comp/net virus protection - Page 3

tw · 01-30-2009, 02:20 AM

Quote:

Originally Posted by Nirvana

I have AVG, SuperAnti Spyware, Spybot, Malwarebytes, Crap Cleaner and they work very well with each other and together they catch everything and they are free!

Where is a single example of mal-ware being caught? Just because a virus was not detected does not mean anti-virus software is working. After all, that computer (in a previous post) had anti-virus software, and then had Microsoft's Automatic Update and wwww.windowsupdate.com both disabled. Are those same functions disabled on your machine? How would you know? Or did anti-virus software detect, remove, stop, and announce that malware?

So how many have seen their anti-virus software detect Conficker - the current widespread worm? If anti-virus software has not reported mal-ware, then is it really doing anything?

classicman · 01-30-2009, 06:51 PM

That MAY all be true, but what would tell me if I have never been infected? There is no way to prove that is there? or is there?
I have Spyware Doctor and VirusScan - they update like every week or so.(don't really pay attention, but it is frequent. I know that much. I get and read the report when they run a scan. IT tells me what was found/stopped killed.... I run it again after the bad stuff was removed till I get a clean report. What else can I do here?

tw · 01-30-2009, 10:29 PM

Quote:

Originally Posted by classicman

That MAY all be true, but what would tell me if I have never been infected? There is no way to prove that is there? or is there?

If it reports what was found and removed, then you know an infection existed. If it reports it stopped contamination or found something suspicious, again, then you know the anti-virus software did something. I don't know of any anti-virus software that would fail to report such actions.

I often hear how good the anti-virus software is. But I never really hear why they know.

Some reports insist that 30% of computers are infected by Conficker. If true and if anti-virus software is so effective, then some here should have reported anti-virus software either stopping or removing that worm.

I have observed anti-virus software updating typically about once a day. Microsoft updates are available every Tuesday if there is anything to update.

Beestie · 01-31-2009, 03:25 AM

Quote:

Originally Posted by Radar

Who knows better how your Microsoft system should run than Microsoft?

You mean the company that designed a virus/malware/spyware welcome mat disguised as a web browser?

lumberjim · 01-31-2009, 05:56 AM

our main downstairs computer has a pop up problem.....or maybe something worse.

it's been throwing windows open with websites and ads in them....both IE and Firefox. i have the pop up blocker set on in both.... i tried to dl avg, but when i went to install it, i got the blue screen of death. so then i got spybot.....but that wont update( says it cant connect to the server) and therefore wont run. i tried to run the free kasperski scan to see what it was, but that wont d/l either.

it's like it knows i'm trying to fix it, and it's actively thwarting me.

oh, and when you do a google search, you click a link, and instead of taking you there, it takes you to a semi related ad instead. i think it's got a demon.

Undertoad · 01-31-2009, 10:50 AM

That's pretty common, viruses that hijack your links so that you look at stuff they promote. Try downloading AVG or spybot from another computer and load it from a USB thumb drive.

Shawnee123 · 01-31-2009, 11:29 AM

Well hell...I just noticed my computer time is off. Huh? How does that happen...isn't it just automatic?

At least the year 8021 isn't showing again.

Now it's normal again...I did a synchronize thingy. But how did it do that?

classicman · 02-01-2009, 02:11 AM

Quote:

Originally Posted by tw

If it reports what was found and removed, then you know an infection existed. If it reports it stopped contamination or found something suspicious, again, then you know the anti-virus software did something. I don't know of any anti-virus software that would fail to report such actions.

I guess what I was asking is this. How do I know an infection exists if my software doesn't detect it?

BigV · 02-01-2009, 12:16 PM

Quote:

Originally Posted by lumberjim

our main downstairs computer has a pop up problem.....or maybe something worse.

it's been throwing windows open with websites and ads in them....both IE and Firefox. i have the pop up blocker set on in both.... i tried to dl avg, but when i went to install it, i got the blue screen of death. so then i got spybot.....but that wont update( says it cant connect to the server) and therefore wont run. i tried to run the free kasperski scan to see what it was, but that wont d/l either.

it's like it knows i'm trying to fix it, and it's actively thwarting me.

oh, and when you do a google search, you click a link, and instead of taking you there, it takes you to a semi related ad instead. i think it's got a demon.

I'm willing to help you with this, if you're interested.

mbpark · 02-01-2009, 04:22 PM

Lumberjim,

The best thing you can do is find someone who has the Ultimate Boot CD for Windows with the AVG 7.5 or other AV plugins updated and available either on CD or USB key.

