Seriously, has anybody ever seen a serious virus problem in Windows when using AV protect... - Page 5

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



Quoted text here. Click to load it

Well said.  You nailed the reason why Windows pays the rent, enjoys 90%
+ market share, and is not secure:  the dumb lazy users of Windows are
responsible.

By contrast in Linux land it's secure--what respectable virus writer
wants to write a Linux virus, with the mere 1% market share Linux
'enjoys'?--but until perhaps recently you had to "load" and "unload"
your external drives, like floppy drives, using commands.  I'm sure
with "KDE" or "Knome", their GUI, it's now changed, but probably not
by much.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




But so far nobody has proved that viruses are a serious problem in
Windows.

***
Viruses are rare (unless you are in the "all worms are viruses" camp).
*Malware* is a serious problem in Windows.
***




Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it

Seems you know what you are talking about, unlike the vast majority in
COLA (linux group).

What do you see as "malware" in Windows that's a serious problem?
(I'm not arguing, just asking since I'm curious). Stuff like toolbars
that are always being asked to be installed in your browser, that
would require user input to be installed?  Or stuff automatically
installed?  Or something else?

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it

Seems you know what you are talking about, unlike the vast majority in
COLA (linux group).

***
They (mostly) haven't had to deal with it - and so are lulled into
believing the reason is in the way the OS works differently than
Windows. More clueless users are starting to infiltrate the Linux
userbase just because of the perceived need to deal with malware in
Windows but not in Linux.
***

What do you see as "malware" in Windows that's a serious problem?

***
Aside from the obvious "clueless user" syndrome - there are worms being
used as botnet distribution mechanisms. The worms go away (not really,
but mostly) and the bots do their thing until some new exploit
surfaces - then the command and control (or update mechanism) attaches
the new exploit code to copies of the bot and distrubutes again in
wormlike fashion. Bots are very dangerous applications, and it doesn't
really matter what methods get used to install them. Their number alone
makes them readily available to use the next wormable exploit as a drill
bit to bore into new systems. Conficker was one such worm IIRC, and the
botnet it installed on the internet could make use of the next wormable
exploit as well.
***

(I'm not arguing, just asking since I'm curious). Stuff like toolbars
that are always being asked to be installed in your browser, that
would require user input to be installed?

***
My personal view is that a good deal of what is considered "malicious"
software is really no more than an annoyance. I must agree that they are
malicious mostly because they are stealing computing power in order to
be that annoyance.
***

Or stuff automatically installed?  Or something else?

***
Back to viruses, you can't just pigeonhole items like that. A virus that
lays low waiting for a certain date to activate it's destructive payload
is every bit as dangerous as an application that is installed on the
system by a trojan waiting for the same trigger event. Installation is
(mainly) for non-viral (including worms as non-viral here) malware that
needs to be hosted by the system rather than by a program or program
file on the system. The dangerous thing is the ingress vector - as in
"How did this thing get here and get executed?". Clueless users are a
big hole (Linux not immune). Exploits of software vulnerabilities is
another (again, Linux not actually immune). The other case is where the
user does all the right things (plenty of clue), has the best exploit
based worm protection (perimeter filtering, intruder defense, timely
updates of snort signatures and all software), and yet gets malware
(probably a virus) from a known good trusted source (or repository) of
programs.
***



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it


Very interesting.  I will start a new thread and cross post here...on
this topic.  I'd like to see what others say but my intuition says
your thesis is correct.  Linux may have a smaller "surface area" than
Windows for malware vectors to latch onto, but at the end of the day
it's not immune--in fact, I was surprised to learn recently there were
two security patches to the Linux kernel in the last six months.  For
a while I believed the hype that somehow Linux is immune from malware.


Quoted text here. Click to load it

Interesting. And if the worm does not leave behind copies of itself it
will not be detected by a user running a weekly or biweekly full
scan?!  Evil!


Quoted text here. Click to load it

Sounds believable.  The worse (most successful) animal viruses are the
ones that don't kill their host--they are just an annoyance, so the
host does not try to kill them; think dog or cat with fleas.


Quoted text here. Click to load it

What are your views on JavaScript?  Is it a source for malware to
infect your computer?  I was recently surprised (since I'm coding an
ASP.NET web application right now) that microsoft.com home page did
not have any JavaScript (when I looked at the HTML source code via my
browser).  I was surprised--I don't like JavaScript that much because
it's server side and essentially is just eye candy for the user (but
saves a round trip to the server, so it is useful for performance I
guess)--but I was --unless I misread the source code, via View |
Source --shocked that MSFT did not have any JavaScript on their home
page.  Maybe it's been turned off by so many browsers that it's
passe?  Or perhaps so many different versions of it out there?  At one
point I think MSFT had their own flavor of JavaScript that was not
compatible with the others.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



RayLopez99 wrote:
Quoted text here. Click to load it

Browsers with vulnerabilities in the Javascript engine can be compromised
with javascript malware. Internet Explorer and Mozilla had several of those
in the past.

Quoted text here. Click to load it

How can you be that incompetent. www.microsoft.com is full of javascript!

