Over the past 5 years. since the publication of my 2005 book The PC Magazine Guide to Fighting Spyware, Viruses, and Malware, I’ve been following the rise and fall of numerous anti-virus and anti-spyware software packages with great interest and attention. In that period I’ve worked with numerous suites and anti-virus/-spyware packages from a great many vendors, including (in alphabetical order) AVG, Avira, BitDefender, Frisk, F-Secure, Kaspersky, Norton/Symantec, PC Tools, Sunbelt Software, and Webroot.
Out of that collection of tools, I’ve consistently stuck with this subset of offerings for use on my own or family member’s machines:
- AVG Anti-Virus Free Edition: I have *LOTS* of test machines, and a free product is pretty helpful for the many that so often come and go in my lab
- Norton Internet Security: I abandoned this product in the mid 2000’s as its resource requirements mushroomed and it turned into a bona fide system hog. But the newer, leaner and meaner 2009 and 2010 versions have earned their way back onto numerous desktops in my house.
- Webroot: Spy Sweeper was the first hot-dog antispyware product that I got to know while writing my book, and it has remained a popular and effective tool ever since
- PC Tools: Spyware Doctor is another hot-dog antispyware product that continues to earn accolades and special status as a leading antispyware package. The company’s combo offering (with PC Tools AntiVirus) and Internet Security suite also work very well.
Though I’ve occasionally strugged with components of the PC Tools environment — see my September 2008 blog for ViztaView.com “Best-of-Breed Apps Aren’t Always Best for Vista” — by and large their products have done me and my desktop and notebook PCs more right than wrong. This is born out in recent results from the latest round of VB100 testing from Virus Bulletin in April, 2010. Though products from a surprising group of vendors that include eEye, Frisk, Norman, and even Microsoft (Security Essentials) failed to earn the once-coveted but now obligatory VB100 rating for Windows XP SP3 platforms in this latest round of testing, the PC Tools products (and those from the other vendors I mention in my preceding favorites lists) continued their ongoing streak of VB100 status.
In talking with members of the PC Tools development team to understand how they’ve kept up, especially in light of recent changes to the Virus Bulletin wild list and other testing changes and shake-ups I learned that the company maintains a dedicated team of researchers and testers to keep up with (and help to guide) the composition and execution of its testing operations. And of course, as is customary for most major anti-malware operations these days, this group also monitors reports from its own customers and various shared security and vulnerability reporting resources (like the Mitre database of common vulnerabilities and exposures known as the CVE), so that it knows when to begin work on the various signatures, heuristics, and other detection, avoidance and repair tools that drive daily efforts in such organizations. In fact, heuristics- and behavior-based detection and avoidance is an area where the PC Tools products really shine, thanks in large part to the development efforts behind its ThreatFire module, which observes and blocks suspect system behavior and potentially dangerous file system access and activity.
If you’re looking for a solid and reliable anti-malware solution for Windows PCs, any of the items on the list at the head of this blog will do the job, but I recommend the PC Tools products as a particularly good value for the money you’ll have to shell out to install most of them on one or more PCs. The PC Tools Internet Security suite, in fact, offers comprehensive and capable all-around security coverage and protection for up to 3 Windows 7 PCs for about US$50 per year (or less, if you search for discount codes online, such as this 25% off offer available from Offers.com)
In the latest (May 2010) issue of Virus Bulletin, I read Alisa Shevchencko’s story “TDSS Infections – Quarterly Report” with some interest and a lively appreciation of the TDSS rootkit malware and infections over the past year. Upon learning that a detection and repair tool for this rootkit (which is extraordinarily difficult to detect, even for rootkit-specific tools) was available from Shevchenko’s employers Website (eSage Lab) I decided to give it a shot. This program, simply called remover.exe scans systems to look for hidden driver files so that its users can remove them if and when they’re found. This tool comes with an undocumented catch, however, as I learned by electing to remove two hidden items that the program discovered on my system.
If you’re lucky, when you run this tool on your system, you’ll get a display that looks like this:
Alas, it turned out that the two hidden items that this program found on my system were hidden by Microsoft, not by any rootkit. When I removed them, I was removing my Windows 7 license key and activation data, so that when I rebooted my machine after the fix, I got the “black screen” background and a warning that my copy of Windows was not genuine. This was easy to fix, simply by re-entering my (valid) license key, and then re-activating Windows, but it did come as something of a surprise.
