I received a warning from Google ......
in [Anti-Virus]
|
From: FromTheRafters on 13 Aug 2010 19:09 "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d(a)bt.com... > Dustin wrote: >> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in >> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d(a)bt.com: >> >>> Dustin wrote: >>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in >>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d(a)bt.com: >>>> >>>>> /I/ think *Dustin* is wrong. *I believe that installing an >>>>> anti-virus programme on an already compromised machine is, in all >>>>> probability, a futile exercise*. >>>> >>>> LOL, you would certainly be in the minority if you think I was >>>> wrong in the advice I provided concerning malware. > > [....] > > > What FTR actually said ..... > > "True, it could be installed and be kept from accessing certain areas > by a rootkit". > > Do you *really* disagree with that? One thing you are apparently not getting the significance of is that the "installation software" for the proposed AV that you want to install on the "compromised" machine likely has its own detection software for known malware (including some rootkits) *and* rootkit detection software that alerts to inconsistancies in what is presented through APIs to the other tools due to filter drivers and the like. It may be impossible to install such AV programs on a "compromised" machine, if the preinstallation detection software is aware of, yet not capable of removing detected malicious activity - it may tell you that you need to address the other issue before attempting to install that software (I'm not aware of this actually happening though). The most likely scenario is that the installation goes off smoothly without a hitch on *most* compromised machines (removing the compromise in the process) - which, I believe, is Dustin's point.
From: David H. Lipman on 13 Aug 2010 19:29 From: "FromTheRafters" <erratic(a)nomail.afraid.org> | "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message | news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d(a)bt.com... >> Dustin wrote: >>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in >>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d(a)bt.com: >>>> Dustin wrote: >>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in >>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d(a)bt.com: >>>>>> /I/ think *Dustin* is wrong. *I believe that installing an >>>>>> anti-virus programme on an already compromised machine is, in all >>>>>> probability, a futile exercise*. >>>>> LOL, you would certainly be in the minority if you think I was >>>>> wrong in the advice I provided concerning malware. >> [....] >> What FTR actually said ..... >> "True, it could be installed and be kept from accessing certain areas >> by a rootkit". >> Do you *really* disagree with that? | One thing you are apparently not getting the significance of is that the | "installation software" for the proposed AV that you want to install on | the "compromised" machine likely has its own detection software for | known malware (including some rootkits) *and* rootkit detection software | that alerts to inconsistancies in what is presented through APIs to the | other tools due to filter drivers and the like. | It may be impossible to install such AV programs on a "compromised" | machine, if the preinstallation detection software is aware of, yet not | capable of removing detected malicious activity - it may tell you that | you need to address the other issue before attempting to install that | software (I'm not aware of this actually happening though). | The most likely scenario is that the installation goes off smoothly | without a hitch on *most* compromised machines (removing the compromise | in the process) - which, I believe, is Dustin's point. That a case of an in situ installation of a fully installed AV soloution. That's not the case of of the hard disk being removed and placed within a surrogate. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Dustin on 13 Aug 2010 19:30 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in news:i44jam$47j$1(a)news.eternal-september.org: > "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message > news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d(a)bt.com... >> Dustin wrote: >>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in >>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d(a)bt.com: >>> >>>> Dustin wrote: >>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in >>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d(a)bt.com: >>>>> >>>>>> /I/ think *Dustin* is wrong. *I believe that installing an >>>>>> anti-virus programme on an already compromised machine is, in >>>>>> all probability, a futile exercise*. >>>>> >>>>> LOL, you would certainly be in the minority if you think I was >>>>> wrong in the advice I provided concerning malware. >> >> [....] >> >> >> What FTR actually said ..... >> >> "True, it could be installed and be kept from accessing certain >> areas by a rootkit". >> >> Do you *really* disagree with that? > > One thing you are apparently not getting the significance of is that > the "installation software" for the proposed AV that you want to > install on the "compromised" machine likely has its own detection > software for known malware (including some rootkits) *and* rootkit > detection software that alerts to inconsistancies in what is > presented through APIs to the other tools due to filter drivers and > the like. > > It may be impossible to install such AV programs on a "compromised" > machine, if the preinstallation detection software is aware of, yet > not capable of removing detected malicious activity - it may tell > you that you need to address the other issue before attempting to > install that software (I'm not aware of this actually happening > though). > > The most likely scenario is that the installation goes off smoothly > without a hitch on *most* compromised machines (removing the > compromise in the process) - which, I believe, is Dustin's point. > > > Nicely put, FTR.. -- "I like your Christ. I don't like your Christians. They are so unlike your Christ." - author unknown.
From: Dustin on 13 Aug 2010 19:31
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in news:i44kh0011hs(a)news2.newsguy.com: > From: "FromTheRafters" <erratic(a)nomail.afraid.org> > >| "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message >| news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d(a)bt.com... >>> Dustin wrote: >>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in >>>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d(a)bt.com: > >>>>> Dustin wrote: >>>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in >>>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d(a)bt.com: > >>>>>>> /I/ think *Dustin* is wrong. *I believe that installing an >>>>>>> anti-virus programme on an already compromised machine is, in >>>>>>> all probability, a futile exercise*. > >>>>>> LOL, you would certainly be in the minority if you think I was >>>>>> wrong in the advice I provided concerning malware. > >>> [....] > > >>> What FTR actually said ..... > >>> "True, it could be installed and be kept from accessing certain >>> areas by a rootkit". > >>> Do you *really* disagree with that? > >| One thing you are apparently not getting the significance of is >| that the "installation software" for the proposed AV that you want >| to install on the "compromised" machine likely has its own >| detection software for known malware (including some rootkits) >| *and* rootkit detection software that alerts to inconsistancies in >| what is presented through APIs to the other tools due to filter >| drivers and the like. > >| It may be impossible to install such AV programs on a "compromised" >| machine, if the preinstallation detection software is aware of, yet >| not capable of removing detected malicious activity - it may tell >| you that you need to address the other issue before attempting to >| install that software (I'm not aware of this actually happening >| though). > >| The most likely scenario is that the installation goes off smoothly >| without a hitch on *most* compromised machines (removing the >| compromise in the process) - which, I believe, is Dustin's point. > > > That a case of an in situ installation of a fully installed AV > soloution. > > That's not the case of of the hard disk being removed and placed > within a surrogate. Well, once you remove the host drive and take the suspect bad host out of the equisation, it does make life easier for hunting malware. :P -- "I like your Christ. I don't like your Christians. They are so unlike your Christ." - author unknown. |