A new name for alt.comp.anti-virus?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Kasperskys on cybercrime: Don't blame the Russian mafia and why we
need anti-anti-anti virus software

http://www.networkworld.com/news/2007/020107-kaspersky-cybercrime.html

Quote (Eugene Kaspersky): "I知 watching the changes in their criminal
technology and I知 really afraid, because these guys are getting more
experienced. They develop anti-antivirus technology, we have to
develop anti-anti-antivirus technology."

Where will the madness end? LOL.

  http://www.cartoonistgroup.com/store/add.php?iid=6381

Ron :)

Re: A new name for alt.comp.anti-virus?

On Sat, 03 Feb 2007 13:18:19 GMT, Ron Lopshire wrote:

Quoted text here. Click to load it

Wouldn't it be possible to automatical track all IP's that software try to
reach from own pc? (all are not pros who know such stuff).
Just as McAffe advice on sites it could perhaps be possible to analyze IPs
before contacting them?

A way to improve antivirus applications would be to increase the amount of
money in the buying-antivirus market. Some ideas:

1) Magazines (and perhaps also government) arrange more tests of antivirus
and put'em in official websites.

2) Let private pc owners have tax reduction when showing receipts for buying
anti-virus software and hardware firewalls.

3) Banks and large webshops sell _leading_ antivirus at reduced prices to
customers.

http://www.av-comparatives.org /

My belief is that there is a BIG need for NEW creative ways to pinpoint
/identify malware.

The other day I saw, with my own eyes how someone from outside erased a
antivirus-shield from my pc.
I have also reasently had "invisible" email (shown by scanners, not seen in
mailbox) and other crazy stuff.
I have one of those banks that almost in panic during last months have been
forced to add extra code-tables with codes sent out to customers.

So, perhaps the AV-comparatives testing should be enlarged to realy tell
something valuable about antiviruses.


Morgan O.

Re: A new name for alt.comp.anti-virus?

Morgan Ohlson wrote:

Quoted text here. Click to load it

I have lost _all_ respect for SiteAdvisor. In MNSHO, SA should be
listed here:

  http://thesaurus.reference.com/browse/capriciousness

And all of these anti-phishing measures, IMNSHO, are nothing but snake
oil. One, the phishers will always be two steps ahead of those
tracking them, and two, those who display these HTML documents are the
_least_ capable of dealing with them. There is _nothing_ worse than a
false sense of security.

Quoted text here. Click to load it

Magazines are revenue-driven. 'Nuff said. And Consumer Reports is run
by a bunch of altruistic, PBS-watching commies. [bg]

  http://www.aynrand.org /

Quoted text here. Click to load it

Screw the tax incentives. See agriculuture for how subsidization is
counter-productive.

Those who get hacked and start spewing crap as a result of being
incorporated into a botnet should lose their ISP service, or go back
to dialup, until they clean up their boxes. Most of this crap could be
controlled if (in the US, for example) these guys

  http://www.isp-planet.com/research/rankings/usa.html

would control the botnets in their own back yards. These clowns could
start by blocking port 25.

  http://cbl.abuseat.org/nat.html

You won't find too many people on dial-up who have become part of a
botnet. At least not for long. They can't take the bandwidth hit.

Quoted text here. Click to load it

If it costs _you_ when your computer gets hacked and you start sending
spam and malware to _me_, then the market will take care of itself.

The problem is that currently there are no incentives to keep one's
box clean. Some idiot with a 100 Mbps connection doesn't care about 30
Kbps worth of his bandwidth being eaten up by the botnet worm that he
got using P2P. This same clown will spend $300 on an online game, but
won't spend $50 to secure his box.

Quoted text here. Click to load it

There are only a couple of tests worth anything, and they have their
limits. These are the only links (including yours) that I post anymore.

