What is the safest way to handle quarantined adware?
Once I quarantine adware like Starware Toolbar, what do I do with it? Can I destroy it from the quarantine folder? What is the safest way to handle quarantined adware?
Generally speaking, it's usually safe to delete the items in a quarantine folder. But, notice those weasel words in the previous sentence: "Generally speaking" and "usually." In other words, users have to be careful. Quarantine folders exist primarily because antimalware products sometimes issue false positives; accidentally classifying a legitimate program -- or even a part of the operating system -- as malware. If the antimalware tool were to outright delete the given file, it could break the app or render the whole machine inoperable. This happens on a periodic basis, with numerous examples of an antivirus tool detecting a piece of Windows as malware, resulting in major problems.
Thus, the best bet is to make a copy of the items in the quarantine directory, writing them to a USB token that has no other legitimate use (make sure it's not one of those auto-executing U3 USB devices). Then, clear out the quarantine folder. Keep in mind that it could take weeks for a user to know if the items that were quarantined were useful for an application on the machine. A problem would only manifest itself when a legit app requires an esoteric DLL or even an EXE that has been deleted. Thus, hold onto the contents of the USB token for a about a month before finally deleting it thoroughly. This process, although cumbersome, is the safest way to empty a quarantine folder.
This was first published in February 2008