Risk Profile Vs Antivirus Definition age

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
We all know its best to have your antivirus as up to date as possible, but in
the real world its not often possible to have all of your machines on the latest
definitions.

Anybody have some real-world figures that look a the actual risk profile against
definition age? Also looking for industry standards and what it is based on?


Re: Risk Profile Vs Antivirus Definition age

On Friday, September 7, 2012 10:08:19 AM UTC-4, (unknown) wrote:
Quoted text here. Click to load it
the latest definitions.
Quoted text here. Click to load it
based on?

it's best to keep your anti-virus up to date like it's best to wear clean u=
nderwear. don't rely solely on the anti-virus to mitigate risk of compromis=
e, though, anymore than you'd rely solely on your clean underwear to save y=
ou from embarrassment in front of an EMT.

Re: Risk Profile Vs Antivirus Definition age


Quoted text here. Click to load it

That's tough to quantify or obtain tables, raw data or statistics on.

Much of the malware seen Today is new.  That is it isn't something that was
seen before.  However there are cases where older malware is repackaged such
that it loses any detections that had been made previously.  This is why
updating is crucial.  What wasn't detected Yesterday may be detected Today.

What you do have is a "rule olf thumb" and "best practices" which simply
state that the definitions for any given anti malware vendor should be kept
up-to-date.  One may perform a risk based benefits analysis for IA based
upon a given system's role.  For example a system that is not connected to
the Internet and is not connected to read/write media may have a reduced
updating rate, and not be always current, because the risks are lowered.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Risk Profile Vs Antivirus Definition age

yodaqs@gmail.com submitted this idea :
Quoted text here. Click to load it

I doubt you will find anything like that. Was a time when every week or
so was fine, you would quarantine new program files to allow the
definitions to keep up. Detectors kept up pretty well for a while and
then it became a race between the malware writers pumping out many
different forms (server-side polymorphism) and the scanner/detector
definitions distributing definitions to allow these new forms to be
recognized.

So, now it is more important than ever to be quick about getting those
definitions out to customers. All the antimalware/antivirus vendors can
do is make the window of opportunity for the constantly changing
malware to run on a victim machine as small as possible.

All you can do is keep all of your software as up to date as possible
with patches, and your AV/AM definitions as new as possible.



Re: Risk Profile Vs Antivirus Definition age

FromTheRafters wrote:
 
Quoted text here. Click to load it

You know, I stopped playing that AV game about 4 or 5 years ago on my
Win-98 systems.

As someone that's been running win-98 for the past 11 or 12 years, I
honestly don't know what it's like to have periodic / infrequent
exposure to an infectious agent that my AV software might detect and
neutralize 50% of the time.

I'm not trying to be a smart-ass when I say that.

What I'm trying to say is that even though I've surfed to some pretty
nasty web sites, even though I haven't been running any AV software on
this system for at least the past 4 years, my systems have just sailed
through without catching anything.  For as long as I can remember, none
of my win-98 systems have ever had a successful viral or malware
installation.

So I've really lost that anxious feeling of wondering if my
AV/AM/firewall software is up to the job for my next session of
web-browsing / e-mail reading, etc.  And I'm glad I've lost that
feeling, because if I'm understanding this correctly, it's a feeling
that some or many of you continue to have, and I really do feel sorry
for you and the additional stress (perhaps some sort of unconscious
stress) that it gives you.

Re: Risk Profile Vs Antivirus Definition age

Virus Guy wrote:

Quoted text here. Click to load it

Not everyone (in fact you've got to be in a very tiny minority) wants to
continue to work with stone age software.

Quoted text here. Click to load it

You sure?   LOL

--
   -bts
   -This space for rent, but the price is high

Re: Risk Profile Vs Antivirus Definition age

Beauregard T. Shagnasty wrote:

Whoops!  E-S had a fit there... the message sat with the progress bar
spinning, then finally posted. Four times!

