windows defender is a joke!

Stephanie Stewart · Mar 30, 2008

My brand new computer has a virus and I used windows defender to delete it

and everytime it gets done scanning it says an error has occured and I can't

even delete the program that has the virus. I'm really upset that to even get

help with this, i have to pay 60.00 for "advanced support." Vista is starting

to SUCK.

does anyone have any advice?

Doomer · Mar 30, 2008

Windows Defender isn't an antivirus application.

They only try to monitor start registry and hooks registrers to disallow

spywares and worms to install itself.

Ivan Carlos - Chief Information & Security Officer

E-mail / Skype / WLM: icarlos@icarlos.net

Cell.: +55 (11) 8112-0666

Stephanie Stewart wrote:

> My brand new computer has a virus and I used windows defender to delete it

> and everytime it gets done scanning it says an error has occured and I can't

> even delete the program that has the virus. I'm really upset that to even get

> help with this, i have to pay 60.00 for "advanced support." Vista is starting

> to SUCK.

> does anyone have any advice?

DL · Mar 30, 2008

You need a dedicated anti virus application, or a dedicated internet

security application

Kaspersky appears to do well in various reviews

For Spyware/trojans, use MS Defender, SpyBot & Adaware - all free & use them

all on a regular basis, depending on your browsing/download habits

Think for a minute, if MS included a anti virus app with its Vista, how long

would it be before an Anti Competative action would be launched by the

Companies that produce dedicated applications, as it MS is taking a risk

with Defender

BTW OneCare has had some abysmal reviews

Most, if not all, Viruses are installed by the user actions or inactions

"Stephanie Stewart" <Stephanie Stewart@discussions.microsoft.com> wrote in

message news:A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com...

> My brand new computer has a virus and I used windows defender to delete it

> and everytime it gets done scanning it says an error has occured and I

> can't

> even delete the program that has the virus. I'm really upset that to even

> get

> help with this, i have to pay 60.00 for "advanced support." Vista is

> starting

> to SUCK.

> does anyone have any advice?

Kayman · Mar 30, 2008

On Sun, 30 Mar 2008 13:11:00 -0700, Stephanie Stewart wrote:



> My brand new computer has a virus and I used windows defender to delete it

> and everytime it gets done scanning it says an error has occured and I can't

> even delete the program that has the virus. I'm really upset that to even get

> help with this, i have to pay 60.00 for "advanced support." Vista is starting

> to SUCK.

> does anyone have any advice?

You need to educate yourself with respect to AV/A-S applications.

Real-time AV applications - for viral malware.

Do not utilize more than one (1) real-time anti-virus scanning engine!

Disable the e-mail scanning function during installation (Custom

Installation on some AV apps.) as it provides no additional protection.

http://www.oehelp.com/OETips.aspx#3

In fact, most of experts (incl. Norton) believe that scanning incoming and

outgoing mail causes e-mail file corruption.

Avira AntiVirÂ® PersonalEdition Classic - Free

http://www.free-av.com/antivirus/allinonen.html

You may wish to consider removing the 'AntiVir Nagscreen'

http://www.elitekiller.com/files/disable_antivir_nag.htm

or

Free antivirus - avast! 4 Home Edition

http://www.avast.com/eng/avast_4_home.html

(Choose Custom Installation and under Resident

Protection, uncheck: Internet Mail and Outlook/Exchange.)

or

AVG Anti-Virus Free Edition

http://free.grisoft.com/

(Choose custom install and untick the email scanner plugin.)

or

KasperskyÂ® Anti-Virus 7.0 - Not Free

http://www.kaspersky.com/homeuser

or

ESET NOD32 Antivirus - Not Free

http://www.eset.com/

and (optional)

On-demand AV application.

(add it to your arsenal and use it as a "second opinion" av scanner).

BitDefender10 Free Edition

http://www.bitdefender.com/PRODUCT-14-en--...ee-Edition.html

A-S applications - for non-viral malware.

The effectiveness of an individual A-S scanners can be wide-ranging and

oftentimes a collection of scanners is best. There isn't one software that

cleans and immunizes you against everything. That's why you need multiple

products to do the job i.e. overlap their coverage - one may catch what

another may miss, (grab'em all).