Quoted text here. Click to load it

Javascript is *not* server side, or client side for that matter. Javascript
can be used in both sides.

Quoted text here. Click to load it

No, it is not. Most uses of Javascript are for functional reasons.

Quoted text here. Click to load it

Holy shit! Are you really a programmer?!

Quoted text here. Click to load it

Like so many other technologies, Javascript had the "Embrace, extend,
extinguish" treatment applied to it. Had not been Mozilla and the WWW would
be a really pathetic IE6 quirky mess.

Regards.


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




What are your views on JavaScript?  Is it a source for malware to
infect your computer?

***
I thought that offering programming rights to strangers on the web might
not be such a good idea. Sure, neat things can be done, but then you're
stuck with trying to filter out the unwanted input (or disabling certain
things when it is known that the input to the interpreter comes from
untrustworthy sources). Such filtering methods and/or
compartmentalization zones can be a PITA. I was against HTML in e-mail
too, totally unnecessary and it adds bulk, and all went to make it a
better malware ingress vector.
***


I was recently surprised (since I'm coding an
ASP.NET web application right now) that microsoft.com home page did
not have any JavaScript (when I looked at the HTML source code via my
browser).

***
Sometimes, the page you get served depends on what browser was detected.
It would not surprise me if a noscript page got delivered to a noscript
browser, but I have no direct knowledge of this.
***


  I was surprised--I don't like JavaScript that much because
it's server side and essentially is just eye candy for the user (but
saves a round trip to the server, so it is useful for performance I
guess)--but I was --unless I misread the source code, via View |
Source --shocked that MSFT did not have any JavaScript on their home
page.  Maybe it's been turned off by so many browsers that it's
passe?  Or perhaps so many different versions of it out there?  At one
point I think MSFT had their own flavor of JavaScript that was not
compatible with the others.

RL



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



On Tuesday 23 March 2010 20:03 RayLopez99 wrote:

Quoted text here. Click to load it

http://www.computerworlduk.com/management/government-law/public-sector/news/index.cfm?newsId=15477

http://news.bbc.co.uk/1/hi/england/manchester/8492669.stm


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



["Followup-To:" header set to comp.os.linux.advocacy.]
On 2010-03-23, the following emerged from the hollow head of RayLopez99:
Quoted text here. Click to load it

Sure, little Ray. And that's exactly why millions of zombified Windows
machines are sending millions of spam each day again. All because of a
few isolated examples.

Years ago I read that an idle, unprotected Windows 2000 machine would be owned
within 10 minutes after putting it on the internet. So I installed W2K
on a spare HDD and connected it to the internet without any
protection. No NAT router, no firewall, no antivirus. Nothing. In less
than *five* minutes CPU usage was 100 % and the machine was pushing
network traffic at maximum upstream bandwidth. It became a zombie
without even touching it.

--
The bigger the waistband, the deeper the quicksand.
    ~ David St.-Hubbins

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

[...]

Quoted text here. Click to load it

[...]

None of those were viruses.



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



FromTheRafters wrote:
Quoted text here. Click to load it

Malware, whatever. I think you'll find the PC in question don't give a fuck
what it is when it falls over from one. But while people want to pay me to
clean their infected PC's for them, neither do I.

--
SteveH



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




[...]

Quoted text here. Click to load it

Actually, one false positive (on a...say...IBM Tools file) can, when the
delete action is performed, result in three copies now existing instead
of just the one. The AV in some cases will "delete" by adding the
special character (to the original), save a copy hidden (possibly
encrypted) in quarantine (just in case), and system restore will also
save a copy (just in case). So delete results in replication. :oD



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Yes.  I had to clean up a Windows laptop last year despite things
being kept up to date and AV installed.  The AV was bloody hopeless at
setecting it despite being kept up to date.

***
It might be worth considering that AVs are *never* up to date, and even
if they were capable of being so, would *still* miss some malware.
The key is to not expose the AV to malware.
***




Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:

Quoted text here. Click to load it

Urban Legend?  I think you are sincere, but if it's not too much of a
bother if you can recall the name of the virus (if it had a name) that
would be great, unless giving away this name would identify the
customer/client/victim of the malware. In other words, how could the
malware infect the laptop--unless it was a zero-day attack or the user
installed it by mistake?

In short, as I code, I know that computers are very predictable.  If
your AV program is configured to catch virus "X" then it will catch
it--and you will not be infected.  As for the 30-70% of malware that
are not caught (see the PDF in this thread), this could be "zoo" type
malware that is included in the figure but in practice is never seen
'in the wild'.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:

Quoted text here. Click to load it

***
That wasn't me, my contributions are either indented properly, or fixed
between the *** and the *** when "quoted-printable" like this post.
***

[...]


In short, as I code, I know that computers are very predictable.  If
your AV program is configured to catch virus "X" then it will catch
it--and you will not be infected.

***
Not *always* the case. Sometimes the signature is in the virus body and
the self-decryptor has to run in emulation for a time before revealing
said virus body. If the self-dycryptor has emulation detection
capability it may fail to reveal the body when it detects that it is
being *watched*.
***

  As for the 30-70% of malware that
are not caught (see the PDF in this thread), this could be "zoo" type
malware that is included in the figure but in practice is never seen
'in the wild'.