--
   -bts
   -This space for rent, but the price is high

Re: Risk Profile Vs Antivirus Definition age

Virus Guy wrote:

Quoted text here. Click to load it

Not everyone (in fact you've got to be in a very tiny minority) wants to
continue to work with stone age software.

Quoted text here. Click to load it

You sure?   LOL

--
   -bts
   -This space for rent, but the price is high

Re: Risk Profile Vs Antivirus Definition age

"Beauregard T. Shagnasty" wrote:
 
Quoted text here. Click to load it

What -

You mean the absolute latest version of flash, or JAVA, or VLC?

Or relatively recent versions of Firefox and Opera?

Enhanced USB drivers that allow me to plug in pretty much any USB thumb
drive?

All of which I have on my win-98 system - because of the KernelEx API
extender?

The vast majority of people that still use a desktop computer at home /
SOHO use (I would argue) a relatively small set of software.  Give them
a browser, e-mail client, multi-media player, maybe an office suite
(word processor, spread-sheet, etc) and I bet that would cover the vast
majority of home  / soho situations.

Re: Risk Profile Vs Antivirus Definition age

Virus Guy wrote:

Quoted text here. Click to load it

If that is what it takes to do what is needed.

Quoted text here. Click to load it

Which are considerably more secure than the latest you can use, not to
mention many new features.

Quoted text here. Click to load it

Of course. Whattya have, USB 1.0?

Quoted text here. Click to load it

Yeah, like that's something common...

Quoted text here. Click to load it

You're forgetting that most people have purchased a new computer at least
once since 1998. If it was anywhere from 2000 to the present, there is no
Windows 98.

So I reiterate. You are nearly alone in your choice of ancient software.
Why do you feel the need to flaunt it so often? Nobody is going to regress
from whatever their new hardware has and install a Neanderthal OS.

You may continue to enjoy it, though; just stop telling others it's a good
idea.

--
   -bts
   -This space for rent, but the price is high

Re: Risk Profile Vs Antivirus Definition age

"Beauregard T. Shagnasty" wrote:
 
Quoted text here. Click to load it

I've never run win-98 on hardware that only had USB 1.

I probably did run win-95 on motherboards that had usb 1, but I probably
never had any USB devices at the time to plug into them.

Quoted text here. Click to load it

Easily found on the web - without knowing it exists or what it does.
Anyone fishing for win-98 solutions would find it.

Quoted text here. Click to load it

That's not the point.  

The "scarcity" of Windows 98 is artificially created by Micro$haft - not
by the marketplace of computers and users, and not because of
incompatibility with Win32-based hardware and software that is in common
use today.

Quoted text here. Click to load it

My point was not to say that win-98 was still commonly used today.

I stated my observations based on a dozen years of running win-98 on
about a dozen systems being used by a dozen different people over that
time-frame in SOHO and home settings.  And those observations were that
systems based on win-98 seemed to have a conspicuously low rate of
malware / viral / trojan infections, even during the years when win-98
systems were still in common use around the world.

You came back and tried to steer the conversation towards trying to make
the case that win-98 is incompatible with today's Win32 hardware and
software scene, and I'm countering that by saying that win-98 is more
compatible with modern hardware and win32 code than people have assumed
or have been told by others.

Quoted text here. Click to load it

Because I keep wondering why 20,000 programmers in Redmond botched
win-NT so badly that they turned newer versions of Windows into
Trojan-hosting, spam-blasting info-stealing platforms.

Quoted text here. Click to load it

And they will keep getting ulcers wondering if the AV definitions they
downloaded an hour ago are sufficiently "up to date" for their next
visit to faecbook or youboob.

Such is life for the average home user / student running an OS designed
for the enterprise-level fortune-500 conglomerate office.

Quoted text here. Click to load it

I'm telling you (and others) what's possible.  I make no claim that it's
a universally "good" idea for everyone.

You really have yet to explain why it's a _bad_ idea for anyone.

