Descriptions of malware behavior? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Descriptions of malware behavior?

On 2/9/2012 6:54 PM, FromTheRafters wrote:
Quoted text here. Click to load it


I could run as long as I could run, but why! Why should I want to! The
only reason I would use an infected machine is to experiment with
cleaning it or identifying it for a purpose. I really don't understand
your question...it seems somewhat naive.
Quoted text here. Click to load it

Prevention versus silver bullets ... since silver bullets don't exist,
total prevention is impossible but always necessary to continue to do
the best you can with it. Luck prevails most of the time. A time will
likely come that one will run across malware that defeats even the best
prevention. Hopefully not, but the risk is always there. Best to be
prepared for it at any moment.

As for already losing the battle, well that is just wrong. Ransonware
has to have something you used to have to make it worth anything. That
is easy to prevent. I don't think I'll get anywhere with this debate and
I'm not really inclined to try.

I'm confident in my methodology and think it impossible to penetrate. I
keep nothing worth anything on any computer connected to the outside,
especially truly sensitive data. I do make online purchases, but use a
service with excellent fraud guard. Every thing I have is locked up safe
in multiple locations on and off-site.

I also have multiple computers and external hard drives. Hardware can be
damaged and files can be stolen or destroyed, but nothing harmful. If
you do not protect yourself in this manner, you are foolish.
Quoted text here. Click to load it

You totally misunderstand my methodology and don't seem willing to try.
I'm not concerned with non-windows users. Windows provides the richest
environment for computing mainly because that is the worldwide dominant
OS and all the vendors and developers (and malware programmers) know it.
I'll stay with it until something significant changes my mind.

You also seem to be hung up on "operating while infected...". I have no
intention to do so. I suppose that is about the best red-herring you can
throw up.

Please understand that I am not trying to ridicule you. I've been
computing since 1980 and have a lot of applied experience. I've given
much sustained deep thought to these processes. I've used that
experience to develop the best plan for myself...and don't mind sharing
it with those who are interested.

I read much discussion about security, malware etc. but never see any
one with as sound a logic as I have developed for myself. The arguments
are the same, ancient ideology and a losing battle. I am beginning to
see some folks approach it close to my logic, but none have truly
crossed over yet. To bad.

Regular users have a much better chance and ability to approach security
with my process than any other I've seen. Sure, basic security is
important. Most people can't do it. Anyone can do what I do. It's very
simple but requires discipline and a complete understanding of the
methodology. It isn't complex. Yes I use prevention and promote it. It
isn't nearly enough or the most important.
Quoted text here. Click to load it


--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Descriptions of malware behavior?

Bear wrote:
Quoted text here. Click to load it

Some malware's purpose is to use your computing power to replicate
itself and attack more machines. Your nonchalant 'fix-it-later' attitude
does nothing to fight malware.

That doesn't mean it isn't a good idea apart from the malware arena.

[...]

Quoted text here. Click to load it

Agreed.


Sounds somewhat naive.

Quoted text here. Click to load it

Agreed.

[...]

Re: Descriptions of malware behavior?

On 2/9/2012 9:08 PM, FromTheRafters wrote:
Quoted text here. Click to load it

Sigh. You totally have a closed one track mind. I don't mean use the
machine and fix it later. I mean image the infected machine and save
that image. If you want to investigate the malware and try to clean it.
You can do that now or later once you have the image. The infected image
also allows you to retrieve something from that system if needed or
reload the infected image if your cleaning borks the system and you want
to try again. If you don't have a clean replacement image this is even
more important for various reasons.

But you don't use the infected machine. You reload your clean image and
use that. Sigh...totally closed mind.
Quoted text here. Click to load it
LOL.


Agreed.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Descriptions of malware behavior?

Bear wrote:
Quoted text here. Click to load it

I understand that, you're not understanding my point.

Quoted text here. Click to load it

All beside the point.

