One of the claims of the Linux crowd is that such problems are
legion. But talking so some of the people at alt.comp.anti-virus I
get the impression such problems are rare.
Who is more right?
BTW, check out this PDF on AV software:
http://www.google.com/url?sa=D&q=http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf&usg=AFQjCNEDInyvV2WgWDzeAWeAjzJKLymkDA
It compares 16 commercial programs, and finds Microsoft at #2,
catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
about all viruses, some of which as so obscure I'm sure you'll never
seen one in the wild...
RL
> Seriously, has anybody seen--or even heard--of a serious virus
> (including rootkit or malware) problem in Windows when using
> commercial antivirus protection?
Yes
> One of the claims of the Linux crowd is that such problems are
> legion. But talking so some of the people at alt.comp.anti-virus I
> get the impression such problems are rare.
>
> Who is more right?
So the estimate that around 30% of all windows computers are infected is
"rare problems"
>
> BTW, check out this PDF on AV software:
> http://www.google.com/url?sa=D&q=http://www.av-
comparatives.org/images/stories/test/ondret/avc_report22.pdf&usg=AFQjCNEDInyvV2WgWDzeAWeAjzJKLymkDA
>
> It compares 16 commercial programs, and finds Microsoft at #2,
> catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
> about all viruses, some of which as so obscure I'm sure you'll never
> seen one in the wild...
>
In short, you brag about those new viruses found by AV software.
And then gallantly forget about those 31% to 86% *not* found.
That you are incredibly stupid has been proven time and again, the last
instances were your imbecile claims of "open source"
But this again shows that you are a lot dumber than dirt
And your problem obviously is that you are not just /acting/ dumb. You
*are* dumb. Incredibly dumb
--
I say you need to visit Clues 'R' Us. They are having a special on
slightly used clues.
What ever you do don't get Panda AV software, IMO.
Pretty dismal results on the part of the payware AV programs.
~50 to 70 percent and that is being generous.
>
> It compares 16 commercial programs, and finds Microsoft at #2,
> catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
> about all viruses, some of which as so obscure I'm sure you'll never
> seen one in the wild...
Hm, download http://www.virtualbox.org/wiki/Downloads,
make virtual machine file, install os.
Make backup of file.
Surf the interent in virtual machine.
After serf, erase virtual machine file. Restore from backup.
Rinse and repeat. No need for AV at all ;)
Greets
Sometimes online sometimes not
Yes. I had to clean up a Windows laptop last year despite things
being kept up to date and AV installed. The AV was bloody hopeless at
setecting it despite being kept up to date.
> RayLopez99 wrote:
>
>> Seriously, has anybody seen--or even heard--of a serious virus
>> (including rootkit or malware) problem in Windows when using
>> commercial antivirus protection?
>
> Yes
*raises hand*
about 200 Windows desktops were knocked out at my latest $orkplace when
someone connected an infected laptop to the LAN. This was an office of one
of the world's largest outsourcing companies, well protected by commercial
AV systems.
It took the IT staff a few hours to clean up the mess. Unfortunately, we two
Linux users missed the opportunity to point out to the manglement that we
were able to continue working ...
>> One of the claims of the Linux crowd is that such problems are
>> legion. But talking so some of the people at alt.comp.anti-virus I
>> get the impression such problems are rare.
The incidence report from offices world wide was full of virus alerts and
attacks.
Have you heard of the expression, 'Using a sledgehammer to crack a
nut.'?
--
Pete Ives
Remove All_stRESS before sending me an email
Remember alien 2 movie. They wanted to nuke whole planet to exterminate
aliens ;) "to be sure"
Greets!
Yes I have, *many* *many* times!
There is nothing rare about a machine running up-to-date free or commercial
anti-virus software and still be fully compromised, usually with several
species of serious malware (e.g. root kits, key loggers, spam bots, ransom
ware, egold stealer).
Fully updated anti-virus software like Avast, AVG, Kapersky, f-prot, Norton,
etc, are by no means a guarantee of safety against malware.
> One of the claims of the Linux crowd is that such problems are
> legion. But talking so some of the people at alt.comp.anti-virus I
> get the impression such problems are rare.
You have a wrong impression about lots of subjects.
> Who is more right?
You certainly are not.
>BTW, check out this PDF on AV software:
>http://www.av->comparatives.org/images/stories/test/ondret/avc_report22.pdf
>
>It compares 16 commercial programs, and finds Microsoft at #2,
>catching 60% of all viruses (Avanti is #1 at 70%).
If the number one anti-virus catches *only* 70% of all viruses, then it lets
30% of them pass. That is just proof of failure, not success and definitely
not a rare occurrence.
>And we're taking about all viruses, some of which as so obscure I'm sure
>you'll never seen one in the wild...
The real problem are the new viruses, obviously, not known by the anti-virus
programs. The heuristics used by the anti-virus are also of little use to
detect new viruses since any capable virus developer can test his creation
against a good number of anti-virus and tweak the binary until it is not
detected.
Regards.
Seriously, are you having a laugh?
--
SteveH
In the 30+ years I've been working with computers I've had exactly 1
malware on a computer that I own or manage for clients - that's
thousands of workstations and hundreds of servers over that time.
In the case of the 1 malware, the machine was not secured, was basically
behind a NAT, using Local Admin, and was running Symantec End Point
Protection 11.0.4 (or 11.4.0, can't remember) - the malware gained
complete control of the machine in seconds after being redirected to a
malicious website.
I switched to Avira Antivir and connected to the same website and the
malware was blocked - I have moved myself and clients to Avira and not
had any infections.
We test with 5 malware scanners monthly.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam9...@rrohio.com (remove 999 for proper email address)
> Seriously, has anybody seen--or even heard--of a serious virus
> (including rootkit or malware) problem in Windows when using
> commercial antivirus protection?
A good question, but perhaps you are asking the wrong people?
Would it be better (just as an example) to address your question to
Manchester City Council or to the Greater Manchester Police?
http://news.bbc.co.uk/1/hi/england/manchester/8492669.stm
It is of course quite possible that the administrators were not so
knowledgable as yourself, and would therefore benefit from your advice.
Judging by the cost of outbreaks like these, I'm sure you could make a lot
of money - the cost seems to work out at about £1,000,000 a time to clean
up the mess.
Go for it :-)
We try to convince our customers to lock down their users to help limit
their rate of infection but they usually don't take our suggestions. Users
with administrator rights exacerbate the virus/malware problems. Although,
a machine can be infected with a user limited to "user" level access, the
infection is usually much less severe and easier to clean up. Anyway,
malware/viruses are a M$ fact of life and I've just gotten used to dealing
with it. . . . Helps "pay the rent" too . . . heh!
BB
RayLopez99 wrote:
> Seriously, has anybody seen--or even heard--of a serious virus
> (including rootkit or malware) problem in Windows when using
> commercial antivirus protection?