Linux is older than win-9x - yet nobody calls it ancient.
Double-standard?

Don't you find it odd that I can run flash version 11.3.300.268 on this
"ancient" 13-year-old win32 OS?

Is there a better example than the flash player for today's "bleeding
edge" modern code?

Re: Risk Profile Vs Antivirus Definition age

Virus Guy wrote:

Quoted text here. Click to load it

And Unix is older than Linux. So what?  The *current* versions of the
kernels are certainly not "older than win-9x."

My Linux updated its kernel just last week. What did your Windows 98 do?

You have fun with your stone age software now, okay?

--
   -bts
   -This space for rent, but the price is high

Re: Risk Profile Vs Antivirus Definition age

"Beauregard T. Nasty" wrote:

Quoted text here. Click to load it

So - it's a work in progress...

Quoted text here. Click to load it

How often does Milkro$haft update any given version of it's Windoze
kernel?

And for what reason(s) ?

Functionality - or to patch exploitable vulnerabilities?

Re: Risk Profile Vs Antivirus Definition age


Quoted text here. Click to load it

http://www.usbman.com/win98seusbguide.htm

Microsoft Knowledge Base Articles  - Win98 Specific

    Windows 98 and Windows Me Hardware/Device Driver Troubleshooting
Resource Center

    Q184400 - Supported Universal Serial Bus Host Controllers for
Windows 98 and Windows Me

    Q195241 - Universal Serial Bus Devices May Not Work in Safe Mode

    Q200583 - A Universal Serial Bus Wakeup Device Is Unable to Awaken
the Computer from Standby Mode

    Q222131 - Computer Hangs Clicking Close Button in Close Program
Dialog Box

    Q240021 - Computer Hangs If USB Mouse Is Moved While Suspending

    Q245107 - Computer Battery Power May Drain Faster with USB Device
Attached

    Q257514 - Error Code 24 in Device Manager After Plugging in USB
Mouse

    Q258773 - How to Enable Universal Serial Bus Support

    Q263218 - General USB Troubleshooting in Windows 98, Windows 98
Second Edition, and Windows Me

    Q268656 - Cannot Print to USB Printer
    Q222518 - Error Message Using CTRL+ALT+DELETE to Shut Down with USB
Keyboard

USBMan

12/03/2009

Please, stop talking shit.

Win98/SE were junk.

 
Quoted text here. Click to load it

Alot of common software today will not run under win98.
 
Quoted text here. Click to load it

Only on ancient hardware.
 
Quoted text here. Click to load it

Your observations do not match reality. Win98 was an excellent target
source for virus authoring. No user right issues you had to be concerned
with. You can still easily 0wn a windows 98 machine.

I could spend 15 minutes at CLI and have an executable that would do
whatever I wanted with your machine. All you'd need to do was run it one
time.
 
Quoted text here. Click to load it

Compatable in what ways? Win98 doesn't know crossfire or nvidias
doubling up system on the pci express bus. Win98 doesn't even know PCI
Express!
 
Quoted text here. Click to load it

You never answered my question about that still unpatched vulnerability
present in your flavor of windows 98. A vulnerability that can result in
remote code execution. MS knows about it, and is NOT ever going to fix
it.

Whats your take on that?
 
Quoted text here. Click to load it

Nope. Linux is still very much supported software. Updated often.
 
Quoted text here. Click to load it

No. I don't. You have 32bit PE code execution ability.
 
Quoted text here. Click to load it

The flash player isn't bleeding edge modern code. Try running maya. [g]


--
There ain't no rest for the wicked. Money don't grow on trees. I got
bills to pay. I got mouths to feed. Ain't nothing in this world for
free. Oh No. I can't slow down, I can't hold back though you know I
wish I could. Oh no there ain't no rest for the wicked, until we close
our eyes for good.




