Guest Stephanie Stewart Posted March 30, 2008 Posted March 30, 2008 My brand new computer has a virus and I used windows defender to delete it and everytime it gets done scanning it says an error has occured and I can't even delete the program that has the virus. I'm really upset that to even get help with this, i have to pay 60.00 for "advanced support." Vista is starting to SUCK. does anyone have any advice? Quote
Guest Doomer Posted March 30, 2008 Posted March 30, 2008 Windows Defender isn't an antivirus application. They only try to monitor start registry and hooks registrers to disallow spywares and worms to install itself. Ivan Carlos - Chief Information & Security Officer E-mail / Skype / WLM: icarlos@icarlos.net Cell.: +55 (11) 8112-0666 Stephanie Stewart wrote:<span style="color:blue"> > My brand new computer has a virus and I used windows defender to delete it > and everytime it gets done scanning it says an error has occured and I can't > even delete the program that has the virus. I'm really upset that to even get > help with this, i have to pay 60.00 for "advanced support." Vista is starting > to SUCK. > does anyone have any advice?</span> Quote
Guest DL Posted March 30, 2008 Posted March 30, 2008 You need a dedicated anti virus application, or a dedicated internet security application Kaspersky appears to do well in various reviews For Spyware/trojans, use MS Defender, SpyBot & Adaware - all free & use them all on a regular basis, depending on your browsing/download habits Think for a minute, if MS included a anti virus app with its Vista, how long would it be before an Anti Competative action would be launched by the Companies that produce dedicated applications, as it MS is taking a risk with Defender BTW OneCare has had some abysmal reviews Most, if not all, Viruses are installed by the user actions or inactions "Stephanie Stewart" <Stephanie Stewart@discussions.microsoft.com> wrote in message news:A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com...<span style="color:blue"> > My brand new computer has a virus and I used windows defender to delete it > and everytime it gets done scanning it says an error has occured and I > can't > even delete the program that has the virus. I'm really upset that to even > get > help with this, i have to pay 60.00 for "advanced support." Vista is > starting > to SUCK. > does anyone have any advice? </span> Quote
Guest Kayman Posted March 30, 2008 Posted March 30, 2008 On Sun, 30 Mar 2008 13:11:00 -0700, Stephanie Stewart wrote: <span style="color:blue"> > My brand new computer has a virus and I used windows defender to delete it > and everytime it gets done scanning it says an error has occured and I can't > even delete the program that has the virus. I'm really upset that to even get > help with this, i have to pay 60.00 for "advanced support." Vista is starting > to SUCK. > does anyone have any advice?</span> You need to educate yourself with respect to AV/A-S applications. Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. http://www.oehelp.com/OETips.aspx#3 In fact, most of experts (incl. Norton) believe that scanning incoming and outgoing mail causes e-mail file corruption. Avira AntiVir® PersonalEdition Classic - Free http://www.free-av.com/antivirus/allinonen.html You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/disable_antivir_nag.htm or Free antivirus - avast! 4 Home Edition http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) or Kaspersky® Anti-Virus 7.0 - Not Free http://www.kaspersky.com/homeuser or ESET NOD32 Antivirus - Not Free http://www.eset.com/ and (optional) On-demand AV application. (add it to your arsenal and use it as a "second opinion" av scanner). BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-14-en--...ee-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/superantis...efreevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free (build-in in Vista) http://www.microsoft.com/athome/security/s...re/default.mspx Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." After the software is updated, it is suggested scanning the system in Safe Mode. Some more useful applications: SpywareBlaster - Free SpywareBlaster is not a scanner application. It blocks the installation of most ActiveX-based spyware, adware, browser hijackers, dialers and other unwanted programs from the user's computer. SpywareBlaster works by blacklisting the CLSID of known malware programs, effectively preventing them from infecting a protected computer and also allows the user to prevent privacy hazards such as tracking cookies. http://www.javacoolsoftware.com/spywareblaster.html Rootkit Revealer - Free http://www.microsoft.com/technet/sysintern...itRevealer.mspx Crap Cleaner - Free http://www.filehippo.com/download_ccleaner/ If Windows Defender is utilized go to Applications, under Utilities uncheck "Windows Defender". CW Shredder - Free http://www.softpedia.com/get/Internet/Popu...WShredder.shtml Quote