SuperAntispyware - Free

http://www.superantispyware.com/superantis...efreevspro.html

and

Ad-Aware 2007 - Free

http://www.lavasoftusa.com/products/ad_aware_free.php

http://www.download.com/3000-2144-10045910.html

and

Spybot Search & Destroy - Free

http://www.safer-networking.org/en/download/index.html

and

Windows Defender - Free (build-in in Vista)

http://www.microsoft.com/athome/security/s...re/default.mspx

Interesting reading:

http://www.pcworld.com/article/id,136195/article.html

"...Windows Defender did excel in behavior-based protection, which detects

changes to key areas of the system without having to know anything about

the actual threat."

After the software is updated, it is suggested scanning the system in Safe

Mode.

Some more useful applications:

SpywareBlaster - Free

SpywareBlaster is not a scanner application. It blocks the installation of

most ActiveX-based spyware, adware, browser hijackers, dialers and other

unwanted programs from the user's computer. SpywareBlaster works by

blacklisting the CLSID of known malware programs, effectively preventing

them from infecting a protected computer and also allows the user to

prevent privacy hazards such as tracking cookies.

http://www.javacoolsoftware.com/spywareblaster.html

Rootkit Revealer - Free

http://www.microsoft.com/technet/sysintern...itRevealer.mspx

**** Cleaner - Free

http://www.filehippo.com/download_ccleaner/

If Windows Defender is utilized go to Applications, under Utilities

uncheck "Windows Defender".

CW Shredder - Free

http://www.softpedia.com/get/Internet/Popu...WShredder.shtml

DevilsPGD · Mar 30, 2008

In message <A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com>

Stephanie Stewart <Stephanie Stewart@discussions.microsoft.com> wrote:



>My brand new computer has a virus and I used windows defender to delete it

>and everytime it gets done scanning it says an error has occured and I can't

>even delete the program that has the virus. I'm really upset that to even get

>help with this, i have to pay 60.00 for "advanced support." Vista is starting

>to SUCK.

>does anyone have any advice?

I'd suggest not installing viruses in the first place.

fred · Mar 30, 2008

i'm no expert, but restoring the system might work. you can take the computer

back to an earlier state, like last wednesday. to do this u turn on the

computer and at the dell logo screen u tap the F8 key than restore. it might

work?

Kayman · Mar 31, 2008

On Sun, 30 Mar 2008 18:45:00 -0700, fred wrote:



> i'm no expert, but restoring the system might work. 

<snip>

Restoring the system won't remove the virus.

What? · Mar 31, 2008

Kayman wrote:

> On Sun, 30 Mar 2008 18:45:00 -0700, fred wrote:

> 

>> i'm no expert, but restoring the system might work. 

> <snip>

> Restoring the system won't remove the virus.

It's just a little fyi.

http://www.microsoft.com/technet/community...gmt/sm0504.mspx

Kayman · Mar 31, 2008

On Mon, 31 Mar 2008 06:25:46 +0700, Kayman wrote:



> On Sun, 30 Mar 2008 13:11:00 -0700, Stephanie Stewart wrote:

> 

>> My brand new computer has a virus and I used windows defender to delete it

>> and everytime it gets done scanning it says an error has occured and I can't

>> even delete the program that has the virus. I'm really upset that to even get

>> help with this, i have to pay 60.00 for "advanced support." Vista is starting

>> to SUCK.

>> does anyone have any advice?

>

> You need to educate yourself with respect to AV/A-S applications.

>

> Real-time AV applications - for viral malware.

> Do not utilize more than one (1) real-time anti-virus scanning engine!

> Disable the e-mail scanning function during installation (Custom

> Installation on some AV apps.) as it provides no additional protection.

> http://www.oehelp.com/OETips.aspx#3

> In fact, most of experts (incl. Norton) believe that scanning incoming and

> outgoing mail causes e-mail file corruption.

>

> Avira AntiVirÂ® PersonalEdition Classic - Free

> http://www.free-av.com/antivirus/allinonen.html

> You may wish to consider removing the 'AntiVir Nagscreen'

> http://www.elitekiller.com/files/disable_antivir_nag.htm

> or

> Free antivirus - avast! 4 Home Edition

> http://www.avast.com/eng/avast_4_home.html

> (Choose Custom Installation and under Resident

> Protection, uncheck: Internet Mail and Outlook/Exchange.)

> or

> AVG Anti-Virus Free Edition

> http://free.grisoft.com/

> (Choose custom install and untick the email scanner plugin.)

> or

> KasperskyÂ® Anti-Virus 7.0 - Not Free

> http://www.kaspersky.com/homeuser

> or

> ESET NOD32 Antivirus - Not Free

> http://www.eset.com/

> and (optional)

> On-demand AV application.

> (add it to your arsenal and use it as a "second opinion" av scanner).

