How to fix Mom's computer

Home for the holidays and, of course, the annual fix-Mom's-computer event. This year things on Mom's Windows 98 PC were especially bad; it could've been used as a software showcase of the latest and greatest in ‘malware' (mal´wăr) (n.) Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or  Trojan.  Here’s a laundry list of steps taken to get Mom's computer working and secured from evil software.

Here are the details:

Deleted spyware with Ad-Aware

Here's the story: Mom heard a Barenaked Ladies song on the radio that she liked, so she Googled "bare naked ladies." There was more porn than music in the search results. She clicked around.

"Suddenly this weird web search bar showed up in my browser," she told me. "And after that, I couldn't use the computer at all. Any time I went to it, the disk drive made lots of noise and the whole computer was so slow, I couldn't get it to do anything."

Since it sounded like the machine was crippled beyond use, I arrived armed with an Ad-Aware CD. You can download Ad-Aware here. After I installed Ad-Aware and started it up, I clicked on "Check for updates now" to get the latest definitions file. Then I disconnected the machine from the cable modem, shut down, and started it up in "Safe Mode." (To boot into Safe Mode, press F8 while the computer is booting.) In Safe Mode, I launched Ad-Aware and ran a "full system scan." (You don't have to run Ad-Aware in Safe Mode, but I did just in case.)

Ad-Aware identified and removed 959 "critical objects" - spyware, which no doubt was starting up along with Windows and keeping the computer too busy to let any humans actually use it. After Ad-Aware was finished and the computer was restarted normally, the "weird web search bar" in Internet Explorer had disappeared.

Updated Windows

Once the PC was in a usable state, visited Windows Update to make sure the operating system had all the important security patches and updates.

This computer was so out of date that Windows Update couldn't check the computer. Using the help (which does help sometimes), it was discovered that first the scripting engine had to be updated so that Windows Update could run. (If Windows Update refuses to scan your computer for needed updates or hangs at 0%, update the scripting engine it uses here.)

Finally, Windows Update listed 10 critical updates, 45 optional updates and 2 driver updates. It took a whole lot of downloading and over half a dozen restarts, but finally all the patches and updates were applied.

To keep things up to date on a regular basis, Microsoft offers a helpful "Critical Update Notification" application in its "optional updates." this was installed and enabled it, so Mom will know when there's an update available and she can install it herself.

Secured Internet Explorer

Insecure settings in Internet Explorer got Mom's PC riddled with spyware. A good move was to prevent that from ever happening again.

First, in IE, went to the "Tools" menu and chose "Internet Options." In the "Security Tab" chose "Internet" and set the security level to "High."

Secure IE

Then chose "Trusted Sites" and pressed the "Sites..." button. There, unselected "Require server verification" and added *.microsoft.com so that Windows Update would run, and *.mozilla.org so that Firefox could be installed.

Switched default web browser to Firefox

Mozilla's Firefox is easier to use and more secure a web browser than Microsoft Internet Explorer, so the next order of business was to switch Mom to Firefox. Downloaded Firefox, installed it, and imported all of IE's preferences and bookmarks. When Firefox asked if it should be the default web browser, clicked "Yes." (Want all clicked links from here on out to launch Firefox and not IE.) This browser switch has to be seamless for Mom, who doesn't and shouldn't have to think about what browser she's using.

To that end, wanted to remove the blue E icon from her desktop so that no one would click it by accident or out of habit. In Control Panel chose "Internet Options." In the Advanced tab, scrolled down and unchecked "Show Internet Explorer on the desktop."

Remove blue E from the desktop

Then moved the Firefox icon on the desktop to where IE used to be. To avoid any confusion, renamed the shortcut from "Mozilla Firefox" to "Internet - Mozilla Firefox" so that the blue E icon wouldn't be missed.

Later noticed that when a double-click on a JPG file, Windows launched Internet Explorer to view the image. To change this, I opened "My Computer." In the "View" menu, I went to "Folder Options." In the "File Types" tab, selected JPG file and clicked "Remove", then "OK." Next time a JPG file was opened, Windows asked what program it should use to open it. Choose Firefox - you can use any other imaging program you might have installed - as the application associated with the JPG file type.

