Maker Pro
Maker Pro

OT: anti-malware progs ineffective

G

Guest

Jan 1, 1970
0
Maybe publicly identifying people who write this crap (with a
picture, name
and address) would take care of this problem. I'm sure many pissed
off users
would love to "personally congratulate" the authors.

And than perhaps an amnesty for any "crime" involved in
congratulating.

Burn 'em on the stake!

S

I'd love to torture the creators of Gator! Bastards!
 
S

SioL

Jan 1, 1970
0
Jim Thompson said:
ISTR a case where a spammer's place of business was torched.

...Jim Thompson

This is the only interesting related bit I could find

http://news.bbc.co.uk/2/hi/business/3581435.stm

Spammer's Porsche up for grabs

AOL says the Porsche has "symbolic value"
Internet giant AOL has ratcheted up the war against unsolicited e-mail with a publicity-grabbing coup - an online raffle of a
spammer's seized Porsche.
AOL won the car - a $47,000 Boxster S - as part of a court settlement against an unnamed e-mailer last year. "We'll take cars,
houses, boats - whatever we can find and get a hold of," said AOL's Randall Boe. According to Mr Boe, the Porsche's previous owner
made more than $1m by sending junk e-mail.

S
 
J

Joe

Jan 1, 1970
0
john jardine said:
I've got some trash called "Cool web search" on my PC at the moment.
*Nothing* can remove the core component.
"Spybot" will crash the PC on finding it. Others just acknowledge that
this
POS is present.
Even the purpose written "CW Shredder" crashes on attempting to remove it.
Where are all those oh-so-clever-hot-shot-windows-programmers, when
they're
needed to do some real, socially useful work?.
By default I'm learning that windows is built on gibberish. It leaks like
a
sieve. No amount of updating can ever improve it.
regard.
john

John,

My webroot spysweeper removed a real stubborn version of the coolweb search
and homepage hijacker. I had to update the original version on the
spysweeper website, but it worked. You may want to try it.

Joe
 
SioL said:
This is the only interesting related bit I could find

http://news.bbc.co.uk/2/hi/business/3581435.stm

Spammer's Porsche up for grabs

AOL says the Porsche has "symbolic value"
Internet giant AOL has ratcheted up the war against unsolicited
e-mail with a publicity-grabbing coup - an online raffle of a
spammer's seized Porsche.
AOL won the car - a $47,000 Boxster S - as part of a court settlement
against an unnamed e-mailer last year. "We'll take cars,
houses, boats - whatever we can find and get a hold of," said AOL's
Randall Boe. According to Mr Boe, the Porsche's previous owner
made more than $1m by sending junk e-mail.

S

I personally believe that the Windows operating system was deliberately
designed to allow
spyware to work. I cannot imagine that even Microsoft (no matter how
technically incompetent everyone says they are) is not capable of
developing an OS that is closed to this kind of activity, considering
that a huge amount of good OS sourcecode has been available for study
for two decades already. I don't think I'm being paranoid and I'm not a
conspiracy theorist, but I always seem to come back to the same
conclusion as I continue to think about it!

Fred.
 
J

JeffM

Jan 1, 1970
0
If you want to get rid of nearly all spy/adware, and even virus
issues,
quit using Outlook and Internet Explorer.
John (learner)
I wondered how long it was going to take
to hear the voice of reason in this thread.
I notice that the article that the OP referenced
doesn't put this at the top of the list--or even mention it.
Mozilla is a very well done browser
Yup.

Internet Explorer almost seems to "go out and get" spyware
I'd like to add "and aids in its own hijacking".
Outlook and its offspring [Outlook] Express
Well, its namesake; aside from being prime vectors for infection,
the 2 have little in common (not even file names or file formats).
are wide open front doors for all kinds of havoc
#1 on the list--above MSIE.
Use Eudora, or any one of a half dozen other very good programs
Yup.
http://www.google.com/search?&q=eudora+pegasus+thunderbird+mozilla-mail+opera-mail+bat+incredimail
 
J

JeffM

Jan 1, 1970
0
I also suggest you try using the Microsoft Spyware Removal Tool
free for download from MS's download area.
It's just a relabeled version of Giant's product.
Anthony Fremont
No. Microsoft also tweaked GIANT's product.
1) Microsoft's version only runs on current OSes.
It finds things that neither Spybot S&D nor AdAware find.
2) Like P2P software, which it labels malware.
 