The two items that the progam discovered were:
Should you decide to run this program and it discovers exactly two hidden drivers, but no other signs of infection, you may want to check to make sure they don’t match this information. On the other hand, the fix is pretty easy if you do trash them and lose your license status and info, so you can go either way in deciding whether or not to allow the program to delete these questionable but benign items.
An imposter version of the Windows 7 Upgrade Advisor is being offered in e-mail messages on the Internet, says security software vendor BitDefender, which has detected installation rates in the US of around 3 or 4 copies per hour on its security monitoring network. The proffer comes in the form of a supposed “help message” that recommends users download and install Windows 7 Upgrade Advisor setup, and supplies a link for same. Of course, that link does not go to Microsoft, and the ZIP file that gets downloaded contains a malware program named Trojan.Generic.3782603 that can install itself and other malicious and unwanted software on machines where the ZIP file gets unpacked. Among the typical payloads that this Trojan installs is a backdoor program that enables remote and unauthorized access to infected machines. In turn, this software lets the bad guys install other software or access files on infected systems, any or all of which can lead to financial losses, identity theft, and access to sensitive data or information.
BitDefender opines that “…infection rates reflected by the BitDefender Real-Time Virus Reporting System indicate the beginning of a massive spreading of the Trojan.Generic.378603….” and that “…it’s just a matter of time before the cybercriminals control a huge number of systems…” Of course, the e-mail message that serves as the pointer to the infection vector run contrary to Microsoft practice, which is never to e-mail software or links to software to customers or potential users. Savvy computer users will know this, and are unlikely to fall prey to this attack, but less sophisticated users interested in Windows 7 and the Upgrade Advisor (legimitately available through the Microsoft Download Center at the Windows 7 Upgrade Advisor page) are stil falling prey to this attack, as the BitDefender report clearly indicates.
Those of you who notice such things will recognize that my blogging frequency decreased dramatically over the past 5 months, culminating with my lightest month ever in April. It’s for the best reasons: I’ve been insanely busy with a big consulting project and also appeared as an expert witness in a trial that took place in Tyler, TX, at the US Fifth Circuit Court last week. The case is now over, and my consulting project is winding down (and ends on May 21) so I’m announcing that as of today, I’m back on my usual schedule of three times a week from here on out (and back up to 12 blogs monthly).
To those of you who missed me: “Thanks!” To those of you who didn’t, “Thanks, anyway!” And to those of you who could possibly care less: “Please keep up the good work!” I’ll be returning to my normal coverage of Windows enterprise desktop topics, including platform developments, news, and trends plus Windows 7 advice, information, and resources. If anybody’s got any burning questions, post them here, or look up my email on my Website at www.edtittel.com and drop me a line.
In my plans for the next few weeks:
- Interesting alternatives to Windows XP Mode are becoming commercially available for Windows 7. I’ll take a look at several such products over the next month.
- More information on Windows certifications and learning opportunities is in the offing, and I’ll cover those topics and programs as they go public.
- Looks at some recent Windows 7 migration and deployment trends in various enterprises around the globe.
To one and all: “Thanks! It’s great to be back to a more normal (and I hope less hectic) schedule.”
Given that the IT sector is lagging the overall rebound in employment across all industries, both inside and outside the US, I’m always glad to see the occasional ray of sunshine where IT is concerned. That’s why I read this April 17 story from the UK edition of Network World with greater than usual interest: “Windows 7 fuels demand for desktop support.” I don’t want to make a mountain out of a mole hill, but this phenomenon dovetails pretty nicely — and predictably — with another Windows 7 phenomenon: an ongoing business technology and desktop refresh stimulated by the combination of an aging XP hardware base and enough improvement in economic conditions to get businesses thinking about investing in their desktop and notebook fleets.
Along with capital expenditures for new equipment comes a brand-new OS on those machines, plus opportunities to migrate or upgrade systems less than three years old (if purchased for potential Vista use, a desktop or notebook will run at least a little better using the same hardware for Windows 7, if not more so). All this adds up to a growing appetite for Windows 7 deployment in businesses of all sizes, and thus also, an appetite for Windows 7 qualified help desk, support desk, and technical IT staff.
That probably adds credence to Chris Pirie’s claim (see my IT Jump Start interview with Chris Pirie of MS Learning from last Friday) that Windows 7 training and certification is also fueling a considerable jump in Microsoft Learning’s activity and revenue levels. It’s also possible that the study Pirie cites in that blog, which reports that Windows 7 is going to add considerably to IT budgets and activity levels as well, is not too far off the mark. I can only hope this ray of sunshine portends a break in the otherwise cloudy IT employment outlook — hopefully, sooner rather than later.
