Best Resource For Identifying Legit Applications? 255
Posted
by
kdawson
from the x-ray-goggles dept.
from the x-ray-goggles dept.
bjb writes "While helping a somewhat computer illiterate person figure out a problem recently, they mentioned that PDF files had recently stopped working. Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up, though my suspicion remained (and was somewhat confirmed by WOT.) So my question is, where can you go to find out if something is legitimate? Because the person I'm helping is on a dial-up connection, downloading malware detection applications (and updates) is too heavy consider. And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often. Where can you quickly find information?"
download.com (Score:4, Informative)
how about google? (Score:1, Informative)
ummm, first hit on google for PDF Suite.
http://www.pdf-suite.com/
Looks legit to me...
Er (Score:5, Informative)
Did you try Googling it *without* the word malware?
http://www.google.com/#hl=en&source=hp&q=%22PDF+Suite%22&aq=f&aqi=g10&aql=&oq=&fp=1 [google.com]
Google.com (Score:2, Informative)
Re:"to big to download" (Score:3, Informative)
A dialup connection can pull a quarter gig per day. Malwarebytes is under 10 megs with all updates and patches. (More like 8 megs.) You can get 200k per minute on dialup without breaking a sweat. That's 5 minutes per meg. That's 40 minutes for the full Malwarebytes download including updates. How much time do you plan to spend investigating the source of every installed program? Sure, it would be nice if there was a big list of every application on the planet with happy faces and frowny faces next to them but that would be a heck of a thing to maintain. The few companies that maintain such lists aren't likely to give you direct access as they've got commercial products built around that information. And, even if you found such a list, you would still have to pick through the installed programs and compare then one-by-one with the list. How long will that take? And the bad ones won't announce themselves by hopping on the add/remove programs list so you still need to scan. Start downloading and have a beer while you wait.
Or, since you know what you're up against, load up the thumb drive before you go over next time. Bring a couple of good spyware removal programs (and their standalone update files) along with the complete installer for a good AV program.
Re:What is your OS? (Score:2, Informative)
And a quick check of Ubuntu Forums should convince anyone that Linux has long since joined the party. If posts on /. don't.
beware! (Score:5, Informative)
BitTornado, an application I administer, was once available via ZDNet, a site which distributed freeware and shareware apps much like Download.com. At some point someone began offering download mirrors for BitTornado and other apps, with installers that were modified and apparently contaminated with malware. I complained twice; the second time, they nastily asked whether I wanted them to remove BitTornado from their site. I told them yes.
Just because software is available via some popular gateway, you can't be 100% certain what you download will be perfect and free from malware.
Or Jotti Re:Upload to virustotal.com (Score:3, Informative)
When I'm forced to use Windows... (Score:3, Informative)
...I pretty much stick with Malwarebytes [malwarebytes.org], CCleaner [ccleaner.com], SpywareBlaster [javacoolsoftware.com], and MSE [microsoft.com].
Actually, I got this tip off another /. post...researched each (non-MS) application, determined for myself that they were legit, and have not looked back. In fact, I just spent a few minutes last night eradicating the trojan "Microsoft" Antivirus 2010 on a friend's computer using the Malwarebytes app on a USB. Worked like a charm.
But don't take my word for it...do your own evaluation. I think you'll like what you find.
Free Virus Scanner (Score:3, Informative)
Re:"to big to download" (Score:1, Informative)
That's right, they don't. And honestly, who does? The point is less that he doesn't want to, and more that he doesn't want to spend more than ~10min doing it. I think, therefore a quick and easy source of "validity" like processlibrary.com or whatever that other one is, liutilities.com might come close to fitting the bill, if I understand the question correctly.
Dude a flash stick is cheap (Score:3, Informative)
You can get one at Big lots for $10 for a 4Gb, or if you check with surpluscomputers [surpluscomputers.com] occasionally you can get bundles of 1Gb to 2Gb sticks for dirt cheap. So get a really cheap stick and then get the Computer Repair Utility Toolkit V2 [depositfiles.com] which is like the Swiss Army Knife of PC Tools. So much more than simple malware repair it has fixes for networking, file recovery,info, scripts and tweaks, and it is simple to add you own. Just add Malwarebytes Antimalware and portable Firefox along with updating the included ClamAV and you have a one stop PC shop in your pocket.
but trying to guess what is a nasty and what ain't, especially when dealing with dialup, is simply a fool's game. There are literally thousands of new pieces of nasty released every day, and even if you guess right on this one there is no telling what else could be on that machine. Take the Toolkit I linked to above, add installers for Comodo AV and MalwareBytes, along with the latest Firefox, and simply stick the flash on your keyring and be done with it. Just plug the stick into any PC USB port once a week to update it and you have a full toolset in your pocket. So what if you don't do it everyday? The few times you DO run into something like this you will be able to handle it easily and look like a genius at the same time, all for a few dollar flash stick and less than 5 minutes a week.
Re:download.com (Score:4, Informative)
Uninstall them all and let God sort em out.
When I was ever called to sort some disaster of a mind fucked mess I wouldn't take prisoners. Usually, my first question was could I just re-image and generally this was a resounding no.
When you can't re-image you can only do the next best thing with next best thing results. Remove, scan and move on.
It's more like war time triage then anything else.
Sure, I feel somewhat bad they made it in the mess they did, but I can only personally do so much.
Re:Does the vendor make md5 or sha1 hashes availab (Score:3, Informative)
It is much easier to deal with the rare piece of software that is not in the repo, than lots and lots of software that is not in the non-existent repos.
Gamers are rarely completely naive users, and are rarely Linux users anyway.
There is usually a recognised non-free repo which should be enabled on installation for free-as-in-beer proprietary software. The problem only needs to be solved once.
Proprietary paid for software is usually safe-ish anyway (no worse than on Windows) and only a small proportion of all the software you install (serious gamers aside, again)