While waiting for new toys.....

Discussion in 'NZ Computing' started by thingy, Apr 5, 2006.

  1. thingy

    thingy Guest

    http://www.eweek.com/article2/0,1895,1945808,00.asp

    Interesting piece on malware.....better to wipe clean than try and clean
    it up....self-healing malware.....virtual machine malware....

    Where does this leave the barely capable XP home user though.......up
    the creek without a paddle it seems....

    ".....The most recent statistics from Microsoft's anti-malware
    engineering team confirm Danseglio's contention. In February alone, the
    company's free Malicious Software Removal Tool detected a social
    engineering worm called Win32/Alcan on more than 250,000 unique
    machines......"

    So given the 100,000's spam-bots out there......with no hope of being
    fixed......

    regards

    Thing
    thingy, Apr 5, 2006
    #1
    1. Advertising

  2. "thingy" <> wrote in message
    news:...
    > http://www.eweek.com/article2/0,1895,1945808,00.asp
    >
    > Interesting piece on malware.....better to wipe clean than try and clean
    > it up....self-healing malware.....virtual machine malware....
    >
    > Where does this leave the barely capable XP home user though.......up the
    > creek without a paddle it seems....
    >
    > ".....The most recent statistics from Microsoft's anti-malware engineering
    > team confirm Danseglio's contention. In February alone, the company's free
    > Malicious Software Removal Tool detected a social engineering worm called
    > Win32/Alcan on more than 250,000 unique machines......"
    >
    > So given the 100,000's spam-bots out there......with no hope of being
    > fixed......
    >
    > regards
    >
    > Thing


    Interesting article although I don't see anything particularly new. When it
    comes to PC security prevention is infinitely better than cure and the only
    cure which is 100% guaranteed is to flatten and re-build the box. As for the
    250K spyware infections you need to balance that against the 200 million
    executions of MSRT per month i.e. a 0.125% infection rate

    Brett Roberts
    Microsoft NZ
    Brett Roberts, Apr 5, 2006
    #2
    1. Advertising

  3. thingy

    Don Hills Guest

    In article <>,
    "Brett Roberts" <> wrote:
    >
    >Interesting article although I don't see anything particularly new. When it
    >comes to PC security prevention is infinitely better than cure and the only
    >cure which is 100% guaranteed is to flatten and re-build the box. As for the
    >250K spyware infections you need to balance that against the 200 million
    >executions of MSRT per month i.e. a 0.125% infection rate


    Lies, damn lies and statistics.

    Does MSRT remove the infections it finds?

    How many times per month per machine does MSRT run, on average?

    In other words, compare apples with apples. Take a one month snapshot.
    You need three numbers from that snapshot:
    Number of machines in use.
    Number of machines scanned.
    Number of infected machines found.

    Once you have those, you can come up with a figure closer to the real
    infection rate that we can believe.

    --
    Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
    "New interface closely resembles Presentation Manager,
    preparing you for the wonders of OS/2!"
    -- Advertisement on the box for Microsoft Windows 2.11 for 286
    Don Hills, Apr 5, 2006
    #3
  4. "Don Hills" <> wrote in message
    news:...
    > In article <>,
    > "Brett Roberts" <> wrote:
    >>
    >>Interesting article although I don't see anything particularly new. When
    >>it
    >>comes to PC security prevention is infinitely better than cure and the
    >>only
    >>cure which is 100% guaranteed is to flatten and re-build the box. As for
    >>the
    >>250K spyware infections you need to balance that against the 200 million
    >>executions of MSRT per month i.e. a 0.125% infection rate

    >
    > Lies, damn lies and statistics.
    >
    > Does MSRT remove the infections it finds?
    >
    > How many times per month per machine does MSRT run, on average?
    >
    > In other words, compare apples with apples. Take a one month snapshot.
    > You need three numbers from that snapshot:
    > Number of machines in use.
    > Number of machines scanned.
    > Number of infected machines found.
    >
    > Once you have those, you can come up with a figure closer to the real
    > infection rate that we can believe.
    >
    > --
    > Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
    > "New interface closely resembles Presentation Manager,
    > preparing you for the wonders of OS/2!"
    > -- Advertisement on the box for Microsoft Windows 2.11 for 286