Re: Risk Profile Vs Antivirus Definition age

Quoted text here. Click to load it

Some with XP sp3 in 2014

< http://hot-text.ath.cx:1361/OWnER/Plan-win9_sp2-boot.jpg

 
Quoted text here. Click to load it


< http://hot-text.ath.cx:1361/OWnER/Plan-win9_sp2.jpg


Quoted text here. Click to load it
 

Re: Risk Profile Vs Antivirus Definition age

Hot-Text wrote:

Quoted text here. Click to load it

I'm only seeing Bustin's post because Dumb-Text quoted it.  

Pustin- just so you know, you're kill-filled.  

It's a waste of your time to reply to my posts here.

Quoted text here. Click to load it

I don't know what the point was of posting all those USB KB's.  

My generic 16 and 32gb USB thumb drives and my Evoluent vertical USB
mouse works just fine on my Core2 3.46 ghz win-98 PC with NVidia 6200
PCIe video card and dual 1.5 tb SATA hard drives connected to my Asrock
DUAL VSTA motherboard manufactured in 2007.  (with proper win32 drivers
for all hardware devices)

Quoted text here. Click to load it

Follow your own advice why don't you.

Quoted text here. Click to load it

List of software that runs under Win-98 with KernelEx installed:

http://www.msfn.org/board/topic/152471-kernelex-apps-compatibility-list-new /

Quoted text here. Click to load it

(Autodesk Maya)

Point me to a file-locker copy, with license keys, and I'll try it.

A very common program - something everyone uses eh?

Quoted text here. Click to load it

What a bone-head statement.

That same exact statement could apply to ANY operating system.  Mac or
PC.

   "All you'd need to do was run it one time"

Oh, is that all?

No, you fool.

YOU show me how you can do it - WITHOUT needing me to do anything stupid
like INTENTIONALLY running an unknown binary.

Quoted text here. Click to load it

The vast majority of mass-market desktop PC's (cheap PC's for home and
office) have integrated video.  They may have a PCIe slot on the
motherboard - but it's not used.

Quoted text here. Click to load it

My Asrock DUAL VSTA has VIA drivers for the PCIe bus.

Quoted text here. Click to load it

What's the MS KB number?

Where is the link on Secunia.org to that vulnerability?

=======================
Vulnerability Report: Microsoft Windows 98 Second Edition

http://secunia.com/advisories/product/13/?task=advisories

Affected By:
33 Secunia advisories
22 Vulnerabilities

Unpatched:
9% (3 of 33 Secunia advisories)

Most Critical Unpatched:

The most severe unpatched Secunia advisory affecting Microsoft Windows
98 Second Edition, with all vendor patches applied, is rated Less
critical.
========================

And by the way, Meekro$oft has issued NO security bulletins for
Win-9x/me since it went EOL in July 2006.  

So if MS has "discovered" any remote-code execution vulnerability for
win-98 after that date, I really want you to post a link to the KB
bulletin.

And by the way, compare Secunia's vulnerability list for win-98 (above)
with this list for XP:

========================
Vulnerability Report: Microsoft Windows XP Professional

http://secunia.com/advisories/product/22/?task=advisories

Affected By:
402 Secunia advisories
554 Vulnerabilities

Unpatched: 11% (44 of 402 Secunia advisories)

Most Critical Unpatched:

The most severe unpatched Secunia advisory affecting Microsoft Windows
XP Professional, with all vendor patches applied, is rated Highly
critical.
========================

What a joke.  

People were fools to be using Win-XP to connect to the internet and do
anything (e-mail, web-browse) during the years 2002 through 2006 and
arguably through 2008.

But no.  The emperor's new clothes were too shiny and dazzling.  

Win-NT -> woven from the finest, most expensive code.

Re: Risk Profile Vs Antivirus Definition age

Virus Guy wrote:
 
Quoted text here. Click to load it

You (Rustin) will probably refer to Win-98's original USB drivers and
close your ears and eyes to drivers and inf's that have been modified by
others, some of which was sourced from Win-2k and XP, to give win-98
more than it's original capability to handle USB devices, approaching
that of XP.

