It all depends. You cannot save money by building a lower-end machine yourself anymore; economies of scale did away with that. But, you can still save money building a mid-range computer. If you get newegg's mailings, they usually have some nice deals on some combination of motherboard/cpu/memory/tower that'll save you a lot of money.
You say you value your time - do you enjoy building computers, or is it a chore? Given an $800 pre-built and $800 worth of equivalent parts, I'd take the parts in a heartbeat. If you value your time at $100/hr, you may never come out ahead building your own machine anymore. Buying pre-built also gives you a single warranty, as opposed to a hodge-podge of retailer and manufacturer warranties with different RMA proceedings. (But, I've had better luck with NewEgg and the OEMs than Dell and HP!)
You may want to take a middle route - buy a pre-built desktop and then upgrade it. When my school was ordering laptops from HP, they would have charged us $100/unit for an extra gig of RAM. Instead, they bought the DIMMs for peanuts and had us student workers install them. Going this route saves you 90% of the labor, and you don't get gouged for anything above the base model.
I wouldn't blame Vista for the 1-year "laptop slowdown" you're experiencing.
I work at a college help desk, and I see a metric fuckton of student laptops. Some want help getting on the network, others have viruses, others want to know why the copy of Office 2007 the Best Buy wingnut sold them won't install on their Mac... but I see a lot of laptops.
Especially on laptops, a lot of the slowness is entirely due to the OEM. I was working on a Dell Inspiron; its owner wanted me to restore it using the recovery partition to make it run faster. The base image came with a purposefully borked Windows Installer - none if the preinstalled bloatware had entries in Add/Remove programs, even software like Picassa that I know comes with a proper uninstaller. Vista SP1 and SP2 wouldn't install without errors, and the machine was too slow to be usable.
Until I installed a clean copy of the OS using my own Vista DVD. Everything patched properly, and relative to how it was runs lightning fast.
This also doesn't include all the horrible tortures people manage to inflict upon their laptops after a year. There's physical abuse - I dropped it a few times, roommate dropped a subwoofer on it (!), the battery exploded and the chassis caught fire (!!!)... There's viruses - I sprung for the full version of XP Antivirus and my computer is still slow! There's garbage software like Flash, Java, Acrobat Reader, and Quicktime that either have "quicklaunch" services running in the background or "auto updater" services doing the same thing.
Windows machines are like brand new cars. They drive wonderfully until you give those idiot Adobe children the keys.
I work help desk at the college I'm enrolled at, and removing this virus and its variants from student laptops is pretty much the entirety of my job description.
I recommend running ComboFix first, because it will generally neuter a virus enough for MalwareBytes to install and remove it. If the virus keeps ComboFix from running, rename it to magickitties.exe - some kill AV processes by name.
Anything more interesting than that, download the free Windows AIK. Make an image of the drive using ImageX. Mount the image (and the registry hives on the image) on a clean PC and do a scan on that. Reimage the PC with the clean image.
Just creating an image with ImageX is sometimes sufficient to remove the rootkit portions. ImageX is file based, and the rootkit portions hide from the MFT. ImageX simply fails to gather the rootkit portion, because it hides too well.
Usually, all it takes is 10 minutes of letting ComboFix run and 30 minutes of letting MalwareBytes run. Very slick.
Well, yes and no; it depends on what kind of data.
Windows Defender, which is on pretty much every XP and Vista box, already does this. Out of the box, it will submit information on startup programs, malware detected and removed, and which services and startup programs you have disabled, to the aptly named Microsoft SpyNet.
It's not quite as scary as it sounds; if you're using Windows Defender to decide whether or not to kill that fishy-looking SynTpEnh.exe process from starting, you can see that 99% of SpyNet members leave it enabled because it makes your laptop's touchpad work. </contrivedexample>
So, maybe be a bad idea, but not a new one - it's already being done.
What really, really pissed me off was Vista. XP's security control centre quite happily recognised Avira, but Vista "conveniently" failed to recognise it
Kind of a nitpicky thing, but the XP and Vista security centers don't "recognize" anything. Windows has an API to talk to security center - you have to call IAmInstalled32(), IAmOutOfDate32(), IAmDisabledEx(), etc.