AV-Test (Andreas Marx - Germany)
   http://www.av-test.org /
AV-Comparatives (Andreas Clementi - Austria)
   http://www.av-comparatives.org /
Food for thought (Eugene Kaspersky)
   http://www.viruslist.com/en/analysis?pubid=174405517

Unless I want to piss off some smart-ass NOD32 user.* Then I post this:

  http://www.virus.gr/english/fullxml/default.asp?id=82&mnu=82

*I am talking about jerking certain people's chains. If I didn't use
KAV, I would use NOD32. It's a great product. VirusP's work, on the
surface, appears intriguing, but most analysts would tell you that the
methodology does not pass muster from a scientific standpoint.

Quoted text here. Click to load it

And it gets easier with wireless.

Quoted text here. Click to load it

Not in _my_ mailbox. I only use text for email, and as a result, I am
immune to almost every email scam out there. Most of the /invisible/
images are web bugs,

  http://en.wikipedia.org/wiki/Web_bug

Fred Langa adds this garbage to his newsletter in order to generate
revenue. If you use text-only for email and/or disable inline images,
you are immune to this crap.

Here is a perfect example of why the fight against the creeps is
probably a lost cause. People use HTML for email, with ActiveX, Java,
Javascript, cookies, Flashcrap, iFrames, Preview, and all kinds of
other crap enabled. For what? So that some idiot can embed animated
smiley GIFs in his/her email? You need to format your email message to
tell your colleagues that the meeting has been moved from 10:00 AM to
2:00 PM? Give me a break.

http://isc.sans.org/diary.html?storyid=1954&isc=dc0d8f499f2eddf98afebda490e128d8
Short Version: http://tinyurl.com/ycljp6

Quote: "Remember: when Moses came down off the mountain, it was with
text chiseled into stone; not DHTML, JavaScript, and animated GIFs.

If text is good enough for God, then it's good enough for you.  ;-) "

Quoted text here. Click to load it

The criminals will always stay ahead of those who fight them. Until
there is no money in it. See the War on Drugs.

  http://www.leap.cc /

And the banks are part of the problem. If you call most of them, they
will tell you that you must use IE and ActiveX in order to use their
online services. Why? Because their online department is staffed by a
bunch of kids who just got out of a computer class taught by some
commie professor who has been wined and dined by Microsoft. But do
they ask you whether or not your box is secure enough to make a
financial transaction over the internet? Hell no.

Quoted text here. Click to load it

The only thing that you can really go by when it comes to AV testing
are the trends. Every vendor gets beat from time to time, but the good
ones are at or near the top, month after month, year after year.
Follow the trends, and avoid the snake oil.

There is a new paradigm in the purveyance of malware and that is
email. Specifically HTML email. And so in the middle of this war, what
do most people do? Sign up for crap like Gmail, Hotmail, Yahoo! Mail,
and then use their browsers to send and receive email. You know, their
browsers. The browsers that have had every fricking feature enabled
since they bought the box. Beam me up, Scottie. Please.

Those who want to know the future of waging war against all of this
only need look to the world-wide War on Drugs. The War on Drugs should
be listed here:

  http://thesaurus.reference.com/browse/lost%20cause

We are _not_ in the middle of a War against Spam, Phishers, Spoofers,
botnets, whatever. The War is over. We lost. Get over it.

  http://www.eweek.com/article2/0,1895,2029720,00.asp

  http://it.slashdot.org/article.pl?sid=06/10/17/002251&from=rss

Quote: "There is a general feeling of hopelessness as botnet hunters
discover that, after years of mitigating command and controls, the
effort has largely gone to waste. 'We've managed to hold back the
tide, but, for the most part, it's been useless,' said Gadi Evron, a
security evangelist at Beyond Security, in Netanya, Israel, and a
leader in the botnet-hunting community. 'When we disable a
command-and-control server, the botnet is immediately re-created on
another host. We're not hurting them anymore.' "

Nothing will change until the ISPs change. And that ain't gonna
happen. I mean how hard is it to block port 25, and they won't even do
that. Sigh.

Thanks for your thoughts, Morgan.

Ron :)

Re: A new name for alt.comp.anti-virus?

Ron Lopshire wrote:
Quoted text here. Click to load it

y'know, anti-anti-virus technology has been around longer than kaspersky
labs so i'm really not sure what they're talking about with that quote...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Site Timeline