Trimmed down startup programs

Windows took a long time to load on the computer because a bunch of software was set to start automatically. To remove these programs from starting with Windows, went to the Start button, chose "Run" and typed "MSCONFIG" (no quotes.)

In the "Startup" tab, there was a list of programs with checkboxes. This list isn't very human-readable, but went through it and made educated guesses about what was necessary and what was not, and unchecked as many items as possible.

Clean up startup

When done, went to the Start menu, Programs, and then Startup. Deleted all the shortcuts listed there as well, so those programs wouldn't start with Windows, either. Then rebooted the machine to see how much faster Windows came up.

Removed Personal Web Server

As far as I can tell, Windows 98 comes with Personal Web Server installed and running by default. A web server application opens a port on a computer and lets other computers connect to it and request documents (as does the computer which hosts scribbling.net.) This is a serious security problem, and on the average family computer, Personal Web Server should be stopped and removed.

Why? Well, Mom switched from dial-up internet access to cable this year. She leaves her computer on all the time. This means any other computer on the internet can connect to her computer (thanks to Personal Web Server) and get files from it at any time, without her knowledge. This leaves her computer open to denial of service attacks and any other security holes that come with an un-updated computer. Plus, Personal Web Server is completely unnecessary to most home users.

Disable Personal Web Server in the Control Panel's Add and Remove Programs. In the Windows Setup tab, go to "Internet Tools" and click the "Details.." button. Uncheck Personal Web Server (uncheck all the other items as well) and click "OK."

Stop Personal Web Server

Installed ZoneAlarm firewall

Personal Web Server got me wondering what other ports were open on Mom's. For fun I ran a port scan to see what other ways hackers and other evildoers could mess with the machine. This helpful online port scan application discovered three ports on the computer were open to attack. Not acceptable: without a router acting as a firewall, her computer connected directly to the cable modem was exposed to the internet. Mom needed a firewall.

ZoneAlarm to the rescue. ZoneAlarm is a free firewall software application which will close up all open ports and a protect a computer from outsiders. ZoneAlarm also scans email for nasty viruses and will integrate with major virus protection.

After installation of ZoneAlarm, I re-ran port scan. ZoneAlarm popped up to let me know a computer on the outside was trying to get in - perfect. On the pop up, I set it to not alert every time; Mom doesn't need to know she's being protected. Finally, the scan results reported that no ports on the computer were open to attack.

Uninstalled unneeded applications

Mom had a lot of software installed that she didn't use, or stopped using. In Control Panel, Add and Remove Programs, ran through the list, calling out names of applications to her and uninstalling anything she didn't recognize or no longer needed.

For example, there was an upgrade from a NetZero dialup account to cable, so all the NetZero software was removed. RealPlayer went as well (in favor of Windows Media Player), and anything that had the word "bargain" or "tracker" or "snoop" or "monitor" in it got uninstalled. Even if software is not malicious, uninstalling applications frees up hard drive space.

Finally, upgraded the software she needed and used: Quicktime player, Adobe Acrobat reader. Also installed was the Flash plugin for Firefox.

Installed spyware protection with Spybot Search & Destroy

Spybot Search & Destroy will monitor your computer for malware installation. Downloaded Spybot S&D, installed it, updated the definitions and "immunized" the PC.

After Spybot is installed, it will alert you to confirm changes to your computer whenever software is being installed - a small price of annoyance to pay for protection against self-installing evil. If you're installing software after Spybot is running, and it pops up asking for confirmation, click "Accept these changes" when you know the new program is benign and being installed by you on purpose.

Installed a virus protection program

AVG or Avast are free Windows virus protection. Installed it, and scanned and repaired all reported viruses on the C: drive.

Scanned and defragmented the hard drive

Finally, the built-in Windows ScanDisk and Defragmenter on the C drive was run to fix any errors and optimize disk access. To do this, all applications which write to the disk must be closed. So the PC was disconnected from the cable modem, shut down ZoneAlarm, disabled Task Scheduler and turned off the Windows screensaver.

Then open "My Computer" and right-clicked on the hard drive. In the "Tools" tab, press "Check Now" to run ScanDisk. When that's done, press "Defragment Now" to defrag. Tip: start each of these processes before you go to bed and let them run all night. For slower machines with larger hard drives, these processes can take a long time.

And that was that.

What do you think? Did I forget anything?