Vista isn't conspiring to make your software not work - Avira evidently just doesn't bother to tell Vista's security center that it's installed. Just click "I have a security program that I'll monitor myself."
We only have HFCS because of tariffs and quotas on sugar. All at the behest of the corn belt, though.
HFCS exists because of the agriculture lobby. It's easier and more PC to invoke a myriad of worthless "sin taxes" than to actually fix a problem caused by the government to begin with.
Anecdotal information only goes so far.. personally, I know of a local printing company that has left my state, taking 28 jobs with it.
I'll add some more data. Don't have the issue with me, but the Investor's Business Daily described California as "Detroit, but with sunshine." Skyrocketing unemployment, job loss, and a bigger budget deficit than some countries doesn't help.
Students generally learn pretty quickly. It costs them money to have our help desk fix their computer, even though a flat fee for however long it takes is cheap in the computer repair world.
Staff and faculty are another case. Lots of repeat infections, but they can't be cut off because half of them are Vice Deans, and the other half have a direct line to God Almighty anyways. Lots of politicking, and cutting off network access would pretty much mean they'd have to be fired anyways.
Not that I don't think we could use a 50% reduction-in-force, but that's a problem outside the realm of IT or technical support...
Download the Microsoft WAIK and install it. Use ImageX to create a file-based.WIM image of your system and files.
Then, download dd for Windows. Use it to copy the first 512 bytes or the first cluster of Partition0 on the hard disk Windows is installed on. This will capture your boot sector.
If you're trying to use this for daily backups, ImageX won't work... You could always schedule robocopy to run daily/weekly instead. (It's included with Vista and up, but you can download it for XP.)
If you're not using it for daily backups, ImageX still requires "mucking about with special image files," but you can use ImageX to mount.WIM files into a directory, meaning you can use Windows Explorer or whatever tool browse and modify the file system.
Instead of DD, you could always use a Vista and above install disc or make a Windows PE disc with the WAIK and run bootsect. "Bootsect/nt52 all mbr" will get you a clean NTLDR boot sector, and "bootsect/n560 all mbr" will get you a Vista BCD-based bootsector. Of course, that only works if you're using either of those as your bootloader, but if you are, you don't even need DD.
My annoyance with McAfee comes strictly from having to support it.
It seems to have a horrible detection rate, although I admit there's some heavy sampling bias. "By definition," every laptop on campus has the software installed, meaning I only see the infections McAfee misses. However, it seems to have a very narrow definition of "virus," ignoring most of the spyware and scareware stuff like Antivirus ModelYear. Most viruses also know how to disable McAfee and other AV - you might as well not have it.
On a significant percentage of student laptops, McAfee simply won't install. It installs partway, leaving you with unused by resource-intensive system services that you cannot remove or uninstall without some serious registry hacking or a reinstall of Windows.
On top of it all, it has a multi-process design. Normally, it's a (potential) hallmark of good software engineering, but all this does is defeat the normal Windows process scheduling mechanisms of capping each process at 50% CPU usage. McAfee can utilize 100% of your CPU, and will do so for up to a minute every time you boot your computer.
Definitely a wacky IT policy, but if they were pushing a good AV, it wouldn't be so bad. As far as the network access control stuff goes, what's pretty much a dhcpd script seems to work pretty well next to commercial products.
Not sure if you use Linux, but OSX gets a different "Oh, you're a Mac, click here to have a nice day" registration page without the AV check.
Us help desk people can always manually register a PC as well if you call us or bring your laptop in. It's there to enforce AV on Windows and have students agree to not pirate the internet for bandwidth and legal reasons.
The discovery that it removed the rootkit was a happy accident. After a few unhappy incidents related to the aforementioned "luser problems," we've taken to making such a CYA image of every laptop that passes through our fingers, just in case.
After a scan found the TDSS rootkit on a laptop, I decided it would be easier to disinfect the backup image. I discovered none of the hidden TDSS* were even in the image, and concluded that the obfuscation techniques worked all too well.