And so far, and I suspect for many years into the future, lack of USB-3
support (so far) will not be an issue.

Quoted text here. Click to load it

You probably won't even respond to that.
 
Quoted text here. Click to load it

Win98 doesn't know that you're an ass either, but it still knows how to
respond to you.

All components on my circa 2007 motherboard have win-98 (protected mode
32-bit) drivers except for the hi-def audio chipset.  The ethernet, USB,
SATA, IDE, USB, all have proper win-98 drivers.

I have 1 gb of ram installed, and win-98 recognizes (uses) all of it.
The ram limit for win-98 is about 1.25 gb.

But because win-98 isin't as BLOATED as NT (XP and up) I don't need to
have 2 gb of ram installed just to boot the OS and run calc.exe.

Win-98 thinks that the SATA controller is a SCSI controller.  Yes, I
have a real SATA driver, and the SATA controller is running in SATA/RAID
mode - not IDE emulation mode.

XP-sp0 couldn't handle SATA drives originally.  That only came with SP1.

But win-98 can work with SATA drives even if it means using DOS-mode
compatibility (BIOS) - something that XP can't do.  But that isin't
necessary, because *ALL* SATA-1 controllers ever made have Win-9x
drivers.

And by the way, the FAT32 spec doesn't call for the scaling up of
cluster-size up as volume-size increases.  I've installed win-98 on 500
gb SATA drives formatted with 4kb clusters (same as NTFS).  That's 120
million clusters.  Win-98 (and DOS) are fully compatible with volumes
having much more than the stated limit of 4.177 million clusters.  That
includes scandisk and defrag.  The reason for that is because contrary
to popular belief, win-98 doesn't load the FAT tables into memory.

So you really have no argument when it comes to "wasting space" under
FAT32.

Oh, with regard to LBA-48 when it comes to IDE drives larger than 137
gb, that issue has been solved years ago.  There are several third-party
replacements for ESDI_506.PDR.  But it's lame to have large IDE drives
for a few years now - much more practical to buy large SATA drives
instead of large IDE drives, and use the 32-bit win-98 SATA drivers.

XP is lame when it comes to SATA.  Even if you have XP-SP3 CD, you have
to feed it a floppy disk with the XP SATA driver during installation -
or put your SATA drive in IDE-emulation mode.  That's lame.

Intel provides an alternate IDE driver that replaces ESDI_506.PDR for
some of it's 800-series chipsets for win-98.  It comes as part of the
IAA (Intel Application Accelerator).

Even XP-SP0 had the same LBA48 problem.  It was fixed with SP1.

And yes, I can have a single volume = the entire drive, far exceeding
the 137 gb limit.  Anyone running win-98 can as long as they are not
running the original microsoft version of ESDI_506.pdr.

Quoted text here. Click to load it

And how many people ran XP as administrator?

Quoted text here. Click to load it

You probably will be a coward and not answer that question, because you
don't know HOW you'd be able to get some code into my system remotely,
because win-98 had far fewer vulnerabilities compared to 2K/XP.

Quoted text here. Click to load it

You will probably be a coward and not answer that simple question.

You will evade and not give a simple answer.

Quoted text here. Click to load it
You probably will be a coward and not say anything about XP having 554
vulnerabilities compared to only 33 for win-98.

Nor the fact that according to Secunia, XP has 44 unpatched
vulnerabilities, some of which are "highly critical".

Why won't you comment on those facts about XP?

Re: Risk Profile Vs Antivirus Definition age


Quoted text here. Click to load it

I don't know who Rustin is?

I didn't say one couldn't patch various drivers and make them provide
you atleast some functionality under windows9x family. You're extending
the default capabilities of windows98 by doing this. Do you honestly
expect normal home users to take the trouble to find custom drivers?