>
> One of the claims of the Linux crowd is that such problems are
> legion. But talking so some of the people at alt.comp.anti-virus I
> get the impression such problems are rare.
I was running AVG ver. 8 and got some malware that hogged all the CPU
time. It caused operation to slow so much that I couldn't run the
computer and had to transfer the HD to a computer with a dual core
CPU. A full scan with AVG indicated the problem but couldn't fix it.
Norton detected nothing, and free online scans by Trend and PC Pit
Stop didn't fix it (I don't remember if they detected it), but Bit
Defender partially did, and the rest of the problem was solve with
either ComboFix or SmithFraudFix.
However to answer your question YES...I have seen malware blocked here
as recently as yesterday in a zipped archive. My PC was infected once
years ago with Spanska4250 virus...that was about 20 years ago. The fact
that Linux boxes are less infected is in part because Linux boxes make
up less then 1 % of the world wide installed base of PCs. They also
have a more secure default user environment which is to their credit.
Just yesterday I burned the Ubuntu v10 beta 1 CD and 'played around'
with it just from the CD w/o installing. It was interesting but I cannot
see revamping my already smooth running Windows 7 system to (supposedly)
obtain a different breed (Linux) of smooth running operating system just
for alleged AV advantages. The real difference I'll never switch to a
Linux box is availability of truly great software..not just so-called
Linux "equivalent' stuff which is NOT nearly as good.
Little Charlie's Blues Pages
http://www.soundclick.com/LittleCharlie
Yes but....
The AV popped it's "Warning" dialog on an incoming email message,
*but* the user did not heed that dialog and took the trouble to
click whatever button told the AV to ignore the virus instead of
clicking the default button which told the AV to delete the
virus.
--
PeteCresswell
>Seriously, has anybody seen--or even heard--of a serious virus
>(including rootkit or malware) problem in Windows when using
>commercial antivirus protection?
>
I have used Windows since version 2 and never had a virus problem of
any kind.
I have used many different antivirus products over the years but I've
no idea how well any work as I have not had a problem in the first
place. My currently installed product is MSE because it runs
passively, keeps itself up to date, uses minimal resources and never
disturbs me with stupid messages.
Steve
--
Neural Planner Software Ltd www.NPSL1.com
Neural network applications, help and support.
> Seriously, has anybody seen--or even heard--of a serious virus
> (including rootkit or malware) problem in Windows when using
> commercial antivirus protection?
It happens all the time.
Usually brought in from outside sources and when the person
bypasses the checking.
It's like everything else in the world, you can't prevent an idiot
from circumventing the tools put in place to protect him.
OK fine. Outlier. One in a million I would reckon.
Tell us what virus it was, as that info should not be confidential.
Unless it was so obscure that only one user, your client, had it.
Anybody else?
RL
Thank you Sir. You are a scholar and a gentleman. A true voice of
reason in a wilderness of babbling buffoons and hominid baboons.
RL
> I was running AVG ver. 8 and got some malware that hogged all the CPU
> time. It caused operation to slow so much that I couldn't run the
> computer and had to transfer the HD to a computer with a dual core
> CPU. A full scan with AVG indicated the problem but couldn't fix it.
> Norton detected nothing, and free online scans by Trend and PC Pit
> Stop didn't fix it (I don't remember if they detected it), but Bit
> Defender partially did, and the rest of the problem was solve with
> either ComboFix or SmithFraudFix.
What OS? What year? What was the name of the virus if I can ask?
That sounds incredible.
RL
Several of my correspondents have had their machines compromised by
spyware/etc, happens about once every couple of months. Sign: e-mails
with appropriated addresses and inappropriate content. _All_ of them had
McAfee or Norton installed. Most of them even paid the yearly
subscription (update) fee.
My wife's machine was compromised about three years ago. We changed her
e-mail address, and installed AVG, and then (after AVG became bloated
and slow) Avira as primary protection. Also scan with MBAM, Spybot S&D,
etc, about once a month, just in case.
cheers,
wolf k.
Moshe, your examples are fine, but they are not what I'm talking
about. That's not a real example since the user deliberately
circumvented safeguards to keep out the virus from their system. In
other words, anybody can disable their AV software, or ignore repeated
warnings, and "install" the virus on their system deliberately (or
even 'accidentally' through negligence).
That's not a true virus infection.
RL
Are you fer real?
NO commercial AV product stops all viruses/malware. I doubt a month goes by
where I'm not cleaning one nasty or another off of my Windows PC. And if its
not mine, I'm doing about two a month from other people.
And my PC has Kaspersky Internet Security, an I regularly run Malwarebytes,
Superantispyware, Spybot and Crap Cleaner. And once a month it gets an
additional scan with the GMER rootkit scanner.
It depends entirely on what you use yer PC for, what websites you visit etc.
--
SteveH
> NO commercial AV product stops all viruses/malware. I doubt a month goes by
> where I'm not cleaning one nasty or another off of my Windows PC. And if its
> not mine, I'm doing about two a month from other people.
> And my PC has Kaspersky Internet Security, an I regularly run Malwarebytes,
> Superantispyware, Spybot and Crap Cleaner. And once a month it gets an
> additional scan with the GMER rootkit scanner.
> It depends entirely on what you use yer PC for, what websites you visit etc.
What websites are you visiting? I have never caught a virus, and I
visit regularly the top three porn sites that come up when you Google
"FREE PORN".
How can you possibly be cleaning at least one nasty every month?
We don't buy it. Name the last virus you cleaned up.
RL
"RayLopez99" <raylo...@gmail.com> wrote in message
news:8d9a4f53-14ac-40a3...@g11g2000yqe.googlegroups.com...
> Seriously, has anybody seen--or even heard--of a serious virus
> (including rootkit or malware) problem in Windows when using
> commercial antivirus protection?
>
> One of the claims of the Linux crowd is that such problems are
> legion. But talking so some of the people at alt.comp.anti-virus I
> get the impression such problems are rare.
>
That sounds outlandish to me too. Must be doing some things wrong. The
only time I ever got a virus on one of my windows PCs was back when I had
win3.11 and got some fonts off of a shareware CD. The version of Norton I
had at the time found it and cleaned it fine. I have never had any of my
personal PCs infected since. Of course I have run Linux since '98 on my
primary workstation. Although, I always have some win PCs around as well
and use windows at work.
BB
How do you know if you've not checked your system with other anti-
malware scanners?
I thought you might..
>
> How can you possibly be cleaning at least one nasty every month?
>
> We don't buy it. Name the last virus you cleaned up.
'We' don't buy it, who the feck do you think you are trollboy?
Why do you think people have to answer to you?
but if you insist:
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.Chifrax.d P:\System
Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe
High
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.TDSS.amjc P:\System
Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002
High
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.TDSS.amjc P:\System
Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002//data0003
High
19/03/2010 23:01:54 Deleted Trojan program Trojan-Downloader.Win32.Small.kdj
P:\System Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002//data0004
High
19/03/2010 23:01:54 Deleted Trojan program Trojan-Downloader.Win32.Small.kdj
P:\System Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002//data0004//PE-Crypt.Eta
High
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.FraudPack.pto
P:\System Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002//data0005
High
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.Chifrax.d P:\System
Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0003
High
Part of my Kaspersky log.
