Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > A+ Certification > More on this

Reply
Thread Tools

More on this

 
 
Bill Eitner
Guest
Posts: n/a
 
      07-04-2008
See the bottom for new text.
Here's a good reference point from which to start:
MF wrote:
> "Bill Eitner" <(E-Mail Removed)> wrote in message
> news:rhH4k.8204$(E-Mail Removed)...
>> MF wrote:
>>> "smackedass" <(E-Mail Removed)> wrote in message
>>> newsIf4k.1998$n9.1334@trndny01...
>>>> I'm starting to question my own judgement. >

> <snip>
>>>> people look at me like I've got two heads when I say that I don't like
>>>> Symantec/Norton. Name recognition goes a long way.


>>>> What say you?


>>>> sa
>>> Good question. And maybe unanswerable,


> <snip>


>>> So I double click it and it installs with no warning or complaints from
>>> Norton running in the background. And what it installs is a

key-logging,
>>> call-home trojan. Luckily, it was badly written and immediately

crashed
>>> XP SP2.

>> This must have been before you had Bit Defender.
>> I'm curious as to whether or not it would have
>> identified it to any degree. With what has
>> happened with AVG 8 (noticeable performance hit)
>> and the fact that Grisoft is discontinuing support
>> for 7.5, I'm interested in figuring out where
>> Bit Defender ranks as far as detection capability.


> I was thinking about this. About keeping the trojan carrier

program, doing
> up a hard drive with the same OS, imaging it, then downloading every

AV prog
> I could get. Then find out which of them would detect the nasty

through an
> on demand scan, and, after that, see if any of them would catch the

program
> and prevent it from installing. It would be interesting. But following
> interests like that is one of the reasons I don't have a yacht, so I

didn't
> do it.


There's a huge difference between having the dough
for a yacht and keeping one file for testing anti-
virus programs. Tell me where to go to download
the little music program and I'll do it. On-demand
scan it with Bit Defender--that's all I'm asking.

> <snip>
>>> I had a feeling these guys were missing the boat and had not identified
>>> the variant I had. So I searched many forums (scrolling past dozens of
>>> HJT logs)

>> What's an HJT log?


> The log(s) produced by HijackThis. The ultimate fallback program for a
> manual cleansing. Written by Merijn, purchased last year by trend micro.
> Still freeware.


I'm familiar with HiJack This, but asking people to
recognize it by "HJT" is asking a lot. It's not
that well known. A few more keystrokes won't kill
you or make you look less cool.

- Hide quoted text -
- Show quoted text -
>>> had identified the files and registry keys the trojan installed. So I
>>> went through the partition and killed it off manually. This was fairly
>>> easy, because I knew the two dates associated with the trojan's files,
>>> but the research was looooooong and less than joyful.

>> At least you hit paydirt in the end.


>>> If, as with most people, that had been my only computer, and XP the

only
>>> OS on the machine, I would have semi-screwed.

>> Live CD to the rescue.
>> One of the most valuable benefits of a live CD
>> OS is that none of the hard drive files are in
>> use--therefore no virus can fight your eradication
>> efforts. And once the infected files are dealt
>> with the registry entries refer to nothing and
>> can be mopped up by a general purpose registry
>> cleaner like CCleaner.


> Agreed. That's the "semi" part of it. I haven't made/updated such a

disk
> in over a year ;( -- in fact, I should do it now.


A custom Bart PE disk can make you look
like a God. I've become fairly well known
at the school I attend (I'm 44 and am attending
a trade school in order to change careers).
Other students know where to find me (the
computer/electronics/telecom/wireless
networking lab where I prepped for the A+).
Most every week I end up straightening out
at least one or two computers. It's good
` experience and I never turn down a chance
to try and fix a computer. Most are software
issues like virus infections. In fact the
huge majority are such. Hardware problems
are rare even though many of the owners
think that's what's wrong. For example,
last week I dealt with a Dell laptop where
the display would randomly shut off. At
first it appeared to be a hardware issue
(the display backlight), but in the end
it was malware. I installed Bit Defender
from a hard drive in an enclosure (another
of my favorite little toys), updated it and
ran it. It found 20+ malware programs.
After a half-day (4 hours) of cleaning it
up the little laptop was working fairly well.

- Hide quoted text -
- Show quoted text -
>>> Therefore:


>>> Give the customer what they ask for. If they want Symantec, they get
>>> Symantec. If you don't, and they later get a virus, they'll blame

you.
>> Good point. However, with me, they'd quickly be
>> hipped to the fact that it was one of their decisions
>> that led to the infection and that's where the buck
>> ultimately stops. For example, you chose to obtain
>> by whatever means and run that little music program.


>> You pays your money and you takes your chances.


>> I (and probably most others here) would have done
>> the same thing. I would have manually updated Bit
>> Defender, scanned it, and if nothing was found,
>> executed it. That's how the game is played.