Quoted text here. Click to load it

Yeah, I noticed that about you.

Once you've convinced users that they have addressed the malware issue
by having a good backup plan, they may forgo adding software that
actually *does* address malware. My point is that they won't know that
they are infected, and damage can be done while the infected user
session is in progress - which may be for an extended period.

Your worthy backup plan should be presented as a disaster recovery plan
and *not* as an anti-malware plan because it doesn't really address the
malware problem at all.

Despite appearances, malware isn't really about writing to disk and
trying to remain persistent, it is about using your computing power to
do whatever the programmer wanted it to.

Re: Descriptions of malware behavior?


< snip >

Quoted text here. Click to load it


Y E S  !

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Descriptions of malware behavior?


Quoted text here. Click to load it

Agreed. His plan is better suited for hardware failure and/or physical
theft. It does *nothing* for malware. Except to provide a very false sense
of security, as the image is vulnerable to whatever got the box in the
first place.

Speaking of images, unless you do an exact sector for sector duplicate,
it's not forensic and not really a complete backup. By Default,
Acronis/ghost don't do this, but they can.
 
Quoted text here. Click to load it

Absolutely!


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Descriptions of malware behavior?

Dustin wrote:
Quoted text here. Click to load it

Earlier, I was wondering if his recommended EaseUS fell into that
category. Anyway, its forensic value also depends on using an approved
program being operated by an approved person doesn't it? I would think
an image made by the tech or by the user would be pretty useless whereas
the actual infected drive would have real value.

That is, they're *not* the same.

[...]

Re: Descriptions of malware behavior?


Quoted text here. Click to load it

Ive done forensic recovery under contract. The actual drive for evidence
is sector by sector imaged and you work from that, not the original.
 
Quoted text here. Click to load it

Typical user images aren't forensic in nature, no. :)


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Descriptions of malware behavior?


Quoted text here. Click to load it

Very true.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Descriptions of malware behavior?

On 2/10/2012 9:30 AM, Dustin wrote:
Quoted text here. Click to load it

Absolutely wrong.

My method is as forensic as you can get...with a fallback from that
which is pure.
Quoted text here. Click to load it

Malware does every conceivable thing that can be done with it. You're
speaking out your ass.
--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Descriptions of malware behavior?


Quoted text here. Click to load it

I already provided most of the requirements for a forensic image Bear. I
see no point in your comment here...?

Quoted text here. Click to load it

Hehe. Bear, I always speak with the experience not only of that as a
researcher but also an established and well known former virus writer.
It's *you* who's speaking from his preverbial arse on this subject. Please
don't attempt to educate me on what malware can do, I wrote more than my
fair share.



--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Descriptions of malware behavior?

On 2/10/2012 8:49 PM, Dustin wrote:
Quoted text here. Click to load it
Well don't be so flippant and limited on what malware can do and you
won't look so foolish which directs the need to correct you.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Descriptions of malware behavior?


Quoted text here. Click to load it
 
You must be used to dealing with stupid people. Luckily, you won't find
many here. Your efforts to spin what myself and others have wasted time
trying to explain to you is just humourous at this point.

For example, I'll amuse myself by asking you to cite even one MID where
I limited what malware can do with regard to your backup plan?

Bear, make no mistake; the fact you've been playing with computers since
1980 does not in any possible way make you an expert on them in any
fashion. Someone with that much experience who can't code is a hobbyist
at best--In any event, IT *isn't* your forte.

You've yet to correct me on anything, btw. Simply stating it with a
smartass remark *doesn't* make it so. I don't claim to be perfect Bear,
but I likely do know a considerable amount about IT security than
yourself--Despite our age difference and amazing only 6 year lead you
have on me in so far as first official experience. I don't count the
mathlab computers or the logos/robotics class in 2nd grade that I
successfully hacked :) (I started young lol). I count from 1986 when I
got my first one at home. It was my 8th bday present which is probably
still the coolest thing anybodies ever gotten me.