Although the infected system files were indeed still in the image, the bulk of the rootkit hides in these hidden TDSS(garbage characters) files, which were not gathered, leaving the rootkit neutered.
No, we have no central management of the enterprise AV. Yes, it is painful. But, IT is a separate department - they make policy, we live with it, though they're all nice, smart people who are just hung up on McAfee for some reason.
Our DHCP server compares your MAC address against a list of "registered" machines. If there's no match, meaning your machine is unregistered, you get an IP address within a special "unregistered" subnet. The subnet is denied internet access, and any HTTP requests are redirected to the local registration website.
The registration website gives you a link to the McAfee installer. You then have to download and run a custom "validator" program that checks for the presence of McAfee, and then adds your MAC address to the approved list.
Yes, this can easily be circumvented, but how many people know how to do MAC sniffing/spoofing? Those that can probably aren't going to get viruses on their Winboxen.
Yeah, it's a self-extracting archive of sorts, which explains some of the "pack" false positives. It wants you to disable your virus scanner, because most of them will try to delete ComboFix ^^. It is an amazing kludge of scripts, workarounds, and hacks (classical definition of "hack"), but you can't argue with what works.
Well, you can ^^. And if your tools keep your machine clean, do whatever works.
Sorry after installing Combofix, my AV program Spysweeper reported three viruses just got installed
Combofix is pretty much a glorified batch file that automates the operation of programs like GMER. Some of these programs are considered "hacking tools" by AV vendors. Another reason I hate McAfee: it will automagically "clean" my flash drive of most of my antivirus tools.
If you downloaded ComboFix from bleepingcomputer.com, it's a false positive.
Their system registers MAC addresses, meaning you could also register a VM if you had its traffic going through the host's adapters or if you cloned the host's MAC addresses onto the virtual adapters.
In a perfect world, we would do that, but we get too many machines in and out to make that feasible. Then, there's all the normal luser problems: I don't know where my files are, I have no install media, I have no keys, I deleted my recover partition to save space, etc.
The foolproof way to remove the AntiVirus ModelYear rootkit is: Make a file-based image of the hard disk. By design, it hides from the file system, meaning it will not be included in a image made by a tool like ImageX from Microsoft's free WAIK. Gather an image and apply it to the same hard disk, and the rootkit's gone.
If you're adventurous, ImageX lets you mount the image file on a clean PC to do offline scans of its files and registry hives. You can clean a computer without ever booting it.
But, that's generally overkill. AntiVirus ModelYear rootkit isn't the nasty kind of hardware-hypervisor rootkit - it runs at kernel privileges. So does MalwareBytes. To be dangerous, it has to run at a higher privilege level than the removal tools.
For family members that promise me food, I go the extra mile and do the clean install for them. Staff machines we just re-image.
I completely agree with "combofix rocks." My job at the college I attend is pretty much removing that virus 24/7 from student laptops, and I've learned a few things:
1) McAfee sucks. We supply a copy of the Enterprise version to students, and a patched installation is required for internet access. Somehow, we're still inundated every semester with the latest flavor of AntiVirus ModelYear.
2) ComboFix is amazing. It's simple, but it automates a lot of tools that are a bit of a pain to use on their own. Ten minutes, and most malware is somewhat neutered.
3) MalwareBytes is amazing. ComboFix always misses stuff, but it lets us install MalwareBytes (also free) which finishes the job. I haven't seen any virus MB couldn't remove.
It's usually faster to run ComboFix + MalwareBytes (half hour between the tools in most cases) than it is to nuke it from orbit and reinstall Windows. Unless you're paranoid, two programs will take care of your end of your extended family's implied social support contract.
Slashdot Mirror
It all depends. You cannot save money by building a lower-end machine yourself anymore; economies of scale did away with that. But, you can still save money building a mid-range computer. If you get newegg's mailings, they usually have some nice deals on some combination of motherboard/cpu/memory/tower that'll save you a lot of money.
You say you value your time - do you enjoy building computers, or is it a chore? Given an $800 pre-built and $800 worth of equivalent parts, I'd take the parts in a heartbeat. If you value your time at $100/hr, you may never come out ahead building your own machine anymore. Buying pre-built also gives you a single warranty, as opposed to a hodge-podge of retailer and manufacturer warranties with different RMA proceedings. (But, I've had better luck with NewEgg and the OEMs than Dell and HP!)
