Updated: February 28, 2011
Let me begin with a big fat disclaimer: You do not need anti-virus software. You do not need it in Windows, nor Linux. Blacklisting is an obsolete method of maintaining security of your operating system. BUT ...
Some people just have to have anti-virus programs running and wasting their system resources. Well, you can't change the world overnight. My mission is not to convert every single frightened computer user out there to the blissful doctrine of don't click and the strategic use of whitelisting tools for computer-related protection. I am merely trying to make life easier for my readers. And some just happen to use anti-virus programs.
All right, so you are a Windows user and you need anti-virus programs. How about a compromise? Rather than running them in real-time, why not download a handful of bootable live CD images and keep them in store for a rainy day?
On the agenda ...
So today, we will do the following:
Learn about a handful of Linux-based anti-virus live CD. You can call them ultra-specialized system rescue distributions, if you will. They are very similar to what BartPE and Ultimate Boot CD for Windows offer. Links to extra reading material further below.
Second, we will talk about alternative, superior security approaches that should make your Windows smarter, leaner, meaner, and more secure. We will refer to a number of highly effective whitelisting tools that you should consider as a permanent replacement to your blacklisting, signature-based scanners.
Finally, since we're talking Linux, we will mention once again why anti-virus software is unnecessary in Linux and why pretty much any Linux distribution is automatically a system rescue image. OK, let's see what we've got.
Note: I won't be testing the quality and efficiency of these tools against any real-life scenarios. I will merely be showing you that they exist and let you choose whatever you want to do with them.
Linux-based live CD #1: Avira AntiVir Rescue System
Quoted from the site: The Avira AntiVir Rescue System a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.
Linux-based live CD #2: BitDefender Rescue CD
More information: Nothing useful I could find, I'm afraid.
Linux-based live CD #3: Dr. Web live CD
Quoted from the site: If your Windows or Linux system has been rendered non-bootable by malware, restore it for FREE with Dr.Web LiveCD! Dr.Web LiveCD will clean your computer of infected and suspicious files, help you copy important information to a removable data storage device or another computer, and then attempt to cure infected objects.
Linux-based live CD #4: Kaspersky Rescue CD
Quoted from the site: Kaspersky Rescue Disk 10 is designed to scan and disinfect x86 and x64-compatible computers that have been infected. The application should be used when the infection is at such level that it is impossible to disinfect the computer using anti-virus applications or malware removal utilities (such as Kaspersky Virus Removal Tool) running under the operating system. In this case, disinfection is more efficient because malware programs do not gain control when the operating system is being loaded.
Linux-based live CD #5: Vba32 Rescue
Quoted from the site: Vba32 Rescue allows user to recover OS operation after malware threat. It is able to cure malware on user's computer with maximum effect. In addition, the product allows you to copy important files in critical situation.
OK, enough. This is more than you'll ever need.
Some screenshots ...
A few pictures, if you will. Let's see some of these anti-virus distros in action.
For instance, BitDefender live CD is based on Xubuntu. It's a complete distro, stripped down to a few handful programs, plus of course, the anti-virus engine. If you think about it, it's a proper live CD, with a handful of programs and a cool chick for wallpaper, in the best spirit of geekiness. But we'll talk more about that later.
Avira takes a more frugal approach. I do not know what kernel and window manager they are using, but it's nothing fancy. Basic text boot, then the single-view desktop dominated by the anti-virus software, in English or German. Single purpose, for what it is intended.
Dr. Web has a very nice boot sequence, polished and dandy. The desktop is spartan yet functional, very similar to what BitDefender offers. You have Firefox, Leafpad, Midnight Commander, and a few other programs.
Kaspersky live CD is based on Gentoo. It's simple and spartan, but it comes with its own screenshot utility, which is not bad. During the boot, it complained about not having space to store its data, so it keeps it in memory, which implies that it normally mounts partitions as writable and places some of its own files there. Not bad, but not optimal for forensics. Then, on the other hand, if you're aiming for disinfection, you need to mount the partitions and be able to make changes.
The last and the least friendly of the bunch is the VBA. While you get GRUB 1.96, which means one of the latter editions of Ubuntu, most likely, you don't get any graphics, just a very basic text scanner for advanced users.
There are many others, of course, but I can't possibly be checking them all. Feel free to browse around and ask questions. In addition to the five listed products, you can also check the following:
raymond.cc list (from 2008, slightly outdated)
The LiveCD List (not just anti-virus related)
Now, SUPERIOR security
OK, I've just given you several tools you don't really need. Instead of wasting time chasing evil and perceived evil, you can bolster your computer security and minimize self-inflicted damage by several orders of magnitude just by following a few simple rules.
Use a limited account. In Windows XP, the best and most flexible solution is called SuRun. Windows 7 comes with its own UAC and a few other tricks. Do take a look at my Windows security guides, part one and two.
Group Policies can be used to harden your system, again, without wasting precious CPU cycles or memory. EMET is another great program that works well against bad coding practices in software, which ultimately result in all those vulnerabilities and exploits.
Some general, universal tips on Web and mail safety:
Finally, learn how to respond to prompts and security message popups.
Remember, the doomsday is not coming any time soon!
Live CD as a rule
For Windows users, the concept of running from a CD may seem alien, but this is common practice for Linux users. Pretty much every Linux distribution out there is designed to boot into a live session from external media. Not only does this give you instant productivity, your base system is dormant and untouched, allowing you to perform all kinds of forensics operations, if you require.
A highly useful and popular forensics distro is Helix; no longer free, I'm afraid. Knoppix is also one of the Swiss Army knife kind of systems. It's a toolbox of goodies, with excellent hardware detection. You also have SystemRescueCD, Super Grub Disk, TestDisk, and many others. Please take a look at the forensics intro article linked above for more details.
But remember, any Linux will do.
Now, Windows users are not entirely helpless, either. Windows live CD tools also exist, but they do require a bit of preparation work. Luckily, you have two excellent tools that should help you get on your way: BartPE and UBCD4WIN, which is based on BartPE. Using these, you can create your own Windows live environments, loaded with tons of great tools, including also some security programs as well.
Links to my reviews and tutorials on these two great items:
Linux security in a nutshell
OK, 30 seconds about Linux security. You don't need an anti-virus, you should not be using Linux as a cure for your trigger-happy Windows habits and lastly, a handful of tips on Linux security, orthogonal to what we're discussing today.
And that's it. Please, let me repeat the main message of this article once again: You do not need anti-virus software, honestly. But you should have a Linux live CD handy. Any one will do, since they all pack the mighty toolbox that you can use to fix your operating system, regardless of what caused the mess. Security wise, you should aim for a whitelisting approaching, with a strategy that spans pinpoint tactical solutions relevant only for specific operating systems and go with a generic formula that always works.
Now, if you do decide to disregard my advice, you have a few interesting pointers here. While I do not believe in using malware scanners, I do believe in helping people, even if they might be misguided in their beliefs. So if you're an old school follower, Dedoimedo can still be your friend. Five rescue CD applications reviewed, a ton of info, a bunch of articles and tutorials that should make you wise ans safe. Enjoy.