One of my favorite quotes from the 19th century master sleuth himself goes like this: “It is an old axiom of mine that when you have excluded the impossible, whatever remains, however improbable, must be the truth” (The Adventure of the Beryl Coronet, pg. 315). Would that I had recalled his words earlier when working my way through a recent troubleshooting adventure (read all about it in my latest ViztaView blog entitled “Test System Woes Finally Solved, But Not Without a Final Fillup of Loathing and Despair“).
To compress this epic troubleshooting adventure into as few words as possible, when trying to figure out why Windows 7 Professional x64 wouldn’t install on a particular test machine, my reluctance to consider the CPU as the possible culprit caused me to waste ungodly amounts of time trying to fix (and even replace) other stuff that wasn’t broken or misbehaving. It turns out my engineering sample of the Intel QX9650 processor (which samples, by the way, are neither supported nor warranted to be defect-free by Intel: they give ’em way for reviews and analyses and you gets what you pays for them) simply won’t complete the “Expanding files…” phase of the Windows 7 install process, which follows immediately after “Copying files…” right at the very beginning of the install process.
I’m actually writing a story about this for ITExpertVoice.com, as a combination advanced troubleshooting tutorial plus a meditation on the nature and essence of systematic troubleshooting. So naturally, my editor at the site asked me to get a comment from Intel to make sure this leading silicon foundry didn’t get blindsided by my report. First and only official response I got was “Intel modern processors work on both 32 and 64-bit versions of Windows 7.” I’d have to agree with this statement and furthermore I believe that my particular borked QX9650 is an anomaly and not in any way representative of Intel’s architectures, products, and capabilities.
In off the record discussions after that, however, things got really interesting. Basically, the Intel rep refused to believe that I was reporting a genuine phenomenon and that my troubleshooting methods must be flawed or incomplete for this to occur at all. Nevertheless, I can repeat this anomalous behavior at will, and the only single factor that either causes this behavior to occur, or that makes it vanish, is the presence (problem occurs) or absence (problem disappears) of this particular QX9650 CPU. If everything else either stays the same or is different, and the only element that controls whether or not the problem manifests is the CPU, logic and reason (thanks, Sherlock!) tell us that no matter how much we may not *WANT* to believe the cause, it is indeed the truth.
It’s stuff like this that makes my working life so much fun, and such a treat to keep whaling away at. Sometimes I feel like the luckiest guy in the world, but only after I recover from feeling occasionally accursed that things don’t always work the way they should!
Some time in the next week, you’ll see a new story from me showing up on SearchITChannel.com. It’s currently got a working title of “Why Windows 7 Adoptions Are So Much Faster and Stronger than Vista’s” and digs into the many reasons why more and more businesses are making or enacting plans to adopt Windows 7 on their users’ desktops.
Here, I just want to give a capsule summary of that story (I’ll provide a link to same as soon as it’s posted) so you can get a sense of what’s driving business adoptions of Microsoft’s latest flagship desktop OS:
1. Timing and Choices: XP is old, Vista’s no good, and it’s time to move to something new. Windows 7 is it!
2. The Refresh Cycle Made Me Do It: Given recent economic difficulties companies have put off desktop refreshes as long as possible. Given improving conditions and aging equipment, many new PCs will be deployed with Windows 7 installed when the next refresh hits.
3. The time is NOW (or soon): A smattering of businesses are already done with their Windows 7 migrations (6%) or will be finished soon (8%). 23% plan to upgrade in 6-12 months, and another 44% plan to upgrade in the next 12-36 months.
4. We don’t need no stinkin’ SP1: A surprising number of companies aren’t letting SP1 influence their upgrade and migration plans, despite conventional corporate wisdom that it’s smart to wait for SP1 before moving to a new Windows OS.
5. Back to Basics: Lots of companies are being swayed by reports of Windows 7’s faster boot-up and shut-down speeds, more modest resource requirements, faster performance, better stability, and improved device support to make a move sooner rather than later.
You’ll find all the details in the story itself, and pointers to related surveys and reports on this situation. But it’s nice to see that the Vista debacle is finally showing up in the rear-view mirror, rather than as an everyday pothole IT departments must find a way to navigate around.
I saw a fascinating study reported recently in Channel Insider. It’s called “More Users Plan Microsoft Windows 7 Upgrade Before SP1 Release,” and it’s dated 3/19/2010. The source is Dell Kace (Kace is a recent Dell acquisition and offers interesting appliance-based packages for Windows update, migration, maintenance, and management that I personally would love a chance to play with), and the results show a huge change in attitudes and plans vis-a-vis a similar study conducted almost a year ago (April 2009, before Windows 7 was in wide circulation).
