A Malware Discussion

[Guest Wolfeymole]

Dougie

 

The question is not will one piece of software protect you, but a persons internet activities and where they decide to surf.

 

Like I have mentioned to you before, you get what you pay for, or to to put it in a Biblical sense, "They that sow, so shall they reap".

 

Do you get my drift mate?

[DSTM]

I get your drift,mate. I have, what you Guys have said, was the best,and no one till now, was talking about a Security Suite.

I have:

Nod 32 Anti Virus Paid Version

SAS Paid Version

Malwarebytes

Sygate Firewall.

WynPatrol.

Never Surf on the edge.

Not getting anymore.

I feel better protected than with any Suite. But that's just my opinion.

[Seth]

It doesn't matter if it's suite or stand alone antivirus. It's impossible for one to create definition files for all the malware that's out there. Even if they could, the application would have to constantly update to keep up, plus the updates would be enormous. A manual scan would take all day, if not more.

 

Then there is the targeting issue as well. High targets are Mcafee, AVG, and Norton. Some malware is specifically written to avoid detection from either of those three. That's why that "second layer" is often suggested.

 

With that being said, I don't know of any malware that targets NOD, but it's not being targeted becuase it's not popular enough.

[Guest Wolfeymole]

With that being said, I don't know of any malware that targets NOD, but it's not being targeted becuase it's not popular enough.

 

It's not popular enough?

 

Did I hear you right?

 

Has it ever occurred to you that the software actually does the job unlike the cheap crap that's out there at the moment?

 

Observe trees Seth at your earliest opportunity mate.

[Seth]

It's not popular enough?

 

Did I hear you right?

 

Has it ever occurred to you that the software actually does the job unlike the cheap crap that's out there at the moment?

 

Observe trees Seth at your earliest opportunity mate.

 

"Doing the job" doesn't have anything to do with it.

 

9 out of 10 pc's are running either Norton, Mcafee, or AVG. It's not worth a malware writers time to write code that would infiltrate NOD.

 

It's just like the myth that Macs are more secure than pc's. It's not that they're more secure, as any code could be compromised. The reason they're safer from malware, is that a malware writer would have to double his workload to compensate for macs, but his payoff for it would be minimal. That's exactly why NOD isn't targeted.

[Guest Wolfeymole]

So just because a coder can't be arsed (bothered) to attack NOD that's your excuse is it?

 

Pathetic in the extreme my friend and don't start changing the subject. :)

[Seth]

So just because a coder can't be arsed (bothered) to attack NOD that's your excuse is it?

 

Pathetic in the extreme my friend and don't start changing the subject. :)

 

Call it what you will, but that doesn't change the truth.

 

If most people used NOD, then it would be targeted.

[Seth]

Here's an example of Norton being targeted:

 

My norton AV is disabled automatically. Cant enable autoprotect. - MajorGeeks Support Forums

 

Note the guy from Norton admitting that some malware is designed to disable Norton's auto protect. What he doesn't admit though, is some malware is also designed to stop Norton right in its tracks.

[Guest Wolfeymole]

Look

 

Norton is crap and that's my personal opinion and the issues that have evolved from Norton problems have been adequately displayed in this very forum.

 

Don't blame the hackers Seth, they do it for fun but when a person wants to be protected against these people and pay serious money for that then they are what come first.

 

If you want to protest then write to Norton or which ever AV, Anti-Malware company disgusts you and take it up with them about their inferior products.

[Seth]

Look

 

Norton is crap and that's my personal opinion and the issues that have evolved from Norton problems have been adequately displayed in this very forum.

 

Don't blame the hackers Seth, they do it for fun but when a person wants to be protected against these people and pay serious money for that then they are what come first.

 

If you want to protest then write to Norton or which ever AV, Anti-Malware company disgusts you and take it up with them about their inferior products.

 

 

You've got it all wrong.

 

Norton "is crap" due to it's popularity and how the malware writers target it.

 

What part of that are you not understanding?

[Seth]

BetaNews | Commercial antivirus software rendered useless in hours

[AdvancedSetup]

Well I don't have time to do a full post but in a nutshell SETH is correct.

 

I will try to post further tonight.

[petef]

Prove why layered anti-malware apps are better than NOD's Security Suite Seth.

 

Wolfey, it's difficult to prove with precision because it's such a complex

issue. There are various aspects of a security suite to consider and I

know of no single anti-malware product that rates high on all tests.

 

The two organizations that I rely upon for analysis of anti-malware products

are AV-Comparatives and Anti-Malware Test Lab. AV-Comparitives is more

difficult to interpret so let take a look at some recent reports at Anti-Malware

Test Labs.

