Please sign all your background programs

I'm back from spending a couple of hours cleaning a friend's computer. The kind of computer that I feel like throwing into a formalin jar and send it directly to the F-Secure labs !

It's one of these times when people call you in despair: As soon as it booted, their computer will start giving all sorts of weird messages. They don't even need to touch the keyboard to be flooded by adware pop-ups.

The first thing I usually do is run SysInternal's excellent AutoRun to find all exes and dlls scattered all over the place, uncheck the suspicious ones, kill the matching processes and reboot.

That's where there's room for easy improvement: If all the good guys would digitally sign their exes and dlls that run unattended (whether services, programs hidden in the system tray or IE add-ons), it would be way easier to isolate the malware: Just look for unsigned stuff.

The problem now is that you must be very careful before removing suspicious programs because you're never sure it's not some important third-party program such as an ADSL modem or video display-related utility. These are too often thrown into the system32 directory and don't even have a version info resource :-(