Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?
in [Home Built PC]
|
From: RayLopez99 on 25 Mar 2010 06:02 On Mar 25, 2:25 am, Dustin Cook <bughunter.dus...(a)gmail.com> wrote: > > Believe it. I did a service call this afternoon, modern cable modem > install. The customer declined (yep!) the free router included and opted > to plug directly into the cable modem via USB instead of the NIC card. > The customer contacted me due to a "virus" issue they sustained about 3 > hours after going online. > > It was a bootlegged windows XP pro system with no service pack; and this > is the funniest part, actually using the original blacklisted key; which > is why it had no service packs....Plugged directly into the cable modem, > bypassing any benefits the router would have offered them (they're > rebranded linksys routers), slower speed, and a nice antivirus2010XP > infection. Slower speed when you don't use a NIC card but use a USB makes sense. Router would I think have a hardware firewall, but in theory a software firewall should also do the trick, though I have both running on my machines. Good war story, and it shows it's not Windows at fault, but the user. And the user is pretty dumb, though people like him keep you employed. RL
From: RayLopez99 on 25 Mar 2010 06:07 On Mar 25, 2:29 am, Leythos <spam999f...(a)rrohio.com> wrote: > If I have serious reason to believe a computer is using pirated software > I won't touch it - I provide a signed statement of the work we do, > including anything we suggest, it would leave us liable in the case of > an audit. Well you're too cautious. My Vista machine is using what is probably pirated software in the OS (Vista Ultimate), I would imagine, since it cost $5 in Bangkok to buy. But it was shrinkwrapped and bought from an indoor store, not from a vendor in the street (and that's my defense). But insofar as I can tell, and I've had it several years, no viruses were in it and nobody else has my personal information--if they did they would have struck by now. Same goes for most of my other software. Then these Linux advocates have the GALL to claim that "Linux is cheaper". Balderdash! RL
From: RayLopez99 on 25 Mar 2010 06:10 On Mar 25, 2:58 am, "FromTheRafters" <erra...(a)nomail.afraid.org> wrote: > In short, as I code, I know that computers are very predictable. If > your AV program is configured to catch virus "X" then it will catch > it--and you will not be infected. > > *** > Not *always* the case. Sometimes the signature is in the virus body and > the self-decryptor has to run in emulation for a time before revealing > said virus body. If the self-dycryptor has emulation detection > capability it may fail to reveal the body when it detects that it is > being *watched*. > *** OK, I see. But the bottom line is that AV vendors have an incentive to hype up lack of security, and i've not seen it done, ergo,there's no problem to hype. Excerpt below verifies what I have said in this thread. RL http://threatpost.com/en_us/blogs/future-botnets-031510?utm_source=Threatpost+Spotlight+Email&utm_medium=Email+Marketing+-+CRM+List&utm_campaign=Threatpost+Spotlight&CID= Considering the stakes in today's security game, gleaning intelligence from professional attackers is an invaluable experience for researchers on the other side of the ball. Robert Hansen, a security researcher and CEO of SecTheory, has been doing just that in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. In a blog post describing one such conversation, Hansen says that the attacker was lamenting the difficulty of executing targeted attacks against machines in high-value networks. Security systems are doing a fairly good job of making life difficult for him. Hes not the type to hack randomly, hes only interested in targeted attacks with big payouts. Sure, if you really work at it for days or weeks youll get in, almost always, but its not like it used to be where youd just run a handful of basic tests and you were guaranteed to break in. The risk is that now when he sends his mules to go cash out, theres a chance theyll get nailed. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high. Hansen's solution to the hacker's problem provides a glimpse into a busines model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in.
From: RayLopez99 on 25 Mar 2010 06:20 On Mar 25, 7:53 am, Dustin Cook <bughunter.dus...(a)gmail.com> wrote: > Like I said in my previous response to you, I've been in the PC field for > a very long time. I was A+ certified when it was still a "cool" thing to > waste money on. Just curious, but what is your hourly rate or do you get paid by the job? And I'm sure you would be a perfect witness on the stand if I were trying to prove that it's not Windows but the user who is at fault in nearly any security breach. SAVE for Zero-Day attacks, which cannot be prevented by definition (not even in Linux I would imagine), it seems Windows machines get infected by users who don't have the proper security on their machines, as documented by Belarc for example. BTW, anybody follow all the Safe Hex recommendations of Belarc Advisors? I think there are too many. I usually score 2 or 3 stars out of five, but even so I've never had a virus problem. RL
From: Sjouke Burry on 25 Mar 2010 06:48
RayLopez99 wrote: > On Mar 25, 7:53 am, Dustin Cook <bughunter.dus...(a)gmail.com> wrote: >> Like I said in my previous response to you, I've been in the PC field for >> a very long time. I was A+ certified when it was still a "cool" thing to >> waste money on. > > Just curious, but what is your hourly rate or do you get paid by the > job? > > And I'm sure you would be a perfect witness on the stand if I were > trying to prove that it's not Windows but the user who is at fault in > nearly any security breach. SAVE for Zero-Day attacks, which cannot > be prevented by definition (not even in Linux I would imagine), it > seems Windows machines get infected by users who don't have the proper > security on their machines, as documented by Belarc for example. > > BTW, anybody follow all the Safe Hex recommendations of Belarc > Advisors? I think there are too many. I usually score 2 or 3 stars > out of five, but even so I've never had a virus problem. > > RL The same here, Belarc is trying to sell something, or they try to tell you that you should be behind a corporate net, with all permissions denied and blocked...... |