Seriously, has anybody ever seen a serious virus problem in Windows when using AV protect... - Page 10

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



erratic@nomail.afraid.org says...
Quoted text here. Click to load it

Sure, no point in closing the door after the horse... etc. :-)

What I meant was the new O/S having this built into it, so that it is
there right from the O/S install (pre-infection). Maybe it's about time
the next new O/S has this built in.  Didn't quite make that clear.

Quoted text here. Click to load it

--
Pete Ives
Remove All_stRESS before sending me an email

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it


That isn't always the case.  Sky, Bagel, and BugBear not only keep
reinstalling theselves, they also disable the antivirus AND keep it
from letting you know that it's not working.


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



In article <7e8e38d3-ebf3-439a-96ad-
d60f4b46bde8@g28g2000yqh.googlegroups.com>, rex.ballard@gmail.com
says...
Quoted text here. Click to load it
Why would you resort to trusting your virus software when checking for
if the O/S is infected with a virus?  That's only used to catch a virus
and prevent infection in the first place.  Chances are, if your machine
is already infected your AV ain't going to put it right.  You're going
to have to use other methods to get it removed and only get the AV
running once the machine is not running infected.

If I suspect a machine to be infected I'm not going to rely on my AV to
root it out.  I'm going to check manually for it in the known startup
areas of windows.  I'm going to look and see what's currently running to
determine if there's anything that shouldn't be there and stop it.  Once
I've tracked down the suspected startup processes I'm going to stop them
from running when the computer starts.  Ok, sometimes this can take
time, but eventually it CAN be done.

How can Sky, Bagle and Bugbear keep reinstalling themselves if they're
not running.  Admittedly, I was a little quick with my previous post.  
If windows system files have become infected you may have no other
course of action but to replace them with known good files.  Dependent
on how many files this is, it may require the system files to be
overwritten by some kind of repair install.

--
Pete Ives
Remove All_stRESS before sending me an email

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it

All the time.  The first thing many types of malware do is disable
the antivirus.  It's trivially easy on windows where any process can
overwrite any part of the system at any time.

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



AZ Nomad wrote:
Quoted text here. Click to load it

I have seen a case of malware that disabled the antivirus (Avira), disabled
windows update, disabled access to antivirus web sites, and disabled the
administrator account (changed the password). Also, it was consuming
bandwidth like crazy.

Regards.


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?





RayLopez99 wrote:
Quoted text here. Click to load it
http://www.google.com/url?sa=D&q=http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf&usg=AFQjCNEDInyvV2WgWDzeAWeAjzJKLymkDA
Quoted text here. Click to load it

Anti-virus program definitions are updated 'after' new viruse are found.
Practicing 'Safe Hex' is  very important also, rather than just depending
solely on an Anti-virus program to protect you.
If, and I do mean if, Linux ever gets really popular, there will be many
exploits on it also.
Buffalo



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Just say "malware" when you want to be all inclusive about malicious
software. Viruses are in only a smallish subcategory of malware. The
terms "rootkit", "adware" and "spyware" are really neutral (some are
malware, some are not).

That being said, even AV aimed at "prevention" has its achilles' heel -
and when prevention fails an attack against the AV can be launched,
which allows *everything* to circumvent it.

Quoted text here. Click to load it

The Linux crowd is getting more and more like the Windows crowd every
day. :o)

Quoted text here. Click to load it

It depends on whom you ask. :oD

The bottom line is that antivirus and antimalware programs only detect
*some* of what they try to detect. The best approach is to limit the
amount of malware that you expose those programs to. Adhering to best
practices may result in avoiding 95% (just a guess) of malware out
there. The rest will be worms (i.e. exploit based autoworms) and viruses
(downloaded from *reputable* sources).



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it

OK, thanks will do that.

Quoted text here. Click to load it

I see.  Interesting theory.

Quoted text here. Click to load it

Yes, true.



OK, that 5% interests me.  But as a scientist I believe in
verification.  Anybody get infected by that 5%, and by what, did it
have a name?  The only thing I can think of is: (1) unnamed viruses
not get discovered by Kaspersky or whoever, and, (2) zero-day attacks
by new viruses (or variants of old) that Kaspersky sends out the patch
but a day late.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:

Quoted text here. Click to load it


OK, that 5% interests me.  But as a scientist I believe in
verification.  Anybody get infected by that 5%, and by what, did it
have a name?