    In addition to manual executions the MSRT is sometimes downloaded and run in
    conjunction with the Windows automatic update process. Up to Jan06 there had
    been a total of 2 billion MSRT executions (the tool was release in Jan05)
    and the current rate is 200 million executions per month. Currently it
    detects and removes the following malware families:

    Alcan, Antinny, Atak, Badtrans, Bagle, Bagz, Berbew, Blaster, Bobax, Bofra,
    Bropia, Bugbear, Codbot, DoomJuice, Dumaru, Esbot, Eyeveg, F4IRootkit, Gael
    , Gaobot, Gibe , Goweh, Hacker Defender, Hacty, IRCBot, Ispro, Kelvir,
    Korgo, Lovgate, Mabutu, Magistr, Maslan, Mimail, Mydoom, Mytob, Mywife ,
    Nachi, Netsky, Opaserv, Optix, Optixpro, Parite, Purstiu, Randex, Rbot,
    Ryknos, Sasser, Sdbot, Sober, Sobig, Spybot, Spyboter, Swen, Torvil,
    Wootbot, Wukill, Yaha , Zafi, Zindos, Zlob, Zotob



    more info at http://www.microsoft.com/security/malwareremove/default.mspx



    To answer your questions:



    Number of machines in use: MSRT >=200 million
    Number of machines scanned: 200 million in Jan06
    Number of infected machines found: W32/Alcan = 250K, others unknown


    On the "prevention is better than cure" front, to-date there have been 25
    million downloads of Windows Defender and its predecessor.



    Brett Roberts

    Microsoft NZ
    Brett Roberts, Apr 5, 2006
    #4
  5. thingy

    thingy Guest

    Brett Roberts wrote:
    > "thingy" <> wrote in message
    > news:...
    >
    >>http://www.eweek.com/article2/0,1895,1945808,00.asp
    >>
    >>Interesting piece on malware.....better to wipe clean than try and clean
    >>it up....self-healing malware.....virtual machine malware....
    >>
    >>Where does this leave the barely capable XP home user though.......up the
    >>creek without a paddle it seems....
    >>
    >>".....The most recent statistics from Microsoft's anti-malware engineering
    >>team confirm Danseglio's contention. In February alone, the company's free
    >>Malicious Software Removal Tool detected a social engineering worm called
    >>Win32/Alcan on more than 250,000 unique machines......"
    >>
    >>So given the 100,000's spam-bots out there......with no hope of being
    >>fixed......
    >>
    >>regards
    >>
    >>Thing

    >
    >
    > Interesting article although I don't see anything particularly new. When it
    > comes to PC security prevention is infinitely better than cure and the only
    > cure which is 100% guaranteed is to flatten and re-build the box.


    While as a semi-competant Windows user with win2k cds that's OK for me.

    Most Windows users I would contend are not capable and totally unwilling
    to loose all their information and the risk of not having a useable PC
    by trying to re-install. So given the ease of Windows boxes getting
    hacked and then being un-repairable i sometimes wonder the Internet
    works at all......

    As for the
    > 250K spyware infections you need to balance that against the 200 million
    > executions of MSRT per month i.e. a 0.125% infection rate
    >
    > Brett Roberts
    > Microsoft NZ


    regards

    Thing
    thingy, Apr 5, 2006
    #5
  6. thingy

    Shane Guest

    Brett Roberts wrote:


    > Interesting article although I don't see anything particularly new. When
    > it comes to PC security prevention is infinitely better than cure



    Thank $deity that concept is finally getting through to Microsoft
    Maybe they can learn to produces patches quickly and effectively now....
    (So people can prevent exploitation of the discovered holes)

    > and the
    > only cure which is 100% guaranteed is to flatten and re-build the box. As
    > for the 250K spyware infections you need to balance that against the 200
    > million executions of MSRT per month i.e. a 0.125% infection rate
    >
    > Brett Roberts
    > Microsoft NZ



    --
    Rule 6: There is no Rule 6.
    Shane, Apr 5, 2006
    #6
  7. thingy

    Don Hills Guest

    In article <>,
    "Brett Roberts" <> wrote:

    > ... and the current rate is 200 million executions per month.
    > ...
    >Number of machines in use: MSRT >=200 million
    >Number of machines scanned: 200 million in Jan06


    200 million executions per month, but on how many different machines?
    Is the 200 million figure the number of unique machine IDs or just the total
    number of executions reported?