--
SteveH
>In article <1jghq5ps5acdisiv2...@4ax.com>,
>st...@tropheus.demon.co.uk says...
>>
>> On Tue, 23 Mar 2010 00:51:55 -0700 (PDT), RayLopez99
>> <raylo...@gmail.com> wrote:
>>
>> >Seriously, has anybody seen--or even heard--of a serious virus
>> >(including rootkit or malware) problem in Windows when using
>> >commercial antivirus protection?
>> >
>>
>> I have used Windows since version 2 and never had a virus problem of
>> any kind.
>>
>> I have used many different antivirus products over the years but I've
>> no idea how well any work as I have not had a problem in the first
>> place. My currently installed product is MSE because it runs
>> passively, keeps itself up to date, uses minimal resources and never
>> disturbs me with stupid messages.
>
>How do you know if you've not checked your system with other anti-
>malware scanners?
As I said before, I have used many different scanners.
Peter Köhlmann wrote:
> RayLopez99 wrote:
>
>> Seriously, has anybody seen--or even heard--of a serious virus
>> (including rootkit or malware) problem in Windows when using
>> commercial antivirus protection?
>
> Yes
>
>> One of the claims of the Linux crowd is that such problems are
>> legion. But talking so some of the people at alt.comp.anti-virus I
>> get the impression such problems are rare.
>>
>> Who is more right?
>
> So the estimate that around 30% of all windows computers are infected
> is "rare problems"
[snip]
30%?
What an illogical conclusion from what was said.
Are you a politician??
Same kind of logic they use.
Buffalo
>
>
> Peter K�hlmann wrote:
>> RayLopez99 wrote:
>>
>>> Seriously, has anybody seen--or even heard--of a serious virus
>>> (including rootkit or malware) problem in Windows when using
>>> commercial antivirus protection?
>>
>> Yes
>>
>>> One of the claims of the Linux crowd is that such problems are
>>> legion. But talking so some of the people at alt.comp.anti-virus I
>>> get the impression such problems are rare.
>>>
>>> Who is more right?
>>
>> So the estimate that around 30% of all windows computers are infected
>> is "rare problems"
>
> [snip]
>
> 30%?
>
> What an illogical conclusion from what was said.
It wasn't a conclusion from what was written in this thread
> Are you a politician??
> Same kind of logic they use.
> Buffalo
Are you a Mac user? Those tend to be extremely stupid.
Or are you (even worse) a windows user?
--
If you had any brains, you'd be dangerous.
As someone who repairs a lot, I have. However, these have ended up
installed as a result of the pillock at the keyboard ignoring all the
warnings.
--
Conor
I'm not prejudiced. I hate everyone equally.
Bagel, Sky, and several others have variants that can disable actual
virus checking and/or quarantine measures without letting the user
know they have been disabled. Fixing things that have been corrupted
this way can be very ugly.
I've had at least a dozen viruses over the last 10 years that have
been so difficult to remove or did such damage that I eventually had
to re-image the hard drive.
Remember, virus writers are ALWAYS one step ahead of the anti-virus
writers. Most viruses don't get the resources to be blocked unless
they've infected a significant number of computers already. Once the
culprit has been identified, it may take weeks to figure out effective
countermeasures. Once the countermeasures have been coded, it may
take another 2-3 weeks to get it distributed via the automatic update
systems, since many people don't update as often as they should.
Meanwhile, the virus writers and script kiddies are deriving new
mutations and variations, designed to avoid detection by the new
counter-measures.
> One of the claims of the Linux crowd is that such problems are
> legion. But talking so some of the people at alt.comp.anti-virus I
> get the impression such problems are rare.
It depends on who you are talking to. As one antivirus vendor about
another's product. There are roughly 250,000 new viruses released
every year.
These are the ones that got past kasparsky
http://www.viruslist.com/en/analysis?pubid=204792067
> Who is more right?
Obviously, an antivirus company is coing to do the best they can to
minimize reports of successful attacks to computers protected by their
software, and maximize reports of successful attacks to computers
protected by the software of others.
These days, many companies have taken a more comprehensive stance on
security. For example, Norton 360 provides firewall, execution
protection, anti-virus, anti-spyware, and update control management to
try and keep the bad guys from coming in the front door, and to keep
trojans from letting them in the back door, and to clean up the messes
of any pets that make it inside.
Unfortunately, the biggest trojans - IE and Outlook, cannot be
disabled, and cannot be blocked.
> BTW, check out this PDF on AV software:http://www.google.com/url?sa=D&q=http://www.av-comparatives.org/image...
> It compares 16 commercial programs, and finds Microsoft at #2,
> catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
> about all viruses, some of which as so obscure I'm sure you'll never
> seen one in the wild...
Since you like this source, here's another good report from them.
http://www.av-comparatives.org/component/poll/17-reinstalled
How often have you reinstalled (or rollback of image) windows due an
infection in the last 12 months?
never 2258 65.8%
1 time 479 13.9%
2 times 227 6.6%
more than 4 times 194 5.6%
3 times 114 3.3%
living with known infection 86 2.5%
4 times 76 2.2%
So roughly 40 percent of all Windows users have had infections so bad
that they had to , or should have, re-imaged their hard drive at least
once a year.
As for the other 65%, they probably didn't use their computers that
much this year ;-)
Either that, or Microsoft rallied about 2000 of their staunch
supporters to select "never". :D
> RL
OK, fine, but essentially your brother accidentally installed a
program he should not have had--kind of like those junk shareware
programs that infect your registry and can never be removed, even
after Uninstall (I have a few myself). But strictly speaking I would
not call this a true virus or rootkit.
And it could happen to somebody in Linux land (accidental installation
of a program).
Anybody else? So far nobody has proved a serious true virus infection
has occurred on a Windows machine.
RL
> That sounds outlandish to me too. Must be doing some things wrong. The
> only time I ever got a virus on one of my windows PCs was back when I had
> win3.11 and got some fonts off of a shareware CD. The version of Norton I
> had at the time found it and cleaned it fine. I have never had any of my
> personal PCs infected since. Of course I have run Linux since '98 on my
> primary workstation. Although, I always have some win PCs around as well
> and use windows at work.
>
Thanks BB. This sounds believable. I have no doubt that Linux has
fewer viruses than Windows, any way you count it (by number or by
percent of programs), but that's only IMO due to Linux's smaller
market share.
But so far nobody has proved that viruses are a serious problem in
Windows.
RL
XP Home 32-bit, before Feb. 18, 2008, and I can't remember.
Point being, I never have caught a virus from porn sites, which are
known to have viruses. Safe Hex.
>
>
>
> > How can you possibly be cleaning at least one nasty every month?