> There's not much else you can do. If your AVs have been keeping you safe
> for a while, the tendency is to trust them. You can't acquire and update
> five different AVs every time you are going to try out a questionable
> program. So you dance with the one you brung, at least till they

stiff you.

And even then maybe you forgive them.
The trick for a virus author is to be clever.
Being one of the first to see a new variant
is not impossible.

FYI, a good but mostly unknown program that
can be used as a second line of on-demand
defense is A-squared free. It can be configured
to where there is basically no trace of it on a
box for the most part (manually disable all options
and services):
http://www.emsisoft.com/en/software/free/
That means it can truly co-exist with other
security software without causing any issues.
It's another program I use contextually that
seems to be an above-average detector.

- Hide quoted text -
- Show quoted text -
>>> If, however, they don't express any preferences, give them what you

think
>>> is going to be easiest for them to keep updated and to use.

> <snip>
>>> You can see the reason for my sort of vague advice above simply by
>>> searching on "best anti virus program" and reading a few reviews.

>> I did that when I was looking into on-demand scanners.
>> What a mistake that was--nothing but argument.


> You betcha.


>> I'm hoping that Bit Defender is as good as it claims
>> to be as far as detection goes.


> Me too.


>>> I might note that after looking at four such reviews at random, it
>>> appears that Avira AntiVir is coming up in the world. Personally,

I got
>>> rid of Norton, have AVG 7.5 Pro (they had a one day give away that I
>>> stumbled on) with Bit Defender in reserve for a second scan of

stuff I am
>>> leery about. I am, however, open to abandoning AVG if their reviews
>>> don't improve.

>> Eventually you'll have to make a decision as updates
>> for AVG 7.5 will be discontinued. Let us know what
>> you decide to go with.
>> --

> I know. I _think_ the Pro version will be good for the rest of the year,
> but I got a popup from AVG saying that the Free version (on a different
> machine) will not be supported after June 25. Perhaps they will come out
> with an 8.01 with less bloat - but I think I'll try Avira and Bit

Defender
> no matter what they do.


Personally, I think you're at a level where Bit Defender
with all options unchecked and nothing else would be
appropriate. You knew what you were doing when you
danced with the little music program. You don't need
a program that looks over your shoulder (checks every
file you open and every action you take). If you choose
to run both, be aware of the services that may conflict.
Disable the Bit Defender services until you need/want to
use the program. They are: bdss, vsserv, livesrv and xcomm.
Further, I suggest trying the Bit Defender / A-Squared
combo. To that you can also add Spybot. Every two weeks
I manually update and run all three along with a backup of
everything critical. Because I have a clue, they never find
anything--but I always do it all just the same.

Begin the new text here.

I've just run into a situation that brought me to the conclusion that
Bit Defender isn't particularly special.

So, the quoted paragraph above makes me look like an idiot.
I have to accept that. See below:

Even though I religiously scan all downloaded executables manually
and know the difference between safe and risky business online,
recently I ended up with an annoying variant of the Trojan Vundo.
As far as I can tell, this variant goes by: Vundo.euo which, trust me,
isn't widely known. My recommended combo of Bit Defender Free V10 and
A2 Free didn't see it coming. And, after the fact, Bit Defender didn't
recognize all of the infected files. It found one--but that wasn't
enough to stop it. A2 Free didn't see any of it--even at the height
of the infection.

Here's the deal with this variant: On an XP box it prevents Explorer
from running. That means you have no taskbar--no start menu--just the
background. Newbies won't know how to deal with that at all.
Guys in the know will know to give a three-finger-salute (alt-ctrl-del)
to bring up task manger and then manually start another instance (be it
crippled) of explorer. From there the box is usable but slow.

There is more to explain, but I'll cut to the chase.

In my 12 years of experience this was one of the worst infections I've
ever had to clear--and it was on my own box! In the end, HJT (Hi-Jack
This) was the key. It exposed a key file that when deleted took out
the bulk of the infection. From there it was just a mop-up operation
(delete orphaned files and registry entries).

So, there you have it.

Feel free to respond and post your own stories.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kamaelia 0.4.0 RELEASED - Faster! More Tools! More Examples! More Docs! ;-) Michael Python 4 06-26-2006 08:00 AM
With a Ruby Yell: more, more more! Robert Klemme Ruby 5 09-29-2005 06:37 AM
DVD Verdict reviews: SYLVESTER AND THE MAGIC PEBBLE AND MORE MAGICAL TALES and more! DVD Verdict DVD Video 0 04-07-2005 08:10 AM
Sygate uses more and more memory? Louise Computer Security 0 06-01-2004 05:30 AM
Re: With More Flash More Lumix: using an external flash unit with the FZ1 and other digicams Hans-Georg Michna Digital Photography 4 08-24-2003 06:05 PM



Advertisments