> BitDefender10 Free Edition

> http://www.bitdefender.com/PRODUCT-14-en--...ee-Edition.html

>

> A-S applications - for non-viral malware.

> The effectiveness of an individual A-S scanners can be wide-ranging and

> oftentimes a collection of scanners is best. There isn't one software that

> cleans and immunizes you against everything. That's why you need multiple

> products to do the job i.e. overlap their coverage - one may catch what

> another may miss, (grab'em all).

>

> SuperAntispyware - Free

> http://www.superantispyware.com/superantis...efreevspro.html

> and

> Ad-Aware 2007 - Free

> http://www.lavasoftusa.com/products/ad_aware_free.php

> http://www.download.com/3000-2144-10045910.html

> and

> Spybot Search & Destroy - Free

> http://www.safer-networking.org/en/download/index.html

> and

> Windows Defender - Free (build-in in Vista)

> http://www.microsoft.com/athome/security/s...re/default.mspx

> Interesting reading:

> http://www.pcworld.com/article/id,136195/article.html

> "...Windows Defender did excel in behavior-based protection, which detects

> changes to key areas of the system without having to know anything about

> the actual threat."

>

> After the software is updated, it is suggested scanning the system in Safe

> Mode.

>

> Some more useful applications:

> SpywareBlaster - Free

> SpywareBlaster is not a scanner application. It blocks the installation of

> most ActiveX-based spyware, adware, browser hijackers, dialers and other

> unwanted programs from the user's computer. SpywareBlaster works by

> blacklisting the CLSID of known malware programs, effectively preventing

> them from infecting a protected computer and also allows the user to

> prevent privacy hazards such as tracking cookies.

> http://www.javacoolsoftware.com/spywareblaster.html

>

> Rootkit Revealer - Free

> http://www.microsoft.com/technet/sysintern...itRevealer.mspx

>

> **** Cleaner - Free

> http://www.filehippo.com/download_ccleaner/

> If Windows Defender is utilized go to Applications, under Utilities

> uncheck "Windows Defender".

>

> CW Shredder - Free

> http://www.softpedia.com/get/Internet/Popu...WShredder.shtml

In addition you could download The PC Decrapifier

http://www.pcdecrapifier.com/download

"The PC Decrapifier will uninstall many of the common trialware and

annoyances found on many of the PCs from big name OEMs."

And a HijackThis scan may be in order.

Download and execute HiJack This! (HJT)

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Fora where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is required in any of the below before posting a log

http://www.theeldergeek.com/forum/index.php?showforum=29

http://www.thespykiller.co.uk/index.php?board=3.0

http://www.bleepingcomputer.com/forums/forum22.html

http://castlecops.com/forum67.html

http://forums.tomcoyote.org/index.php?showforum=27

http://www.5starsupport.com/ipboard/index.php?showforum=18

http://www.spywarewarrior.com/viewforum.php?f=5

Kayman · Mar 31, 2008

On Mon, 31 Mar 2008 00:47:41 -0400, What? wrote:



> Kayman wrote:

>> On Sun, 30 Mar 2008 18:45:00 -0700, fred wrote:

>> 

>>> i'm no expert, but restoring the system might work. 

>> <snip>

>> Restoring the system won't remove the virus.

>

> It's just a little fyi.

>

> http://www.microsoft.com/technet/community...gmt/sm0504.mspx

"The only way to clean a compromised system is to flatten and rebuild".

I am aware of this and wouldn't dispute the fact that this is a 'preferred'

course of action. However, not everyone is proficient to do so (I don't

think the OP is, nor is she inclined spending $'s to get professional

assistance). Pending on infestation severity one has a good chance removing

viruses by using quality removel tools/techniques. So, at this stage the

advice she's got is pretty good.

BTW,you do know the difference between flatten/rebuild OS and restoring

a system using the System Restore function, don't you?

FromTheRafters · Mar 31, 2008

"DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message

news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com...

> In message <A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com>

> Stephanie Stewart <Stephanie Stewart@discussions.microsoft.com> wrote:

>

>>My brand new computer has a virus and I used windows defender to delete it

>>and everytime it gets done scanning it says an error has occured and I

>>can't

>>even delete the program that has the virus. I'm really upset that to even

>>get

>>help with this, i have to pay 60.00 for "advanced support." Vista is

>>starting

>>to SUCK.

>>does anyone have any advice?

>

> I'd suggest not installing viruses in the first place.