J

JeffM

Jan 1, 1970
0
Any comments/information/user-reviews for "Secure IE"?

Mistitled. You can make it Internet Exploder MORE secure,
but until M$ redesigns it to close the security holes
(and breaks backward-compatibility), it will remain insecure.
Let's not forget the long latency in MSIE patches either.

Better security for Internet Explorer:
(ActiveX / MSIE is a requirement by The Borg for automatic updates.)

Best case: Have a fiend burn his Windows updates to a CD for you.
Then you don't have to use Internet Exploder at all.
Save bandwidth too.

2nd best case: Don't do automatic updates; download them manually.
This is browser-agnostic.

3rd best case: Use IE only to access microsoft.com.
Avoid all other sites that require ActiveX.

4th best case: If you just can't avoid sites that require ActiveX,
Mozilla has an ActiveX plug-in
(though why someone would allow ActiveX / ActiveScript to run on his
box,
I don't know; I don't need my HDD remotely wiped, thank you).
Anything that can legitimately done with ActiveX,
can be done with Javascript or something else.

There is absolutely no justification for VBscript on a Worldwide Web
that was concieved so that it would be hardware-/software-agnostic.
Same goes for ActiveX.
In 2005, there is no more place for dweebs who use this M$-centric junk
than there is a place for pages done in FrontPage.

/rant
 
R

Robert Monsen

Jan 1, 1970
0
Terry said:
I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

Product Adware Fixed
---------------- ------------
Giant AntiSpyware 63%
Webroot Spy Sweeper 48%
Ad-Aware SE Personal 47%
Pest Patrol 41%
SpywareStormer 35%
Intermute SpySubtract Pro 34%
PC Tools Spyware Doctor 33%
Spybot Search & Destroy 33%
McAfee AntiSpyware 33%
Xblock X-Cleaner Deluxe 31%
XoftSpy 27%
NoAdware 24%
Aluria Spyware Eliminator 23%
OmniQuad AntiSpy 16%
Spyware COP 15%
SpyHunter 15%
SpyKiller 2005 15%

So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.
Unsettling.

The problem with some adware/spyware is that they have guard
applications, meaning that they install two apps, which are both started
when you log in (or start up) and which watch each other. If you kill
one of these, the other one will immediately restart it. This makes it
nearly impossible for these spyware removal programs to get them.

One thing you can do which at least lets you know what's up is to use
msconfig, (start:run:type msconfig) and then go to the 'startup' tab.
Programs that start at init time are shown here. You can turn them off
here if you want, or go dig around in the registry.

Usually, if you run the spybot cleaner from safemode, (which also
doesn't run these init programs) the spybot cleaner programs can remove
them. This is only true if it knows about the particular infection, though.

One particularly nasty infection actually installed itself as a windows
service... that took some rooting around to eradicate.

I've been using a combination of Norton Antivirus and Spybot Search and
Destroy, and my system has been clean of these things for months. Also,
I switched to using the Firefox browser. Many of these are installed
using backdoors in internet explorer. I *never* run IE these days except
for updates from microsoft (which, sadly, require IE). I taught my kids
to use firefox as well, and their computer has been clean too.

One other thing, if you use XP, you can turn on the SP2 firewall, which
will prevent any infections that may crop up from connecting to their
mothership. It blocks outbound connections from programs that you
haven't explicitly allowed. It's kinda annoying initially, but it works.
Also, use a cable or dsl inbound firewall, and make it 'dark', so it
doesn't respond to pings or other queries.

I've been cleaning up systems for friends this way, and it works even
for people of limited computer knowledge. I cleaned up my gardener's
system a few months ago, and he is happy as a clam. Before, he couldn't
use his computer without being inundated with popups. He had 5 actual
viruses, and at least 200 forms of adware. (I got a few months of free
garden work as well!).

--
Regards,
Robert Monsen

"Your Highness, I have no need of this hypothesis."
- Pierre Laplace (1749-1827), to Napoleon,
on why his works on celestial mechanics make no mention of God.
 
A

Anthony Fremont

Jan 1, 1970
0
JeffM said:
No. Microsoft also tweaked GIANT's product.
1) Microsoft's version only runs on current OSes.

Sad, but true.
2) Like P2P software, which it labels malware.

Most P2P software comes with plenty of spyware attached. They also
refuse to run after removing the spyware/adware packaged with it.
"required component is missing, please reinstall" Beware, it will
delete your pirated music if you allow it.
 
