The web evolves. Software security isn’t what it was. There was a time when backing up a computer was a reasonably straightforward operation, if a little time-consuming. Just run Archive Backup and back everything up to DC2120 tapes. Of course, that old program later became Backup Exec, was bought out at various times by Colorado, Conner, Seagate, and Veritas, and has most recently become part of Symantec.

Data backups are still a great idea. That is, if you can talk Windows into keeping all your business data in one place that isn’t on the C: drive, then that’s great, and easy. I do that here; all my data is on a D:\ partition of the hard drive, and I have a batch file that I run before major backups that copies my Internet Explorer shortcuts from c:\Documents and Settings (etc, etc, etc…) over to a folder on d:. Then I burn an uncompressed DVD disk, and store that away.

And then there’s the operating system itself. For that, the best bet is a disk image program. A disk image program creates a compressed snapshot of a drive, usually created from a boot disk or CD, and some burn it directly to multiple DVDs. Ghost is the best known of these programs, but there are others, including some from ASP authors. With an up-to-date disk image, restoring an entire partition or drive takes only a few minutes.

All right, so those steps are all very traditional, and bring us up to around 2003. And then came spyware and adware. When an adware infection gets past your software blocks, it can suddenly bring along dozens of its cousin programs, and it may not be possible to start any software for burning a new data backup. An image program is still a good idea at this point, to be sure that no data is lost during the cleanup process, but that’s not prevention.

So just what will you need to have ready to do a spyware cleanup? As a cleanup technician, I would just love to have a process list of the computer as it was when it was built or when it was known to be clean. That’s a list of every program that autoruns on the system. That would save a lot of searches; the automated cleanup tools are good, but everything that depends on a detection database is out-of-date 100% of the time, and if there is a list of what should be on the system, everything else can be removed.

Method 1, rough but helpful: Press Control-Alt-Delete, go to the task list for processes, press Alt-PrintScreen (nothing will appear to happen), exit the task list, go a word processing program or a good graphics application, and paste the new image of the task list, and then print it. If the list was too long to fit on one screen, be sure to repeat the process, after scrolling down
in the task list, and capture all the entries.

Method 2, more complete, but requires special software. Download the latest version of “HijackThis”. It doesn’t need installation; you can run it from a USB pocket drive. Although this is a cleanup program, it is also useful to use to create a record of your startup processes, and it is much, much more complete than the printout from Task Manager–it includes startup entries and registry keys affecting startups and security settings for Internet Explorer; not just Windows. Run the program, tell it to scan and create a log file, and print the log file.

Don’t rely on saving these lists; you’ll want a printout during any cleanup, and when you really need the lists, you probably won’t be able to print them.

There is such thing as spyware, despite the news reports. No, really. I’ve been saying that since last year. But to review: Spyware is software that sends personally-identifiable information back to its publisher. But the software publishers involved all claim to send NON-personally-identifiable information back, and to be adware publishers. Therefore, there is no such thing as spyware, and no spyware problem. And if you say there is, expect warning letters from the attorneys of those not-spyware
products.

All this is part of the general security environment we have now. Windows, by cause of its evolution from DOS and Windows 3.1 through to 32-bit code, has had a long-standing tradition of no code left behind. All the old stuff runs, if it doesn’t involve graphics or peripherals. But the result is patch recalls on patches to patches. And the spyware issue is just a commercial method of doing what big business always does: it waits until a new industry gets big enough to be profitable, and then it finds a way to monetize it. Right, monetize was not a word until recently, but now that’s what we do to make money on information web sites–we add ads to it. So that’s what is happening now–spyware is the venture capital approach to making money from computer viruses and trojans, by using them to distribute and display advertising. Some of you have already seen my earlier post on the definition of startupware, but I’ll review the main one here:

stÃrt’-up-wÃre, noun, any software that configures portions of itself to automatically start with the operating system of a computer, or to start with other previously-installed software. Startupware isn’t automatically good or evil, useful, or destructive. The definition is based on easily-verifiable action, mostly during installation, and never on the contents of license agreements, external documents, or off-site servers. It autoloads, or it doesn’t.

So startupware is a bigger category than spyware. It includes everything that autoplays. That means spyware, adware, viruses, trojans, toolbar accessories, system tray utilities, application software pre-loaders, application software phonehome-for-any-reason applets, and hardware drivers that substitute software for chips. Everything that autoplays that is not part of a default operating system configuration. Every program, process, or browser trigger. Everything in that category slows down our computers, most of it is installed by silent default, and most of it should be removed. I don’t need five autostart entries to run a color inkjet, thanks, anyway. No, I don’t want an autostart program to upload my photographs to the web. No, I don’t want a daily update check on checkbook software that’s five years and six versions out of date.

The problem is that even retail boxed software is getting into adware behavior in a big way, and if you buy a notebook computer, expect to spend hours unweaving a web of autoplaying software, all of which was installed without permission, where most does nothing for you–it just loads and tries to sell you wireless access subscriptions, or web photo service, or online this, and more of that. It’s a mess, and messes need management.

And of course, there is always the free antivirus software that doesn’t detect spyware, because the adware publisher has threatened legal action if the antivirus vendor dares to label it with such an evil label. The result is that on any one computer, we need to have antivirus software, antispyware software, popup blocker software, patches, more patches, and so on. And on. This model is too profitable for the publishers, and for me, too. I clean this stuff up, and charge by the hour. I and my clients would rather that I be paid for setting up new computers and new productivity tools, and not all this cleanup. But the tools are scattered.

OK, so what’s the programming challenge? Simple enough: create a startupware management and cleanup tool. Such a program would include these features:

Record all currently-running programs and processes for comparison on next run, including full file paths, where applicable.

Record user comments for all entries, such as “camera software–“only needed for cable sync”

Report all startupware currently set to run on the system.

Report all startupware that’ new since the last run, with options to remove it, add it to a commented ‘OK’ list, or add it to an ‘unknown, pending identification’ list.

Must be usable in safe mode.

Optional features:

Scan for viruses, trojans, and other malware based on a list of known bad products.

Block installation of startupware, with an option to add a new entry and comment to the ‘OK’ list.

Now, chunks of these programs exist. There are startup managers–that’s the closest category. But the programs currently out there can’ be used by anyone with less training than a system tech. You have to already know what every program is before you can do much of anything. Surprisingly, the closest program I’ve seen to a startupware manager is Microsoft’s MSconfig.exe. It doesn’t uninstall startupware, but it lists settings, and can temporarily block programs. There’s no record of previous settings, or commenting features.

A startupware manager is not antistartupware. Remember, startupware is neither good nor evil. Some users want popups of weather alerts. Some need reminders to get up and stretch. Some may need their software to be no more than 1 hour out of date. Well, very few, but some.

I’ll give a free mention here to at least the first five startupware managers that I find about that match the definition above, and that are usable by average computer end-users.