Viruses don't install, they infect. Blended threats may

install, and have a virus as one of their functions. Sure,

it may sound simple to "just not execute" the malware

in the first place, but with viruses it isn't that easy. How

could you determine what program(s) to not execute?

DevilsPGD · Mar 31, 2008

In message <#nafpU3kIHA.5080@TK2MSFTNGP02.phx.gbl> "FromTheRafters"

<Erratic@ne.rr.com> wrote:



>"DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message

>news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com...

>

>> I'd suggest not installing viruses in the first place.

>

>Viruses don't install, they infect. Blended threats may

>install, and have a virus as one of their functions. Sure,

>it may sound simple to "just not execute" the malware

>in the first place, but with viruses it isn't that easy. How

>could you determine what program(s) to not execute? 

While technically true, when was the last time you saw a real virus?

Kayman · Mar 31, 2008

On Mon, 31 Mar 2008 17:21:10 -0400, FromTheRafters wrote:



> "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message

> news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com...

>> In message <A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com>

>> Stephanie Stewart <Stephanie Stewart@discussions.microsoft.com> wrote:

>>

>>>My brand new computer has a virus and I used windows defender to delete it

>>>and everytime it gets done scanning it says an error has occured and I

>>>can't

>>>even delete the program that has the virus. I'm really upset that to even

>>>get

>>>help with this, i have to pay 60.00 for "advanced support." Vista is

>>>starting

>>>to SUCK.

>>>does anyone have any advice?

>>

>> I'd suggest not installing viruses in the first place.

>

> Viruses don't install, they infect. Blended threats may

> install, and have a virus as one of their functions. Sure,

> it may sound simple to "just not execute" the malware

> in the first place, but with viruses it isn't that easy. How

> could you determine what program(s) to not execute?

Scanning a program with a quality AV apps prior execution may give you an

indication

What? · Mar 31, 2008

Kayman wrote:

> On Mon, 31 Mar 2008 00:47:41 -0400, What? wrote:

> 

>> Kayman wrote:

>>> On Sun, 30 Mar 2008 18:45:00 -0700, fred wrote:

>>>

>>>> i'm no expert, but restoring the system might work.

>>> <snip>

>>> Restoring the system won't remove the virus.

>> It's just a little fyi.

>>

>> http://www.microsoft.com/technet/community...gmt/sm0504.mspx

>

> "The only way to clean a compromised system is to flatten and rebuild".

>

> I am aware of this and wouldn't dispute the fact that this is a 'preferred'

> course of action. However, not everyone is proficient to do so (I don't

> think the OP is, nor is she inclined spending $'s to get professional

> assistance). Pending on infestation severity one has a good chance removing

> viruses by using quality removel tools/techniques. So, at this stage the

> advice she's got is pretty good.

> BTW,you do know the difference between flatten/rebuild OS and restoring

> a system using the System Restore function, don't you?

I have been working with MS since 1996 and in IT as a professional since

1971. I think I have got a pretty good take on it. ;-)

Mick Murphy · Apr 1, 2008

Below is a list of the security you need to install on your computer.

Only one anti-virus to be installed.(more than one can cause conflicts)

More than one anti-spyware program is allowable.

http://www.avast.com/eng/download-avast-home.html

Above is a link to Avast Free 4 Home Anti-Virus

It is low resource using, free and Vista 32bit and 64bit compatible.

http://www.safer-networking.org/en/index.html

For Spyware removal, use the above link to Ã¢â‚¬Å“Spybot Search & Destroy 1.5.2Ã¢â‚¬Â

Download it, install it, update it, immunize your system and scan your

System with it.

http://www.javacoolsoftware.com/

For a non-scanning, but running in the background, Program to STOP Spyware

being downloaded to your Computer, use SpywareBlaster 4, available at the

above link.

--

Mick Murphy - Qld - Australia

"Stephanie Stewart" wrote:



> My brand new computer has a virus and I used windows defender to delete it

> and everytime it gets done scanning it says an error has occured and I can't

> even delete the program that has the virus. I'm really upset that to even get

> help with this, i have to pay 60.00 for "advanced support." Vista is starting

> to SUCK.

> does anyone have any advice?

FromTheRafters · Apr 1, 2008

"DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message

news:asp2v3tss2iq85nvda4h0mlomtormd4vjp@4ax.com...

> In message <#nafpU3kIHA.5080@TK2MSFTNGP02.phx.gbl> "FromTheRafters"

> <Erratic@ne.rr.com> wrote:

>

>>"DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message

>>news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com...

>>

>>> I'd suggest not installing viruses in the first place.

