!!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scar...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've been Googling for many hours now... In vain!!! This is a pain.

I usually install good commercial Anti-virus+Anti-spyware (Like Panda
or Nod32) to my customers and a week or a month later they call me
because they've been victims of Antivirus 2009 or XP Police Antivirus
or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
http://tinyurl.com/chwpxm ).

Does someone knows how to prevent those scareware to install in the
first place?
Should I convert all my customers to use limited privileges user
accounts?
Computer resources-wise, it doesn't make sense to me to run a
commercial antivirus+antispyware AND another antispyware (like
Malwarebytes' Anti-Malware).

I know that user education is one of the best way to prevent those.
But sometimes it's difficult for new users or old fellows to remember
all this technicality.

Any ideas or suggestions?


Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

In article <b8399ebd-87be-4fdc-aece-050262e8e590
@v39g2000pro.googlegroups.com>, RakperBanengen@yahoo.com says...
Quoted text here. Click to load it

No computer user that is not 100% aware of the threats should be
permitted to run as a anything other than a LIMITED account.

The best way to keep people from being infected, since the infection
happens by means that has been published for more than a decade, my
means that has been in ever major news outlet for 5+ years... is to let
them compromise their computers and then CHARGE them to clean it.

It appears, having worked on thousands of compromised machines, that
those who get infected don't care to learn UNTIL it costs them money.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and

Hi Leythos,

Wednesday February 18 2009, Leythos writes to All:

 > From: spam999free@rrohio.com
 > It appears, having worked on thousands of compromised
 > machines, that those who get infected don't care to learn
 > UNTIL it costs them money.

Learn the hard way eh. :)

        Gufus

--
K Klement

Enhance your marketing at   http://www.gypsy-designs.com
                           mailto:info@gypsy-designs.com
Gypsy Designs                        Fax: (403) 242-3221

... There are more ways of killing a cat than choking her with cream.

Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

Quoted text here. Click to load it

Well, finally we agree on something. That's what I do, I charge them for it.
Over and over and over. Often on the same machine.

One of my client's finally got so pissed (broke, from my bills) that I sold
him an Internet Blocking tool/installation on his 20 machines in four
offices. It only allows access to three sites that are business
requirements. Nothing else. You oughta hear the employees screaming. But he
doesn't care. It isn't their money that has to pay for collecting viruses.
It's his.

-Frank


Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

RakperBanengen@yahoo.com wrote:
Quoted text here. Click to load it

'Web of Trust' can be used to make your customers aware that they are a lot
of sites out there that want to infect their machines, all those innocent
looking screensavers, smileys and free games come with payloads etc. its
very  similar to mcafee site advisor and works on ie and ff.

gaz



Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)


Quoted text here. Click to load it

NOD32 is OK.
Panda stinks.


Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)


Quoted text here. Click to load it

How about getting them to use Firefox with the Noscript and Adblocker
extensions?

Quoted text here. Click to load it

You better watch out - Xenu will get you now!
--
Michael Cecil
http://home.roadrunner.com/~macecil /
http://home.roadrunner.com/~safehex /
http://home.roadrunner.com/~macecil/hackingw7 /

Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

Quoted text here. Click to load it

Thanks all for your input!

So, Is there a free/low cost solution to stop da XP AntiSpyware 2009
kind of thang? I mean, why can't the legit commercial antivirus
+antispyware able to detect those threats? They kind of all use the
same pattern to infiltrate the system... Will the limited user account
prevent this kind of infection?

RakperBanengen

Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

On 02/28/2009 06:34 AM, RakperBanengen@yahoo.com sent:

Snip, snip...

Quoted text here. Click to load it

If you're looking for one stop shopping, no!  Your enemy is changing its
size, shape, speed and color with every new day.  New variants
proliferate at an alarming rate.  e.g. first we had Conficker.  We now
ALSO have to deal with Conficker B++ and this while its next un-named
variant is probably being tested.

Quoted text here. Click to load it

Inferior or out of date solutions.

Quoted text here. Click to load it

No!  The attack vectors are numerous.

Quoted text here. Click to load it

Helpful, but that is just one piece in the overall and ever changing
solution.

Quoted text here. Click to load it

We need to use the best of everything available.  Even if that means
overlapping antimalware applications plus hardware solutions.
Fortunately for us, many currently good solutions are free.

But try to keep in mind that today's antimalware practices are just
barely good enough to defend against yesterday's malware.  We have no
room to be smug for more then a moment because people with the
intelligence of the Conficker authors are coding the next threat as you
read this.

Then, the first time we make poor Internet involved choices, all that
good work goes out the window.

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

says...

<snip>

Quoted text here. Click to load it
<snip>

While I am not a professional in this field, everything I have read on
this aspect of computer security would suggest that you are right. Our
best efforts are barely keeping up with the threat posed out there.
Staying safe gets harder and more difficult for the user all the time.
Good sense and good security software are our only weapons against the
threats.  We're on a treadmill that is going faster and faster. And
that only applies to those of us who are paying attention.

Security software developers are struggling to keep up on their end.
The bad guys are not a bunch of armatures anymore. They are in it for
the money and they mean business.

--
James E. Morrow
 Email to: jamesemorrow@email.com

Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)


Quoted text here. Click to load it

If you move them inside a magnetic field do they generate an electric
current or not though?
--
Dave Baker



Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

Quoted text here. Click to load it

For stators you should always make sure you lock down your wireless
rotor. :o)



Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

Quoted text here. Click to load it

Would Malwarebytes' Anti-Malware OR SuperAntispyware be a good
addition to the PC security, working in parallel with the antivirus?

Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

Quoted text here. Click to load it

Would Malwarebytes' Anti-Malware OR SuperAntispyware be a good
addition to the PC security, working in parallel with the antivirus?

Yes!

...and you should change the OR to AND.



Re: !!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and the like (Rogueware,Scareware)

Hi,

I've had this happen a million times at customers I support and the
only sure way to prevent it is to stop them being administrator on the
PC and block new activeX from being installed. But this still does not
block downloads and if they manually execute the file :(

I've had a lot of bad experiences with programs like this so I wrote a
small and powerful application that sits in the task bar and monitors
all system changes. It can then be set to quarantine changes to core
system areas such as the windows directory and system 32. It also has
the added benefit of quarantining auto runs from usb disks and can log
serious changes to the firewall and registry. I've found so far that
this has saved me a couple of times either by blocking the install or
by giving me the exact details of what changed.

If your interested the software can be downloaded from:
http://www.lightningware.co.uk/software/details.asp?code=LWS-VMON

Cheers,

Gazza

Site Timeline