Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Running program files on XP with non-executable extension?

Reply
Thread Tools

Running program files on XP with non-executable extension?

 
 
David H. Lipman
Guest
Posts: n/a
 
      11-03-2005
From: "Leythos" <(E-Mail Removed)>

| In article <(E-Mail Removed). com>,
| http://www.velocityreviews.com/forums/(E-Mail Removed) says...
>> As I said, I've been in the vx side for many years. I'm well versed on
>> both aspects of it, from antivirus perspective as well as vx
>> perspective. I'm not giving my opinion per say, I'm giving that of the
>> general consensus of both the Av and Vx side of things.

|
| That's great for them and you - not being snide here, but, as I said
| before, never seen a false positive on more than 1500 systems, and we'll
| continue to use it scanning all files on access.
|

{ just to stir the pot a bit... }

Since I monitor many virus News Groups, including Symantec's, I have come across *many*
False Positive declarations from many AV vendors.

I recently (10/6) dealt with one situation by Symantec in reference to; iun6002.exe which
was falsely declared as a Trojan.Dropper.

Then there was the case of Symantec falsely declaring Backdoor.Graybird (9/16) in was a temp
file created by Spy Sweeper.

I'm still wondering when Avast will stop falsely declaring the VBS/RedLof in Trend Micro's
sysclean utility.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
 
Leythos
Guest
Posts: n/a
 
      11-03-2005
In article <Xzvaf.1600$5R2.518@trnddc08>, DLipman~nospam~@Verizon.Net
says...
> From: "Leythos" <(E-Mail Removed)>
>
> | In article <(E-Mail Removed). com>,
> | (E-Mail Removed) says...
> >> As I said, I've been in the vx side for many years. I'm well versed on
> >> both aspects of it, from antivirus perspective as well as vx
> >> perspective. I'm not giving my opinion per say, I'm giving that of the
> >> general consensus of both the Av and Vx side of things.

> |
> | That's great for them and you - not being snide here, but, as I said
> | before, never seen a false positive on more than 1500 systems, and we'll
> | continue to use it scanning all files on access.
> |
>
> { just to stir the pot a bit... }
>
> Since I monitor many virus News Groups, including Symantec's, I have come across *many*
> False Positive declarations from many AV vendors.
>
> I recently (10/6) dealt with one situation by Symantec in reference to; iun6002.exe which
> was falsely declared as a Trojan.Dropper.
>
> Then there was the case of Symantec falsely declaring Backdoor.Graybird (9/16) in was a temp
> file created by Spy Sweeper.
>
> I'm still wondering when Avast will stop falsely declaring the VBS/RedLof in Trend Micro's
> sysclean utility.


Which does not change the fact that I've not had the experience of false
positives - I've never said they don't happen, but I do find that having
"scan on accessed" tends to find things other than the obvious.

--

(E-Mail Removed)
remove 999 in order to email me
 
Reply With Quote
 
 
 
 
Dustin Cook
Guest
Posts: n/a
 
      11-03-2005

Leythos wrote:

> Funny, how many networks have you designed and maintain that have NEVER
> been compromised?


For myself, several. Still using a small one at home.. heh.

Zvi Netiv's claim to fame is invircible, and his remarkable knowledge
of drive data layout. The guys good at recovering from many nasty
things... He's also (shudder, I can't believe I'm saying this, He's a
sworn enemy of mine) a respected Antivirus side person. But, like I
said before man, You don't need to take our words for it. Do as you
wish.

Regards,
Dustin Cook

 
Reply With Quote
 
James Egan
Guest
Posts: n/a
 
      11-04-2005
On 3 Nov 2005 14:34:02 -0800, "Dustin Cook"
<(E-Mail Removed)> wrote:

>> Funny, how many networks have you designed and maintain that have NEVER
>> been compromised?

>
>For myself, several. Still using a small one at home.. heh.



Both you and pax admitted (on usenet) to accidentally infecting your
own machines.


Jim.

 
Reply With Quote
 
Winged
Guest
Posts: n/a
 
      11-04-2005
Leythos wrote:
> In article <(E-Mail Removed)>,
> support@replace_with_domain.com says...
>
>>Leythos <(E-Mail Removed)> wrote:
>>
>>
>>>In article <(E-Mail Removed)>, (E-Mail Removed) says...
>>>
>>>> This is what an anti-virus program will do if you choose to rename
>>>>the file to keep it for observation purposes
>>>
>>>Not true, that's what SOME Av products will do if you rename the file.
>>>We have our AV software set to scan EVERY file on access,

>>
>>Overkill, and time wasteful.

>
>
> Depends on the environment, not everyone has data they don't care about.
>
>
>>>except the
>>>database and exchange store files (as defined by MS and the Av
>>>provider), but if you were to rename myvirus.exe to myvirus.txt, it
>>>would still be detected as a virus.
>>>
>>>Good settings for any AV product would be to scan all files accessed.

>>
>>God forbid.

>
>
> Funny, how many networks have you designed and maintain that have NEVER
> been compromised?
>


Afraid we too scan everything. While I agree this is wasteful of
resources, it really doesn't have enough impact in real world
environment to be an issue.

We scan files on write, open and modify. Overkill yes, but our flip
flops have yet to unionize.

We wake our system on weekends (during non-work hours) to do full scans.
One advantage to this is it is an easy way to flag something that is
talking outbound when it's not supposed to, yes it does happen.

We even open IE on a intranet page to ensure something doesn't
communicate that wasn't caught with other methods. Pretty easy to
identify the firewall communication.while this method is by no means a
check for much, it is surprising it finds sometimes. When the net is
loaded with users it can hide activity when your dealing in multiple t3s
and T9s and dual gigabit between subnets.