>>

>>Viruses don't install, they infect. Blended threats may

>>install, and have a virus as one of their functions. Sure,

>>it may sound simple to "just not execute" the malware

>>in the first place, but with viruses it isn't that easy. How

>>could you determine what program(s) to not execute?

>

> While technically true, when was the last time you saw a real virus?

Many blended threat worms of the recent past have used real virus

code. The point is that an infected file is likely to be executed by the

system or the user just as it would have had it not been infected.

It is real easy to say "just don't do it" and believe it is that simple.

I just wanted to point out that that is a naive attitude.

FromTheRafters · Apr 1, 2008

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message

news:uwZzVe4kIHA.1184@TK2MSFTNGP04.phx.gbl...

> On Mon, 31 Mar 2008 17:21:10 -0400, FromTheRafters wrote:

>

>> "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message

>> news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com...

>>> In message <A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com>

>>> Stephanie Stewart <Stephanie Stewart@discussions.microsoft.com> wrote:

>>>

>>>>My brand new computer has a virus and I used windows defender to delete

>>>>it

>>>>and everytime it gets done scanning it says an error has occured and I

>>>>can't

>>>>even delete the program that has the virus. I'm really upset that to

>>>>even

>>>>get

>>>>help with this, i have to pay 60.00 for "advanced support." Vista is

>>>>starting

>>>>to SUCK.

>>>>does anyone have any advice?

>>>

>>> I'd suggest not installing viruses in the first place.

>>

>> Viruses don't install, they infect. Blended threats may

>> install, and have a virus as one of their functions. Sure,

>> it may sound simple to "just not execute" the malware

>> in the first place, but with viruses it isn't that easy. How

>> could you determine what program(s) to not execute?

>

> Scanning a program with a quality AV apps prior execution may give you

> an

> indication

True, but these days you may not have complete control over

what programs get executed. In fact you may not even have

an awareness of programs being executed.

DevilsPGD · Apr 2, 2008

In message <#NQ9n$FlIHA.1164@TK2MSFTNGP02.phx.gbl> "FromTheRafters"

<Erratic@ne.rr.com> wrote:



>Many blended threat worms of the recent past have used real virus

>code. The point is that an infected file is likely to be executed by the

>system or the user just as it would have had it not been infected.

They do?

Virtually everything I've run into falls into the one of two categories:

1) Trojan, being a piece of software which appears to perform a certain

action but in fact performs another.

2) Worms, being self-replicating computer programs spreading more or

less without user intervention across a network.

I haven't seen one in many years that played the original virus trick of

actually modifying existing EXEs and waiting for the user to shuffle

those EXEs off to another PC somehow. With USB drives capacity

increasing, and portable software becoming more popular, we may well see

the return of real viruses in the near future, but I can't think of one

that has had a major impact in many moons.

Now, that being said, a fair amount of malware is polymorphic in one

form or another.



>It is real easy to say "just don't do it" and believe it is that simple.

>I just wanted to point out that that is a naive attitude. 

Perhaps somewhat naive, but the reality of it is that if you practice

minimal safe computing techniques, specifically, staying behind an

inbound packet filtering (Windows Firewall or NAT tend to do the job)

and don't install or run anything offered to you unsolicited, only

install software either from reputable companies or that you have

researched, plus stay up to date with Windows and application patches,

you'll be safe.

AV software tends to be far too slow to keep up with threats -- I've

been in the mail server business for many years now, my own server scans

each and every inbound message with three different engines, and still

we see malware sneaking through that, if rescanned 24 hours later, gets

caught. I wouldn't suggest to users that they rely on AV software, it

simply isn't up for the task.

There is also a fairly new class of worm, specifically attacking

vulnerabilities in AV software, often in the form of buffer overruns in

parsers -- So in some cases you're actually more vulnerable with AV

software installed then without. While this isn't a new concept as a

whole, malware exploiting this type of vulnerability automatically is

relatively new.

I can tell you that when I was in school, I absolutely loved McAfee, all

you had to do was get a file called "program.exe" into the search path

of the client-side component, then launch an AV scan and it would launch

said program.exe executable from the service-side scanning component

which ran with administrative privileges. Quick and easy promotion to

full administrative rights, what could be better?

FromTheRafters · Apr 4, 2008

> "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message 

> news:96s7v3h0nbn9sn0per7k64c5uqkbs1r8jt@4ax.com...

