Seriously, has anybody ever seen a serious virus problem in Windows when using AV protect... - Page 9

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Better late than never right? :)


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



bughunter.dustin@gmail.com says...
Quoted text here. Click to load it
Installed O/S.  Tried installing sp2 from disc.  It wouldn't let me
because of the product key.  Just like you said.

--
Pete Ives
Remove All_stRESS before sending me an email

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Thanks for testing it Peter.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Like he said, "...nothing better than personal experience."



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



Quoted text here. Click to load it

Slower speed when you don't use a NIC card but use a USB makes sense.
Router would I think have a hardware firewall, but in theory a
software firewall should also do the trick, though I have both running
on my machines.

Good war story, and it shows it's not Windows at fault, but the user.

And the user is pretty dumb, though people like him keep you employed.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



a4fd2db2ba0d@t23g2000yqt.googlegroups.com:

Quoted text here. Click to load it
opted
3
this
which
modem,

USB for network traffic when a NIC card is present doesn't make *any*
sense to me. You only have so much bandwidth on the USB interface and
that's shared between everything plugged in.

Quoted text here. Click to load it

A software firewall is easier to compromise or just turn off. A hardware
state inspection firewall is much better.
 
Quoted text here. Click to load it

Not a war story, pretty typical actually..
 
Quoted text here. Click to load it

People like him and perhaps yourself as well. :)


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



On 3/23/2010 2:59 PM, Conor wrote:
Quoted text here. Click to load it

Any of you have opinions about the security built into Win 7 (UAC), and
about Microsoft Security Essentials?

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



Quoted text here. Click to load it

Bagel, Sky, and several others have variants that can disable actual
virus checking and/or quarantine measures without letting the user
know they have been disabled.  Fixing things that have been corrupted
this way can be very ugly.

I've had at least a dozen viruses over the last 10 years that have
been so difficult to remove or did such damage that I eventually had
to re-image the hard drive.

Remember, virus writers are ALWAYS one step ahead of the anti-virus
writers.  Most viruses don't get the resources to be blocked unless
they've infected a significant number of computers already.  Once the
culprit has been identified, it may take weeks to figure out effective
countermeasures.  Once the countermeasures have been coded, it may
take another 2-3 weeks to get it distributed via the automatic update
systems, since many people don't update as often as they should.

Meanwhile, the virus writers and script kiddies are deriving new
mutations and variations, designed to avoid detection by the new
counter-measures.

Quoted text here. Click to load it

It depends on who you are talking to.  As one antivirus vendor about
another's product.  There are roughly 250,000 new viruses released
every year.
These are the ones that got past kasparsky
http://www.viruslist.com/en/analysis?pubid=3D204792067

http://www.virusbtn.com/index

Quoted text here. Click to load it

Obviously, an antivirus company is coing to do the best they can to
minimize reports of successful attacks to computers protected by their
software, and maximize reports of successful attacks to computers
protected by the software of others.

These days, many companies have taken a more comprehensive stance on
security.  For example, Norton 360 provides firewall, execution
protection, anti-virus, anti-spyware, and update control management to
try and keep the bad guys from coming in the front door, and to keep
trojans from letting them in the back door, and to clean up the messes
of any pets that make it inside.

Unfortunately, the biggest trojans - IE and Outlook, cannot be
disabled, and cannot be blocked.

Quoted text here. Click to load it

Quoted text here. Click to load it


Since you like this source, here's another good report from them.

http://www.av-comparatives.org/component/poll/17-reinstalled

How often have you reinstalled (or rollback of image) windows due an
infection in the last 12 months?

never    2258      65.8%
1 time    479      13.9%
2 times     227      6.6%
more than 4 times    194      5.6%
3 times    114      3.3%
living with known infection        86      2.5%
4 times    76      2.2%

So roughly 40 percent of all Windows users have had infections so bad
that they had to , or should have, re-imaged their hard drive at least
once a year.

As for the other 65%, they probably didn't use their computers that
much this year ;-)
Either that, or Microsoft rallied about 2000 of their staunch
supporters to select "never". :D



Quoted text here. Click to load it


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



Quoted text here. Click to load it

For your machine?  I doubt it.  Probably for others.  And who knows
what stupid thing they did to install those viruses.



