Only become recently aware of StopBadWare and as a victim of badware /
malware (like most of us) more than willing to become an activist.
However in developing approaches to stopping badware and looking
through the posts within this forum there is very little mention of
the other side of the coin, i.e. the prevention of badware even
getting onto a pc in the first place?

As a professional & elder geek I do have some sympathy to the average
webmaster and those on the hosting side, for example the pleas of some
of the webmasters within this forum. All I would recommend anyone to
do is take a look at a really interesting web site http://www.zone-h.org
which provides a global report on digital attacks, so far 2,255,044
reported web site hacks in their archive and a 1,000 + a week and
growing. A report from a few days ago even showed the Microsoft IEAK
(Internet Explorer Administration Kit) website was a victim of
defacement. I defy anyone not to come away from that site without a
sense of depression about the world wide size of the problem(s) for us
all. So if anyone thinks the problem resides only with overzealous web
masters we are in a fool's paradise, it is my bet that much of the
badware is actually applied by the pro hackers without the webmaster's
or hosts knowledge.

This leads me to the main issue i.e. prevention, to assist in
describing this I will use some of the examples of a very recent
personal BadWare horror story to highlight this area, I will not fully
describe my incident within this post, I will follow up later, because
on this assault I was so personally incensed I am spending the time
doing the forensic work as to how and who caused my problem, and it
has already unearthed some very disturbing chain of either deliberate
or possibly unwitting collaboration.

So the incident commenced with the usual symptoms a very fast, highly
tuned PC with triple banked firewalls, two levels of anti virus, etc.
etc., starts to lose speed, processor working flat out, Internet
Explorer starts to freeze up regularly. So I soon realize I have an
uninvited guest.

First stage - to determine what processes are actually running, I use
a very simple and reliable utility "Security Task Manager" to find out
and provide description, as there is nothing within Windows XP for the
user that has this capability. Yes and there it is a hidden process in
memory (dll) that is attaching itself to IE for redirection & pop up
purposes. Now fast forwarding to stage 17 and 3 days later via related
rootkit removal and all sorts of exciting time consuming tasks I won!
That is exactly the real problem why did I have to go through this in
the first place? Let us now examine a few examples with demonstrate
the other side of the coin that has emerged from the forensics, and I
hope none of the companies mentioned will take offence.

Google - A great fan, but back to the micro level of my problem they
set a poor example. I use Google Web Accelerator which does a great
job but on any process investigation the Google Accelerator files
actually are flagged as potentially dangerous hidden files and code
within to avoid firewall detection, with no digital certification or
evidence they actually are from Google. Some of the worst viruses and
trojans use "win..." or "hp..." to avoid simple detection, so by using
"google..." within a file name is not good enough.

Symantec - Long time user of Norton (even when it was really Peter
Norton) once into the problem discovered the Norton anti-virus had
actually quarantined one of the related files a week or so before. On
checking logs the some of the symptoms had been recorded but there was
no flagging of this to me the user. Also it had not detected the other
trojans or the related root kit(s).

Microsoft - Surprisingly the real nasty had a digital certificate
(which now appears fraudulent) but discovered 3 / 4 of the related
files had no certification, and if I understand it correctly they are
required to have this to be able to operate. However the IE browser
allowed itself to be hooked, now that is my choice in theory as I can
use the settings to prevent add-ons or active X. After the problem in
a spate of paranoia I did just that, however after about 2 out of 3
web sites not even opening I had to reset back to a medium level.

Adobe - I could go on, but these examples will suffice.

The examples demonstrate to me that this "prevention" approach to the
problem must also be part of the StopBadWare solution and that is
really in the hands of the big boys to provide us, the users, with
products, services, and tools that allow flexibility but also
"prevent".

The leaders of the industry have a major task to show leadership in
preventing the problem in the first place and applying to the core
security niceties of at least ensuring any of their products
demonstrate good practice to the rest of us mortals. Just to end with
a little humorous cynicism, as Google are correctly now acting to at
least highlight potential BadWare web sites I assume they are not
still taking revenues for ad-words campaigns from them?

Ohhh, great post and lots to take in there.

I agree with you that prevention is something that has to be dealt
with as well, but the idea behind stopbadware is to aim at the root of
the problem and not reduce the visibility of the subject.

Do look at the history of the virus itself. The problem isn't solved,
we just have better protection, but there are still virus out there
and they are indeed trying to get to us "mortals" all the time.

Instead of going to the root of the problem, a new industry was build
around the virus protection. If I produce a virus today and release it
into the wild, I'd hardly get any problems because of this - I can
have fun creating virus's and watch them be detected. - Hooray for
that ... NOT.

On May 12, 2:29 pm, Jart351 <jart351.ar...@ntlworld.com> wrote:

There are several different ways badware can get into your PC, the
broadnes of the badware definition doesn't neccesarily mark all
badware as virus or other directly illegal software, but also takes
all and every software package that does something without giving
proper identification of the issues. I.e. if your virus protection
automatically send data to the cmopany that created the software,
you'd have to agree to this, or the virus protection would be deemed
badware.

Most often, badware comes wrapped in unidentifiable legal mumbo jumbo,
which requires a degree to understand, and that too is badware (under
the stopbadware terms), even though proper information is given, but
it should be understandable by everyone using a computer.

Even I have been attacked by the moslem community, being from Denmark
and a newpaper posting inappropriate drawings. I knew right away that
attacks would happen. Lo and behold - The one place where I knew the
attack would occur, a 3rd party software, was exactly where it
happened. - I did not get anything through the defenses anywhere else
- and I havent got any firewall or other fancy stuff. How can that be?
- Because the defenses that you really need are already pretty well
described though hidden deep inside the documentation of the client os
and server os's.

Let me guess just once - You let the guest in yourself. - You felt
secure behind your system and thought the defenses where enough. -
Well, I have a pretty good security system myself, but even when I
myself want to venture to the internet, I don't jsut go there without
ensuring that I have an extreme grip on what happens with the
computer. Mind you, I never use a server nor a computer that I have
sensitive information on, I use a default totally locked down client.
Should I get any badware, it's only a matter of a few seconds to fix
the issue, worst case, 1 hour work and I'm back to normal.

Before you can prevent anything, you need to identify the entry points
- and from what I have experienced, the major entry point is the user
in front of the computer. I.e. it is the ultimate weak link that
eventually leads to the problem.

Using standard approaches for security can eliminate 99% of the
problems if not more, and then by using some simple approaches can
eliminate the last 0.99% - Once in a while the last bits and pieces
have to be collected and fixed. This is based on actual patterns of
use on publicly accessible computers over a period of almost 12
years ...

As a point, the security of the core OS must be the basic task to fix,
and this is also what the industry is focusing on at present. However,
there is not going to be a fully secure OS for quite a while, if ever.
Hence the requrements for identification now and in the future of such
badware.

I think the current approach is pretty good, but does call for
improvements and innovative technology to expand beyond the limits
that are set at present.

Cometcom1