Here are some salient factoids from this study, as reported in the Channel Insider article:
- 87 percent of IT professionals surveyed plan to deploy Windows 7
- Nearly half (46%) of polled respondents (population size: 900) plan a move to Windows 7 before SP1 becomes available. Channel Insider says that’s going to happen this summer, but I’ve seen discussions that put it in the July-October time frame, and there’s been no official MS date released just yet.
- Those considering a move to some OS other than Windows is down from 50 percent last April, to 32 percent in February 2010.
- 86 percent report concerns about software compatibility with Windows 7 when migrating to the new OS.
- Those expressing concerns about Windows 7 performance is also down, from 47 percent last April, to 25 percent in February 2010.
The Dell Kace folks who conducted these studies are convinced this means that Microsoft is starting to repair the damage to its reputation, and the drop in confidence in Windows, that resulted from the debacle known as Windows Vista. It’s also viewed as good news for the reseller channel, because of the improving climate and increasing number of businesses planning and budgeting for Windows 7 migrations. Yippee!
Some time later this year (2010), we can expect to see Microsoft release the first service pack (SP1) for Windows 7. As with Vista service packs and Windows Server 2008, these will be tied to service packs for Windows Server 2008 R2. In his recent blog “Talking About Service Pack 1 for Windows 7 and Windows Server R2” Microsoft team lead Brandon LeBlanc finally let some details out about what’s coming our way when the next service pack hits the streets:
- “For Windows 7, SP1 includes only minor updates, among which are previous updates that are already delivered through Windows Update.”
- “SP1 for Windows 7 will, however, deliver an updated Remote Desktop client that takes advantage of RemoteFX introduced in the server-side with SP1 for Windows Server 2008 R2.”
No official release timeline is available as yet, but the rumor mill sez it will probably hit in late October or early November, 2010. I, for one, will be very interested to learn more about the enhanced RDP client capabilities that will come when Windows 7 clients work with Windows Server 2008 R2 hosts with SP1 also installed. Maybe Microsoft is trying to coat-tail a new server release on a seemingly successful desktop release for once? I don’t see any betas for this SP release up on MSDN just yet, but please count on me to keep you posted when more tangible signs of what lies ahead appear there (or elsewhere).
Last week, Robert L. Mitchell of InfoWorld put out a great story entitled “IT gives Windows 7 the green light.” The story recounts the results of a survey of Windows 7 adoption plans that contains some fascinating statistics and also discusses the reasons why some enterprises have already jumped on Windows 7 in a big way, or are preparing to do so sooner rather than later in some cases.
What’s driving upgrades and migration? Here’s a brief summary of the answers to that question:
1. An aging Windows XP platform: 93 percent of enterprise respondents are still running Windows XP, an even higher number than I’m used to seeing in these kinds of reports. In fact, 18 percent are still running Windows 2000, 98, or 95 on their desktops.
2. Better support for enterprise features: Windows 7 is earning points for tighter integration with Windows Server, Windows XP Mode, and support for the System Center Configuration Manager (SCCM).
3. Apparent lack of driver/hardware issues: Vista suffered horribly from issues with a new driver model, and it’s taken until the last 12 months to get all that stuff shaken out. Windows can leverage on all that progress immediately, and is proving uncommonly stable from the hardware perspective. Enterprises like this.
4. Service Pack 1 plans show an interesting split among those waiting for SP1 versus those not factoring it into their plans. Enough enterprises believe that the testing-deploy-migrate cycle will be long enough to carry them into the SP1 timeframe anyway that combining those who won’t wait (34 percent) with those who believe SP1 will be available by the time they deploy (26 percent) constitutes a clear enterprise majority. Add another 17 percent for those who don’t factor SP releases into their planning, and you’ve got the bulk of the audience covered anyway.
5. New Enterprise-oriented features like DirectAccess, BranchCache, and BitLocker enhancements (especially BitLocker to Go) are garnering lots of interest, and plenty of IT personnel are kicking those tires to see how well they work for their prospective users.
6. More flexible runtime environment for Windows 7 reduces the total number of images to build and maintain (Pella Windows expects to reduce its number of unique images from 25 for XP to 5 for Win7, for example).
For more information on the survey and a summary of its fascinating results and factoids, be sure to check out the two articles cited at the beginning of this blog. Lots of good stuff in there!