>
> > We don't buy it. Name the last virus you cleaned up.
>
> 'We' don't buy it, who the feck do you think you are trollboy?
> Why do you think people have to answer to you?
>
> but if you insist:
>
> 19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.Chifrax.d P:\System
> Volume
This is indeed a nasty one, http://www.threatexpert.com/report.aspx?md5=02bf9f780a315067d1de4bf84c30a94f
OK fine. So somebody caught a nasty virus. Perhaps they did not have
AV software, perhaps they accidentally clicked on a button that
installed it. Lots of possibilities here, it proves nothing. Just one
data point of a possibly stupid person, possibly negligent. If they
were running 7/Vista it would ask them permission before installing a
program --XP is less secure in this regard.
Anybody else? So far nobody has showed there's a real threat from
viruses in Windows land, just a few isolated examples, and a few
replies are like mine: no viruses ever, or in years...
RL
> Anybody else? So far nobody has proved a serious true virus infection
> has occurred on a Windows machine.
So have you talked to Manchester City Council or the Greater Manchester
Police Dept. now? What did they say? Was it all a hoax, and they coughed
up nearly £2,000,000 between them on that account?
All the time. The first thing many types of malware do is disable
the antivirus. It's trivially easy on windows where any process can
overwrite any part of the system at any time.
YES! I believe you Conor. This is exactly what I suspected. Sure,
if you ignore all the warnings from your AV software, and click
through them, yes you can install a virus on your system. That's
axiomatic.
In fact, in one of the top three porn sites under FREE PORN (Googling
that phrase) the other day I came across a video that said "you must
install the latest version of Adobe Flash to view this video...click
here to install", which I assumed was a clever attempt to install a
virus/rootkit on my system. But of course I ignored it.
Anybody else? No proof so far.
RL
> Anybody else? So far nobody has showed there's a real threat from
> viruses in Windows land, just a few isolated examples, and a few
> replies are like mine: no viruses ever, or in years...
http://www.computerworlduk.com/management/government-law/public-sector/news/index.cfm?newsId=15477
For your machine? I doubt it. Probably for others. And who knows
what stupid thing they did to install those viruses.
> These are the ones that got past kasparskyhttp://www.viruslist.com/en/analysis?pubid=204792067
>
> http://www.virusbtn.com/index
Yeah, nice links, thanks, but they prove my point: the #1 on the list
Net-Worm.Win32.Kido.ih has infected 58200 machines, which sounds like
a lot, until you realize there are nearly 1 billion Windows machines
out there. Let's make it easy and say there are 582000000 Windows
machines (a low number). So one out of 10000 Windows machines are
infected by this #1 virus. Second place was half this number, so one
out of 20000 Windows machines. And these are high estimates--the
actual number is probably half that. I'm sure a lot of people are
dumb out there.
>
> Unfortunately, the biggest trojans - IE and Outlook, cannot be
> disabled, and cannot be blocked.
OK now I see your dishonest tactics. You define IE and Outlook as
"viruses", hence the claim that the majority of Windows PCs are
"infected". Dishonesty noted.
>
> Since you like this source, here's another good report from them.
>
> http://www.av-comparatives.org/component/poll/17-reinstalled
>
> How often have you reinstalled (or rollback of image) windows due an
> infection in the last 12 months?
>
> never 2258 65.8%
> 1 time 479 13.9%
> 2 times 227 6.6%
> more than 4 times 194 5.6%
> 3 times 114 3.3%
> living with known infection 86 2.5%
> 4 times 76 2.2%
This is believable. I count myself as "two times" but both times were
not for viruses, but because a certain program or two I installed
would not uninstall itself properly. This is not a virus, as I define
it.
Thanks for keeping this thread short Rex. I lerned a lot actually.
Like I say, Windows is not bad at all vis-a-vis viruses.
RL
Peter Köhlmann wrote:
> Buffalo wrote:
> It wasn't a conclusion from what was written in this thread
>>> So the estimate that around 30% of all windows computers are infected
> is "rare problems"
>> Are you a politician??
>> Same kind of logic they use.
>> Buffalo
>
> Are you a Mac user? Those tend to be extremely stupid.
> Or are you (even worse) a windows user?
Another illogical comment . Must be a Republican !! Are you Rush L. in
disguise??
Of course it was. If you can't see that, you have a problem.
Quote below from the OP first post.
"It compares 16 commercial programs, and finds Microsoft at #2,
catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
about all viruses, some of which as so obscure I'm sure you'll never
seen one in the wild..."
So I guess the "Avanti is #1 at 70%" was not the premise of the reply?
C'mon!
Perhaps the 30 % was taken from that comment, since I did not see 70 or 30%
mentioned elseware.
BTW, what is Avanti ? :)
Damn!!
Buffalo
Sorry, you're wrong - seen it many times, many. One of the worst I saw
was a malware spread via Yahoo Instant Messenger that contained a SMTP
engine. This happened at a sorority, in about 30 minutes 45 computers
were compromised as it spread to each of their lists....
The ISP saw it also, they turned off their internet connection in under
2 hours because of all the spam containing malware that their machines
were sending out.
What about all of the compromised computers, Windows computer, that had
Office Business Contact Manager installed and were not secured - BCM
includes SQL server and when the PC is connected directly to the
internet it can easily be compromised without triggering an AV event.
RayLopez99 wrote:
> Seriously, has anybody seen--or even heard--of a serious virus
> (including rootkit or malware) problem in Windows when using
> commercial antivirus protection?
>
> One of the claims of the Linux crowd is that such problems are
> legion. But talking so some of the people at alt.comp.anti-virus I
> get the impression such problems are rare.
>
> Who is more right?
>
> BTW, check out this PDF on AV software:
>
>
> It compares 16 commercial programs, and finds Microsoft at #2,
> catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
> about all viruses, some of which as so obscure I'm sure you'll never
> seen one in the wild...
>
> RL
Anti-virus program definitions are updated 'after' new viruse are found.
Practicing 'Safe Hex' is very important also, rather than just depending
solely on an Anti-virus program to protect you.
If, and I do mean if, Linux ever gets really popular, there will be many
exploits on it also.
Buffalo
>
> Sorry, you're wrong - seen it many times, many. One of the worst I saw
> was a malware spread via Yahoo Instant Messenger that contained a SMTP
> engine. This happened at a sorority, in about 30 minutes 45 computers
> were compromised as it spread to each of their lists....
OK, fine. The "one of the worse" examples was spread through Yahoo
IM. I don't use that program. Nor do most people who do serious
work. So yes, some teens who use IM and who may or may not practice
Safe Hex (which is simply using an AV program in Windows), got
infected. Shame, but it proves nothing.
RL
> What about all of the compromised computers, Windows computer, that had
> Office Business Contact Manager installed and were not secured - BCM
> includes SQL server and when the PC is connected directly to the
> internet it can easily be compromised without triggering an AV event.
