Logging onto a desktop or laptop, these days, can be a trying experience. Just ask Otis Archie, vice present of Kuhn Med-Tech Inc. an executive recruiting firm in the medical industry based in San Juan Capistrano, Calif. His machine kept getting infected - and no matter what he did, the infections always came back.

"Within two hours of one attack, I had around 100 different kinds of virus, spyware and pop-ups on my computer," says Archie. "This happened despite the fact that I was already using anti-virus (AV), anti-spyware (AS) and adware removal tools."

Fortunately, the story has a happy ending. While traditional defenses proved useless against the onslaught, Archie downloaded a tool named SpyWall by Trolokom Inc. of Monrovia, CA. It detected and eradicated the trouble in minutes and shored the system up against future attacks.

"One spyware incursion downed my computer for three straight days," says Archie. "SpyWall cleaned up my entire system in five minutes and it stayed clean."

Cleaning up XP

Archie's machine runs Microsoft Windows XP. As he understood the need for strong security, he added Norton Antivirus by Symantec Corp. of Cuptertino, Calif. He kept its signatures up to date and diligently upgraded to the latest versions.

A year or two back, however, he realized he had to add further safeguards. He implemented Ad-Aware by Lavasoft AB of Sweden. It provides protection from data-mining, aggressive advertising, spyware and tracking components. The personal edition is downloadable free of charge. This helped ease pop-up pain and eliminated other annoyances that regularly interrupted his workdays. But it didn't handle everything - not by a longshot.

Modern desktops and the laptops, after all, are inundated by a multitude of threats. These come under the generic label "malware," but can be classified into categories such as:
Virus: a program that infects other software
Worm: a program that transmits itself over a network to infect other computers
Trojan: a malicious program that presents itself as something innocuous or desirable in order to tempt users to install it.
Spyware: malicious software designed to intercept or take partial control of a computer without the consent of the user.
Adware: software that serves up pop ups, banner ads, or sends marketing data about your user habits to other sites.
Keylogger: malware designed to record and relay keyboard strokes. This is a way to detect passwords and financial information.
Browser hijacker: a program that alters your computer's browser settings so that you are redirected to Web sites that you had no intention of visiting.
Rootkit: software tools that conceal running processes, files or system data so that an intruder can maintain access to a system without detection.

To address the malware menace, Archie deployed Spybot - Search & Destroy by Safer-Networking Ltd. Again, this eased the pain. But it didn't make his desktop woes go away completely.

"Norton AV, Spybot and Ad-Aware eliminated some of my problems, but sometimes they would tell me that they couldn't clean up specific threats," says Archie. "And in some cases they didn't do any good at all against specific incursions."

A real bulldog

One recent threat, however, undermined all his defenses. Once this Trojan got in, Archie just couldn't get rid of it. It wreaked devastation for weeks.

"This Trojan overwhelmed my screen with pop-ups, was sending out traffic and actively bringing other malware onto my system," he says. "It included regenerating spyware and rootkits than no other product could remove."

Security experts report that malicious code writers are incorporating features that enable the threat to regenerate itself after it has been "cleaned". That's why some spyware appears so invincible. Further, it can even disable the very tools designed to detect and eliminate it. Thus Archie's attempts to clean his system proved futile and it remained inoperative for three straight days. His tools cleaned up some of the mess. But certain strains of malware were indomitable. The AV/AS applications, he says, did one of three things with regard to stubborn malware: detected them but couldn't clean them; reported the system clean, only for the same threat to remerge stronger than ever; or missed some entirely.

Sometimes his security applications would tell him that the threat had been quarantined. But since they were not completely cleaned, they activated and spread again. For every step forward he made, it seemed he ended up two steps backwards.

"If you don't clean these threats, they reactivate in Windows Explorer and start up all over again," Archie said. "Some of them burrowed deep into the system and we couldn't get them out."

One example that refused to leave the premises was a Trojan named Surfsidekick that is designed to display pop-up ads. It installs or updates without user permission or knowledge, and is typically bundled with a variety of other pests. It also silently connects to an unintended location to transmit personal information, and defends against removal or changes to its components.

The reason why an increasing number of such threats go undetected is because of the rise of the rootkit. This malady makes detection nearly impossible by existing products. The most notorious example is one used by Sony to prevent copyright violations. The vendor didn't tell anyone it had placed a hidden policing mechanism on home computers without permission. Yet not a single AV/AS vendor detected it.

Rootkits are a way for malware to actively hide itself and escape detection. Using the stealth cloak provided by rootkits, therefore, spyware operates undetected. The attacker can remotely install or modify components, steal locally stored personal information and even use the compromised machine for illegal activities. Being in the medical field, that's the last thing that Kuhn Med-Tech wanted to happen.

A friend recommend that Archie download Spywall. He started with the trial version (www.trlokom.com/ product/ spywall.php). The results were immediate.

"The Trlokom application detected and got rid of 96 separate types of malware on my system," says Archie. "In five minutes it got rid of Surfsidekick, Bulldog, all the rootkits that were hiding things, and everything else that the other security tools had missed."

Spywall, he says, comes with a comprehensive rootkit scanner. It is able to look deeper than anything else in his security arsenal and detect whatever may be lurking inside.

He also customizes the tool to block access to websites that are known to be sources of malware. If he is redirected to one of these sites without his permission or goes there in error, Spywall blocks the resulting infection. It achieves this by securing the entry point of almost all malware - the Web browser. A technique known as sandboxing (i.e. isolating) the web browser is utilized to prevent spyware from infecting the enterprise. Untrusted components can be safely run in the sandbox, thereby restricting the interaction the browser has with the system. Any damage is contained, analyzed and eradicated.

Based on his success, Archie now plans to roll it out to the other desktops at his company.

"Today I worked all day without trepidation," he says. "As Spywall has a great price point, I'm going to get it for our other computers." ENS