--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Descriptions of malware behavior?

On 2/10/2012 9:16 PM, Dustin wrote:
Quoted text here. Click to load it

All I've seen you do is stomp around with a smart ass mouth talking
about how smart you are and only coders can know anything. I haven't
seen you provide any significant content or anything that could be
considered real help to promote a better computing environment of any
substance at all. You have a one track ancient closed mind approach to
today's threats that are not any use to users at all. It's time you were
called on it.

You have an ego issue and seem to need to attempt to protect your self
perceived status and speak without saying anything. If you are as good
as you think you are, you should be providing clear cut well presented
methodology for users to become self reliant with their own computers.
You never even come close to approaching that.

So regardless of what you know, you fail miserably at being helpful.
I've also witnessed a mentality of yours that is stuck in the past and
really don't have a clue how to direct people on a successful path to
enable themselves. It's pitiful.
--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Descriptions of malware behavior?


Quoted text here. Click to load it


Aren't you tired of resorting to these false comments? They've already
been disproven, several times now. You've previously claimed to have
lurked here for years; assuming that's true, then you can't possibly
claim Ive never helped anyone here. Further, You'd already know who I am
by handle and so wouldn't have stepped in shit by trying to tell me I'm
speaking from my ass concerning malware. Hell, I wrote and supported an
antimalware scanner and got a job offer by another well known
antimalware company because of it and the knowledge I have concerning,
coding Bear.

Todays threats are essentially the same as yesterdays and the day
before. It's all about the code at the end of the day. Not the paint or
new body style. As I still disassemble the "modern" trojans you call
malware, I'm hardly behind the times.

Again tho, you won't be calling me out on anything in so far as malware
is concerned. You've never disassembled any, You've never written any.
At the end of the day, you don't know much about it.
 
Quoted text here. Click to load it

You have a knack for writing a completely offtopic rant in a miserable
attempt to deflect the pile of poo you seem determined to keep stepping
in here. This isn't alt.comp.freeware; when you post shit, you will be
called on it.

Cite an MID where I said I'm smarter because I code. :) Fact is, if you
can't code and somebody else can at the hardware level, they DO KNOW
MORE than you about how the box works. That's just a fact, Jack.

Has absolutely nothing to do with ego.
 
Quoted text here. Click to load it

When you are able to provide a disassembly, analysis and followup with
specific instructions for helping someone, then we can compare
helpfulness. As I have on numerous occasions done that right here in
usenet, you are again! talking shit in a pathetic attempt to paint
yourself in some superior light over me. It's just not going to happen.
I'm not some dumbass end user in need of your education.

Quoted text here. Click to load it

More deflection. I'm no push over Bear.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Descriptions of malware behavior?

Dustin wrote:

Quoted text here. Click to load it

Sounds like it, bummer.  ;-(

Quoted text here. Click to load it

Those were not cheap back in the day!  I remember a true Soundblaster
brand card was coveted by early adopters of MIDI music makers.  They
were a luxury item, the rest of us listened to the PC speaker until the
clones came cheap.

  




  

Re: Descriptions of malware behavior?


Quoted text here. Click to load it

It was the 16bit soundblaster pro. :) Awesome card!


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Descriptions of malware behavior?

Bear wrote:

Quoted text here. Click to load it

You're wrong.  99% of every user behind a router, is behind a hardware
firewall.  That's probably about 90% of total users.


Re: Descriptions of malware behavior?


Quoted text here. Click to load it

He's a real loon dude. Doesn't know his ass from a hole in the ground
based on the nonsense and offtopic personal attacks. Maybe he should have
done a little of the blue collar work he thinks he was too good to do.
Would have come in handy for his recovery plan me thinks.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Descriptions of malware behavior?

Dustin wrote:


Quoted text here. Click to load it

He's worse in his own environment, in the freeware group he helped
destroy.  Can't tell him nothin'.




Site Timeline