(To visit the links on this page, copy and paste to your browser address box in a new tab)
I recieved my computer (Dell Latitude C600 laptop) in Feb. of 2006 as a gift. It is my first computer. I had never really done anything with computers before - didn't even know about the difference between left and right click. It was several weeks before I got "online", and so had time to explore my system, and get myself in and out of trouble. I wish that I had had reference to:
http://www.informit.com/library/library.aspx?b=STY_Windows_XP_24hours
I'm sure I could have saved a lot of time and bother. It still makes good reading !
The first thing I think every XP user should know is called "Last known good configuration." This is a "snapshot" of the system as it is working properly. If at anytime you have a goofy situation occur for any reason, and especially if the only way out is to shut down your machine, use "Last known good.." for the very next boot! Do not just start up normally and pray - God may be busy. Right after pushing the button to start your machine, start pressing the F8 key on your keyboard over and over and don't stop until a black screen with white printing appears. When it does, use the arrow keys to navigate to "Last known good configuration." Press the "Enter" key. A trouble-free start is (almost always) guaranteed. (Also available on this screen is "Safe Mode")
For more information on this see Microsoft:
http://support.microsoft.com/kb/307852/en-us
"Last known good..." is dynamic (changes) and rebooting into a goofy configuration may lose it. Don't risk it! Just make it standard practice to use "Last known good.." anytime a restart is required after goofyness.
Next, you should know that "System Restore" often doesn't. Yes, some users have always relied on it and it works fine for them every time. Many others have tons of problems.
For a sampling browse the System Restore Forum:
http://aumha.net/viewforum.php?f=54&sid=1d229eff37ea626596fb99247ad2a9ef
My investigations reveal that System Restore is not a complete restoration anyway. Only selected portions of the Registry are recreated. Here is a link to search results for System Restore in the Microsoft Knowledge Base:
http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&spid=1173&query=System+Restore&adv=&mode=s&cat=False
Fortunately, there is a free solution - ERUNT:
http://www.larshederer.homepage.t-online.de/erunt/
ERUNT backs up the entire Registry, and the backup file contains an executable that will restore the Registry without reference to the original program. Make an ERUNT backup of your system when everything is working well, and using that backup will "restore" your system to the condition (and configuration) that it had when you made the backup. True "System Restore!" The best plan is to allow ERUNT to make an 'autobackup' at firtst boot each day.
It saves only the last 30.
Here is a link to an ERUNT tutorial:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt
Get ERUNT now! Install it and make a backup! By default ERUNT places the auto backup in the "Windows" directory. When making a manual backup, I suggest placing it directly on C:\ That way if you need to get at the file from a bootable disc or the recovery console it's in plain view on C:\ Usually the trouble is not that bad, but it's nice to know that Windows restoration is directly available if you can at least access the hard drive.
Many (most) of the processes that you have working in the background can be started manually when you need them and stopped when you are finished. For example, jusched is the update checking process for Java. Java only updates every once in a while (few times a year) so I stopped this one, and every once in a while use the Java control panel applet to check for updates. I think that you will find quite a few of this type of thing taking up resources that would be better used for something else. (like your browser)
The start-up folder listed under "All Programs" is a place for you to easily put things that YOU want to start with Windows. I have a shortcut to Taskmanager and Process Explorer in mine, but you can add a shortcut for anything. (Or not) Delete things you do not want to start with Windows.
Standard wisdom is to control startup processes with msconfig. This can be effective, but sometimes
has unwanted consequences. Msconfig is sort of a master control panel for Windows.
Here are a couple of guides to msconfig:
http://www.perfectdrivers.com/howto/msconfig2.html
http://www.sb-cg.com/news.asp?strPageRequest=msconfig
Since msconfig can have such a profound effect on my system, I much prefer to control what starts with Windows with the free WinPatrol: http://www.winpatrol.com/ Use the "Start-up" tab to turn off anything you don't really have to have start with Windows. It has other benefits as well. Some of the names listed there may not be familiar, and you will need to find out what they are, and how they work.
