Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   NZ Computing (http://www.velocityreviews.com/forums/f47-nz-computing.html)
-   -   While waiting for new toys..... (http://www.velocityreviews.com/forums/t578330-while-waiting-for-new-toys.html)

thingy 04-04-2006 11:07 PM

While waiting for new toys.....
 
http://www.eweek.com/article2/0,1895,1945808,00.asp

Interesting piece on malware.....better to wipe clean than try and clean
it up....self-healing malware.....virtual machine malware....

Where does this leave the barely capable XP home user though.......up
the creek without a paddle it seems....

".....The most recent statistics from Microsoft's anti-malware
engineering team confirm Danseglio's contention. In February alone, the
company's free Malicious Software Removal Tool detected a social
engineering worm called Win32/Alcan on more than 250,000 unique
machines......"

So given the 100,000's spam-bots out there......with no hope of being
fixed......

regards

Thing

Brett Roberts 04-04-2006 11:34 PM

Re: While waiting for new toys.....
 

"thingy" <thingy@nowhere.commy> wrote in message
news:spabg3-bgg.ln1@news.vuw.ac.nz...
> http://www.eweek.com/article2/0,1895,1945808,00.asp
>
> Interesting piece on malware.....better to wipe clean than try and clean
> it up....self-healing malware.....virtual machine malware....
>
> Where does this leave the barely capable XP home user though.......up the
> creek without a paddle it seems....
>
> ".....The most recent statistics from Microsoft's anti-malware engineering
> team confirm Danseglio's contention. In February alone, the company's free
> Malicious Software Removal Tool detected a social engineering worm called
> Win32/Alcan on more than 250,000 unique machines......"
>
> So given the 100,000's spam-bots out there......with no hope of being
> fixed......
>
> regards
>
> Thing


Interesting article although I don't see anything particularly new. When it
comes to PC security prevention is infinitely better than cure and the only
cure which is 100% guaranteed is to flatten and re-build the box. As for the
250K spyware infections you need to balance that against the 200 million
executions of MSRT per month i.e. a 0.125% infection rate

Brett Roberts
Microsoft NZ



Don Hills 04-05-2006 01:15 AM

Re: While waiting for new toys.....
 
In article <4433028e@news.microsoft.com>,
"Brett Roberts" <brettrob@abcdmicrosoftwxyz.com> wrote:
>
>Interesting article although I don't see anything particularly new. When it
>comes to PC security prevention is infinitely better than cure and the only
>cure which is 100% guaranteed is to flatten and re-build the box. As for the
>250K spyware infections you need to balance that against the 200 million
>executions of MSRT per month i.e. a 0.125% infection rate


Lies, damn lies and statistics.

Does MSRT remove the infections it finds?

How many times per month per machine does MSRT run, on average?

In other words, compare apples with apples. Take a one month snapshot.
You need three numbers from that snapshot:
Number of machines in use.
Number of machines scanned.
Number of infected machines found.

Once you have those, you can come up with a figure closer to the real
infection rate that we can believe.

--
Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
"New interface closely resembles Presentation Manager,
preparing you for the wonders of OS/2!"
-- Advertisement on the box for Microsoft Windows 2.11 for 286

Brett Roberts 04-05-2006 02:06 AM

Re: While waiting for new toys.....
 

"Don Hills" <black.hole.4.spam@gmail.com> wrote in message
news:WoxMEtgaXauD092yn@attglobal.net...
> In article <4433028e@news.microsoft.com>,
> "Brett Roberts" <brettrob@abcdmicrosoftwxyz.com> wrote:
>>
>>Interesting article although I don't see anything particularly new. When
>>it
>>comes to PC security prevention is infinitely better than cure and the
>>only
>>cure which is 100% guaranteed is to flatten and re-build the box. As for
>>the
>>250K spyware infections you need to balance that against the 200 million
>>executions of MSRT per month i.e. a 0.125% infection rate

