From: Gerald Vogt on
Poprivet` wrote:
> ChronJob wrote:
>> "Luis Ortega" <lortega(a)ntlworld.com> wrote in
>> news:rKX1j.43682$T8.871(a)newsfe5-win.ntli.net:
>>
>>> Thanks. My understanding of router firewalls is that they only block
>>> incoming traffic and if there is some malware on the system then
>>> outgoing stuff is not blocked. Is that correct?
>>>
>>>
>> If you've got malware on your system you're already done, cooked,
>> finished, hacked, and compomised. The ONLY serious remedy at that
>> point is to flatten your system and rebuild it.
>
> There are very few good reasons to "rebuild" a system. Much better to start
> with AV and an arsenal of spyware tools to clean things up as much as
> possible. Results might be faster obtained, too.

I would not want to run a computer cleaned up "as much as possible"
leaving some malware undetected behind because that malware so well
hidden is the really dangerous one. A trojan, key logger, similar.

If you use the computer to send a single password, credit card number,
or any thing else personal I would never use a computer which is cleaned
up "as much as possible".

Either reinstall the computer or restore a 100% sure clean system image.
IMHO anything else is bad advice.

Gerald
From: Lars-Erik �sterud on
> There are very few good reasons to "rebuild" a system. Much better to start

Haven't rebuild my system since I installed Win98se.
When I upgraded to XP I cloned the Win98se partition.
Still stable as ****. OK, I do some reg cleaning, but.
--
Lars-Erik - http://www.osterud.name - ICQ 7297605
WinXP, Asus P4PE, 2.53GHz, 1GB, MSI 7600GS, SB-Live
From: HEMI-Powered on
Gerald Vogt added these comments in the current discussion du
jour ...

>>> If you've got malware on your system you're already done,
>>> cooked, finished, hacked, and compomised. The ONLY serious
>>> remedy at that point is to flatten your system and rebuild
>>> it.
>>
>> There are very few good reasons to "rebuild" a system. Much
>> better to start with AV and an arsenal of spyware tools to
>> clean things up as much as possible. Results might be faster
>> obtained, too.
>
> I would not want to run a computer cleaned up "as much as
> possible" leaving some malware undetected behind because that
> malware so well hidden is the really dangerous one. A trojan,
> key logger, similar.
>
> If you use the computer to send a single password, credit card
> number, or any thing else personal I would never use a
> computer which is cleaned up "as much as possible".
>
> Either reinstall the computer or restore a 100% sure clean
> system image. IMHO anything else is bad advice.
>
Nice name, Gerald, same as mine! I completely agree with you
here. Before I run a periodic image backup with Acronis True
Image 9.0, about once every 6-8 weeks, I first do as exhaustive a
malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest
Patrol, and NAV 2006 (in addition to the latter 2 running all the
time) because it makes no sense to image an infected HD. Still, I
am never completely sure it is clean, probably I never will be
but at least I don't notice any obvious or even subtle signs of
an infection.

--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II
From: Kayman on
On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:

> Nice name, Gerald, same as mine! I completely agree with you
> here. Before I run a periodic image backup with Acronis True
> Image 9.0, about once every 6-8 weeks, I first do as exhaustive a
> malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest
> Patrol, and NAV 2006 (in addition to the latter 2 running all the
> time)...

Is security software becoming a security risk?

http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html

"People think that putting one AV engine after another is somehow defense
in depth. They think that if one engine doesn't catch the worm, the other
will catch it," he said. "You haven't decreased your attack surface; you've
increased it because every AV engine has bugs"

Although attackers have exploited parsing bugs in browsers for years now
with some success, Zoller believes that because antivirus software runs
everywhere and often with greater administrative rights than the browser,
these flaws could lead to even greater problems in the future.

The bottom line, he says, is that antivirus software is broken. "One e-mail
and boom, you're gone," he said.

Zoller says he has been criticized by his peers in the security industry
for "questioning the very glue that holds IT security all together," but he
believes that by bringing this issue to the forefront, the industry will be
forced to address a very real security problem.
---
Interesting report:
(Though Russ Cooper, a senior scientist with Verizon Business, had some
criticism for the work of n.runs)

The Death of Anti-Virus Defense.

http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf
--
Security is a process not a product.
(Bruce Schneier)
From: HEMI-Powered on
Kayman added these comments in the current discussion du jour
....

> On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:
>
>> Nice name, Gerald, same as mine! I completely agree with you
>> here. Before I run a periodic image backup with Acronis True
>> Image 9.0, about once every 6-8 weeks, I first do as
>> exhaustive a malware scan as I can including Ad-Aware, Spy
>> Bot, eTrust Pest Patrol, and NAV 2006 (in addition to the
>> latter 2 running all the time)...
>
> Is security software becoming a security risk?
>
> http://www.infoworld.com/article/07/11/21/Is-security-software-
> becoming-a-security-risk_1.html
>
> "People think that putting one AV engine after another is
> somehow defense in depth. They think that if one engine
> doesn't catch the worm, the other will catch it," he said.
> "You haven't decreased your attack surface; you've increased
> it because every AV engine has bugs"

I don't think anyone thinks that having more than one true AV
utility running at a time is a good idea. But, what I listed
running all the time, eTrust Pest Patrol, commercial Zone Alarm,
and NAV 2006 are all intended to do different things in different
ways. And, running Ad-Aware and Spy Bot Search & Destroy as
separate utilities periodically do yet another security-related
purpose. So, I see no conflicts here.

Now, as to one malware scanner finding things another misses, I
don't think this is uncommon or unexpected behavior as the
creation of definitions to detect new threats is not done in
tandem with other developers and different specific utilities
perform in entirely different ways.

> Although attackers have exploited parsing bugs in browsers for
> years now with some success, Zoller believes that because
> antivirus software runs everywhere and often with greater
> administrative rights than the browser, these flaws could lead
> to even greater problems in the future.
>
> The bottom line, he says, is that antivirus software is
> broken. "One e-mail and boom, you're gone," he said.
>
> Zoller says he has been criticized by his peers in the
> security industry for "questioning the very glue that holds IT
> security all together," but he believes that by bringing this
> issue to the forefront, the industry will be forced to address
> a very real security problem. ---
> Interesting report:
> (Though Russ Cooper, a senior scientist with Verizon Business,
> had some criticism for the work of n.runs)
>
> The Death of Anti-Virus Defense.
>
> http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisi
> ting_Anti-Virus_Software.pdf

Interesting. What there's a "death" of, IMO, is people who're
aware enough to pay attention to safe computing and have at least
a modicum of defenses against the bad guys. The popular malware
utilities will catch the vast majority of common threats but if
one's PC is attacked by a sophisticated enough hacker or
whatever, it is doubtful that any software will catch it.

--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II