 

Anti-Malware Solutions Test Results | Anti-Malware Test Lab

 

At the above link you will see the results of various tests performed on

the most popular Anti-Virus products. No single product comes out on

top for all tests and NOD32 actually fails in one area (RootKits) and did

poorly in another test (treatment of active infections). Evaluating

anti-malware products is extremely complex, but it seems evident

that taking a multi-layer approach that utilizes anti-malware products

from different vendors *could* be more efective than relying upon

a single vendor/single product.

 

Practically speaking, the average user may find the multi-layer or

multi-product approach too complex or too expensive and they would

much rather go with a single product such as a security suite. That

might even suit their needs, but they would probably be more secure

taking the multi-layered or multi-product approach. However, they

could also do even worse if they chose the wrong combination.

 

Unfortunately, there are no easy answers. I can see advantages and

disadvantages for either approach. Personally, I prefer the muti-layered or

multi-product approach. If usually means more work, but it's like getting a

diagnosos from multiple doctors.

 

---pete---

[AdvancedSetup]

The isssue is that in today's computing environment there are now many more threats targeted at a computer than there ever has been and it escalates daily.

Since there is no centralized resource for cataloging threats the numbers do vary depending on which site or company is reporting it.

 

So the point as stated already by Seth and others is that there is NO Product and NO Company that can or does detect, prevent, clean everything.

I agree that visiting Warez, MP3, Game, Peer2Peer and Porn sites will greatly increase the chances of becoming infected regardless of protection used.

However there are many legitimate sites that have been infected over time due to various reasons including sites such as even Microsoft.

 

Seth is speaking overall not just in the case of this person. Having the NOD32 Suite and keeping up to date with all Microsoft updates will probably be enough for this user most of the time, but it is not a guarantee and is better than nothing.

What should one do? Here is a basic recommendation without going overboard and being paranoid.

 

1. Keep up to date on ALL Microsoft Critical Updates (keep auto update enabled)

2. Install an Antivirus product or suite and KEEP IT UP TO DATE DAILY

3. Install a Firewall that protects both Inbound and Outbound traffic

4. Backup ALL the data you create or feel is important to an external source often not just once.

5. Scan your system with at least one or two of these other FREE scanners at least once a month (weekly would be better) and switch between them as daily one will find things the other doesn't due to the hundreds of new threats found daily. Since they are free there is no reason not to use them for your own PC safety.

• DR Web Cureit
  
  
• Malwarebytes' Anti-Malware
  
  
• SUPERAntiSpyware

 

 

 

Here are just a few links on why it is a futile effort to rely on a single point of protection.

Often times a system gets hacked because of a bug found in legitimate software. Sun Java, QuickTime, and Acrobat Reader are just a few of the recent well known applications that allowed systems with FULL Anti-Malware, Anit-Virus to become infected as it came through a legitimate source and was a threat never seen before. You stand a much better chance of finding a threat on your system if you're using multiple different scanners than if you only rely on a single product.

If the threat is on your computer for a long time due to your choice of protection not finding it and all your backups have it as well it can make it much more difficult to locate and cleanup properly.

 

 

Microsoft has issued a hefty eleven bulletins addressing 26 vulnerabilities in its August security release.

 

During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware.

http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html

 

Hackers Rig Google to Deliver Malware

 

Dr.Web scanner successfully detects Win32.Ntldrbot (aka Rustock.C) and cures system files infected by the rootkit. Currently no other anti-virus can detect this malicious program

http://www.drweb.com/

Eighteen months passed before Win32.Ntldrbot has been found by analysts of Doctor Web, Ltd. at the beginning of 2008. All this time the rootkit was in the wild compromising PCs and turning them into bots. Assuming that the malware has been running free and completely invisible since October 2007 one could asses the resulting amount of infected traffic.

The virus monitoring service of Doctor Web, Ltd. found about 600 samples of the rootkit. Nobody knows how many are remaining. It took several weeks to unpack and analyze the rootkit and to improve the detection technology.

 

 

 

 

.

[maynardvdm]

Well said AS.

 

I know my Antivirus Software updates itself automatically almost hourly.

 

Thanks for the info.

[AdvancedSetup]

On another note about the popularity being an issue, that is a known fact.

 

Macintosh had such a little presence on the Web that no one wrote code to attack it. That is not the case anymore as there are now quite a few exploits directed at Macintosh since it's popularity has increased some what recently.

 

It basically is as Seth says. The more popular a program is the more chance there is that it will be directly targeted. Just think of it this way, why would someone spend hours, days, or weeks writing a program for something that would only affect a few systems when they could spend that same time writing something that could affect hundreds of thousands or millions of systems?