You may want to take a middle route - buy a pre-built desktop and then upgrade it. When my school was ordering laptops from HP, they would have charged us $100/unit for an extra gig of RAM. Instead, they bought the DIMMs for peanuts and had us student workers install them. Going this route saves you 90% of the labor, and you don't get gouged for anything above the base model.
Yeah, those are all end-user complaints. I guess my post was missing quotation marks... >.>
I figure I could start my own website with those, or power TheDailyWTF for the better part of a year with submissions.
I wouldn't blame Vista for the 1-year "laptop slowdown" you're experiencing.
I work at a college help desk, and I see a metric fuckton of student laptops. Some want help getting on the network, others have viruses, others want to know why the copy of Office 2007 the Best Buy wingnut sold them won't install on their Mac... but I see a lot of laptops.
Especially on laptops, a lot of the slowness is entirely due to the OEM. I was working on a Dell Inspiron; its owner wanted me to restore it using the recovery partition to make it run faster. The base image came with a purposefully borked Windows Installer - none if the preinstalled bloatware had entries in Add/Remove programs, even software like Picassa that I know comes with a proper uninstaller. Vista SP1 and SP2 wouldn't install without errors, and the machine was too slow to be usable.
Until I installed a clean copy of the OS using my own Vista DVD. Everything patched properly, and relative to how it was runs lightning fast.
This also doesn't include all the horrible tortures people manage to inflict upon their laptops after a year. There's physical abuse - I dropped it a few times, roommate dropped a subwoofer on it (!), the battery exploded and the chassis caught fire (!!!)... There's viruses - I sprung for the full version of XP Antivirus and my computer is still slow! There's garbage software like Flash, Java, Acrobat Reader, and Quicktime that either have "quicklaunch" services running in the background or "auto updater" services doing the same thing.
Windows machines are like brand new cars. They drive wonderfully until you give those idiot Adobe children the keys.
^This.
I work help desk at the college I'm enrolled at, and removing this virus and its variants from student laptops is pretty much the entirety of my job description.
I recommend running ComboFix first, because it will generally neuter a virus enough for MalwareBytes to install and remove it. If the virus keeps ComboFix from running, rename it to magickitties.exe - some kill AV processes by name.
Anything more interesting than that, download the free Windows AIK. Make an image of the drive using ImageX. Mount the image (and the registry hives on the image) on a clean PC and do a scan on that. Reimage the PC with the clean image.
Just creating an image with ImageX is sometimes sufficient to remove the rootkit portions. ImageX is file based, and the rootkit portions hide from the MFT. ImageX simply fails to gather the rootkit portion, because it hides too well.
Usually, all it takes is 10 minutes of letting ComboFix run and 30 minutes of letting MalwareBytes run. Very slick.
Well, yes and no; it depends on what kind of data.
Windows Defender, which is on pretty much every XP and Vista box, already does this. Out of the box, it will submit information on startup programs, malware detected and removed, and which services and startup programs you have disabled, to the aptly named Microsoft SpyNet.
It's not quite as scary as it sounds; if you're using Windows Defender to decide whether or not to kill that fishy-looking SynTpEnh.exe process from starting, you can see that 99% of SpyNet members leave it enabled because it makes your laptop's touchpad work. </contrivedexample>
So, maybe be a bad idea, but not a new one - it's already being done.
What really, really pissed me off was Vista. XP's security control centre quite happily recognised Avira, but Vista "conveniently" failed to recognise it
Kind of a nitpicky thing, but the XP and Vista security centers don't "recognize" anything. Windows has an API to talk to security center - you have to call IAmInstalled32(), IAmOutOfDate32(), IAmDisabledEx(), etc.
Vista isn't conspiring to make your software not work - Avira evidently just doesn't bother to tell Vista's security center that it's installed. Just click "I have a security program that I'll monitor myself."
We only have HFCS because of tariffs and quotas on sugar. All at the behest of the corn belt, though.