That's not exactly fair to even bring up here. Fine, potential counter
arguments and a way to extend life from an ancient OS.. but still...
 
Quoted text here. Click to load it

Didn't really see much point. I don't deal with much mass market low
level junk. Doesn't really detract from the point I was making in
reference to hardware not being fully utilized. Under windows98, newer
hardware is not fully being used.
  
Quoted text here. Click to load it

Geeze... Always have to be a prick.
 
Quoted text here. Click to load it

Well, no.. it doesn't really use all of it, but.. Thats another topic
entirely.
 
Quoted text here. Click to load it

I've only got one gig of ram on this machine. boots fine. :)
 
Quoted text here. Click to load it

As close to SATA as windows98 can actually deal with, yes.
 
Quoted text here. Click to load it

Well, sorta true. Depended on bios setting configuration on representing
the drive controller.... da ding!
 
Quoted text here. Click to load it

Umm... Again, if the bios supports treating sata controller as ide for
the os; XP will boot and use it. It won't have accesstime benefits of
being sata while used that way tho.
 
Quoted text here. Click to load it

Which means a 2byte file just allocated 4kilobytes... Any temp file
under 4k in size just ate 4k worth of space.

There is more than cluster size to NTFS vs FAT32.

Quoted text here. Click to load it

Just made one.. [g]
I know, drives are huge these days.. but consider how much space one
basically gives away when using/creating small files.
 
Quoted text here. Click to load it

lame when discussing sata drives and windows98 is an oxymoron. You do
realize this?

more third party junk to make it do what it should? :)
 
Quoted text here. Click to load it

Even under administrator, XP still made a greater effort to protect it's
own files than win9x does. [g]
 
Quoted text here. Click to load it

Nothing to do with being a coward, but I can't actually give you a
malicious binary anymore so than I can walk you step by step how to
exploit a windows98 machine. It's entirely possible with all the
mods/customizations you've done that the vulnerabilities I know of may
not even work under your configuration. That's the unreliability aspect
of vulnerability based hax0ring.

Imho, it's far better/reliable to write code you know will run and
socially engineer the user. Besides, we both know if you thought your
security was as good as you wish, you'd happily run any executable with
malicious intent and laugh at me while doing so. You won't do that. [g]

You still have to subtract the privledge escalation exploits NT based
oses have if you wish to have a better comparison between published
vulnerabilities. As your win9x system had no privledges to contend with
in the first place.
 
Quoted text here. Click to load it

I posted an entire ping thread for you asking you about it. It included
the MS KB number and a copy paste of the contents. search via google.

Quoted text here. Click to load it

search via google isnt' evasion. I did post this, on several occasions.

Quoted text here. Click to load it

I could get into specific detail with alot of them, but I really don't
see the point in doing so.
 
Quoted text here. Click to load it

You haven't demonstrated that you can keep up on a real technical
discussion. That takes time to properly write replies for. I'm unwilling
to spend the required time and take that much effort with you. I don't
get much for replies from you as it is.. and these aren't really that
technical! the formula isn't working.

Granted, I realize you think I'm being an asshole towards you and so you
respond in kind... You might want to reconsider your position on that.
Perhaps I'm not intentionally doing that... Hmm...


--
There ain't no rest for the wicked. Money don't grow on trees. I got
bills to pay. I got mouths to feed. Ain't nothing in this world for
free. Oh No. I can't slow down, I can't hold back though you know I
wish I could. Oh no there ain't no rest for the wicked, until we close
our eyes for good.




Re: Risk Profile Vs Antivirus Definition age


Quoted text here. Click to load it

    Hum. What do you have against linux ? Agent and a couple of
games are the only reason I use Windows now.
    []'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Re: Risk Profile Vs Antivirus Definition age


Quoted text here. Click to load it

Agent runs fine using wine under Linux. So does the Windows Freecell
game I'm addicted to.

Art
(Addicted also to Puppy Linux).

Site Timeline