Guest DevilsPGD Posted March 31, 2008 Posted March 31, 2008 In message <A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com> Stephanie Stewart <Stephanie Stewart@discussions.microsoft.com> wrote: <span style="color:blue"> >My brand new computer has a virus and I used windows defender to delete it >and everytime it gets done scanning it says an error has occured and I can't >even delete the program that has the virus. I'm really upset that to even get >help with this, i have to pay 60.00 for "advanced support." Vista is starting >to SUCK. >does anyone have any advice?</span> I'd suggest not installing viruses in the first place. Quote
Guest fred Posted March 31, 2008 Posted March 31, 2008 i'm no expert, but restoring the system might work. you can take the computer back to an earlier state, like last wednesday. to do this u turn on the computer and at the dell logo screen u tap the F8 key than restore. it might work? Quote
Guest Kayman Posted March 31, 2008 Posted March 31, 2008 On Sun, 30 Mar 2008 18:45:00 -0700, fred wrote: <span style="color:blue"> > i'm no expert, but restoring the system might work. </span> <snip> Restoring the system won't remove the virus. Quote
Guest What? Posted March 31, 2008 Posted March 31, 2008 Kayman wrote:<span style="color:blue"> > On Sun, 30 Mar 2008 18:45:00 -0700, fred wrote: > <span style="color:green"> >> i'm no expert, but restoring the system might work. </span> > <snip> > Restoring the system won't remove the virus.</span> It's just a little fyi. http://www.microsoft.com/technet/community...gmt/sm0504.mspx Quote
Guest Kayman Posted March 31, 2008 Posted March 31, 2008 On Mon, 31 Mar 2008 06:25:46 +0700, Kayman wrote: <span style="color:blue"> > On Sun, 30 Mar 2008 13:11:00 -0700, Stephanie Stewart wrote: > <span style="color:green"> >> My brand new computer has a virus and I used windows defender to delete it >> and everytime it gets done scanning it says an error has occured and I can't >> even delete the program that has the virus. I'm really upset that to even get >> help with this, i have to pay 60.00 for "advanced support." Vista is starting >> to SUCK. >> does anyone have any advice?</span> > > You need to educate yourself with respect to AV/A-S applications. > > Real-time AV applications - for viral malware. > Do not utilize more than one (1) real-time anti-virus scanning engine! > Disable the e-mail scanning function during installation (Custom > Installation on some AV apps.) as it provides no additional protection. > http://www.oehelp.com/OETips.aspx#3 > In fact, most of experts (incl. Norton) believe that scanning incoming and > outgoing mail causes e-mail file corruption. > > Avira AntiVir® PersonalEdition Classic - Free > http://www.free-av.com/antivirus/allinonen.html > You may wish to consider removing the 'AntiVir Nagscreen' > http://www.elitekiller.com/files/disable_antivir_nag.htm > or > Free antivirus - avast! 4 Home Edition > http://www.avast.com/eng/avast_4_home.html > (Choose Custom Installation and under Resident > Protection, uncheck: Internet Mail and Outlook/Exchange.) > or > AVG Anti-Virus Free Edition > http://free.grisoft.com/ > (Choose custom install and untick the email scanner plugin.) > or > Kaspersky® Anti-Virus 7.0 - Not Free > http://www.kaspersky.com/homeuser > or > ESET NOD32 Antivirus - Not Free > http://www.eset.com/ > and (optional) > On-demand AV application. > (add it to your arsenal and use it as a "second opinion" av scanner). > BitDefender10 Free Edition > http://www.bitdefender.com/PRODUCT-14-en--...ee-Edition.html > > A-S applications - for non-viral malware. > The effectiveness of an individual A-S scanners can be wide-ranging and > oftentimes a collection of scanners is best. There isn't one software that > cleans and immunizes you against everything. That's why you need multiple > products to do the job i.e. overlap their coverage - one may catch what > another may miss, (grab'em all). > > SuperAntispyware - Free > http://www.superantispyware.com/superantis...efreevspro.html > and > Ad-Aware 2007 - Free > http://www.lavasoftusa.com/products/ad_aware_free.php > http://www.download.com/3000-2144-10045910.html > and > Spybot Search & Destroy - Free > http://www.safer-networking.org/en/download/index.html > and > Windows Defender - Free (build-in in Vista) > http://www.microsoft.com/athome/security/s...re/default.mspx > Interesting reading: > http://www.pcworld.com/article/id,136195/article.html > "...Windows Defender did excel in behavior-based protection, which detects > changes to key areas of the system without having to know anything about > the actual threat." > > After the software is updated, it is suggested scanning the system in Safe > Mode. > > Some more useful applications: > SpywareBlaster - Free > SpywareBlaster is not a scanner application. It blocks the installation of > most ActiveX-based spyware, adware, browser