Efficient WEB protection - which program?

Discussion in 'Anti-Virus' started by DK, Jan 15, 2012.

  1. Using biological parallels only goes just so far. Time to stir up some
    mud and murky-up the water.
    But it's not a virus.
    In a computervirus sense, it is *carried* by mosquitoes - it *spreads*
    by self-replication like a worm (not a virus). In a biological sense it
    is spread by mosquitoes.
    People are 'hosting' the infections, the mosquitoes are *not* infected.
    The mosquitoes are only the transmission vector between the humans.

    In a computervirus sense, this is very wormlike. When you start invading
    cells and co-opting their internal factories to reproduce more cell
    invaders you start to look more like computer *viruses*.
    FromTheRafters, Jan 17, 2012
    1. Advertisements

  2. DK

    Dustin Guest

    All correct.
    I do.. It's just a blocking program. Peerblock is actually more
    Dustin, Jan 17, 2012
    1. Advertisements

  3. DK

    Dustin Guest

    Which you would want to know specifically in order to suggest a proper fix
    I'm undecided between the two myself. :)
    NoScript will. :)
    Dustin, Jan 17, 2012
  4. DK

    Bear Guest

    Are you saying nothing has to be done to get a virus to your computer
    but simply visit the place where it resides and it will automatically
    crawl to your machine....or run without any action on your part at that
    place beyond any injection action by the place.
    Bear, Jan 17, 2012
  5. DK

    kurt wismer Guest

    no. what i'm saying is that (unlike non-viral malware) viruses doesn't
    need to be aimed, fired, commanded, or otherwise manipulated by an
    attacker once they've been introduced into a victim population. they
    still need to be executed because they're still programs, but some
    will require victim users to behave a certain way and others won't.
    kurt wismer, Jan 17, 2012
  6. DK

    kurt wismer Guest

    indeed, it's a parasitic single celled organism that infects and
    reproduces within red blood cells.
    in a biological sense it spreads by itself, in so far as it spreads
    from one cell to another by itself. when hopping from one person to
    another it requires a carrier, just as it would require a carrier if
    it were hopping from one country to another, or one planet to another.
    often that carrier is a mosquito, but it could just as easily be a
    hypodermic needle, or anything else capable of scratching or
    puncturing the skin.

    biological viruses also usually require a carrier medium to hop from
    one animal to the next, although that carrier often takes the form of
    a doorknob or a cloud of spittle that erupts from the faces of the
    infected. there are other carriers as well, but the cloud of spittle
    has grossed me out sufficiently already, so i'll leave STDs and things
    like ebola up to the imagination.
    in a computer virus sense i would think this is more floppy-disk-like,
    or flash-drive-like, or maybe dropper-like. the mosquito is acting as
    a container for the infectious material. unfortunately it's a
    container that coincidentally seeks out victims for it's own reasons.
    kurt wismer, Jan 18, 2012
  7. DK

    Etal Guest

    I think it hasn't been proposed in this thread, but i think you
    should look into HIPS (Host Intrusion Prevention Software) as a help to
    stop unwanted execution of for whatever reason unwanted/mistakenly
    downloaded programs.
    Under WinXP, i'm using an increasingly outdated (Kerio Personal)
    Firewall mostly because for me the builtin HIPS (called Application
    Behavior Blocking), that prevents programs from running if i don't give
    them permission to do so, seems to work very well .. and though it's
    been quite a while ago now it has asked if i wanted to permit this
    driveby-DL'd program to run or not. I answered .. uh, No! .. and all was
    (hopefully) well.

    Now, it might be that under WinNT 6.x and up, User Access Control
    (UAC) is intended to do this App behaviour blocking, but it seems to be
    largely unconfigurable and can't be taught on a case by case basis what
    exe's you have decide you want to run and which once you want to block.
    So i hope there is some HIPS witch includes AppBlocking that works for
    Win7 so i can turn off UAC when i start using it.
    Etal, Jan 21, 2012
  8. DK

    Etal Guest

    Doctor i have a cold, i don't care what kind of it is. I demand that you
    give me some antibiotics.

    Some doctors, do like tireless David here, try to explain that it will
    be effectless, and in the bigger picture dangerous to treat a virally
    caused cold with something designed to combat ...
    But evidently, eventually many doctors give up and, oh well, here you
    have your prescription ..

    And thus, by public demand, we are rapidly heading back to
    pre-penicillin times.
    Etal, Jan 21, 2012
  9. That's not the purpose of UAC, and one should learn to use the computer
    with it turned *on*.
    FromTheRafters, Jan 21, 2012
  10. DK

    Etal Guest

    Ok, and i'm not sure i wanna.
    Etal, Jan 21, 2012
  11. You're certainly not alone.

    IMO, with UAC "off", silent failure should be the result. If one wants
    things to work the right way, they should *do* things the right way.
    FromTheRafters, Jan 21, 2012
  12. DK

    kurt wismer Guest

    i'm just as glad it hasn't been mentioned yet. it seems to me like
    every person who uses that term has something slightly different in
    mind. the term doesn't describe the actual function of software. what
    it describes are the goals, but virtually all host-based security
    software shares those goals (preventing host intrusions), so the term
    is next to useless at identifying a specific technique/technology.
    that is called application whitelisting. it's good but it has it's
    problems. the primary problems a whitelist implementation faces are a)
    determining what's safe enough to add to the whitelist (you could
    assume everything on your system right now is safe, but you'll still
    need to update it as you add more software to the system), and b)
    determining what is a program (it seems easy, but only when you make
    certain arbitrary assumptions about what qualifies as a program - in
    reality it's actually an undecidable problem).

    never the less, whitelisting helps and it complements blacklisting
    (the use of scanners) quite well.
    kurt wismer, Jan 21, 2012
  13. DK

    Bear Guest

    Unless malware gets into one of the programs you've told Kerio is OK.
    Bear, Jan 22, 2012
  14. DK

    kurt wismer Guest

    kerio will detect that the program has changed, in that case, and
    prompt the user. then the user has to decide whether they were
    expecting that program to change or not.
    kurt wismer, Jan 22, 2012
  15. DK

    Etal Guest

    Seems i even got the Acronym wrong. The S standing for System, not
    Software. The Wiki-page David linked to was a veritable bonanza of
    acronyms and initialisms, where sometimes one acronym had changed
    function over time and in other cases the same functions had been given
    a new name and then a different initialism/acronym too.

    That is what is available/active in the free version of Kerios PF, and
    that i've come to like and think could have given the OP, DK, an extra
    layer of protection in this case from how i understood what had happened.
    If a new program is launched for the first time, the user (hopefully)
    gets a question if this program indeed is to be allowed to run or not.
    If it was deliberately DL'd and intended to be run - answer yes, if it
    have been driveby downloaded, managed to sneak by your firewall, or you
    don't know what it is, answer no. Even if it is too new to be recognized
    by AntiVirus/Malware scanners/databases you still have the say if it is
    something you /intended/ to run on your machine or not.

    So i'll use something that works quite well, until something that works
    even better comes along.

    (and what you wrote to Bear about a program changed by malware, is what
    i would have written so i just agree with that post here)
    Etal, Jan 22, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.