Now for the meat. Anti-Malware applications have always catered to the home user initially, and later many such as yourselves added functionality for the all the troubled network administrators out there trying to keep their networks clean. Unfortunately there is one major consideration for which after all these years is still missing from Anti-xxx apps. This is new functionality for the average break/fix computer technician who is not working with just one system, but many on a daily basis. First I will explain my own situation, later I will tie it in to the future of the home user and how it will benefit them as well.
The most common method for a technician such as myself to clean a system of virii/malware is not to battle it on the client's machine if at all possible. Most computer shops I've worked for, briefly co-owned one, or visited out of interest and boredom, all have at least one (if not an army of them) what I refer to as a "tech bench computer." I'll refer to it as a "TBC" from here on. Mostly the systems are used for virus removal but in the last few years, ad/spy/malware of other types are actually many times more difficult to remove than your every day virus, so these TBC's are now more equiped to fight viruses and ad/spy/malware on client machines. The function is simple; remove the hard drive from the client's machine, attach as a secondary to the TBC, run anti-whatever scans on the client's hard drive.
Even these machines are slowly being replaced (when circumstances permit) by custom WinPE boot CD's; yet the function remains the same.
Additional features of certain versions of software, such as your Professional edition, alleviate a lot of the time it takes to do a malware removal on a system; important features like providing command-line parameters for automation; network admins no doubt find this invaluable as well. In my store I've developed an entire series of custom NT-based batch files and scripts designed to automate nearly every program we currently use to do it's job. It promotes consistency among our techs and saves tons of time, though it cannot be said that it's entirely efficient; Initially I run anti-virus and anti-malware scans from our TBCs or Boot CDs, followed by my own archaic brute force scans with 'defs' that I personally create and maintain, followed by manual inspection of the client's file system and examination of loaded registry hives for additional malware that isn't detected, to which I can later add to my own brute force defs.
The serious inefficiency is then having to run pretty much the same scans on all of the client's hard drives again after they are put back into their actual machines, and we start up windows. (for all intents and purposes, I'm only referring to scanning/cleaning NT-based OSes) Further still, is running those scans on multiple user accounts. Just one client's machine, if it had 5 user accounts, now has had 6 different scans run on it by the same application! There comes a point in time where you have to say enough is enough.
Here is where Lavasoft, to name just one, fits in. Your great application, for which I've used in a personal capacity for years, is only tailored for home users, or lan admins depending on the version. There is much functionality that can be added for technicians such as myself who do a job well and as complete as possible for their clients.
It all starts with the ability to scan other users' registry hives, yet the major icing on this cake would be the ability to load and scan additional registry hives which are foreign to the system running the scanning software.
Yes, I could scan a file system on a client's hard drive from my TBC or Boot CD, but not the registry! Even with my own archaic batch files and scripts consisting of archaic detection methods, tons of for /f in do loops, using reg.exe to brute force known entries from defs I painfully maintain myself, this can be accomplished. I simply load the client's registry hives into my TBC's registry under HKLM for my own scripts and later manual inspection, in this format:
HKLM\guest_SYSTEM
HKLM\guest_SOFTWARE
HKLM\guest_%username%
HKLM\guest_%username%
HKLM\guest_%username%
etc... where I assign the "guest_" prefix as a static indicator of the client's particular hive, and %username% is the variable for all the NTUSER.DAT's I can find in \Documents and Settings on the client's hard drive; my scripts take if from there. I can even query for values under certain keys and automatically fix issues such as the USERINIT and SHELL values under the ..\Winlogon key, to name a VERY FEW. I can remove known problem services, logon\notify dlls, and anything that would otherwise startup even in safe mode on the client's machine, even the occasional BootExecute value, which, as it only runs native apps well before winlogon, nothing gets past it. I can even sound a pc speaker beep to alert a tech of something that needs manual attention. All of this is essential to a quick and easy recovery once the client's machine is up and running Windows on it's own power.
So if I can do it, why can Ad-Aware not do this? I simply think it was just never thought of, and the demand for such functionality isn't known yet. Well I submit to you my method.
I'm a very busy guy with a few other techs to look after, handle their questions, handle a lot more than malware problems each day, handle a ton of calls from new and existing clients for everything from "my wireless mouse stopped working" [and I'm too stubborn to check the batteries or hit the little button,] to "I can't open my quickbooks file over the network ... what was, oh, the X: drive!" to "I forgot my password, do you know it?" to "My Windows is fine, but my XP is missing!"
I'm too busy, too tired of the maintenance when new malware strikes, and I'd rather leave it to the PROFESSIONALS (that's you!)
Now that I've stated MY case..... just think of the new breed of home user out there!
DUAL BOOT
? How many people are finally starting to run dual boot configurations? Especially with Vista out, many home users want the switch but do not want to leave the security blanket of XP, I get approached all the time when someone is curious about running both OSes. You think it'll take long for it to occur to them that when malware starts to tank their XP install, that they might try to fix it from the Vista install?
WinPE based BOOT CDs
? How popular has the methods of creating utility boot CDs with custom versions of WinPE running? How many home users do you think are using those methods now to fix their virus/malware issues?
MULTIPLE MACHINES
? How many home users have multiple computers, spares, and are gaining the knowledge to use those additional computers to their advantage when it comes to virus/malware removal?
Maybe it's not a lot, but it will be. Over 12 years ago as the PC became more affordable, and especially 6-7 years ago as they hit the sub-$500 (US) range, the average computer user started to become less and less knowledgeable. Now, the tide is turning as computers are more available in schools and more people can afford them (and more than one) in their homes, and the average computer user is gaining skill and knowledge quickly. How long will it be before that home user starts to search for that functionality that I've been dying to see for many years now? Now is the time for Anti-malware vendors to step up and cater to a new crowd. Yeah, for that average user now the pretty GUIs and easy to use wizards are still a priority, but it won't be long before they start to see past that and start spending their money with more content and functionality in mind.
Now back to purely selfish reasons:
* PLZ consider adding the functionality of loading registry hives. I don't request it follow my guest_ prefix, I don't care. But a command line interface for the location of those hives would be nice, e.g. /includehives=f:\windows.000\system32\config;g:\documents and settings;h:\winnt\system32\config; (ETC...) where depending on the environment, specific drives/paths can be replaced with %variables% in scripts.
* oh yeah, and please give us our plain text .INI file back. the .AWC files are a pain to modify :| I can at least easily script an .INI file change. To be perfectly honest, I'm the guy who misses using DOS, if that explains anything, just don't use it as an excuse to dismiss my plea! I also miss the old Ad-Aware 5 look and feel, and the fact that it would run from read-only media without a single issue
Thanks for your time and consideration!
P.S. I would love to start using Ad-Aware in a professional capacity, but in an indirect way I do. I recommend it (though admittedly along with one other app) for all my client's anti-malware needs when they ask. It must be working because they don't come in as much (good thing I'm busy anyway, for the time being) and I do get the occasional call of "Ad-Aware fixed my problem, thanks for introducing me to it!" I have installed it for countless clients' personal use over the years, and will continue to promote your great product regardless, as long as you keep up the good fight, stay honest, and keep your apps bloat-free, lean, and light on the system resources (which honestly a virtual machine is my sandbox for the questionable stuff, so I personally refuse to run any memory resident protection against anything on my personal system, so I wouldn't know... I just trust you *that* much!) Keep up the good work!
Also, sorry for the long post.
Cheers!
so I've already submitted a CC of this post that way. I am glad to see they are accepting new ideas; I was a little worried not seeing a specific section on these forums for one.