>
> Lies, damn lies and statistics.
>
> Does MSRT remove the infections it finds?
>
> How many times per month per machine does MSRT run, on average?
>
> In other words, compare apples with apples. Take a one month snapshot.
> You need three numbers from that snapshot:
> Number of machines in use.
> Number of machines scanned.
> Number of infected machines found.
>
> Once you have those, you can come up with a figure closer to the real
> infection rate that we can believe.
>
> --
> Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
> "New interface closely resembles Presentation Manager,
> preparing you for the wonders of OS/2!"
> -- Advertisement on the box for Microsoft Windows 2.11 for 286


In addition to manual executions the MSRT is sometimes downloaded and run in
conjunction with the Windows automatic update process. Up to Jan06 there had
been a total of 2 billion MSRT executions (the tool was release in Jan05)
and the current rate is 200 million executions per month. Currently it
detects and removes the following malware families:

Alcan, Antinny, Atak, Badtrans, Bagle, Bagz, Berbew, Blaster, Bobax, Bofra,
Bropia, Bugbear, Codbot, DoomJuice, Dumaru, Esbot, Eyeveg, F4IRootkit, Gael
, Gaobot, Gibe , Goweh, Hacker Defender, Hacty, IRCBot, Ispro, Kelvir,
Korgo, Lovgate, Mabutu, Magistr, Maslan, Mimail, Mydoom, Mytob, Mywife ,
Nachi, Netsky, Opaserv, Optix, Optixpro, Parite, Purstiu, Randex, Rbot,
Ryknos, Sasser, Sdbot, Sober, Sobig, Spybot, Spyboter, Swen, Torvil,
Wootbot, Wukill, Yaha , Zafi, Zindos, Zlob, Zotob



more info at http://www.microsoft.com/security/ma...e/default.mspx



To answer your questions:



Number of machines in use: MSRT >=200 million
Number of machines scanned: 200 million in Jan06
Number of infected machines found: W32/Alcan = 250K, others unknown


On the "prevention is better than cure" front, to-date there have been 25
million downloads of Windows Defender and its predecessor.



Brett Roberts

Microsoft NZ




thingy 04-05-2006 02:29 AM

Re: While waiting for new toys.....
 
Brett Roberts wrote:
> "thingy" <thingy@nowhere.commy> wrote in message
> news:spabg3-bgg.ln1@news.vuw.ac.nz...
>
>>http://www.eweek.com/article2/0,1895,1945808,00.asp
>>
>>Interesting piece on malware.....better to wipe clean than try and clean
>>it up....self-healing malware.....virtual machine malware....
>>
>>Where does this leave the barely capable XP home user though.......up the
>>creek without a paddle it seems....
>>
>>".....The most recent statistics from Microsoft's anti-malware engineering
>>team confirm Danseglio's contention. In February alone, the company's free
>>Malicious Software Removal Tool detected a social engineering worm called
>>Win32/Alcan on more than 250,000 unique machines......"
>>
>>So given the 100,000's spam-bots out there......with no hope of being
>>fixed......
>>
>>regards
>>
>>Thing

>
>
> Interesting article although I don't see anything particularly new. When it
> comes to PC security prevention is infinitely better than cure and the only
> cure which is 100% guaranteed is to flatten and re-build the box.


While as a semi-competant Windows user with win2k cds that's OK for me.

Most Windows users I would contend are not capable and totally unwilling
to loose all their information and the risk of not having a useable PC
by trying to re-install. So given the ease of Windows boxes getting
hacked and then being un-repairable i sometimes wonder the Internet
works at all......

As for the
> 250K spyware infections you need to balance that against the 200 million
> executions of MSRT per month i.e. a 0.125% infection rate
>
> Brett Roberts
> Microsoft NZ


regards

Thing

Shane 04-05-2006 04:14 AM

Re: While waiting for new toys.....
 