***
Conficker (fairly recent) was (is) an exploit based autoworm. There is
the lag time (zero-day effect) from the time the vulnerability is first
exploited, to the time the patch is applied. Its *intent* seems to be to
annoy you into purchasing something. Using a botnet to keep itself
current, it is much more powerful than that - we were lucky - this might
change.
***

  The only thing I can think of is: (1) unnamed viruses
not get discovered by Kaspersky or whoever, and, (2) zero-day attacks
by new viruses (or variants of old) that Kaspersky sends out the patch
but a day late.

***
Yes, there is a lag time also between the analysis of the malware (not
the exploit) and the distribution of the signature obtained from the
analysis (another zero-day effect, this time for the particular malware
now utilizing that exploit. It is not called a "patch" though, usually a
definitions file or signature file (sigfile).

I can't provide you with anything that supports the "trusted channel"
vector except to mention that Energizer USB Charger software trojan.
There have been others, viruses IIRC, on distribution CD for harddrives
and such, but no URLs for you.
***



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Detecting zoo viruses will skew results. The ability to detect them adds
no protection at all, since you won't be exposed to them. There is much
discussion about this in the AV community. I hold with those that would
ban zoo viruses from "test sets" except for showing that the technology
is there to detect them if they do ever make the ITW list.

Keep the technology that allows the detection of difficult viruses, even
if no viruses of that type are ITW, but exclude them from comparative
tests because to have no real world impact.



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it

Excellent point.  Shows me you know your stuff.

If you care to share whether you've ever seen basically the only way a
properly protected Windows system will ever be infected, save user
negligence (installing a virus), that is, a zero-day attack, feel free
to share.

So, let me rephrase the question as it's becoming clearer by the post
what the real issue is:

aside from historical stories back in the days of the SneakerNet,
aside from sorority sisters who don't practice Safe Hex and don't use
AV programs, aside from negligent or stupid users who accidentally or
otherwise install viruses or malware, has anybody seen the one and
only way a properly configured Windows machine can ever be infected by
viruses or malware, namely, a zero-day attack?

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Unfortunately, zero-day attacks can be more like zero week/month
attacks.

Most of the systems I've had to clean in the last few months have
had variations of the 2010-antivirus trojan, installed using
drive by downloads due to problems with Internet Explorer.
That's why the German government advised people to stop using it.
http://mashable.com/2010/01/15/german-government-stop-using-internet-explorer /

While that particular problem has since been patched, given the
history of IE, I'm sure it won't be the last.

At least it enabled me to convince those people to only use admin
accounts, when they want to install programs, and/or updates, and
to stop using IE.

The only problem now is getting them to remember to login to the
admin account, at least once a week, to check for, and install
third party updates.

These were on systems using up-to-date av/m$ software.  So the
problem does still exist, but is mostly rootkits and trojans,
rather then true viruses.

Part of the problem with m$ software, in general, is brain dead
decisions, that compromise security, to supposedly make the
system easier to use.  Thinks like having known software
extensions, like .exe hidden by default.  I don't see how that
makes it easier to use, but sure do see how it makes it less
secure.  Making the admin account, the default for new systems
is just asking for newbie users, to get into trouble.

Another case I saw last fall, the user had purchased a system
with norton antivirus installed, set to auto-update.  When the
user obtained a cable connection, they instructed her to install
there freely download mcafee av.  Somehow she managed to get it
partially installed, with the result that neither was working.
That one had been turned into a spambot, with multiple back door
trojans, and root kits, which required full format and reinstall,
to clear up.  She only had two online accounts, both used for
email, which were compromised.   Luckily she wasn't using online
banking.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:

Quoted text here. Click to load it

OK, noted.  Stories about improperly installed AV programs and zero-
day attacks that are really the fault of the user (since the patch is
available) are noted.

Thanks, and that proves my point.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

You missed the point.  The patches were not available when the
systems became infected by drive by downloads (i.e. simply
visiting a normally good web site, that had been hacked),
where the IE exploit allowed the malware to be installed
without anything requiring the user to approve the install,
or even make them aware it was being installed.

