A new 'Beta' test from Panda

Discussion in 'Virus Information' started by BoaterDave, Jul 26, 2007.

  1. have to agree totally here.
    I would think a simple repartition and format would suffice.(that's what
    I do) In addition I use portable versions of Firefox and Thunderbird on
    a USB drive to keep my mail and bookmarks intact (and a slew of other
    see http://portableapps.com/suite
    I don't care much for ActiveX either.
    But remains entertaining.

    that's too funny!
    Maximus the Mad, Aug 12, 2007
    1. Advertisements

  2. On Sun, 12 Aug 2007 09:58:03 -0700, MrSlartybartfast
    This is why "just backup!" (as glibly stated) is as useless as "just
    don't get viruses!" or "if you get infected, clean the virus!" etc.

    All of these approaches work, but have complexity within them that
    make for YMMV results. The complexity is similar across all three
    contexts; how one scopes out the bad guys. The mechanics of meeting
    that inescapable challenge vary between the three "solutions".
    This is using time as the great X-axis, i.e. the OS code base is as
    old as possible, therefore excludes the malware. And so, the PC is
    known to be clean.

    But it also lacks every code patch needed to keep it that way, in the
    face of direct exploits a la Lovesan or Sasser etc. and to patch
    those, you'd have to expose this unpatched PC to the Internet.

    It's also bereft of any applications and data. Presumably once can do
    the same with applications and drivers as with the OS; install
    known-good baseline code from CDs and then patch these online, or
    re-download apps and drivers from the 'net.

    There's also no data, and another cruch comes here, because you
    probably don't want a data set that's certain to be too old to be
    infected; you want your most recent backup, which is the one most
    likely to be malware-tainted. How to scope data from malware?

    Even though MS pushes "just" wipe and rebuild as the malware panacea,
    they undermine these poiunts of failure:
    - they generally don't ship replacement code on CDs or DVDs
    - they don't attempt to separate data, code and incoming material

    The first has improved, what with XP SP2 being released as a CD, and
    with XP SP2 defaulting to firewall on.

    There's little or no progess on the second, though; still no clearly
    visible distinction between data and code, still no type discipline so
    malware can sprawl across file types and spoof the user and OS into
    trusting these, incoming material is still hidden in mail stores and
    mixed with "documents" etc.

    In Vista, just what is backed up and what is not is even more opaque,
    as there's little or no scoping by location at all.
    For values of "you" that includes the OS as a player. Even with a
    wipe-and-rebuild that ensures no registry pointers to code on D:,
    there can still be code autorun from D: via Desktop.ini, \Autorun.inf,
    or the exploitation of any internal surfaces.

    Such surfaces may present themselves to the material:
    - when you do nothing at all, e.g. indexers, thumbnailers etc.
    - when you "list" files in "folders"
    - when a file name is displayed
    I use them, as I think most users do. If you "don't need" an av, then
    clearly you have solved the "don't get viruses" problem, and the
    contexts of "clean the virus" and "rebuild and restore data" don't
    arise. If they do arise, you were wong in thinking "don't get
    viruses" was solved, and maybe you should rethink "I don't need an av"
    (while I do agree that av will miss things).

    Your nice freshly-built PC has no av, or an av installed from CD that
    has an update status far worse than whatever was in effect when you
    were infected. To update the av, you have to take this clean,
    unpatched, un-protected-by-av system online...
    That helps. It also helps in av can traverse this compression for the
    on-demand scans you'd want to do between rebuilding C: and installing
    and updating av, and doing anythiing on D: or restoring "data".
    I should hope not; it's "last resort". If you have no confidence in
    the ability to detect or avoid malware, do you do this just when
    convenient, or whenever you "think you might be infected", or do you
    do it every X days so attackers have "only" X days in which they can
    harvest whatever they can grab off your PC?
    It might have been a best-fit in the DOS era, when "don't get viruses"
    was as easy as "boot C: before A: and don't run .EXE, .COM and .BAT
    files". By now, a single resident av poses little or no system
    impact, whereas the wipe-and-rebuild process is a PITA.

    Frankly, doing a wipe-and-rebuild every now and then on a PC that's
    probably clean anyway, will increase the risks of infection.

    Do the maths; you either get infected so often that the risks of
    falling back to unpatched code hardly makes things worse, in which
    case whatever you (blindly) do is equally useless, or your approach
    works so well that falling back to unpatched code is your single
    biggest risk of infection, and to improve things, you should stop
    doing that. If you have no ability to tell whether you are or have
    ever been infected, you can't distingusish between these states.
    Most of us want better results than that, and generally attain them.

    Why are we reading this advice again?
    I agree with you there, especially if you suspect the PC is infected.
    How do you know the site you reached, is not a malware look-alike that
    resident malware has spoofed you to? Is it really a good idea to...
    - disable resident av
    - run Internet Explorer in admin mode so as to drop protection
    - say "yes" to all ActiveX etc. prompts
    - allow the site to drop and run code
    - stay online while this code "scans" all your files
    ....as the advice at such sites generally suggests?
    Bots are unbounded, because:
    - they can update themselves
    - they facilitate unbounded interaction from external entities

    Those external entities may be other bots or humans. In essence, an
    active bot dissolves confidence in the distinction between "this
    system" and "the Internet" (or more more accurately, "the infosphere",
    as local attacks via WiFi may also be facilitated).