Well that does sound problematic. Trouble is, a brief Google search
found nothing... If you can find a cite, it might make your point,
but otherwise I'm afraid I have to classify this as Urban Legend.
Anybody else?
RL
Sure, little Ray. And that's exactly why millions of zombified Windows
machines are sending millions of spam each day again. All because of a
few isolated examples.
Years ago I read that an idle, unprotected Windows 2000 machine would be owned
within 10 minutes after putting it on the internet. So I installed W2K
on a spare HDD and connected it to the internet without any
protection. No NAT router, no firewall, no antivirus. Nothing. In less
than *five* minutes CPU usage was 100 % and the machine was pushing
network traffic at maximum upstream bandwidth. It became a zombie
without even touching it.
--
The bigger the waistband, the deeper the quicksand.
~ David St.-Hubbins
People seem to be posting an awful lot of "single data points" here. How
long before you admit there is a trend?
For what it's worth, my first virus attack happened in 1978 via
Floppynet from our office system. It was a boot sector virus that
installed itself on every floppy that was used on their system, and on
mine until I disinfected every single one of the 150 floppies I used on
a regular basis. Then, a few months later I found out I'd missed one.....
Kaspersky is currently warning me of a few malware attacks each week,
mainly from websites mentioned on this newsgroup.
--
Tciao for Now!
John.
> Seriously, has anybody seen--or even heard--of a serious virus
> (including rootkit or malware) problem in Windows when using
> commercial antivirus protection?
Just say "malware" when you want to be all inclusive about malicious
software. Viruses are in only a smallish subcategory of malware. The
terms "rootkit", "adware" and "spyware" are really neutral (some are
malware, some are not).
That being said, even AV aimed at "prevention" has its achilles' heel -
and when prevention fails an attack against the AV can be launched,
which allows *everything* to circumvent it.
> One of the claims of the Linux crowd is that such problems are
> legion. But talking so some of the people at alt.comp.anti-virus I
> get the impression such problems are rare.
The Linux crowd is getting more and more like the Windows crowd every
day. :o)
> Who is more right?
It depends on whom you ask. :oD
The bottom line is that antivirus and antimalware programs only detect
*some* of what they try to detect. The best approach is to limit the
amount of malware that you expose those programs to. Adhering to best
practices may result in avoiding 95% (just a guess) of malware out
there. The rest will be worms (i.e. exploit based autoworms) and viruses
(downloaded from *reputable* sources).
34% of respondents had to reinstall/reimage Windows in the past 12 mounths.
> (...)
> Thanks for keeping this thread short Rex. I lerned a lot actually.
> Like I say, Windows is not bad at all vis-a-vis viruses.
Those numbers can't be generalized, but one third had to reinstall/reimage
at least once, and your classify it as "not bad at all"! Are you an idiot?
(just joking!)
Regards.
> Peter Köhlmann wrote:
>> Buffalo wrote:
>> It wasn't a conclusion from what was written in this thread
>
>>>> So the estimate that around 30% of all windows computers are infected
>> is "rare problems"
>
>>> Are you a politician??
>>> Same kind of logic they use.
>>> Buffalo
>>
>> Are you a Mac user? Those tend to be extremely stupid.
>> Or are you (even worse) a windows user?
>
> Another illogical comment . Must be a Republican !! Are you Rush L. in
> disguise??
Did you know that Peter is a Windows user? its true. He's a closed
source Windows programmer. In other words he is responsible for a lot of
the "brain dead" applications that run on Windows. Amazing isn't it? So
is his lickspittle "mini me" Chris Ahlstrom.
The question was about the subset of all Windows computers that are
"protected" by commercial AV, not the entire set of Windows computers
estimated (by you?) to be infested. I can guess that greater than that
30% of all Windows computers are completely unprotected (after their
bundled AV runs out).
>>
>>> How can you possibly be cleaning at least one nasty every month?
>>
>>> We don't buy it. Name the last virus you cleaned up.
>>
>> 'We' don't buy it, who the feck do you think you are trollboy?
>> Why do you think people have to answer to you?
>>
>> but if you insist:
>>
>> 19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.Chifrax.d
>> P:\System Volume
>
> This is indeed a nasty one,
> http://www.threatexpert.com/report.aspx?md5=02bf9f780a315067d1de4bf84c30a94f
>
> OK fine. So somebody caught a nasty virus. Perhaps they did not have
> AV software, perhaps they accidentally clicked on a button that
> installed it. Lots of possibilities here, it proves nothing. Just one
> data point of a possibly stupid person, possibly negligent. If they
> were running 7/Vista it would ask them permission before installing a
> program --XP is less secure in this regard.
Do you actually bother to read what other people write? This was an extract
from the Kaspersky log on MY PC. The Viruses came free with something I
downloaded. I didn't say they became active, Kaspersky stopped that.
If you're going to jump to conclusions and make stupid staements, here's one
for /you/. I assume you must get a problem with sticking keys on your PC
keyboard.
Now be a good chap, and go troll somewhere else.
--
SteveH
Any of you have opinions about the security built into Win 7 (UAC), and
about Microsoft Security Essentials?
> This is believable. I count myself as "two times" but both times were
> not for viruses, but because a certain program or two I installed
> would not uninstall itself properly. This is not a virus, as I define
> it.
>
> Thanks for keeping this thread short Rex. I lerned a lot actually.
> Like I say, Windows is not bad at all vis-a-vis viruses.
>
> RL
I've come to the conclusion, you ARE Skybuck Flying and I claim my Ł5
--
SteveH
The serious problem I see in regard to viruses in Windows is USERS! 'nuff
said! Those same LAZY users would not enjoy Linux one bit. But, like I
said, it pays the rent!
BB
> It compares 16 commercial programs, and finds Microsoft at #2,
> catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
> about all viruses, some of which as so obscure I'm sure you'll never
> seen one in the wild...
Detecting zoo viruses will skew results. The ability to detect them adds
no protection at all, since you won't be exposed to them. There is much
discussion about this in the AV community. I hold with those that would
ban zoo viruses from "test sets" except for showing that the technology
is there to detect them if they do ever make the ITW list.
Keep the technology that allows the detection of difficult viruses, even
if no viruses of that type are ITW, but exclude them from comparative
tests because to have no real world impact.
This neglects "in session" malware, and the possibility of detection and
escape from emulated environments.
This is an example of "recovery" (actually a restore) - AV is (was)
primarily a "prevention" scheme.
> OK, fine, but essentially your brother accidentally installed a
> program he should not have had--kind of like those junk shareware
> programs that infect your registry and can never be removed, even
> after Uninstall
I have urgently warned my friends and family against the use of
file-shareing freeware and such. Heck, convincing them to use even one
antivirus program reliably has proven impossible. Even though I remind
them, and help them, and check up on them, and explain and re-explain
the dangers, they just plain ignore me. They "forget" that it's
important, and forget to update, and forget to run scans, and when I set
the scans to be automatic, they cancel the scanning if they catch it
running, because "they are trying to do something" while it's running.