We wake our machines nightly as required for patching. CPU cycles are
pretty cheap these days. Afraid I have not issue wasting the computer
time, they work cheap.

If you are not careful things hide in JAR files or other places may be
easily missed. Easiest to scan everything and march on. AV is the
easiest to manage these days, now if someone can just stop those damn
patches from breaking stuff I would be happy.

The idea here is to avoid doing system maintenance tasks that impact
user operations, that gets expensive very fast. You have to avoid
system downtime when it costs $100,000 an hour to bring networks down
due to a virus event.

Winged
 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      11-04-2005
In article <d121$436ab8ee$18d6d951$(E-Mail Removed)>,
(E-Mail Removed) says...
> Afraid we too scan everything. While I agree this is wasteful of
> resources, it really doesn't have enough impact in real world
> environment to be an issue.
>
> We scan files on write, open and modify. Overkill yes, but our flip
> flops have yet to unionize.
>
> We wake our system on weekends (during non-work hours) to do full scans.
> One advantage to this is it is an easy way to flag something that is
> talking outbound when it's not supposed to, yes it does happen.
>
> We even open IE on a intranet page to ensure something doesn't
> communicate that wasn't caught with other methods. Pretty easy to
> identify the firewall communication.while this method is by no means a
> check for much, it is surprising it finds sometimes. When the net is
> loaded with users it can hide activity when your dealing in multiple t3s
> and T9s and dual gigabit between subnets.
>
> We wake our machines nightly as required for patching. CPU cycles are
> pretty cheap these days. Afraid I have not issue wasting the computer
> time, they work cheap.
>
> If you are not careful things hide in JAR files or other places may be
> easily missed. Easiest to scan everything and march on. AV is the
> easiest to manage these days, now if someone can just stop those damn
> patches from breaking stuff I would be happy.
>
> The idea here is to avoid doing system maintenance tasks that impact
> user operations, that gets expensive very fast. You have to avoid
> system downtime when it costs $100,000 an hour to bring networks down
> due to a virus event.


Sorry for quoting it all, but those are the exact reasons we do the same
- scan on access, nightly full system scans of ALL files. We've never
had a virus/malware related downtime issue, ever.

--

(E-Mail Removed)
remove 999 in order to email me
 
Reply With Quote
 
optikl
Guest
Posts: n/a
 
      11-04-2005
Leythos wrote:

>
> Sorry for quoting it all, but those are the exact reasons we do the same
> - scan on access, nightly full system scans of ALL files. We've never
> had a virus/malware related downtime issue, ever.
>


I'm not sure why you continue to argue your position. I mean, if others
don't agree with you on risk mitigation, why do you care? The only
opinions that should count to you are those of your paying customers.
You really expect those who disagree with you to say: "ok, I see your
point. You're right." ?


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      11-04-2005
In article <(E-Mail Removed)>, (E-Mail Removed) says...
> Leythos wrote:
>
> >
> > Sorry for quoting it all, but those are the exact reasons we do the same
> > - scan on access, nightly full system scans of ALL files. We've never
> > had a virus/malware related downtime issue, ever.
> >

>
> I'm not sure why you continue to argue your position. I mean, if others
> don't agree with you on risk mitigation, why do you care? The only
> opinions that should count to you are those of your paying customers.
> You really expect those who disagree with you to say: "ok, I see your
> point. You're right." ?


For the same reason you posted this twice?


--

(E-Mail Removed)
remove 999 in order to email me
 
Reply With Quote
 
Dustin Cook
Guest
Posts: n/a
 
      11-04-2005

James Egan wrote:
> On 3 Nov 2005 14:34:02 -0800, "Dustin Cook"
> <(E-Mail Removed)> wrote:
>
> >> Funny, how many networks have you designed and maintain that have NEVER
> >> been compromised?

> >
> >For myself, several. Still using a small one at home.. heh.

>
>
> Both you and pax admitted (on usenet) to accidentally infecting your
> own machines.


One machine James, not a LAN.

The LAN has never been infected by anything. The computer used for
virus work was a standalone unit. It had no access to the network.

Regards,
Dustin Cook
http://bughunter.atspace.org

 
Reply With Quote
 
Zvi Netiv
Guest
Posts: n/a
 
      11-04-2005
Leythos <(E-Mail Removed)> wrote:

> > > In article <(E-Mail Removed)>, (E-Mail Removed) says...
> > > > This is what an anti-virus program will do if you choose to rename
> > > > the file to keep it for observation purposes
> > >
> > > Not true, that's what SOME Av products will do if you rename the file.
> > > We have our AV software set to scan EVERY file on access,

> >
> > Overkill, and time wasteful.


[snip]
> > > Good settings for any AV product would be to scan all files accessed.

> >
> > God forbid.

>
> Funny, how many networks have you designed and maintain that have NEVER
> been compromised?


There is no necessity to first be a sheep in order to become a shepherd.

Regards
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Explorer 8: C:\Program Files\Internet Explorer\iexplore.exe vs C:\Program Files (x86)\Internet Explorer\iexplore.exe Nathan Sokalski Windows 64bit 16 02-22-2010 08:31 AM
How to replace c:\Program Files with Program Files (x86) in allscripts? clearguy02@yahoo.com Perl Misc 5 05-15-2009 02:23 PM
Program Files vs Program Files x86 =?Utf-8?B?QklHRQ==?= Windows 64bit 2 02-14-2006 08:26 PM
running another program from a C++ program Lorenzo Bettini C++ 3 09-24-2005 10:05 AM
Help !I want to write a program to count the running time of another program freehomesp@yahoo.com.cn C Programming 1 08-12-2005 06:13 AM



Advertisments