space.
Furthermore, my understanding is that the x86 (32-bit) processors used in PCs and Apple Macs are not able to completely emulate the x64 (64-bit) instruction set. Some 64-bit instructions cannot be trapped by the emulator. This causes the system to crash when the x86 processor tried to run those x64 instructions.
Answers to common questions about 32-bit and 64-bit systems
Will a 64-bit CPU run a 32-bit program on a 64-bit version of an OS?
Yes it will. 64-bit systems are backward-compatible with their 32-bit counterparts.
Will a 64-bit OS run a 32-bit application on a 64-bit processor?
Yes it will. Again, this is because of backward compatibility.
Can 64-bit applications contain 32-bit code?
Yes, many times 64-bit software will contain portions of 32-bit code.
Similarly 32-bit software (usually very old programs) can have some code in 16-bit which is why those 32-bit applications will usually fail to run properly on a 64-bit OS.
Can 16-bit applications or code run on 64-bit systems?
No, as we said previously. 16-bit code will NOT run on 64-bit OS because the designers did not provide backward-compatibility. This is one reason why some 32-bit programs will not work on 64-bit operating systems.
Can a 64-bit CPU with a 32-bit host OS run a virtual machine (VM) for a 64-bit guest OS?
Yes. It all depends upon the level of virtualization.
With software virtualization it is hardly likely to work, or if it does work it may be very slow.
Hardware virtualization will need to be supported by the CPU (e.g. with Intel-VT or AMD-V) and the BIOS.
Answers to common questions about 32- and 64-bit Windows
Can I run Windows 2000 and Windows XP on a 64-bit CPU, and use old software?
Yes, a 32-bit OS (Windows 2000 or XP) will run on a 64-bit processor.You should also be able to run older 32-bit software on a 64-bit OS.
Is a Windows Vista or Windows 7 license key valid for both 32-bit and 64-bit versions?
Yes, unless you have an OEM version. If it was installed on your computer when you bought it and you only have one Windows disk then it is almost certainly an OEM version and you will have to buy the other bit version if you want it. If you have two disks, one for 32-bit Windows and one for 64-bit Windows, then you have a non-OEM version so you get to choose which bit version you will use without having to buy another license. See Microsoft Answers for a discussion of these issues.
Remember, if you have only bought one license then, even if you have both bit versions on disk, you are only licensed to install and run one version on one computer.
Subscribe to:
Comments (Atom)