Look, the malware guys will keep winning and keep getting what they
want, because idiots aren't required to have a license to drive a
computer. It's just like nearly any idiot woman can become a mother.
It's a very touchy subject, because actually controlling what people do
becomes a rights issue. At this time, people generally have a right to
be idiots, even when it causes problems for others. What can you do?
You can't make stupidity illegal, or else 7/8th of the world's human
beings would have to be imprisoned.
It's clear why Linux is not the solution. Idiots can't use Linux.
Gloat all you want, you Linux lovers, but your services and businesses
are still going to be shut down, because the people running the world
are not you.
Yes. I had to clean up a Windows laptop last year despite things
being kept up to date and AV installed. The AV was bloody hopeless at
setecting it despite being kept up to date.
***
It might be worth considering that AVs are *never* up to date, and even
if they were capable of being so, would *still* miss some malware.
The key is to not expose the AV to malware.
***
But so far nobody has proved that viruses are a serious problem in
Windows.
***
Viruses are rare (unless you are in the "all worms are viruses" camp).
*Malware* is a serious problem in Windows.
***
> RayLopez99 wrote:
[...]
>> We don't buy it. Name the last virus you cleaned up.
>
> 'We' don't buy it, who the feck do you think you are trollboy?
> Why do you think people have to answer to you?
>
> but if you insist:
[...]
None of those were viruses.
Yes, while using XP. I clicked on a site from a cigar NG that sold torch
lighters. Got shot to some chinese site and my "free" CA AV program lit up
like a xmas tree. It warned me of the infection and supposedly deleted it.
But it wasn't gone. It eventually took over the whole machine and ended up
doing a reformat to regain control. Needless to say that was the end of my
using CA products...whatever the price.
Malware, whatever. I think you'll find the PC in question don't give a fuck
what it is when it falls over from one. But while people want to pay me to
clean their infected PC's for them, neither do I.
--
SteveH
RL, you seem to be a combative personality type based on your posts.
Many people that do REAL work use IM all over the planet, many
development teams, support teams, etc...
What you seem to be missing is the concept of how malware is spread on
windows machines - exploits and social engineering as well as drive-by
web attacks. Like many malware spread via IM, Facebook, email, they all
appear to be legit attachments, files, links, until you inspect them and
for most people that's too late.
I've already proven that having an Antivirus solution doesn't protect
you in all cases. We've all, at least those of us that run IT companies,
have seen exploits get past "Local User" accounts, such as the SQL
injection ones....
So, running as a local user, with any version of anti-virus software
from any vendor, all patches installed from MS, I've seen, first hand,
hundreds of Windows WP and now Vista/Win 7 computers compromised.
Oh, and most of those computers were not using IM, didn't even have it
installed.
As I've said, you seem to be a combative type person and you don't want
to learn from those of us that have real-world, decades of experience
doing this.
HA HA HA - and yet it just about shutdown internet use for days in many
locations.
You really didn't look very long or hard, it's one of the largest events
in the history of the internet.
http://en.wikipedia.org/wiki/SQL_slammer_%28computer_worm%29
I figure if it's off, an infected computer can do less damage.
Somebody out there keeps advising people that it's "better for the
computer" to leave it on all the time. If you are one of the people
that is doing that, stop doing that. A computer is not a refrigerator:
the data won't go bad if the power is off.
Please, guys and gals, urge your friends and customers to turn the
computers off when they are not using them... unless there is a
compelling reason to do otherwise.
I don't think it's too extreme to ask people to remain unconnected from
the net unless they are actively sending/receiving. A person doesn't
have to be connected to compose an email, only to send it.
I have seen a case of malware that disabled the antivirus (Avira), disabled
windows update, disabled access to antivirus web sites, and disabled the
administrator account (changed the password). Also, it was consuming
bandwidth like crazy.
Regards.
Anybody else? So far nobody has proved a serious true virus infection
has occurred on a Windows machine.
***
Well, I guess you're going to have to tell us what your definition of a
"true virus" is. I suspect that you're after the reason AV would still
be needed even if everyone followed safe practices otherwise. There
haven't been that many viruses running in trusted channels lately,
mostly because the money is in other types of malware that partake of
the low hanging fruit.
If a USB Battery charger's companion software can be a trojan, certainly
it is not out of the realm of possibility that a vendor could pass a
virus *unintentionally* in their otherwise legitimate software. That is
one consequence of infectious self-replication - it is an automatic
trojan creator. I would say that it is *more* likely to find a "virus"
in a legitimately obtained program file than it would be to find a
trojan function (in fact, I can't recall another case where the malware
was intentionally included, usually it was a virus).
***
> Yes, while using XP. I clicked on a site from a cigar NG that sold
> torch lighters. Got shot to some chinese site and my "free" CA AV
> program lit up like a xmas tree. It warned me of the infection and
> supposedly deleted it. But it wasn't gone. It eventually took over the
> whole machine and ended up doing a reformat to regain control.
> Needless to say that was the end of my using CA products...whatever
> the price.
So, you blamed your AV program for what probably resulted from a
browser, script, or pdf exploit. Your AV program probably detected only
one part of the total amount of malware instantiated in the attack.
Don't be fooled into believing the better AVs will be that much better.
> People I meet have many times asked me if they should shut their
> Windows computers off at night, and I always say, "Yes, keep your PC
> off unless you are using it."
Yep, same with the bathroom lights.
...and with the PC it becomes less accessible and thus less useful to
outsiders.
> I figure if it's off, an infected computer can do less damage.
It is best to ensure an infected computer is not connected to others.
Off is generally a good idea, but in some cases the "damage" can be done
by your turning it off.
> Somebody out there keeps advising people that it's "better for the
> computer" to leave it on all the time.
That argument goes back and forth. Mostly it is wear and tear due to
thermal expansion/contraction, and motor startup surges cited. It's
true, but it's less true than it used to be.
> If you are one of the people that is doing that, stop doing that. A
> computer is not a refrigerator: the data won't go bad if the power is
> off.
I even poweroff my laptop rather than let it sleep or hibernate.
> Please, guys and gals, urge your friends and customers to turn the
> computers off when they are not using them... unless there is a
> compelling reason to do otherwise.
Most everybody I know does already. :o\
> I don't think it's too extreme to ask people to remain unconnected
> from the net unless they are actively sending/receiving. A person
> doesn't have to be connected to compose an email, only to send it.
Well, I connect to the LAN and the WAN at the same time. Actually, the
cable company owns the equipment and it is (nearly) always on.
>People I meet have many times asked me if they should shut their Windows
>computers off at night, and I always say, "Yes, keep your PC off unless
>you are using it."
>
>I figure if it's off, an infected computer can do less damage.
I agree with the advice, although I don't follow it myself. To me, the
primary reason for turning a system off is to save electricity.