hijackers, dialers and other > unwanted programs from the user's computer. SpywareBlaster works by > blacklisting the CLSID of known malware programs, effectively preventing > them from infecting a protected computer and also allows the user to > prevent privacy hazards such as tracking cookies. > http://www.javacoolsoftware.com/spywareblaster.html > > Rootkit Revealer - Free > http://www.microsoft.com/technet/sysintern...itRevealer.mspx > > Crap Cleaner - Free > http://www.filehippo.com/download_ccleaner/ > If Windows Defender is utilized go to Applications, under Utilities > uncheck "Windows Defender". > > CW Shredder - Free > http://www.softpedia.com/get/Internet/Popu...WShredder.shtml</span> In addition you could download The PC Decrapifier http://www.pcdecrapifier.com/download "The PC Decrapifier will uninstall many of the common trialware and annoyances found on many of the PCs from big name OEMs." And a HijackThis scan may be in order. Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe Fora where you can get expert advice for HiJack This! (HJT) logs. NOTE: Registration is required in any of the below before posting a log http://www.theeldergeek.com/forum/index.php?showforum=29 http://www.thespykiller.co.uk/index.php?board=3.0 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://forums.tomcoyote.org/index.php?showforum=27 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://www.spywarewarrior.com/viewforum.php?f=5 Quote
Guest Kayman Posted March 31, 2008 Posted March 31, 2008 On Mon, 31 Mar 2008 00:47:41 -0400, What? wrote: <span style="color:blue"> > Kayman wrote:<span style="color:green"> >> On Sun, 30 Mar 2008 18:45:00 -0700, fred wrote: >> <span style="color:darkred"> >>> i'm no expert, but restoring the system might work. </span> >> <snip> >> Restoring the system won't remove the virus.</span> > > It's just a little fyi. > > http://www.microsoft.com/technet/community...gmt/sm0504.mspx</span> "The only way to clean a compromised system is to flatten and rebuild". I am aware of this and wouldn't dispute the fact that this is a 'preferred' course of action. However, not everyone is proficient to do so (I don't think the OP is, nor is she inclined spending $'s to get professional assistance). Pending on infestation severity one has a good chance removing viruses by using quality removel tools/techniques. So, at this stage the advice she's got is pretty good. BTW,you do know the difference between flatten/rebuild OS and restoring a system using the System Restore function, don't you? Quote
Guest FromTheRafters Posted March 31, 2008 Posted March 31, 2008 "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com...<span style="color:blue"> > In message <A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com> > Stephanie Stewart <Stephanie Stewart@discussions.microsoft.com> wrote: ><span style="color:green"> >>My brand new computer has a virus and I used windows defender to delete it >>and everytime it gets done scanning it says an error has occured and I >>can't >>even delete the program that has the virus. I'm really upset that to even >>get >>help with this, i have to pay 60.00 for "advanced support." Vista is >>starting >>to SUCK. >>does anyone have any advice?</span> > > I'd suggest not installing viruses in the first place.</span> Viruses don't install, they infect. Blended threats may install, and have a virus as one of their functions. Sure, it may sound simple to "just not execute" the malware in the first place, but with viruses it isn't that easy. How could you determine what program(s) to not execute? Quote
Guest DevilsPGD Posted March 31, 2008 Posted March 31, 2008 In message <#nafpU3kIHA.5080@TK2MSFTNGP02.phx.gbl> "FromTheRafters" <Erratic@ne.rr.com> wrote: <span style="color:blue"> >"DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message >news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com... ><span style="color:green"> >> I'd suggest not installing viruses in the first place.</span> > >Viruses don't install, they infect. Blended threats may >install, and have a virus as one of their functions. Sure, >it may sound simple to "just not execute" the malware >in the first place, but with viruses it isn't that easy. How >could you determine what program(s) to not execute? </span> While technically true, when was the last time you saw a real virus? Quote