HFCS exists because of the agriculture lobby. It's easier and more PC to invoke a myriad of worthless "sin taxes" than to actually fix a problem caused by the government to begin with.
I hate to quote an overused quote, but who watches the watchmen?
Lots of people - it was a box office hit.
The contextual parts of the ribbon are just fine. How often do you need your picture editing toolbar in Word if you don't have a picture selected?
Anecdotal information only goes so far.. personally, I know of a local printing company that has left my state, taking 28 jobs with it.
I'll add some more data. Don't have the issue with me, but the Investor's Business Daily described California as "Detroit, but with sunshine." Skyrocketing unemployment, job loss, and a bigger budget deficit than some countries doesn't help.
Indeed!
On top of it, the radiation is 60,000 times less than the the allowed limit for organic farms. (Wasn't even aware there was such a thing.)
Until the farmer loses, that town is stuck on dial-up. Now, that's a travesty.
Except the 40-hour test was with 650 GB of data and 40 installed programs.
Still longer than the 8-hour figure quoted earlier, but it *does* look like an apples-to-apples comparison.
Students generally learn pretty quickly. It costs them money to have our help desk fix their computer, even though a flat fee for however long it takes is cheap in the computer repair world.
Staff and faculty are another case. Lots of repeat infections, but they can't be cut off because half of them are Vice Deans, and the other half have a direct line to God Almighty anyways. Lots of politicking, and cutting off network access would pretty much mean they'd have to be fired anyways.
Not that I don't think we could use a 50% reduction-in-force, but that's a problem outside the realm of IT or technical support...
Download the Microsoft WAIK and install it. Use ImageX to create a file-based .WIM image of your system and files.
Then, download dd for Windows. Use it to copy the first 512 bytes or the first cluster of Partition0 on the hard disk Windows is installed on. This will capture your boot sector.
If you're trying to use this for daily backups, ImageX won't work... You could always schedule robocopy to run daily/weekly instead. (It's included with Vista and up, but you can download it for XP.)
If you're not using it for daily backups, ImageX still requires "mucking about with special image files," but you can use ImageX to mount .WIM files into a directory, meaning you can use Windows Explorer or whatever tool browse and modify the file system.
Instead of DD, you could always use a Vista and above install disc or make a Windows PE disc with the WAIK and run bootsect. "Bootsect /nt52 all mbr" will get you a clean NTLDR boot sector, and "bootsect /n560 all mbr" will get you a Vista BCD-based bootsector. Of course, that only works if you're using either of those as your bootloader, but if you are, you don't even need DD.
My annoyance with McAfee comes strictly from having to support it.
It seems to have a horrible detection rate, although I admit there's some heavy sampling bias. "By definition," every laptop on campus has the software installed, meaning I only see the infections McAfee misses. However, it seems to have a very narrow definition of "virus," ignoring most of the spyware and scareware stuff like Antivirus ModelYear. Most viruses also know how to disable McAfee and other AV - you might as well not have it.
On a significant percentage of student laptops, McAfee simply won't install. It installs partway, leaving you with unused by resource-intensive system services that you cannot remove or uninstall without some serious registry hacking or a reinstall of Windows.
On top of it all, it has a multi-process design. Normally, it's a (potential) hallmark of good software engineering, but all this does is defeat the normal Windows process scheduling mechanisms of capping each process at 50% CPU usage. McAfee can utilize 100% of your CPU, and will do so for up to a minute every time you boot your computer.
Definitely a wacky IT policy, but if they were pushing a good AV, it wouldn't be so bad. As far as the network access control stuff goes, what's pretty much a dhcpd script seems to work pretty well next to commercial products.
Not sure if you use Linux, but OSX gets a different "Oh, you're a Mac, click here to have a nice day" registration page without the AV check.
Us help desk people can always manually register a PC as well if you call us or bring your laptop in. It's there to enforce AV on Windows and have students agree to not pirate the internet for bandwidth and legal reasons.
This.
The discovery that it removed the rootkit was a happy accident. After a few unhappy incidents related to the aforementioned "luser problems," we've taken to making such a CYA image of every laptop that passes through our fingers, just in case.