    Running Windows-based av to kill active malware is like striking
    a match to see if what you are standing in is water or petrol.
    cquirke (MVP Windows shell/user), Aug 15, 2007
    1. Advertisements

  3. BoaterDave

    BoaterDave Guest

    What a great reply - I just wish I'd known all these things before I
    switched to Broadband!

    So .............. this is a magic 'signature' by the way, cquirke, viz:-
    -------------------- ----- ---- --- -- - - - -
    Running Windows-based av to kill active malware is like striking
    a match to see if what you are standing in is water or petrol.
    -------------------- ----- ---- --- -- - - - -

    ,What do *you* suggest for checking whether or not a PC is 'clean'?
    Can you recommend an 'off-line' programme for checking a computer? (other
    than HiJackThis)

    Have you tried out BugHunter, a DOS based facility, details here:-

    I'd be most interested to learn of your assessment of same.

    BoaterDave, Aug 15, 2007
  4. We certainly have differing opinions cquirke and I can respect that. I have
    not tried any antivirus software for a few years now so maybe things have
    changed. The last time I tried any AV I found it interfered with the
    majority of my games and generally was a PITA.

    I am not trying to give advice, only giving my own personal account as to
    how I keep my machine running as fast as possible. I presume most people
    would somehow benefit from AV software, however I am not one of them.

    I see many people who use antivirus, disk cleanup software, registry
    cleaners, driver cleaners and all sorts of different software for cleaning up
    their system to keep it running smoothly. IMO, there is nothing as quick,
    simple, cheap, or effective as simply wiping the harddrive and reinstalling
    Windows. As you mentioned, installing SP2 off the disc is part of the
    reinstallation. I do this not only to clean for viruses but as general
    system cleanup. Again this is not the best for everyone, however I find that
    my system benchmarks are regularly as good or better than anyone with similar
    systems so I must be doing something right. :)

    Most people [no reference needed] are not qualified to keep their computer
    in top running shape. Wiping the harddrive often fixes problems for people
    even if they already have AV software. Troubleshooting a problem can take
    hours or even days. A quicker and more guaranteed method is to simply wipe
    the harddrive.

    I don't know if I have ever had a virus, if I have then I did not notice any
    ill effects. However I have tried antivirus software in the past and it was
    much hassle. For me it seems that having antivirus software installed is
    worse than having a virus. Maybe one day I will actually get a virus but
    until then I am happy with the way things are.
    MrSlartybartfast, Aug 17, 2007
  5. BoaterDave

    BoaterDave Guest

    "Wiping the harddrive often fixes problems for people"

    I'd agree - but only if the *whole* drive is wiped, not just a partition!



    BoaterDave, Aug 17, 2007
  6. BoaterDave

    Robert Moir Guest

    Yes but sometimes this can be likened to the doctor removing your arm if you
    complain that your elbow hurts and they can't see an immediate and obvious
    reason. Now that might well solve the problem of the sore elbow in a very
    fast time frame but if it's all the same with you I'm going to go ahead and
    stick with my doctor, who in my experience tends to regard such things as
    very much a last resort.

    Wipe and reload might be a valid response in a large corporate environment,
    but even (especially?) there I would say that before doing this you'd want
    to understand how the malware defeated your current precautions, otherwise
    you're just kicking it out while you give it some fresh bedding.
    Robert Moir, Aug 27, 2007
  7. JFTR, I am only a noob kid, I know nothing of corporate environments.
    Problems mostly come when I want to play computer games. Antivirus stops
    games from installing and running correctly. The only malware I know of are
    installed by the games themselves in the form of copyprotection. Antivirus
    tries to stop these games from installing and running the copyprotection,
    therefore I cannot play. In my situation, running an antivirus program has
    far worse effects than any malware I could imagine. On my PC then I am the
    Doctor. I say, "Chop off the arm. I seize all your bases while you cure the
    sore elbow. You get pwnd".

    Just recently the gaming forums are abuzz with problems from the latest game
    Bioshock, which the antivirus prevents the copyprotection working correctly,
    causing the activation to malfunction, causing the game cannot be played,
    causing a waste of $89.95. I dont want that kind of hassles.
    MrSlartybartfast, Aug 28, 2007
  8. BoaterDave

    BoaterDave Guest

    I notice that you did not answer my question posed here, Li.

    I've also noticed (assuming that you are located in the USA) that some of
    your posts appear to be made in the niddle of the night/very early morning.
    Are you quite sure that there is not more than one of you?

    BoaterDave, Sep 1, 2007
  9. BoaterDave

    BoaterDave Guest

    This is the 'Properties' information I can see in this message from Fitz.

    I've now posted elswhere using Xnews and my IP address is clearly evident.

    Can/will anyone please explain to me why I cannot determin *his* IP address?


    Date: Wed, 8 Aug 2007 19:06:17 -0400
    MIME-Version: 1.0
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7bit
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Windows Mail 6.0.6000.16480
    X-MIMEOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
    Lines: 23
    Message-ID: <46ba4c75$0$12241$>
    Organization: Road Runner High Speed Online http://www.rr.com
    Xref: TK2MSFTNGP01.phx.gbl microsoft.public.security.virus:79308

    BoaterDave, Sep 1, 2007
  10. BoaterDave

    ---Fitz--- Guest

    Why do want to determine my IP? I'm already married.
    ---Fitz---, Sep 1, 2007
  11. BoaterDave

    Tom Willett Guest

    Get rid of your IP address fixation and move on. This isn't your personal
    little chat room.
    Tom Willett, Sep 3, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.