On Sun, 1 Jul 2007 08:15:04 -0400, "R. McCarty"
>Only missing component is a "Real-Time" malware prevention type
>app. Spybot and Ad-Aware are good, but are primarily a detect
>and removal type application. Windows Defender is one choice, a
>free and self-maintenance type program from Microsoft.
>http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&DisplayLang=en
There are also A-Squared and AVG Antispyware, which used to Ewido.
>Otherwise, it's never good to get complacent with a certain set of
>security programs. I use a number of on-line scans to double-check
>against my resident security software.
>Trend-Micro has good on-line scan called HouseCall. Scans for
>both Viruses/Trojans and Malware:
>http://housecall.trendmicro.com/
I would use online scanners ONLY to submit "unopened" files for
scrutiny. What I would NOT do, ever, is:
- take a suspected-infected PC online
- let it find an online scanning site via ?malware'd DNS
- drop my browser's security when I get to that site
- allow the site to drop and run code on my PC
- stay online while that code looks at all my files
Once malware has been able to run, it is positioned to pre-empt and
overridfe anything you do from within the infected system. Most
malware won't make maximal use of this positioning, but what you're
really counting on is weakness of the attacker's capabilities.
If malware is "commercial", posing as legitimate (though ?unwanted)
software, it is constrained in what it can do. If it becomes too
aggressive, e.g. wiping your data, killing your av etc., then the
vendor loses "plausible deniability".
It is this distinction that distinguishes commercial malware that av
typically ignores and "antispyware" apps typically target, and
"traditional" malware such as viruses, etc.
From this distinction comes the idea that you can tackle active
commercial malware informally, e.g. by running AdAware, Spybot etc.
from Windows. Current trends blur the distinction, as the
"commercial" operatiors are either out of jurisdiction, or emboldened
by the weak legal response to thier activities.
>No single product or combination of tools provides 100% protection.
>There is ALWAYS the threat of a "Zero-Day" infection on your PC.
>This is a newly created/distributed item that the security software
>programs do not have in their "Signature" or definition files.
This is true, and I don't see anything in the poster's measures that
address by-design exploitability. I would:
- kill hidden admin shares
- kill all wireless I wasn't using
- if I had to use WiFi, I'd want WPA with 20-character random key
- stop the PC auto-restarting on errors
- stop the RPC service from restarting the computer when it fails
- show all files, and especially all file name extensions
- kill off Java unless I needed it (then keep only latest Sun JRE)
- delete unopened any attachments lacking specifically human text
- keep incoming material out of "My Documents"
- keep infectable material (e.g. code files) out of "My Documents"
- relocate "My Documents" to a HD volume off C:
- do not full-share any infectable locations
- do not full-share any integration point locations, e.g. StartUp
- use a NAT router if on broadband
- disallow auto-dialup if on dialup (even if phone calls are free)
- stop Windows opening files based on "content, not extension"
- use Spyware Blaster to passively block known-bad stuff
- disable Windows Scripting Host if not using it
- disable block Remote Desktop / Assistance if not using it
Well, you get the idea.
>Nobody has come up with a Security tool that prevents users from
>"Clicking" on something they shouldn't click.
What happens is:
- the UI doesn't show info needed to assess risk, e.g. file .ext
- the user lacks skills to assess this info even if it is visible
- the OS lets bad stuff spoof this risk indication anyway
This is aside from pure clickless attack, where a combination of bad
design (e.g. exposing RPC and LSASS services to unsolicited Internet
traffic) and defective code allows direct network attack.
NAT and firewall help those, as do patches.
Context:
>"Buster" <Buster@discussions.microsoft.com> wrote in message
>> I've established the following security measures for my computers
>> 1. Windows XP update on and kept fully uptodate.
>> 2. Windows firewall on.
>> 3. Spybot kept uptodate and run monthly.
>> 4. Ad-Aware kept uptodate and run monthly.
>> 5. ccleaner run every month.
>> 6. Antivir PE Classic in operation and run weekly.
>> Does anyone have any constructive comments please?
>> I use all free legal software.
What I've mentioned is legally free too, for home use at least
>-------------------- ----- ---- --- -- - - - -
Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
>-------------------- ----- ---- --- -- - - - -