Brett Roberts wrote:


> Interesting article although I don't see anything particularly new. When
> it comes to PC security prevention is infinitely better than cure



Thank $deity that concept is finally getting through to Microsoft
Maybe they can learn to produces patches quickly and effectively now....
(So people can prevent exploitation of the discovered holes)

> and the
> only cure which is 100% guaranteed is to flatten and re-build the box. As
> for the 250K spyware infections you need to balance that against the 200
> million executions of MSRT per month i.e. a 0.125% infection rate
>
> Brett Roberts
> Microsoft NZ



--
Rule 6: There is no Rule 6.

Don Hills 04-05-2006 01:10 PM

Re: While waiting for new toys.....
 
In article <44332636@news.microsoft.com>,
"Brett Roberts" <brettrob@abcdmicrosoftwxyz.com> wrote:

> ... and the current rate is 200 million executions per month.
> ...
>Number of machines in use: MSRT >=200 million
>Number of machines scanned: 200 million in Jan06


200 million executions per month, but on how many different machines?
Is the 200 million figure the number of unique machine IDs or just the total
number of executions reported?

--
Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
"New interface closely resembles Presentation Manager,
preparing you for the wonders of OS/2!"
-- Advertisement on the box for Microsoft Windows 2.11 for 286

Gavin Tunney 04-06-2006 11:35 PM

Re: While waiting for new toys.....
 
On Wed, 5 Apr 2006 11:34:28 +1200, "Brett Roberts"
<brettrob@abcdmicrosoftwxyz.com> wrote:

>
>"thingy" <thingy@nowhere.commy> wrote in message
>news:spabg3-bgg.ln1@news.vuw.ac.nz...
>> http://www.eweek.com/article2/0,1895,1945808,00.asp
>>
>> Interesting piece on malware.....better to wipe clean than try and clean
>> it up....self-healing malware.....virtual machine malware....
>>
>> Where does this leave the barely capable XP home user though.......up the
>> creek without a paddle it seems....
>>
>> ".....The most recent statistics from Microsoft's anti-malware engineering
>> team confirm Danseglio's contention. In February alone, the company's free
>> Malicious Software Removal Tool detected a social engineering worm called
>> Win32/Alcan on more than 250,000 unique machines......"
>>
>> So given the 100,000's spam-bots out there......with no hope of being
>> fixed......
>>
>> regards
>>
>> Thing

>
>Interesting article although I don't see anything particularly new. When it
>comes to PC security prevention is infinitely better than cure and the only
>cure which is 100% guaranteed is to flatten and re-build the box.
>


It's disappointing when MS come out with this sort of twaddle Brett.
What you say is true enough, but only due to Microsoft's
intransigence. The fundamental flaw with all the Windows spyware
removal, antivirus, malware & rootkit removers etc is that you're
running those apps on the OS you're scanning. It's not possible to
guarantee a successful clean if the tool you use is running on the box
that's compromised, that's pretty obvious when you think about it.

Contrary to popular belief you don't have to wipe a compromised box.
What you do need is to be able to launch a known good OS that lets you
diagnose a possibly compromised OS. All MS have supplied there is the
pathetically inadequate recovery console, which is as much use as tits
on a bull. Linux, Solaris & Unix etc all have the CLI when things go
wrong, XP has nothing.

Brendan posted info about Barts PE disk years back now, and lots of
people use that or similar boot CDs to diagnose XP boxes.
Unfortunately with Windows being closed soruce there's a limit to what
third party apps can do, and there's been a need for years for a
decent MS supported boot CD with some decent tools fior diagnosing &
fixing Win2k and XP boxes.

For a technician, people in the support game & even hobbyists, having
to wipe a drive & reinstall is an insult to the intelligence. Not only
is it time consuming, it's unprofessional and infuriating....like
using a sledgehammer to drive a pin. If that's all MS can come out
with then they're just a waste of space, time they handed over the
reins to people who take computing seriously.

Cheers

Gavin


All times are GMT. The time now is 02:42 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.