Prev: AVG with Google Chrome
Next: Seriously, has anybody ever seen a serious virus problem inWindows when using AV protection?
From: FromTheRafters on 24 Mar 2010 20:58 "RayLopez99" <raylopez88(a)gmail.com> wrote in message news:612fa39b-70b6-4c4b-ae4a-218b3b26a1cc(a)z3g2000yqz.googlegroups.com... On Mar 23, 11:27 pm, "FromTheRafters" <erra...(a)nomail.afraid.org> wrote: > > Yes. I had to clean up a Windows laptop last year despite things > being kept up to date and AV installed. The AV was bloody hopeless at > setecting it despite being kept up to date. *** That wasn't me, my contributions are either indented properly, or fixed between the *** and the *** when "quoted-printable" like this post. *** [...] In short, as I code, I know that computers are very predictable. If your AV program is configured to catch virus "X" then it will catch it--and you will not be infected. *** Not *always* the case. Sometimes the signature is in the virus body and the self-decryptor has to run in emulation for a time before revealing said virus body. If the self-dycryptor has emulation detection capability it may fail to reveal the body when it detects that it is being *watched*. *** As for the 30-70% of malware that are not caught (see the PDF in this thread), this could be "zoo" type malware that is included in the figure but in practice is never seen 'in the wild'. *** Actually, the problem with zoo viruses are that they *are* being detected in the tests, and they make a useless feature appear as an edge over those that don't (or can't) detect them. To me, it is okay if they *don't* detect them, but it is not okay if they *can't*. They should be excluded from test sets, but the technology to detect them should remain. ***
From: David H. Lipman on 24 Mar 2010 20:59 From: "Char Jackson" <none(a)none.invalid> | On Wed, 24 Mar 2010 07:48:20 -0400, Leythos <spam999free(a)rrohio.com> | wrote: >>In article <qluiq59i975s6scc2slnl6gf6fcc02onvr(a)4ax.com>, >>none(a)none.invalid says... >>> On Tue, 23 Mar 2010 22:14:24 -0400, "David H. Lipman" >>> <DLipman~nospam~@Verizon.Net> wrote: >>> >From: "Char Jackson" <none(a)none.invalid> >>> > >>> >| On Tue, 23 Mar 2010 18:57:13 -0400, ToolPackinMama >>> >| <philnblanc(a)comcast.net> wrote: >>> > >>> >>>People I meet have many times asked me if they should shut their Windows >>> >>>computers off at night, and I always say, "Yes, keep your PC off unless >>> >>>you are using it." >>> > >>> >>>I figure if it's off, an infected computer can do less damage. >>> > >>> >| I agree with the advice, although I don't follow it myself. To me, the >>> >| primary reason for turning a system off is to save electricity. >>> > >>> > >>> >Actualy the quiescent temperature is better since you dont have hard drive warming >>> >exapnsion and drive cooling contraction cycles adding tom the wear and tear factor >>> and >>> >aging of a hard disk. >>> Probably true, but I have no evidence, even anecdotal evidence, to >>> indicate that it makes an appreciable difference in equipment life. :) >>If you've worked with Electronics for any length of time, | Just over 45 years. The end is in sight. :) >>and with >>devices that have bearings, you would know, without guessing, that >>turning off a device increases chances of a problem when you try and use >>it again. There are also times when a device fails due to normal >>wear/tear/age.... | I know what you're saying is a commonly held belief. I used to repeat | it myself, but I have to admit that looking back over the last 20-30 | years that it simply isn't true. I think it used to be true in the | days of vacuum tubes, but not since then. | Here's someone who agrees with me, or vice versa: | <http://michaelbluejay.com/electricity/computers-questions.html#turnoff> | <http://blogs.wsj.com/numbersguy/how-much-juice-is-your-computer-using-at-night-145/> | The articles are mostly about saving energy, but they touch on the | power cycle issue, as well. If chips are soldered down they STILL suffer from chip-creep due to exapansion/contraction cycles. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 24 Mar 2010 22:29 "RayLopez99" <raylopez88(a)gmail.com> wrote in message news:dd0a8cc6-8a56-43da-863d-86b3ae9c6b56(a)y17g2000yqd.googlegroups.com... On Mar 23, 10:43 pm, "FromTheRafters" <erra...(a)nomail.afraid.org> wrote: > The bottom line is that antivirus and antimalware programs only detect > *some* of what they try to detect. The best approach is to limit the > amount of malware that you expose those programs to. Adhering to best > practices may result in avoiding 95% (just a guess) of malware out > there. The rest will be worms (i.e. exploit based autoworms) and > viruses > (downloaded from *reputable* sources). OK, that 5% interests me. But as a scientist I believe in verification. Anybody get infected by that 5%, and by what, did it have a name? *** Conficker (fairly recent) was (is) an exploit based autoworm. There is the lag time (zero-day effect) from the time the vulnerability is first exploited, to the time the patch is applied. Its *intent* seems to be to annoy you into purchasing something. Using a botnet to keep itself current, it is much more powerful than that - we were lucky - this might change. *** The only thing I can think of is: (1) unnamed viruses not get discovered by Kaspersky or whoever, and, (2) zero-day attacks by new viruses (or variants of old) that Kaspersky sends out the patch but a day late. *** Yes, there is a lag time also between the analysis of the malware (not the exploit) and the distribution of the signature obtained from the analysis (another zero-day effect, this time for the particular malware now utilizing that exploit. It is not called a "patch" though, usually a definitions file or signature file (sigfile). I can't provide you with anything that supports the "trusted channel" vector except to mention that Energizer USB Charger software trojan. There have been others, viruses IIRC, on distribution CD for harddrives and such, but no URLs for you. ***
From: FromTheRafters on 24 Mar 2010 22:39 "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> wrote in message news:op.u92rm6fca3w0dxdave(a)hodgins.homeip.net... > These were on systems using up-to-date av/m$ software. So the > problem does still exist, but is mostly rootkits and trojans, > rather then true viruses. Funny how things change. Rootkits used to be used for hiding activity. Now the activity is "in your face" and the rootkit only hides to make removal more difficult. Must be damned annoying always getting stuff like that.
From: FromTheRafters on 24 Mar 2010 22:51
"RayLopez99" <raylopez88(a)gmail.com> wrote in message news:af165e13-bdda-40d8-85de-3bcbea20e8a0(a)g28g2000yqh.googlegroups.com... B.S.! You lost the debate and now you're trying ad homenium attacks. *** Beware of those ad harmonium attacks, they can often lead to violins. *** |