By no stretch of the imagination is Symantec much larger than ESET - it has a much larger installed base of users than ESET can currently only dream of having which makes Symantec and McAfee a much more sought after target to exploit as you have a much better chance of it being on the users system.

 

 

 

.

[DSTM]

All makes sense, when you think about it.No sense targeting the Small Players. I think,in time, ESET will also be a target,as they have a great product,and no doubt will get a larger martket share.

Good discussion,Guys.:)

[Guest Wolfeymole]

In time Dougie this may very well be the case but up to press ESET is doing a most excellent job as far as I'm concerned even though I sound to be massively plugging it.

[RandyL]

For the record everyone. I use Mcafee Internet Security Suite. I also have Windows Defender which ships with Vista. I use SpywareBlaster too.

 

Of course I use a little common sense with installed programs but I also put my system to the test with web surfing and other things. Often I deliberately visit sites I know to be infected.

 

Maybe I'm just lucky or maybe I'm not click happy or maybe my settings are locked down tight. Or maybe all.

 

I'm not making a specific point. I'm just passing on my experience. I hope these aren't famous last words before I crash and burn.

[AdvancedSetup]

Hi Randy,

 

Symantec and McAfee both stop thousands of known threats and do work quite well actually. They mainly get a bad rep for the resources used and the complexity of the programs.

 

I would not recommend "trying" to infect your main computer especially if it is your only system. It's sort of like playing Russian Roulette and sooner or later you'll find an exploit that can bypass and infect your system if you visit and try to infect your system, it's just a numbers game. Remember no matter which product you have for protection, at any given point in time there is something written that it doesn't know to stop and if you happen to find a site or method to obtain that threat then your going to get infected. You could also potentially get infected with something like Rustock.C which until recently no one even detected if you had it - regardless of which product or scanner you used.

 

Backup, Backup, Backup :D

 

 

 

.

[Seth]

Most internet security suites aren't that much different in their malware detection abilities. Note that has nothing to do with any other factors such as resource usage, compatibility problems, etc.

 

I'll stick my neck out and admit that Norton actually makes a very good internet security suite as far as detection ability goes, but due to its popularity and targeting, the malware coders plummet Symantec and will probably bring the company to its knees. Symantecs only saving grace, is paying computer manufactures a lot of money to come pre-installed.

 

Anyway, on the popularity issue, SAS is now being targeted by malware that prevents its installation. In such a case, I'll run MB first which usually removes the malware that prevents SAS from being installed. If that's not possible, then I'll slave and disinfect (I'm starting to think that I'll slave and disinfect in all cases). Rest assured, as MB becomes more popular, code will be written to prevent it from installing just like SAS.

 

The best malware writers visit malware removal sites to see what programs the experts are using for disinfection, then they target such.

 

It's a cat and mouse game.

[petef]

(I'm starting to think that I'll slave and disinfect in all cases). Rest assured, as MB becomes more popular, code will be written to prevent it from installing just like SAS.

 

Seth, are you bringing most computers back to the shop now as opposed

to cleaning onsite?

 

I haven't tried it yet, but the Ultimate Boot CD for Windows seems capable

of running Avira, SuperAntispyware, and others. This might be an alternative

to slaving the infected drive if we need to clean onsite where slaving is

not practical.

 

---pete---

[Dalo Harkin]

Right - have not been online for a while - but I had a feeling this thread would be shifted :D

 

The bottom line for me is that you are better off with a SUITE/STANDALONE AV that has REAL TIME PROTECTION - and AVAST is an excellent example of this.

 

Knowledge is key and yes it is true that you only get knowledge by either being burnt or by research.

 

People do not have the background knowledge of AV programs and normally just pick one thats either pre-installed or a FREE version - it's not a secret that FREE versions are not as good as paid versions are they are mostly behind the times.

 

As Maynard knows I did an experiment the other day on my PC - I have windows live one care - I downloaded MB and SAS and ran both on my system and they came back with Sweet FA.

 

And on that note - MY SUITE coupled with my knowledge (not bigging myself here) - is just as good as a standalone AV and Firewall with MB and SAS :D

[geoff eddowes]

malware

 

Hello

I have Windows XP and tried a few ant virus programs.I have been using Windows Live One Care -Webroot Window Washer and PC Tools Register Mechanic and nothing else for 4 months.My Pc is running fast and clean.

Can recomend this Set Up

[Dalo Harkin]

Geoff,

 

be very careful with registry programs 9/10 they cause more harm than good.