Actualy the quiescent temperature is better since you dont have hard drive warming
exapnsion and drive cooling contraction cycles adding tom the wear and tear factor and
aging of a hard disk.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>From: "Char Jackson" <no...@none.invalid>
>
>| On Tue, 23 Mar 2010 18:57:13 -0400, ToolPackinMama
>| <philn...@comcast.net> wrote:
>
>>>People I meet have many times asked me if they should shut their Windows
>>>computers off at night, and I always say, "Yes, keep your PC off unless
>>>you are using it."
>
>>>I figure if it's off, an infected computer can do less damage.
>
>| I agree with the advice, although I don't follow it myself. To me, the
>| primary reason for turning a system off is to save electricity.
>
>
>Actualy the quiescent temperature is better since you dont have hard drive warming
>exapnsion and drive cooling contraction cycles adding tom the wear and tear factor and
>aging of a hard disk.
Probably true, but I have no evidence, even anecdotal evidence, to
indicate that it makes an appreciable difference in equipment life. :)
I've been using windows for years, never had a virus. It's not that I
think windows is necessarily better, but it runs the apps I want to use.
I've no doubt others do get these things, but since I've no idea what
they are doing when they get infected I'm in no position to comment. As
to being stupid I'm too old to worry about such trivial matters.
I feel constrained to point out that if they can't be bothered to keep
their PC free of malware, that it's probably better if their equipment
fails sooner.
> installed itself on every floppy that was used on their system, and on
> mine until I disinfected every single one of the 150 floppies I used on
> a regular basis. Then, a few months later I found out I'd missed one.....
>
OK, a great war story. But seriously John, in the modern era have you
ever had a virus? Which one? Name please? And why did it slip past
your AV shield?
> Kaspersky is currently warning me of a few malware attacks each week,
> mainly from websites mentioned on this newsgroup.
Sure John. And people die of AIDS from having unprotected sex. Not
to make fun of it, but it's a disease of the ignorant. Back in the
days BEFORE protection intelligent people did get AIDS--mostly gay
men, but intelligent nevertheless--however, in the "modern" era the
rate of infection amongst these (smarter) people--with exceptions that
prove the rule like some people I've read who refuse to wear
protection--has slowed.
Same with computer viruses. In our modern era John, who is getting
infected? Nobody SAVE zero-day attack victims.
So let's ask this question: have you or anybody you know ever been a
zero-day attack victim? Nope? Didn't think so.
Anybody else?
RL
OK, thanks will do that.
>
> That being said, even AV aimed at "prevention" has its achilles' heel -
> and when prevention fails an attack against the AV can be launched,
> which allows *everything* to circumvent it.
I see. Interesting theory.
>
> > One of the claims of the Linux crowd is that such problems are
> > legion. But talking so some of the people at alt.comp.anti-virus I
> > get the impression such problems are rare.
>
> The Linux crowd is getting more and more like the Windows crowd every
> day. :o)
>
> > Who is more right?
>
> It depends on whom you ask. :oD
Yes, true.
>
> The bottom line is that antivirus and antimalware programs only detect
> *some* of what they try to detect. The best approach is to limit the
> amount of malware that you expose those programs to. Adhering to best
> practices may result in avoiding 95% (just a guess) of malware out
> there. The rest will be worms (i.e. exploit based autoworms) and viruses
> (downloaded from *reputable* sources).
OK, that 5% interests me. But as a scientist I believe in
verification. Anybody get infected by that 5%, and by what, did it
have a name? The only thing I can think of is: (1) unnamed viruses
not get discovered by Kaspersky or whoever, and, (2) zero-day attacks
by new viruses (or variants of old) that Kaspersky sends out the patch
but a day late.
RL
> Did you know that Peter is a Windows user? its true. He's a closed
> source Windows programmer. In other words he is responsible for a lot of
> the "brain dead" applications that run on Windows. Amazing isn't it? So
> is his lickspittle "mini me" Chris Ahlstrom.
LOL. But Hadron you assume Peter's code is actually being used. More
likely he is part of a team and as a junior programmer his work is
redone (and done right) by a senior programmer. The senior programmer
would have fired Peter by now, but doesn't want to rock the boat and
besides, it gives the senior guy something to do: debugging Peter's
code. I've seen this arrangement in practice.
RL
> The question was about the subset of all Windows computers that are
> "protected" by commercial AV, not the entire set of Windows computers
> estimated (by you?) to be infested. I can guess that greater than that
> 30% of all Windows computers are completely unprotected (after their
> bundled AV runs out).
Thanks. I just realized that by including two newsgroups in addition
to comp.os.linux.advocacy, namely alt.comp.anti-virus,
alt.comp.hardware.pc-homebuilt, you get smarter answers.
Perhaps it's right what people first told me about COLA: it's just a
place for flaming, not serious advocacy. Shame really, as I do think
Linux does a few things better than Window (the virtual directory
scheme of Unix comes to mind).
RL
> > Point being, I never have caught a virus from porn sites, which are
> > known to have viruses. Safe Hex.
>
> Woosh!
Sorry this obscure cultural idiosyncracy escaped me--maybe you mean
"swoosh", meaning you scored a point in basketball (basket as it's
called here)? Or you calling me a "wush"? Whatever.
> > OK fine. So somebody caught a nasty virus. Perhaps they did not have
> > AV software, perhaps they accidentally clicked on a button that
> > installed it. Lots of possibilities here, it proves nothing. Just one
> > data point of a possibly stupid person, possibly negligent. If they
> > were running 7/Vista it would ask them permission before installing a
> > program --XP is less secure in this regard.
>
> Do you actually bother to read what other people write? This was an extract
> from the Kaspersky log on MY PC. The Viruses came free with something I
> downloaded. I didn't say they became active, Kaspersky stopped that.
OK, you lost. You just VERIFIED (do you bother to read what people
write?) what I had said: the virus was accidentally installed by the
victim, and, further, Kaspersky worked to stop said virus.
WOOSH!
Seriously, anybody ever been infected by a virus in Windows with AV
software running? Anybody?
RL
Well said. You nailed the reason why Windows pays the rent, enjoys 90%
+ market share, and is not secure: the dumb lazy users of Windows are
responsible.
By contrast in Linux land it's secure--what respectable virus writer
wants to write a Linux virus, with the mere 1% market share Linux
'enjoys'?--but until perhaps recently you had to "load" and "unload"
your external drives, like floppy drives, using commands. I'm sure
with "KDE" or "Knome", their GUI, it's now changed, but probably not
by much.
RL
Excellent point. Shows me you know your stuff.
If you care to share whether you've ever seen basically the only way a
properly protected Windows system will ever be infected, save user
negligence (installing a virus), that is, a zero-day attack, feel free
to share.
So, let me rephrase the question as it's becoming clearer by the post
what the real issue is:
aside from historical stories back in the days of the SneakerNet,
aside from sorority sisters who don't practice Safe Hex and don't use
AV programs, aside from negligent or stupid users who accidentally or
otherwise install viruses or malware, has anybody seen the one and
only way a properly configured Windows machine can ever be infected by
viruses or malware, namely, a zero-day attack?