You are at a point where you cannot boot into Windows to clean the PC. You need to boot into an alternate environment and run AV tools from there on your machine to clean it. That is the only way you will be able to clean your machine of viruses that do a good job of cloaking themselves from the currently running copy of Windows.

That's one thing a lot of people don't understand (and TW, this is how I found a Conficker variant on someone's laptop). You can't accurately scan a known infected machine for viruses using a virus scanner and be 100% sure you got something. It's like fixing a house with a bad foundation. You have to take more direct measures, especially when the Windows API provides many holes to hide DLLs and other injection methods (and you can get the book Security Warrior from O'Reilly, which will show you how to do it).

And yes, Norton AntiVirus used to do this effectively many years ago (boot CD).

Yes, we can talk about how great certain AV programs are, but if you don't have the right methodology for getting at the really nasty ones, it's all moot.

That said, Lumberjim, make friends with someone who has that CD or bootable USB stick. You will find many interesting things.

Nirvana · 02-01-2009, 07:10 PM

Quote:

Originally Posted by tw

So how many have seen their anti-virus software detect Conficker - the current widespread worm? If anti-virus software has not reported mal-ware, then is it really doing anything?

All these programs have log files. I had 50 yes count em 50 trojans on my machine that have been eliminated/quarantined. I had the Rogue virus quarantined as well as several adware programs.

tw · 02-02-2009, 03:31 AM

Quote:

Originally Posted by Nirvana

I had 50 yes count em 50 trojans on my machine that have been eliminated/quarantined. I had the Rogue virus quarantined as well as several adware programs.

But you also said you have AVG, SuperAnti Spyware, Spybot, Malwarebytes, and Crap Cleaner. So we still don't know which software did anything and which was doing nothing.

Remember what the question is. Which anti-virus software is any good? Did only AVG detect them? Then why list Crap Cleaner if it did nothing? Only helpful is to list which programs detected what mal-ware.

tw · 02-02-2009, 03:38 AM

Quote:

Originally Posted by lumberjim

i tried to dl avg, but when i went to install it, i got the blue screen of death. so then i got spybot.....but that wont update( says it cant connect to the server) and therefore wont run.

This is why I try to keep a latest copy of Microsoft’s Malicious Software Removal tool on every machine. It may remove enough that you can then download or execute other larger cleaners.

MSR tool is a less than 10 Mb executable program that may even be loaded from Microsoft, a memory stick, or CD-Rom; then executed. It is a simple tool downloaded free from www.microsoft.com/downloads and updated every month.

tw · 02-02-2009, 03:47 AM

Quote:

Originally Posted by mbpark

Yes, we can talk about how great certain AV programs are, but if you don't have the right methodology for getting at the really nasty ones, it's all moot.

Nobody suggests an anti-virus software is perfect. However if Conficker is as widespread as reported, then every decent anti-virus software must have some solution or at least report the worm exists. Currently, you are the only one who even mentions detecting it. Others have said their anti-virus software works great, but never reported anything detected, stopped, or removed.

Currently posted is not a single useful benchmark from which to recommend any anti-virus software. Irrelevant is the methodology for one virus. More important are which anti-viruses see and do not see how many infections. Only then would a potential benchmark exist.

mbpark · 02-02-2009, 05:17 AM

Tom,

My methodology/process catches a lot more than just Conficker

. It catches the viruses that hide themselves in System Restore space, and the ones that hide themselves using the Windows API and even File Streams. I've found many viruses this way. I just used Conficker as an example.

Unfortunately, you can't have a good process to "stop" a virus when the system itself is heavily flawed and allows compromise the way Windows does. The benchmarks I posted earlier were for known viruses. That just turns your AV program into a glorified pattern recognizer. That is irrelevant when many of the new viruses know how to subtly change themselves to avoid detection and you have to use behavior-based techniques to get at the viruses.

I don't see this situation changing any time soon. There's no good way to look at a live system considering how complex Windows is, and how it presents hundreds of hiding spots for any piece of malware. You have to find where they load from, not where they live afterwards.

The solution is to re-architect Windows, and that has only just started with Vista and Windows 7. The solution is not the multi-billion dollar malware defense industry. While it keeps many very smart people employed, it's all for naught if the underlying system has the issues Windows does.

Take a look at Green Hills Integrity, Kadak AMX, QNX, or even OpenBSD to see how an OS can be resistant to such attacks.