> In message <#NQ9n$FlIHA.1164@TK2MSFTNGP02.phx.gbl> "FromTheRafters"

> <Erratic@ne.rr.com> wrote:

>

>>Many blended threat worms of the recent past have used real virus

>>code. The point is that an infected file is likely to be executed by the

>>system or the user just as it would have had it not been infected.

>

> They do?

Yes, here's a recent example.

http://www.trendmicro.com/VINFO/virusencyc...AGIPEF%2ECE%2DO



> Virtually everything I've run into falls into the one of two categories:

>

> 1) Trojan, being a piece of software which appears to perform a certain

> action but in fact performs another.

>

> 2) Worms, being self-replicating computer programs spreading more or

> less without user intervention across a network.

Too bad these things can't be so easily pigeonholed. This

is why "blended threat" is so often used to describe them.



> I haven't seen one in many years that played the original virus trick of

> actually modifying existing EXEs and waiting for the user to shuffle

> those EXEs off to another PC somehow.

It is not required of viruses to seek out or inhabit new devices - that

is worm behavior, however you can see how backups may become

involved if infected files are backed up and then the computer is cleaned.

You may not back up worm files, but you might back up virally infected

files which also contain the worm code.



> With USB drives capacity

> increasing, and portable software becoming more popular, we may well see

> the return of real viruses in the near future, but I can't think of one

> that has had a major impact in many moons.

Mostly because the viral impact is overshadowed by the worm

and other malicious code's impact. The infection of files may be

just in order to "rise from the dead" after one removes an active

worm from a system.



> Now, that being said, a fair amount of malware is polymorphic in one

> form or another.

True, but irrelevent.



>>It is real easy to say "just don't do it" and believe it is that simple.

>>I just wanted to point out that that is a naive attitude.

>

> Perhaps somewhat naive, but the reality of it is that if you practice

> minimal safe computing techniques, specifically, staying behind an

> inbound packet filtering (Windows Firewall or NAT tend to do the job)

> and don't install or run anything offered to you unsolicited, only

> install software either from reputable companies or that you have

> researched, plus stay up to date with Windows and application patches,

> you'll be safe.

Fairly safe - yes.

Absolutely safe - no.

Reputable sources can still unknowingly offer "infected" programs.

You still will need AV to scan incoming programs before execution.



> AV software tends to be far too slow to keep up with threats -- I've

> been in the mail server business for many years now, my own server scans

> each and every inbound message with three different engines, and still

> we see malware sneaking through that, if rescanned 24 hours later, gets

> caught. I wouldn't suggest to users that they rely on AV software, it

> simply isn't up for the task.

This lag time between the onset of a threat and the response by

way of detection definitions being implemented is the achilles

heel of the AV service. That is why the recent malware is mostly

aimed to exploit this instead of using the older viral techniques.

Without AV it would quickly become much worse.



> There is also a fairly new class of worm, specifically attacking

> vulnerabilities in AV software, often in the form of buffer overruns in

> parsers -- So in some cases you're actually more vulnerable with AV

> software installed then without.

True, but these flaws in software are inevitable for all program

types. The key is that they are addressed quickly when discovered.

The reputable AV companies are really good about this.



> While this isn't a new concept as a

> whole, malware exploiting this type of vulnerability automatically is

> relatively new.

IIRC most of these were related to the routines used by the AV to

unpack, unzip, melt, or otherwise translate data to code to scanning

purposes. I never thought that that was a good idea for AV to do.

The user should have some responsibility for his own protection.

Then it seems that the Java system translated zipped files into code

and executed it without the user in the loop - in my eyes this feature

necessitated the scanning within archives feature. So the scanner

program essentially became an internet facing receiver of foreign

code that even unzipped and executed the malware it was trying

to protect you from.

I actually laughed when I first heard about this - the irony of it all.



> I can tell you that when I was in school, I absolutely loved McAfee, all

> you had to do was get a file called "program.exe" into the search path

> of the client-side component, then launch an AV scan and it would launch

> said program.exe executable from the service-side scanning component

> which ran with administrative privileges. Quick and easy promotion to

> full administrative rights, what could be better?

Spoken like a true hacker. style_emoticons/D

windows defender is a joke!

Stephanie Stewart

Guest

Doomer

Guest

DL

Guest

Kayman

Guest

DevilsPGD

Guest

fred

Guest

Kayman

Guest

What?

Guest

Kayman

Guest

Kayman

Guest

FromTheRafters

Guest

DevilsPGD

Guest

Kayman

Guest

What?

Guest

Mick Murphy

Guest

FromTheRafters

Guest

FromTheRafters

Guest

DevilsPGD

Guest

FromTheRafters

Guest