RL
>
> Yes. I had to clean up a Windows laptop last year despite things
> being kept up to date and AV installed. The AV was bloody hopeless at
> setecting it despite being kept up to date.
Urban Legend? I think you are sincere, but if it's not too much of a
bother if you can recall the name of the virus (if it had a name) that
would be great, unless giving away this name would identify the
customer/client/victim of the malware. In other words, how could the
malware infect the laptop--unless it was a zero-day attack or the user
installed it by mistake?
In short, as I code, I know that computers are very predictable. If
your AV program is configured to catch virus "X" then it will catch
it--and you will not be infected. As for the 30-70% of malware that
are not caught (see the PDF in this thread), this could be "zoo" type
malware that is included in the figure but in practice is never seen
'in the wild'.
RL
Seems you know what you are talking about, unlike the vast majority in
COLA (linux group).
What do you see as "malware" in Windows that's a serious problem?
(I'm not arguing, just asking since I'm curious). Stuff like toolbars
that are always being asked to be installed in your browser, that
would require user input to be installed? Or stuff automatically
installed? Or something else?
RL
> Yes, while using XP. I clicked on a site from a cigar NG that sold torch
> lighters. Got shot to some chinese site and my "free" CA AV program lit up
> like a xmas tree. It warned me of the infection and supposedly deleted it.
> But it wasn't gone. It eventually took over the whole machine and ended up
> doing a reformat to regain control. Needless to say that was the end of my
> using CA products...whatever the price.
Great story,and believable. Shows CA (which I think at one point I
even had, if it goes by the name "Sammy" and had an icon of a troll
like figure that was supposedly protecting your machine) is no good.
Switch to Microsoft's AV offering (see the report), or Avant?! (or the
other one that starts with an 'A'), which were #2 and #1 on the list,
or Kaspersky (top 33%) or even Webroot's Sophos AV engine offering,
which I use on this XP machine (it was slightly below average on the
list, but like I say I've not had any problems and I surf porn
sites). Don't use the stuff like CA ranked at the bottom or not even
on the list.
But all this does not refute the main point thread...
Anybody else?
RL
Projection noted.
> Many people that do REAL work use IM all over the planet, many
> development teams, support teams, etc...
I suppose if you are in sales. Development teams? Why? Except for
group online meetings, and even, then (Skype video is better) I would
think email is better...but perhaps you're right.
>
> What you seem to be missing is the concept of how malware is spread on
> windows machines - exploits and social engineering as well as drive-by
> web attacks. Like many malware spread via IM, Facebook, email, they all
> appear to be legit attachments, files, links, until you inspect them and
> for most people that's too late.
Fine. THEORY. Give me a real work EXAMPLE Leythos.
>
> I've already proven
HA HA HA. A comedian. A combative comedian. Andrew Dice Clay your
show name?
> that having an Antivirus solution doesn't protect
> you in all cases. We've all, at least those of us that run IT companies,
> have seen exploits get past "Local User" accounts, such as the SQL
> injection ones....
BU LL S H IT. Now you've become the "Rex Ballard" of C.O.L.A. SQL
injection attacks are ancient history and obsolete, due to the way
commands are entered, parametrically, in ADO.NET (Windows database
language). I know, as I code. Any other falsehoods you care to
share?
>
> So, running as a local user, with any version of anti-virus software
> from any vendor, all patches installed from MS, I've seen, first hand,
> hundreds of Windows WP and now Vista/Win 7 computers compromised.
Nope. You have not seen. What you've seen (and I've seen this too) is
a corporation get infected because a user installed a virus by
mistake, and sent it around to co-workers (typically via email) who
did not have the latest AV patches installed on their machines.
Corporations use old hardware and software and are often behind the
times in Safe Hex.
>
> Oh, and most of those computers were not using IM, didn't even have it
> installed.
>
Oh, really? Oh. Doubtful. How did they get infected then?
RL
> HA HA HA - and yet it just about shutdown internet use for days in many
> locations.
>
> You really didn't look very long or hard, it's one of the largest events
> in the history of the internet.
>
> http://en.wikipedia.org/wiki/SQL_slammer_%28computer_worm%29
Proves my point: a zero day attack and when did this happen? 05:30
UTC on January 25, 2003.
Ancient history, like your name.
Goodbye Leythos (sounds Greek to me!)
RL
It was *not* a zero day attack. The vulnerability was known and a patch was
available a good number of months prior to the attack. Learn the terminology
before posting.
Any way, for a virus to stop these kinds of attacks (remote buffer overruns)
it would have to filter the network traffic, and that is impractical for any
server with significant traffic.
Regards.
SQL injection vulnerabilities (and attacks) are very common, very current,
and will continue to be for the foreseeable future, much like other kinds of
vulnerabilities.
Do you really think that just by using ADO.NET you have eliminated the
possibility for SQL injection vulnerabilities? Are you that clueless?!
Just because a database access framework like ADO.NET allows for
parametrized queries does not mean that everyone uses them correctly all the
time, or uses them at all.
Regards.
Recently, I was given a computer from a friend which had XP on it and my
AVG was fine until yesterday, when it found what it said was spyware (a
genuine file from bt called btwebcontrol.dll). Nothing wrong with it.
They used to have BT broadband. It also found a file in the system
restore which it categorised under the same virus name, which I am
presuming is the exact same file, except it's just called A0000462.dll.
2 false positives. It seems these days AVG is finding files in system
restore which it didn't have a problem with previously and I am happy to
accept are genuine files and not any kind of virus. Your logs seem to
indicate the same habit from Kaspersky.
--
Pete Ives
Remove All_stRESS before sending me an email
You mean like maintenance that happens after the users are done using
the computer?
You mean like AV scans that happen at night so that they don't impact
the user during the normal use hours?
You mean like windows updates between 3AM and 4AM?
You mean like remotely connecting to the computer to work?
In 30+ years of working with computers I've had exactly 1 malware on a
computer I own/control and my own computers as well as most of the
computers at our customers sites run 24/7.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam9...@rrohio.com (remove 999 for proper email address)
If you've worked with Electronics for any length of time, and with
devices that have bearings, you would know, without guessing, that
turning off a device increases chances of a problem when you try and use
it again. There are also times when a device fails due to normal
wear/tear/age....
Based on your cross posting changes, your inability to comprehend real
issues and their causes, I can only assume that you're trolling.
I see you've graduated to troll status.
In my experience with Windows, the only reason I would have to re-
install because of a virus infection would be if I couldn't get into the
O/S at all. Either normally or in safe mode. Even then you can remove
the HD and scan it from another machine to see if it is actually a virus
prevent startup or some other problem. If you can get into the O/S you
can get rid of any virus. Period.
Virii have a source. A point of origin when the computer starts.
Eliminate the start point or points from running and the virus becomes
dormant and you can then remove it without it putting itself back on
your system.