01-30-2009, 06:51 PM	#32
classicman barely disguised asshole, keeper of all that is holy. Join Date: Nov 2007 Posts: 23,401	That MAY all be true, but what would tell me if I have never been infected? There is no way to prove that is there? or is there? I have Spyware Doctor and VirusScan - they update like every week or so.(don't really pay attention, but it is frequent. I know that much. I get and read the report when they run a scan. IT tells me what was found/stopped killed.... I run it again after the bad stuff was removed till I get a clean report. What else can I do here? __________________ "like strapping a pillow on a bull in a china shop" Bullitt

01-31-2009, 05:56 AM	#35
lumberjim I can hear my ears Join Date: Oct 2003 Posts: 25,571	our main downstairs computer has a pop up problem.....or maybe something worse. it's been throwing windows open with websites and ads in them....both IE and Firefox. i have the pop up blocker set on in both.... i tried to dl avg, but when i went to install it, i got the blue screen of death. so then i got spybot.....but that wont update( says it cant connect to the server) and therefore wont run. i tried to run the free kasperski scan to see what it was, but that wont d/l either. it's like it knows i'm trying to fix it, and it's actively thwarting me. oh, and when you do a google search, you click a link, and instead of taking you there, it takes you to a semi related ad instead. i think it's got a demon. __________________ This body holding me reminds me of my own mortality Embrace this moment, remember We are eternal, all this pain is an illusion ~MJKeenan

01-31-2009, 11:29 AM	#37
Shawnee123 Why, you're a regular Alfred E Einstein, ain't ya? Join Date: Jun 2006 Posts: 21,206	Well hell...I just noticed my computer time is off. Huh? How does that happen...isn't it just automatic? At least the year 8021 isn't showing again. Now it's normal again...I did a synchronize thingy. But how did it do that? __________________ A word to the wise ain't necessary - it's the stupid ones who need the advice. --Bill Cosby

02-01-2009, 04:22 PM	#40
mbpark Lecturer Join Date: Jan 2001 Location: Carmel, Indiana Posts: 761	lumberjim, the best thing you can do.... Lumberjim, The best thing you can do is find someone who has the Ultimate Boot CD for Windows with the AVG 7.5 or other AV plugins updated and available either on CD or USB key. You are at a point where you cannot boot into Windows to clean the PC. You need to boot into an alternate environment and run AV tools from there on your machine to clean it. That is the only way you will be able to clean your machine of viruses that do a good job of cloaking themselves from the currently running copy of Windows. That's one thing a lot of people don't understand (and TW, this is how I found a Conficker variant on someone's laptop). You can't accurately scan a known infected machine for viruses using a virus scanner and be 100% sure you got something. It's like fixing a house with a bad foundation. You have to take more direct measures, especially when the Windows API provides many holes to hide DLLs and other injection methods (and you can get the book Security Warrior from O'Reilly, which will show you how to do it). And yes, Norton AntiVirus used to do this effectively many years ago (boot CD). Yes, we can talk about how great certain AV programs are, but if you don't have the right methodology for getting at the really nasty ones, it's all moot. That said, Lumberjim, make friends with someone who has that CD or bootable USB stick. You will find many interesting things.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

01-31-2009, 10:50 AM	#36
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	That's pretty common, viruses that hijack your links so that you look at stuff they promote. Try downloading AVG or spybot from another computer and load it from a USB thumb drive.

02-02-2009, 05:17 AM	#45
mbpark Lecturer Join Date: Jan 2001 Location: Carmel, Indiana Posts: 761	Tom, My methodology/process catches a lot more than just Conficker . It catches the viruses that hide themselves in System Restore space, and the ones that hide themselves using the Windows API and even File Streams. I've found many viruses this way. I just used Conficker as an example. Unfortunately, you can't have a good process to "stop" a virus when the system itself is heavily flawed and allows compromise the way Windows does. The benchmarks I posted earlier were for known viruses. That just turns your AV program into a glorified pattern recognizer. That is irrelevant when many of the new viruses know how to subtly change themselves to avoid detection and you have to use behavior-based techniques to get at the viruses. I don't see this situation changing any time soon. There's no good way to look at a live system considering how complex Windows is, and how it presents hundreds of hiding spots for any piece of malware. You have to find where they load from, not where they live afterwards. The solution is to re-architect Windows, and that has only just started with Vista and Windows 7. The solution is not the multi-billion dollar malware defense industry. While it keeps many very smart people employed, it's all for naught if the underlying system has the issues Windows does. Take a look at Green Hills Integrity, Kadak AMX, QNX, or even OpenBSD to see how an OS can be resistant to such attacks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)