Quoted text here. Click to load it

Yeah, nice links, thanks, but they prove my point: the #1 on the list
Net-Worm.Win32.Kido.ih has infected 58200 machines, which sounds like
a lot, until you realize there are nearly 1 billion Windows machines
out there.  Let's make it easy and say there are 582000000 Windows
machines (a low number). So one out of 10000 Windows machines are
infected by this #1 virus.  Second place was half this number, so one
out of 20000 Windows machines.  And these are high estimates--the
actual number is probably half that.  I'm sure a lot of people are
dumb out there.


Quoted text here. Click to load it

OK now I see your dishonest tactics.  You define IE and Outlook as
"viruses", hence the claim that the majority of Windows PCs are
"infected".  Dishonesty noted.


Quoted text here. Click to load it

This is believable.  I count myself as "two times" but both times were
not for viruses, but because a certain program or two I installed
would not uninstall itself properly.  This is not a virus, as I define
it.

Thanks for keeping this thread short Rex.  I lerned a lot actually.
Like I say, Windows is not bad at all vis-a-vis viruses.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



RayLopez99 wrote:
Quoted text here. Click to load it

34% of respondents had to reinstall/reimage Windows in the past 12 mounths.

Quoted text here. Click to load it

Those numbers can't be generalized, but one third had to reinstall/reimage
at least once, and your classify it as "not bad at all"! Are you an idiot?
(just joking!)

Regards.


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



RayLopez99 wrote:

Quoted text here. Click to load it

I've come to the conclusion, you ARE Skybuck Flying and I claim my 5

--
SteveH



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

I should point out that was for my Windows Machine.  The other
machines had Linux and had no problem.

Quoted text here. Click to load it

Sometimes all you have to do is preview an e-mail in Outlook, or visit
a site in IE.  Each time I got one of those viruses, it was usually
after switching to IE because some site needed IE with ActiveX
controls.  Even though the ActiveX controls were legit, I made the
fatal mistake of using the browser for other sites.

Quoted text here. Click to load it

Quoted text here. Click to load it


Actually, I think that was 58200 variants on 1 machine.

Quoted text here. Click to load it

I didn't see anything that said they monitored 1 billion machines.
If you don't know what is being measured, or how it was measured.

Worse, I had a hard time seeing what was measured.

Quoted text here. Click to load it

On the other hand, that might have been the number of viruses
unleashed on 1 machine that didn't get caught.  Which means that if
you have 1 billion machines there are 58 trillion crashes or
infections possible.

See if you can see what was measured.
How many machines?
How many virus variants?

Quoted text here. Click to load it

Or 20 trillion possible infections.

Let's see if we can find out how many machines were in the sample.
Let's see if these were the various variants (nearly 250,000 variants
out there).





Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Actually, I think that was 58200 variants on 1 machine.

***
Not likely, worms (it did say worm) often use signals (a mutex) to
ensure only one copy is running on the machine. The count is likely the
number of computers thought to be hosting (or having hosted) the worm (I
didn't look).
***




Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



In article <0e0f17c7-572c-4f3f-a85c-
7a42a361cf89@d27g2000yqf.googlegroups.com>, rex.ballard@gmail.com
says...
Quoted text here. Click to load it

In my experience with Windows, the only reason I would have to re-
install because of a virus infection would be if I couldn't get into the
O/S at all. Either normally or in safe mode.  Even then you can remove
the HD and scan it from another machine to see if it is actually a virus
prevent startup or some other problem.  If you can get into the O/S you
can get rid of any virus. Period.

Virii have a source. A point of origin when the computer starts.  
Eliminate the start point or points from running and the virus becomes
dormant and you can then remove it without it putting itself back on
your system.

--
Pete Ives
Remove All_stRESS before sending me an email

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



Quoted text here. Click to load it

You don't need "the OS" to affect the files on the suspect disk. You
need "an OS" of sorts. Boot to an alternate OS that supports the file
system structure (CD, USB, many modern BIOSs support USB booting). Scan
infectable files for virus signatures.

Quoted text here. Click to load it

Unless the suspect computer's hardware (firmware) is suspect, there is
no need (and complications can arise from hosting two versions of NTFS
on a system).