If you are going to ignore all reports of vulnerabilities in
windows being exploited, why did you bother to post the question
in the first place?

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



David W. Hodgins wrote:

Quoted text here. Click to load it

Because Dave, Raylopez99 is a paid Microsoft shill & his only intention is
to troll the newsgroups with Anti-Linux FUD & lies about Microsoft
products.

he, along with the other Microsoft Shills also have a nasty habit of
cross-posting their garbage in other groups & setting the follow-ups to
comp.os.linux.advocacy just for the purpose of disrupting all of the NG's
involved.

here is the groups that he posted this particular subject:

comp.os.linux.advocacy,alt.comp.anti-virus,alt.comp.hardware.pc-homebuilt

and like always, he has set the followups to:
comp.os.linux.advocacy

it is best just to killfile this bastard as he is not interested in a
intelligent discussion regarding the benefits of GNU/Linux. all he, & his
shill friends are interested in is starting flame wars over operating
systems and posting stupid, illogical & false statements about Microsoft
products.


Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it

No you missed the point actually, but it's a fine distinction so no
shame.  Let me explain.  I looked into this story, and it's not what
this discussion is about.  What you mention (and thanks for finding
this story BTW) is a flaw in Internet Explorer, that allowed a hacker
to gain control of your PC via ActiveX.  A week after January 15,
2010, when this story broke, Microsoft issued a patch to correct this
flaw.  ("Microsoft patches "Google hack" flaw in Internet Explorer 20
Jan 2010 ... Microsoft has issued an out-of-band security patch to
address a remote code ... Microsoft patches "Google hack" flaw in
Internet Explorer ...")

So this was essentially a security flaw that affected various Chinese
dissidents who were using IE to post messages via Google.
Unfortunately for them, they paid with their freedom and maybe their
lives (who knows?  news is censored from China).

Tragic, but again this is akin to a "zero day" attack. In fact, it's
even more rare than a "zero day" attack since it probably takes more
skill to exploit such a feature in IE (IMO) than merely writing a new
virus.  This is one reason Google decided to get out of China (and
good for them) because they concluded the Chinese government must be
devoting resources to track down dissidents who use Google.

But again, it's got nothing to do with this thread except reinforce
that yes, viruses can be created to harm you, but, once you install
the antidote to them (the update/ the patch, the service pack, etc,
and again, it's up to you to get the patch installed) you are safe.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Yes that particular problem has now been patched.  How many of the
systems that got infected prior to the patch have not yet been
cleaned?

Once the system gets infected, it cannot be trusted, until a full
day is wasted wiping the system, reinstalling, downloading updates,
rebooting about a dozen times to install the updates, etc.

Your refusal to accept the clear fact that m$ never has been, and
never will be secure, makes it clear you are nothing but a troll.

I would never use an m$ system for online banking, or anything
where I really care about the safety of my data.

Don't bother responding.

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?



wrote:
Quoted text here. Click to load it

You're asking how many people get infected by zero-day attacks in this
day and age?  Probably a very small number, I would imagine less than
1%.  I've been computing for over 20 years and never had a virus
attack except back in the days of the sneaker net (and I caught it).
Modern times--zero, with a few false positives.

Quoted text here. Click to load it

B.S.!  You lost the debate and now you're trying ad homenium attacks.

Quoted text here. Click to load it

I do, and I'm worth millions.

Quoted text here. Click to load it

Why?  Afraid you might lose the argument?

I agree Linux might be inherently safer (in theory) than Windows, but
properly maintained Windows is incredibly safe.  Another way of
putting it:  Linux without AV/firewall protection is probably (I
guess) LESS safe than Windows *with* AV/firewall protection.

A topic for another thread perhaps.

RL

Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




B.S.!  You lost the debate and now you're trying ad homenium attacks.

***
Beware of those ad harmonium attacks, they can often lead to violins.
***



Re: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?




Quoted text here. Click to load it

Funny how things change. Rootkits used to be used for hiding activity.
Now the activity is "in your face" and the rootkit only hides to make
removal more difficult. Must be damned annoying always getting stuff
like that.



Site Timeline