I think that Sysinternals free Process Explorer is very helpful with all this. It is what Taskmanager wants to be when it grows up. Get it here: http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
(Download link at bottom of page)
For information about the various processes, here are some good places to check:
http://www.ppedia.com/
http://www.fileresearchcenter.com/
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
http://www.kephyr.com/filedb/index.php
http://www.what-process.com/lists.aspx
http://exelib.com/
http://www.processlibrary.com/
Of course, you can always google'em.
Here is a place to check any questionable file. It gets scanned by almost all available "anti-" tools:
http://www.virustotal.com/en/indexx.html
When using Process Explorer I'm sure that you will begin to notice that there are several instances of svchost.exe listed. When you hover over a svchost, a small box opens with other stuff inside. A double click opens a "Properties" dialog. These are XP "Services," and they run in the background also. But before you start making changes to your Services, go to : http://www.theeldergeek.com/services_guide.htm and have a good read. I almost always set any Service that I don't want to start with Windows to "Manual" (except for those listed as default-disable for XP). With a manual setting, if your system needs the service for any reason it can be started. If Disabled you're out of luck.
If you have recently installed IE7, you may have the troublesome ctfmon.exe working in the background: Go to :Control Panel>Regional and Language Options>Languages>Details>Advanced, and check the box that says "Turn off advanced text services." If that creates problems, go back and turn it back on. Ctfmon uses a lot of CPU time.
It is also helpful to clean out the unneeded files that are stored by Windows (and other programs) in temp files. My favorite "cleaner" is ATF: http://www.atribune.org/content/view/19/2/ I like it because no installation is required. Just double click the icon on the desktop. CAUTION: DO NOT check the box for "Prefetch!" Don't choose "select all" either. Prefetch cleaning is not helpful (or necessary) and will slow things down for quite a while untill the file is rebuilt. If you have ATF remove your cookies, you will have to login everywhere again. I don't use that one either. I have other ways to control my cookies.
To summarize: At start-up have only those processes and Services start that are necessary. Anti-virus, anti-spyware client, firewall. Make shortcuts for everything else and start them when You need them. Watch for unknown processes on your machine, identify them, and control when they run. Use WinPatrol for a while every session so it can scan and let you know if something has changed. Keep your system clean and at least once a week use the built-in defragmenter: All Programs>Accessories>System tools>Disk Defragmenter. The first time you do, it may take quite a while. I do it every day so it takes just 5 min.
For screenshots, here is a terrific free little screen capture tool. (full or part-prints also)
http://www.divshare.com/download/1448754-6ce
Good luck. Remember-this is not a do it once and forget about it deal. If you want a responsive system, it is necessary to be a responsible user. That means learning what is going on and how to control it. And as I learned, I discovered that I am having more fun than ever.
If you've ever browsed some of the user forums on the net you've read reports from people whose computers have been infected with malware: virus/worm/trojan/rootkit. The new breed of malware is being designed with profit in mind, and these baddies will often enlist your computer into a spam-spewing army of 'bots. They also very often make changes to the system that makes them very hard to remove. Many users have just given up and done a clean install of Windows with full format because it was actually easier than removing the malware. Prevention is the key, and there is no one solution that will guarantee saftey. But. Layers of protection will make your system very hard to infect, and allow you considerable peace of mind as you surf the net.
First-use a router between your LAN or DSL modem and your computer. It will act as a hardware firewall, and when you add your own password and enable the built -in encryption you create a strong first layer of defense that is quite difficult to break through.
But not impossible.
So second- use a strong personal firewall. There are quite a few excellent (and free) firewalls available. Everyone you ask will have an opinion. I think "Gizmo" Richards does a great job of sorting things out, and offers his recommendations based on personal use and testing. For Firewalls and other free security tools see his site:
http://www.techsupportalert.com/best_46_free_utilities.htm#5
For firewall testing use "Shields Up!"
https://www.grc.com/x/ne.dll?bh0bkyd2
Click the "Proceed" button, and then select "All service ports." Please wait for the test to complete. Green is good.