After a scan found the TDSS rootkit on a laptop, I decided it would be easier to disinfect the backup image. I discovered none of the hidden TDSS* were even in the image, and concluded that the obfuscation techniques worked all too well.
Although the infected system files were indeed still in the image, the bulk of the rootkit hides in these hidden TDSS(garbage characters) files, which were not gathered, leaving the rootkit neutered.
No, we have no central management of the enterprise AV. Yes, it is painful. But, IT is a separate department - they make policy, we live with it, though they're all nice, smart people who are just hung up on McAfee for some reason.
Our DHCP server compares your MAC address against a list of "registered" machines. If there's no match, meaning your machine is unregistered, you get an IP address within a special "unregistered" subnet. The subnet is denied internet access, and any HTTP requests are redirected to the local registration website.
The registration website gives you a link to the McAfee installer. You then have to download and run a custom "validator" program that checks for the presence of McAfee, and then adds your MAC address to the approved list.
Yes, this can easily be circumvented, but how many people know how to do MAC sniffing/spoofing? Those that can probably aren't going to get viruses on their Winboxen.
Yeah, it's a self-extracting archive of sorts, which explains some of the "pack" false positives. It wants you to disable your virus scanner, because most of them will try to delete ComboFix ^^. It is an amazing kludge of scripts, workarounds, and hacks (classical definition of "hack"), but you can't argue with what works.
Well, you can ^^. And if your tools keep your machine clean, do whatever works.
Sorry after installing Combofix, my AV program Spysweeper reported three viruses just got installed
Combofix is pretty much a glorified batch file that automates the operation of programs like GMER. Some of these programs are considered "hacking tools" by AV vendors. Another reason I hate McAfee: it will automagically "clean" my flash drive of most of my antivirus tools.
If you downloaded ComboFix from bleepingcomputer.com, it's a false positive.
Their system registers MAC addresses, meaning you could also register a VM if you had its traffic going through the host's adapters or if you cloned the host's MAC addresses onto the virtual adapters.
I personally loathe McAfee - it interferes with ComboFix. But, I'm not IT, and you can technically remove it after your machine passes registration.
In a perfect world, we would do that, but we get too many machines in and out to make that feasible. Then, there's all the normal luser problems: I don't know where my files are, I have no install media, I have no keys, I deleted my recover partition to save space, etc.
The foolproof way to remove the AntiVirus ModelYear rootkit is: Make a file-based image of the hard disk. By design, it hides from the file system, meaning it will not be included in a image made by a tool like ImageX from Microsoft's free WAIK. Gather an image and apply it to the same hard disk, and the rootkit's gone.
If you're adventurous, ImageX lets you mount the image file on a clean PC to do offline scans of its files and registry hives. You can clean a computer without ever booting it.
But, that's generally overkill. AntiVirus ModelYear rootkit isn't the nasty kind of hardware-hypervisor rootkit - it runs at kernel privileges. So does MalwareBytes. To be dangerous, it has to run at a higher privilege level than the removal tools.
For family members that promise me food, I go the extra mile and do the clean install for them. Staff machines we just re-image.
I completely agree with "combofix rocks." My job at the college I attend is pretty much removing that virus 24/7 from student laptops, and I've learned a few things:
1) McAfee sucks. We supply a copy of the Enterprise version to students, and a patched installation is required for internet access. Somehow, we're still inundated every semester with the latest flavor of AntiVirus ModelYear.
2) ComboFix is amazing. It's simple, but it automates a lot of tools that are a bit of a pain to use on their own. Ten minutes, and most malware is somewhat neutered.
3) MalwareBytes is amazing. ComboFix always misses stuff, but it lets us install MalwareBytes (also free) which finishes the job. I haven't seen any virus MB couldn't remove.
It's usually faster to run ComboFix + MalwareBytes (half hour between the tools in most cases) than it is to nuke it from orbit and reinstall Windows. Unless you're paranoid, two programs will take care of your end of your extended family's implied social support contract.
Yes, but your figures for the EU economy are in metric dollars. Way to pull a NASA.