Quoted text here. Click to load it

Virii is the wrong term, and viruses can start when one of their hosts
is invoked.

Quoted text here. Click to load it

Yes, it can be a waste of time trying to fight an active malware
infestation. Stop the process(es) - then remove the files and reverse
the data changes. In a sense, the difference between a worm and a virus
is that the worm instantiates its replicant. The virus *might* execute,
but the worm *will* execute. My point being that the virus need not make
any provision for its replicant to be executed in turn (no startup
mechanism other than the chance a host will be invoked).



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



erratic@nomail.afraid.org says...
Quoted text here. Click to load it

Of course I wouldn't be trying to boot the virus infected O/S in another
machine.  I would just be wanting to get access to the HD.

Quoted text here. Click to load it
That last line doesn't seem clear.  You seem to be saying that a virus
can run without requiring any means to get it started other than the
host machine starting up.  How can that be?  Of course I'm aware of new
XP machines with no updates or service packs and open connections to the
internet getting infected within minutes/hours, but how does a machine
become infected if it's completely cut off and there is no obvious
connection to the virus to get it started?  Despite the fact the virus
file(s) may well still be on the machine, but not yet located.

--
Pete Ives
Remove All_stRESS before sending me an email

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

When the host machine sees the NTFS volume, it may revise it. Bringing
it back to its home system may create version soup problems where the
file system is a "newer" revision than the current OS supports.

[...]

Quoted text here. Click to load it

No, viruses (in this vein) are hosted by "programs" not "machines". You
can start the machine, look at all known start methods (run keys, BHOs,
etc...), find no suspicious processes running. No active malware at all
(full scan by antimalware also finds no inactive malware). Yet, when
(for instance) an "infected" text editor is invoked, the virus becomes
resident.
,
Quoted text here. Click to load it

If self-replicating malware doesn't use a host "program", it will
probably have another way to start. These types are commonly termed
"worms".

A virus can hide in a program that you use every time you fire up the
computer, or in a program that you only use once in a blue moon. Viruses
don't "care" whether they run or not - they might not be interested in
anything (data, computing power, serving you advertisements) they may
just sit there until you fire up your tax program for the 2013 tax
season and activate a payload if the date is after dec 21st 2012.

(I do expect a rash of malware to have trigger dates in line with the
ending of the Mayan calendar)

People are so used to having malware that wants to *use* their computing
power that they forget that malware can also just be interested in
spoiling your day by ending their computing power - like the old days.



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



erratic@nomail.afraid.org says...
Quoted text here. Click to load it
That's a big 'May'.  I've attached secondary NTFS volumes on many
occasions without any issues.  As far as the original boot O/S is
concerned it's just another HD with files on. You're suggesting it's
going to give it a different volume ID I presume.  Never seen it happen
here.

Quoted text here. Click to load it
Then maybe it's time some o/s does CRC checking on all programs and pops
up a warning if the CRC check fails when trying to run it.

Obviously the CRC checker software would have to have to be locked down
tight to prevent it from becoming the target of attacks.

--
Pete Ives
Remove All_stRESS before sending me an email

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it


Change detection will work well for not allowing any newly created hosts
to execute. That's not the problem. The problem at that point would be
that you are already executing malware. The inability to replicate in
the environment in which it is executing, may only make that malware a
trojan in that environment. The idea is to prevent that initial
execution, not to try to restrict the scope of the executing malware.
You have no control over the system the program came from - the CRC of
*that* program may have been created post infection.

Quoted text here. Click to load it

Yes! I assumed a somehow magically protected change detection scheme (it
could happen).



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:

Quoted text here. Click to load it

I'm not following your technical points since it's beyond me, but I
just want to mention that my firewall, Look 'n Stop, a lightweight
rules based firewall for Windows, does have some sort of hash function
to detect when a program it monitors has been changed, and pops up to
ask that you re-approve the program in question when the program
attempts to connect to the internet.  I would imagine most other
firewalls also have this feature as well.  Apparently Linux has this
"built into" the kernel (if I understood another post correctly), but
add-on vs built-in is no big deal to me, and de facto seems the same.

RL

Site Timeline