***
Actually, the problem with zoo viruses are that they *are* being
detected in the tests, and they make a useless feature appear as an edge
over those that don't (or can't) detect them. To me, it is okay if they
*don't* detect them, but it is not okay if they *can't*. They should be
excluded from test sets, but the technology to detect them should
remain.
***




Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it

OK, I see.

But the bottom line is that AV vendors have an incentive to hype up
lack of security, and i've not seen it done, ergo,there's no problem
to hype.

Excerpt below verifies what I have said in this thread.

RL

http://threatpost.com/en_us/blogs/future-botnets-031510?utm_source=3DThreat =
post+Spotlight+Email&utm_medium=3DEmail+Marketing+-+CRM+List&utm_campaign=
=3DThreatpost+Spotlight&CID=3D

Considering the stakes in today's security game, gleaning intelligence
from professional attackers is an invaluable experience for
researchers on the other side of the ball. Robert Hansen, a security
researcher and CEO of SecTheory, has been doing just that in recent
months, having a series of off-the-record conversations with spammers
and malicious hackers in an effort to gain insight into their tactics,
mindset and motivation.

In a blog post describing one such conversation, Hansen says that the
attacker was lamenting the difficulty of executing targeted attacks
against machines in high-value networks. Security systems are doing a
fairly good job of making life difficult for him.

He=92s not the type to hack randomly, he=92s only interested in targeted
attacks with big payouts. Sure, if you really work at it for days or
weeks you=92ll get in, almost always, but it=92s not like it used to be
where you=92d just run a handful of basic tests and you were guaranteed
to break in. The risk is that now when he sends his mules to go cash
out, there=92s a chance they=92ll get nailed. Well, the more I thought
about it the more I thought that this is a very solvable problem for
bad guys. There are already other types of bad guys who do things like
spam, steal credentials and DDoS. For that to work they need a botnet
with thousands or millions of machines. The chances of a million
machine botnet having compromised at least one machine within a target
of interest is relatively high.

Hansen's solution to the hacker's problem provides a glimpse into a
busines model we might see in the not-too-distant future. It's an
evolutionary version of the botnet-for-hire or malware-as-a-service
model that's taken off in recent years. In Hansen's model, an attacker
looking to infiltrate a specific network would not spend weeks
throwing resources against machines in that network, looking for a
weak spot and potentially raising the suspicion of the company's
security team.

Instead, he would contact a botmaster and give him a laundry list of
the machines or IP addresses he's interested in compromising. If the
botmaster already has his hooks into the network, the customer could
then buy access directly into the network rather than spending his own
time and resources trying to get in.

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



RayLopez99 wrote:
Quoted text here. Click to load it

Yes I have, *many* *many* times!

There is nothing rare about a machine running up-to-date free or commercial
anti-virus software and still be fully compromised, usually with several
species of serious malware (e.g. root kits, key loggers, spam bots, ransom
ware, egold stealer).

Fully updated anti-virus software like Avast, AVG, Kapersky, f-prot, Norton,
etc, are by no means a guarantee of safety against malware.

Quoted text here. Click to load it

You have a wrong impression about lots of subjects.

Quoted text here. Click to load it

You certainly are not.

Quoted text here. Click to load it

If the number one anti-virus catches *only* 70% of all viruses, then it lets
30% of them pass. That is just proof of failure, not success and definitely
not a rare occurrence.

Quoted text here. Click to load it

The real problem are the new viruses, obviously, not known by the anti-virus
programs. The heuristics used by the anti-virus are also of little use to
detect new viruses since any capable virus developer can test his creation
against a good number of anti-virus and tweak the binary until it is not
detected.

Regards.


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



RayLopez99 wrote:
Quoted text here. Click to load it

Seriously, are you having a laugh?

--
SteveH



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



In article <8d9a4f53-14ac-40a3-9cb4-105fb0e08a00
@g11g2000yqe.googlegroups.com>, raylopez88@gmail.com says...
Quoted text here. Click to load it
http://www.google.com/url?sa=D&q=http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf&usg=AFQjCNEDInyvV2WgWDzeAWeAjzJKLymkDA
Quoted text here. Click to load it

In the 30+ years I've been working with computers I've had exactly 1
malware on a computer that I own or manage for clients - that's
thousands of workstations and hundreds of servers over that time.

In the case of the 1 malware, the machine was not secured, was basically
behind a NAT, using Local Admin, and was running Symantec End Point
Protection 11.0.4 (or 11.4.0, can't remember) - the malware gained
complete control of the machine in seconds after being redirected to a
malicious website.

I switched to Avira Antivir and connected to the same website and the
malware was blocked - I have moved myself and clients to Avira and not
had any infections.

We test with 5 malware scanners monthly.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



Quoted text here. Click to load it

Thank you Sir. You are a scholar and a gentleman.  A true voice of
reason in a wilderness of babbling buffoons and hominid baboons.

RL





Site Timeline