I use the new top-rated Comodo:
http://www.personalfirewall.comodo.com/
Next, use a full-time anti-spyware client. These are most usually commercial programs, but I think that having strong realtime spyware protection is worth it. Often one comes packaged with antivirus. From my reading it seems that AVG (formerly Ewido) is highly regarded:
http://www3.grisoft.com/doc/2215/us/crp/0
(Also offered as part of the commercial protection package which includes anti-virus)
Another that gets good marks is Webroot Spysweeper:
http://www.webroot.com/consumer/products/spysweeper/
I personally use A-Squared anti-malware:
http://www.emsisoft.com/en/software/download/
Whichever you choose (and there are other good ones) be sure to get full-time/real-time protection/immunization with automatic updates. Mine updates hourly. Included should be download protection and e-mail protection, and "scan this file" add-on to the right click menu.
Of course, Anti-virus is a basic necessity. Curiously, the free AVG anti-virus (when fully updated) recently out-performed both Norton and MacAfee in tests.
I read excellent reviews of NOD32:
http://www.eset.com/
Also very highly regarded is Kaspersky:
http://www.kaspersky.com/
I use AVG free behind the Comodo Firewall
http://free.grisoft.com/doc/1
There are many good alternatives, but I go on record as opposed to Norton from personal experience and MacAfee from my research. Both are too invasive and resource demanding for the protection offered. Much better choices are available. Choose wisely.
Unfortunately, this is not the end of the story. There can still be problems with things that you encounter before any of your security utilities updates have installed protection. I like protection from "Zero-day" baddies as well. This requires a Host Intrusion Prevention System.(HIPS) "Gizmo" offers a good review of the top contenders:
http://www.techsupportalert.com/security_HIPS.htm
As you can see Defense Wall won the top spot:
http://www.softsphere.com/
It is a commercial product.
Second place went to free CyberHawk:
{EDIT: Cyberhawk has been changed. I have not used the new application.
I went back to SpywareGuard after problems with Cyberhawk.}
Still not the end of the story.
Malware is designed for the most commonly used applications. Windows over everything else, and by connection Internet Explorer over all other browsers. Sure, other browsers can have weaknesses, but you are much less prone to problems using Opera or Firefox just because they are NOT Internet Explorer. My own preference is Opera. Arguably the most secure, but I think that it is more intuitive for former IE users than Firefox. Whatever. Both offer better cookie control. In Opera, I clear all cookies except for the ones I want every time I close the program. Please give alternative browsers a good try--it's another layer of protection.
To give yourself extra protection on the internet, run your browser in a "Sandbox." That way anything that happens
while surfing the net is confined to the sandbox, and the entire contents can be deleted after each session. Even if
you do run into malware, it cannot infect your system. The highest rated is Defense Wall (see above) but Sandboxie
is very well respected and is free: http://www.sandboxie.com/index.php?DownloadSandboxie It's the one I use.
Almost there. (to the end of the story)
Malware comes from the Internet. Where I go, and what I do can make a BIG difference. There are actually sites that a user can visit (depending on system configuration) and become infected without any action at all--just by visiting the page. Fortunately, almost all these "Bad places" are quickly recognized. There are good people keeping track of this kind of thing and providing help for those of us who might stumble into traps. Open DNS is one way to prevent visiting dangerous sites: http://www.opendns.com/ It works very well.
An other way to add protection is through the use of a "Hosts File." I use the MVP Hosts File:
http://www.mvps.org/winhelp2002/hosts.htm
It updates twice a month and includes most of the addresses for the ads which appear on web pages. This means that not only does it keep me out of trouble, but it automatically blocks the ads so that I don't have to see them or wait for them to load. This make surfing considerable faster.
Email comes from (and through) the Internet as well. For best protection, maintain a web-based email account (Like Yahoo or Google) and open your messages there. Bring home (to your machine) only those messages and attachments that you have investigated (and maybe scanned) online and know are safe. Even so, have all incomming mail checked by your antivirus/antispyware utilities.
What you've read so far is how I have layered my defenses. Since adopting this configuration, I have been happily surfing for months without so much as a tracking cookie. Does that mean I'm now immune? No. I scan my system with five different tools each week to be sure, and make daily backups of my Registry with ERUNT. But having these layers of protection in place makes it much less likely that I will become infected with malware, and that feels good!