    --
    Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
    "New interface closely resembles Presentation Manager,
    preparing you for the wonders of OS/2!"
    -- Advertisement on the box for Microsoft Windows 2.11 for 286
    Don Hills, Apr 5, 2006
    #7
  8. thingy

    Gavin Tunney Guest

    On Wed, 5 Apr 2006 11:34:28 +1200, "Brett Roberts"
    <> wrote:

    >
    >"thingy" <> wrote in message
    >news:...
    >> http://www.eweek.com/article2/0,1895,1945808,00.asp
    >>
    >> Interesting piece on malware.....better to wipe clean than try and clean
    >> it up....self-healing malware.....virtual machine malware....
    >>
    >> Where does this leave the barely capable XP home user though.......up the
    >> creek without a paddle it seems....
    >>
    >> ".....The most recent statistics from Microsoft's anti-malware engineering
    >> team confirm Danseglio's contention. In February alone, the company's free
    >> Malicious Software Removal Tool detected a social engineering worm called
    >> Win32/Alcan on more than 250,000 unique machines......"
    >>
    >> So given the 100,000's spam-bots out there......with no hope of being
    >> fixed......
    >>
    >> regards
    >>
    >> Thing

    >
    >Interesting article although I don't see anything particularly new. When it
    >comes to PC security prevention is infinitely better than cure and the only
    >cure which is 100% guaranteed is to flatten and re-build the box.
    >


    It's disappointing when MS come out with this sort of twaddle Brett.
    What you say is true enough, but only due to Microsoft's
    intransigence. The fundamental flaw with all the Windows spyware
    removal, antivirus, malware & rootkit removers etc is that you're
    running those apps on the OS you're scanning. It's not possible to
    guarantee a successful clean if the tool you use is running on the box
    that's compromised, that's pretty obvious when you think about it.

    Contrary to popular belief you don't have to wipe a compromised box.
    What you do need is to be able to launch a known good OS that lets you
    diagnose a possibly compromised OS. All MS have supplied there is the
    pathetically inadequate recovery console, which is as much use as tits
    on a bull. Linux, Solaris & Unix etc all have the CLI when things go
    wrong, XP has nothing.

    Brendan posted info about Barts PE disk years back now, and lots of
    people use that or similar boot CDs to diagnose XP boxes.
    Unfortunately with Windows being closed soruce there's a limit to what
    third party apps can do, and there's been a need for years for a
    decent MS supported boot CD with some decent tools fior diagnosing &
    fixing Win2k and XP boxes.

    For a technician, people in the support game & even hobbyists, having
    to wipe a drive & reinstall is an insult to the intelligence. Not only
    is it time consuming, it's unprofessional and infuriating....like
    using a sledgehammer to drive a pin. If that's all MS can come out
    with then they're just a waste of space, time they handed over the
    reins to people who take computing seriously.

    Cheers

    Gavin
    Gavin Tunney, Apr 7, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Frankie

    Some new toys for Frankie

    Frankie, Oct 14, 2005, in forum: The Lounge
    Replies:
    7
    Views:
    1,813
    The Modfather
    Oct 16, 2005
  2. Mike

    Power Toys for W2K

    Mike, Nov 4, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    2,004
  3. Marcus

    While we're waiting for ATI's MMCx64....

    Marcus, May 25, 2005, in forum: Windows 64bit
    Replies:
    3
    Views:
    326
    Marcus
    May 25, 2005
  4. Giuen
    Replies:
    0
    Views:
    593
    Giuen
    Sep 12, 2008
  5. Eric Miller

    While we're waiting . . .

    Eric Miller, Sep 14, 2009, in forum: Digital Photography
    Replies:
    11
    Views:
    517
    Eric Miller
    Sep 17, 2009
Loading...

Share This Page