Guest Kayman Posted March 31, 2008 Posted March 31, 2008 On Mon, 31 Mar 2008 17:21:10 -0400, FromTheRafters wrote: <span style="color:blue"> > "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message > news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com...<span style="color:green"> >> In message <A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com> >> Stephanie Stewart <Stephanie Stewart@discussions.microsoft.com> wrote: >><span style="color:darkred"> >>>My brand new computer has a virus and I used windows defender to delete it >>>and everytime it gets done scanning it says an error has occured and I >>>can't >>>even delete the program that has the virus. I'm really upset that to even >>>get >>>help with this, i have to pay 60.00 for "advanced support." Vista is >>>starting >>>to SUCK. >>>does anyone have any advice?</span> >> >> I'd suggest not installing viruses in the first place.</span> > > Viruses don't install, they infect. Blended threats may > install, and have a virus as one of their functions. Sure, > it may sound simple to "just not execute" the malware > in the first place, but with viruses it isn't that easy. How > could you determine what program(s) to not execute?</span> Scanning a program with a quality AV apps prior execution may give you an indication :-) Quote
Guest What? Posted April 1, 2008 Posted April 1, 2008 Kayman wrote:<span style="color:blue"> > On Mon, 31 Mar 2008 00:47:41 -0400, What? wrote: > <span style="color:green"> >> Kayman wrote:<span style="color:darkred"> >>> On Sun, 30 Mar 2008 18:45:00 -0700, fred wrote: >>> >>>> i'm no expert, but restoring the system might work. >>> <snip> >>> Restoring the system won't remove the virus.</span> >> It's just a little fyi. >> >> http://www.microsoft.com/technet/community...gmt/sm0504.mspx</span> > > "The only way to clean a compromised system is to flatten and rebuild". > > I am aware of this and wouldn't dispute the fact that this is a 'preferred' > course of action. However, not everyone is proficient to do so (I don't > think the OP is, nor is she inclined spending $'s to get professional > assistance). Pending on infestation severity one has a good chance removing > viruses by using quality removel tools/techniques. So, at this stage the > advice she's got is pretty good. > BTW,you do know the difference between flatten/rebuild OS and restoring > a system using the System Restore function, don't you?</span> I have been working with MS since 1996 and in IT as a professional since 1971. I think I have got a pretty good take on it. ;-) Quote
Guest Mick Murphy Posted April 1, 2008 Posted April 1, 2008 Below is a list of the security you need to install on your computer. Only one anti-virus to be installed.(more than one can cause conflicts) More than one anti-spyware program is allowable. http://www.avast.com/eng/download-avast-home.html Above is a link to Avast Free 4 Home Anti-Virus It is low resource using, free and Vista 32bit and 64bit compatible. http://www.safer-networking.org/en/index.html For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2†Download it, install it, update it, immunize your system and scan your System with it. http://www.javacoolsoftware.com/ For a non-scanning, but running in the background, Program to STOP Spyware being downloaded to your Computer, use SpywareBlaster 4, available at the above link. -- Mick Murphy - Qld - Australia "Stephanie Stewart" wrote: <span style="color:blue"> > My brand new computer has a virus and I used windows defender to delete it > and everytime it gets done scanning it says an error has occured and I can't > even delete the program that has the virus. I'm really upset that to even get > help with this, i have to pay 60.00 for "advanced support." Vista is starting > to SUCK. > does anyone have any advice?</span> Quote
Guest FromTheRafters Posted April 2, 2008 Posted April 2, 2008 "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message news:asp2v3tss2iq85nvda4h0mlomtormd4vjp@4ax.com...<span style="color:blue"> > In message <#nafpU3kIHA.5080@TK2MSFTNGP02.phx.gbl> "FromTheRafters" > <Erratic@ne.rr.com> wrote: ><span style="color:green"> >>"DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message >>news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com... >><span style="color:darkred"> >>> I'd suggest not installing viruses in the first place.</span> >> >>Viruses don't install, they infect. Blended threats may >>install, and have a virus as one of their functions. Sure, >>it may sound simple to "just not execute" the malware >>in the first place, but with viruses it isn't that easy. How >>could you determine what program(s) to not execute?</span> > > While technically true, when was the last time you saw a real virus?</span> Many blended threat worms of the recent past have used real virus code. The point is that an infected file is likely to be executed by the system or the user just as it would have had it not been infected. It is real easy to say "just don't do it" and believe it is that simple. I just wanted to point out that that is a naive attitude. Quote
