Fight Malware With a Stinger Missile
The “free virus scan” offer is a favorite hacker ploy to get unsuspecting victims to download and run malware disguised as security software. Such traps are so common that users are very reluctant to try any free anti-malware tool. But not every sheepskin contains a wolf. Here’s a bona fide, effective, and totally free anti-malware tool that you should know about...
What is McAfee Stinger?
Mcafee, of course, is one of the oldest and largest anti-malware developers. McAfee Stinger has been around since at least 2006, but it's still alive and well. A surprising number of people turned to Stinger in April 2014, when the Heartbleed vulnerability threw the world into a panic.
According to Mcafee, Stinger was run daily on more than 200,000 computers during the first week after Heartbleed hit the headlines. That daily use number plummeted to 50,000 the following week, indicating how quickly panic subsides.
But those numbers are impressive for a utility that isn’t marketed and isn’t even supported by its developer. Stinger must have something going for it; let’s see what that is.
First, Stinger is not a vaccine that wards off malware; it is an antibiotic for killing infections you’ve already caught. So Stinger does not run constantly, chewing up system resources. It’s best to keep a copy of Stinger on a CD or USB stick along with other rescue and disinfection tools.
Second, Stinger is dead simple to use. It’s a standalone, one-file program that you just click to run; no installation is required. There are no tricky “opt-in” screens that try to sneak toolbars onto your system, either. Instructions for downloading and running Stinger are here.
Stinger’s default scan (Medium sensitivity) option is quick and superficial. It scans for rootkits, pokes around in the Windows registry, and looks at the favorite hiding places of malware. Stinger scans for about 6,000 known malware varieties and their variants. The "Raptor" component of Stinger analyzes the behavior of currently running programs to check for suspicious activity. Raptor updates its knowledge of new and emerging threats by consulting an online McAfee database, which enables it to detect zero-day malware.
Targeting Malware: Locked and Loaded...
For a more thorough scan, you can set the “GTI File Reputation” sensitivity level, which requires a bit of explanation. Mcafee, like other large anti-malware developers, gathers real-time intelligence on emerging threats from the many installations of its security software on computers all over the world. A “threat report” includes the name of the file that is suspected of bearing the threat and the strength of the suspicion. When Stinger encounters a file on your device whose name matches one on the GTI File Reputation list, it evaluates the threat and decides whether to take action or not.
The action that Stinger takes when it finds an infected file is also under the user’s control. A file may be simply reported as suspicious, quarantined for later inspection, deleted immediately, renamed to a non-executable form (e. g., *.bak), or a repair may be attempted.
A quick scan of my desktop machine using the default settings took only 7 minutes, looked into about 28,000 files, and turned up nothing. I don't stash a lot of stuff on my primary work computer, so I asked a computer-savvy friend with a large collection of files to run a full scan of his system with the highest sensitivity setting. He reported that Stinger took 9 hours, 13 minutes to plow through 3,782,218 files (about 250 GB) and found one that contains a Trojan. (A quick scan didn't find that file.)
Customize Your Malware Scan
You can customize a scan to something in between these extremes, specifying where to scan, how deeply to scan, and what to do when an infection is detected. But since Stinger is a tool that you'd use only once in a while, or if you suspect a problem, I recommend that you use the highest sensitivity settings and choose the Repair option. (Click the Settings link at the top right of the Stinger screen.)
IMPORTANT: Make sure you click the "Customize my scan" link on the main screen, and select the C: drive and any other drives you want to scan. If you don't, Stinger will only scan the folders it thinks are most likely to contain malware. I also recommend that you temporarily disable your primary anti-virus protection while Stinger is running, to avoid any conflicts between the two. This should also make Stinger complete its scan faster.
Remember that Stinger is not a substitute for real-time anti-malware and security software shields. But as a malware detection and remediation utility, it does a good job. See the sidebar above for some other on-demand "deep scan" tools you can use for additional peace of mind.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 25 Nov 2014
|For Fun: Buy Bob a Snickers.
Learn the Secrets of Gmail Labs
The Top Twenty
Geekly Update - 26 November 2014
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Fight Malware With a Stinger Missile (Posted: 25 Nov 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved