Why do I have to run scans for each user?

I've installed several tools to keep my home computer safe from Malware. I frequently run scans off of my user screen. I noticed some of the programs I installed put icons on my 2 daughters screens. Specifically, Adaware and Avast. Also, Zone Alarm and winpatrol run in the background. Not a problem. The thing is: I have Administrator privilages while they only have limited access. I assumed my scans and "tweeks" affected everyone. However, for kicks, I ran an Adaware scan from each of their desktops, and I got results from both. One (a frequent online user) yielded some cookies and the other (a rare online user had Malware and reg. entries). I was a little suprised to see my scans didn't show these items. Do I need to use the same methods I use for each individual user? If so, why?

Thanks for any input

 

Different profiles are loaded for each user - administrator or not. That includes applications used and settings - different cookies/malware/etc. for each user under their own profile. This would explain your experience, and if I'm wrong, I'm sure that a more knowledgeable member will step in and correct me and enlighten you.

 

Sounds resonable. I can only assume that since the vital programs run in all backgrounds - everyone is protected. It would also seem that running periodic scans with each Adaware wouldn't be a bad idea (interface is easy enough for them to handle )

Thanks for the response

 

To expand on Novices explanation. Each profile has their own registry. Only one registry can be loaded at any time. So in order to scan another registry, you have to load that profile.

 

I was surprized to find that out too when I recently found it out. I think that a lot of people probably don't realize it, unless they think about it.

 

Thanks Kodo, I bet a lot of XP users are now going to have to do a lot more scanning than they currently are. Just one more thing to remember when I ultimately get XP. Bazza

PS: How do network administrators get users to do their own scanning? With great difficulty I guess, or does the system firewall keep everything out? Baz

===

 

Firewall, PIX boxes that block sites etc. The problem occurs when people bring in those damned screen savers from home.

 

Okay, I was satisfied but now I'm a little confused. So, I'll be specifc:

#1: I run Ccleaner from my screen, it seems to get everyone's temp. files, cookies, etc. I think the only reason Adaware found any - was she was on after I "cleaned". Am I right or do I need Cclean from each user screen?

#2: Spybot S&D - Immunizes entire computer? Or needs to be done for each user?

#3: Spyware blaster - Same as above?

#4: AOL spyware protection - Same as above? (only applies for a few more months, then I drop it like a bad habit )

As I mentioned originally: Avast, Adaware, and Winpatrol run on their desktops. This is good, yes?

No sarcasm intended, I really appreciate the sharing of your knowledge.

Last thing - I noticed Dell is selling the exact same computer I have for $399.
There's going to be alot of new user soon. Maybe Dell should start putting post-its on all those computers to go to MajorGeeks.com. This is really where you need to be. Also, a new scanning XP "sticky" may be good for the oncoming flood.

Thanks to all of you Major Geeks.

 

I guess it is safe to assume that scanning programs that don't need to look at a specific registry will work for the whole computer.

 

in addition to what KODO said about the registry, the only registry hive any kind of scanner could possibly scan and modify regardless of users would be HK_LOCAL_MACHINE and HK_CLASSES_ROOT, the other hives would be user specific, hence the identifier 'CURRENT' in HK_CURRENT_USER which is a more individualized segment of HK_USERS (covering all users).

Generally if during the installation of a program, it would ask at the end of the installation if the program would run for only the current user or everyone. On that step (if there ever is one) select 'everyone'.

Also one thing you need to remember, if you are running Spybot or Ad-aware and the current user is a power user or another type with even more limitation to access/modify registry and system files, it'd be tough to say the results would be successful.
So best scanning results in my opinion is achieved after disabling Virtual Memory (paging file) and booting in the safe mode and logging in as an Admin.

 

even loggin in as admin, you still have to log in with the other profiles in order to clean up the rest. Trust me, I did 13 computers today alone that neede this procedure.

 

Learned that today. You guys are completely correct! I finally got around to running the same scans for daughter #1 and the results were overwhelming. I found so much crap it wasn't funny. I have since decided that when the kids are logging on to the internet, they use daughter #1's desktop. Whenever daughter #2 wants something for her desktop, we just download into a "shared" file. This way she can retrieve what she wanted for her desktop from her desktop.

Thanks guys you have been a wealth of invaluable information .

 

Hmm...if that is the case, either by using a 3rd party Windows Security utility or Start > Run > gpedit.msc (Global Policy Editor) configure your daughter's account do they can't download and install any applications, ActiveX components, etc.
Also do you have SpywareBlaster and SpywareGuard installed and configured to be active for all users? Spybot's 'immunize' feature helps quite a bit too. Anyhow, I won't get into details since I am sure you already heard about the preventative measures.
Good Luck.

 

How to Protect yourself from malware!

 

Turcoloco

Yes, I have some of the programs listed. The thing was: each has to be "activated" from each seperate user. I had to immunize my daughter's desktop seperately from mine. The only thing I have seen work is: updates from any desktop affect the whole computer. As far as downloads go: Malware are sneaky little bastards and it seems the can come from anywhere .

Kodo

Thanks to MajorGeeks and individuals such as yourself, I am completely Malware free. Any "new" threats are immediately disposed of (thank god for Adaware). The link you provided was the very first thing I read when I came to this Forum. I'm all good - now to fix my daughter's desktop . She seems to have a nasty version of CWsearch, but following advice from another post, I'll be fixing that soon.

Thanks again to all