Guest FromTheRafters Posted April 2, 2008 Posted April 2, 2008 "Kayman" <kaymanDeleteThis@operamail.com> wrote in message news:uwZzVe4kIHA.1184@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > On Mon, 31 Mar 2008 17:21:10 -0400, FromTheRafters wrote: ><span style="color:green"> >> "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message >> news:gse0v3lodcdtj7ddapq8c4b0apgh0bfmoa@4ax.com...<span style="color:darkred"> >>> In message <A4F4A403-FD0A-405E-80B9-D6C4361F96E2@microsoft.com> >>> Stephanie Stewart <Stephanie Stewart@discussions.microsoft.com> wrote: >>> >>>>My brand new computer has a virus and I used windows defender to delete >>>>it >>>>and everytime it gets done scanning it says an error has occured and I >>>>can't >>>>even delete the program that has the virus. I'm really upset that to >>>>even >>>>get >>>>help with this, i have to pay 60.00 for "advanced support." Vista is >>>>starting >>>>to SUCK. >>>>does anyone have any advice? >>> >>> I'd suggest not installing viruses in the first place.</span> >> >> Viruses don't install, they infect. Blended threats may >> install, and have a virus as one of their functions. Sure, >> it may sound simple to "just not execute" the malware >> in the first place, but with viruses it isn't that easy. How >> could you determine what program(s) to not execute?</span> > > Scanning a program with a quality AV apps prior execution may give you > an > indication :-)</span> True, but these days you may not have complete control over what programs get executed. In fact you may not even have an awareness of programs being executed. Quote
Guest DevilsPGD Posted April 2, 2008 Posted April 2, 2008 In message <#NQ9n$FlIHA.1164@TK2MSFTNGP02.phx.gbl> "FromTheRafters" <Erratic@ne.rr.com> wrote: <span style="color:blue"> >Many blended threat worms of the recent past have used real virus >code. The point is that an infected file is likely to be executed by the >system or the user just as it would have had it not been infected.</span> They do? Virtually everything I've run into falls into the one of two categories: 1) Trojan, being a piece of software which appears to perform a certain action but in fact performs another. 2) Worms, being self-replicating computer programs spreading more or less without user intervention across a network. I haven't seen one in many years that played the original virus trick of actually modifying existing EXEs and waiting for the user to shuffle those EXEs off to another PC somehow. With USB drives capacity increasing, and portable software becoming more popular, we may well see the return of real viruses in the near future, but I can't think of one that has had a major impact in many moons. Now, that being said, a fair amount of malware is polymorphic in one form or another. <span style="color:blue"> >It is real easy to say "just don't do it" and believe it is that simple. >I just wanted to point out that that is a naive attitude. </span> Perhaps somewhat naive, but the reality of it is that if you practice minimal safe computing techniques, specifically, staying behind an inbound packet filtering (Windows Firewall or NAT tend to do the job) and don't install or run anything offered to you unsolicited, only install software either from reputable companies or that you have researched, plus stay up to date with Windows and application patches, you'll be safe. AV software tends to be far too slow to keep up with threats -- I've been in the mail server business for many years now, my own server scans each and every inbound message with three different engines, and still we see malware sneaking through that, if rescanned 24 hours later, gets caught. I wouldn't suggest to users that they rely on AV software, it simply isn't up for the task. There is also a fairly new class of worm, specifically attacking vulnerabilities in AV software, often in the form of buffer overruns in parsers -- So in some cases you're actually more vulnerable with AV software installed then without. While this isn't a new concept as a whole, malware exploiting this type of vulnerability automatically is relatively new. I can tell you that when I was in school, I absolutely loved McAfee, all you had to do was get a file called "program.exe" into the search path of the client-side component, then launch an AV scan and it would launch said program.exe executable from the service-side scanning component which ran with administrative privileges. Quick and easy promotion to full administrative rights, what could be better? Quote
Guest FromTheRafters Posted April 4, 2008 Posted April 4, 2008 > "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message <span style="color:blue"> > news:96s7v3h0nbn9sn0per7k64c5uqkbs1r8jt@4ax.com... > In message <#NQ9n$FlIHA.1164@TK2MSFTNGP02.phx.gbl> "FromTheRafters" > <Erratic@ne.rr.com> wrote: ><span style="color:green"> >>Many blended threat worms of the recent past have used real virus >>code. The point is that an infected file is likely to be executed by the >>system or the user just as it would have had it not been infected.</span> > > They do?</span> Yes, here's a recent example. http://www.trendmicro.com/VINFO/virusencyc...AGIPEF%2ECE%2DO <span style="color:blue"> > Virtually everything I've run into falls into the one of two categories: > > 1) Trojan, being a piece of software which appears to perform a certain > action but in fact performs another. > > 2) Worms, being self-replicating computer programs spreading more or > less without user intervention across a network.</span> Too bad these things can't be so easily pigeonholed. This is why "blended threat" is so often used to describe them. <span style="color:blue"> > I haven't seen one in many years that played the original virus trick of > actually modifying existing EXEs and waiting for the user to shuffle > those EXEs off to another PC somehow.</span> It is not required of viruses to seek out or inhabit new devices - that is worm behavior, however you can see how backups may become involved if infected files are backed up and then the computer is cleaned. You may not back up worm files, but you might back up virally infected files which also contain the worm code. <span style="color:blue"> > With USB drives capacity > increasing, and portable software becoming more popular, we may well see > the return of real viruses in the near future, but I can't think of one > that has had a major impact in many moons.</span> Mostly because the viral impact is overshadowed by the worm and other malicious code's impact. The infection of files may be just in order to "rise from the dead" after one removes an active worm from a system. <span style="color:blue"> > Now, that being said, a fair amount of malware is polymorphic in one > form or another.</span> True, but irrelevent. <span style="color:blue"><span style="color:green"> >>It is real easy to say "just don't do it" and believe it is that simple. >>I just wanted to point out that that is a naive attitude.</span> > > Perhaps somewhat naive, but the reality of it is that if you practice > minimal safe computing techniques, specifically, staying behind an > inbound packet filtering (Windows Firewall or NAT tend to do the job) > and don't install or run anything offered to you unsolicited, only > install software either from reputable companies or that you have > researched, plus stay up to date with Windows and application patches, > you'll be safe.</span> Fairly safe - yes. Absolutely safe - no. Reputable sources can still unknowingly offer "infected" programs. You still will need AV to scan incoming programs before execution. <span style="color:blue"> > AV software tends to be far too slow to keep up with threats -- I've > been in the mail server business for many years now, my own server scans > each and every inbound message with three different engines, and still > we see malware sneaking through that, if rescanned 24 hours later, gets > caught. I wouldn't suggest to users that they rely on AV software, it > simply isn't up for the task.</span> This lag time between the onset of a threat and the response by way of detection definitions being implemented is the achilles heel of the AV service. That is why the recent malware is mostly aimed to exploit this instead of using the older viral techniques. Without AV it would quickly become much worse. <span style="color:blue"> > There is also a fairly new class of worm, specifically attacking > vulnerabilities in AV software, often in the form of buffer overruns in > parsers -- So in some cases you're actually more vulnerable with AV > software installed then without.</span> True, but these flaws in software are inevitable for all program types. The key is that they are addressed quickly when discovered. The reputable AV companies are really good about this. <span style="color:blue"> > While this isn't a new concept as a > whole, malware exploiting this type of vulnerability automatically is > relatively new.</span> IIRC most of these were related to the routines used by the AV to unpack, unzip, melt, or otherwise translate data to code to scanning purposes. I never thought that that was a good idea for AV to do. The user should have some responsibility for his own protection. Then it seems that the Java system translated zipped files into code and executed it without the user in the loop - in my eyes this feature necessitated the scanning within archives feature. So the scanner program essentially became an internet facing receiver of foreign code that even unzipped and executed the malware it was trying to protect you from. I actually laughed when I first heard about this - the irony of it all. <span style="color:blue"> > I can tell you that when I was in school, I absolutely loved McAfee, all > you had to do was get a file called "program.exe" into the search path > of the client-side component, then launch an AV scan and it would launch > said program.exe executable from the service-side scanning component > which ran with administrative privileges. Quick and easy promotion to > full administrative rights, what could be better?</span> Spoken like a true hacker. style_emoticons/D Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.