F

Fred Abse

Jan 1, 1970
0
've got some trash called "Cool web search" on my PC at the moment.
*Nothing* can remove the core component. "Spybot" will crash the PC on
finding it. Others just acknowledge that this POS is present.
Even the purpose written "CW Shredder" crashes on attempting to remove it.
Where are all those oh-so-clever-hot-shot-windows-programmers, when
they're needed to do some real, socially useful work?. By default I'm
learning that windows is built on gibberish. It leaks like a sieve. No
amount of updating can ever improve it. regard.

Try:

http://www.silentrunners.org/sr_cwsremoval.html

I can't vouch for it, since I don't run Windows, but it's worth a try.
 
on 01/28/05 said:
Any comments/information/user-reviews for "Secure IE"?

Interesting. I have not heard of it, so I can't comment on it.

Mozilla does everything I need, its free, its not IE :) and so I wouldn't
pay someone for software to fix Microsoft's stuff. Since how M$ has not
updated IE in about four years, it stands to reason that a browser that is
currently supported and maintained is a good way to go. As usual, YMMV.

If anyone uses the secureIE software, I would be interested in your
opinions.

John
 
M

Mark Jones

Jan 1, 1970
0
Ken said:
Not even close to the same. Windows constantly writes stuff all over C
even when running as just "user mode". Bugs can allow important stuff to
be overwritten. ith my solution, most of the bugs don't matter.


I've long-since lobbied for OS-on-EEPROM, especially now that we have
such high-density hardware. Anything without specific permissions just
isn't going to get clearance to write to it, simple as that. Maybe a
"key" you need to insert in the front of the PC to upgrade the
OS/service pack, etc. (Say the switch allows the EEPROM to get +12v.)

As far as the programs themselves, I think it should be illegal for
any company to include any kind of "malware" with their software,
known or not. Since it is impossible (and arguably immoral) to police
such companies, they could be added to a blacklist network instead,
which every computer connected to the net can automatically check
daily. Any suspect software comes up flagged as bad, much like how
SpamCop works but only for programs. i.e.,

Ding! "Attention, you have Kazaa installed, you idiot! 17 people are
preening through your hard disk right now, 2 are deleting your Pamela
Anderson nude collection, and 1 is editing your registry. Recommend
you uninstall Kazaa, like, yesterday..."

-M

-- "Konnichiha, douzoyoroshiku." MCJ 200404
 
M

Mark Jones

Jan 1, 1970
0
If you want to get rid of nearly all spy/adware, and even virus issues,
quit using Outlook and Internet Explorer.

Mozilla is a very well done browser, that can be configured to block
popup ads, and restricts access to the system. Internet Explorer almost
seems to "go out and get" spyware, as it is so vulnerable, and has such
little security. Besides, if you don't know what 'tabbed browsing' is,
consider checking out Mozilla. It is the best feature ever created for a
browser.

Outlook and its offspring Express are wide open front doors for all kinds
of havoc on you computer, both for allowing access, and for propogating
things.

Use Eudora, or any one of a half dozen other very good programs, and you
will find that (Make up random number here) 95% of your problems will go
away.

My son uses IE and Outlook, and the cheesy spyware stuff still finds
literally hundreds of problems on a weekly basis. I use Mozilla, and MR/2
ICE for windows, and running the same spyware stuff as he does, find maybe
one a month.

Complaining feels good, doing something about it is a better idea. Lose IE
and Outlook, and see most of the problem go away.

John


I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html


-- "Over-unity, UFO's, Zero-Point Energy... there's a reason
scientists go 'mad.'" MCJ 200305
 
J

john jardine

Jan 1, 1970
0
Joe said:
John,

My webroot spysweeper removed a real stubborn version of the coolweb search
and homepage hijacker. I had to update the original version on the
spysweeper website, but it worked. You may want to try it.

Joe

Thanks Joe, I'll give it a try.
Just as a note ... I was making a comparison of windows system files on my
normal C: hard drive and my reference D: hard drive, which holds an
unsullied copy of everything. (win98)
I found extra files in C:\, to whit ...

C:\windows\VCM\ MSTASK.DLL (size 245,824)
C:\windows\VCM\ MSTASK.EXE (size 118,368)
C:\windows\system\ MSTASK.001 (size 118,784)

(plus a MSTASK.DAT and MSTASK.INI in the internet explorer\uninstall
directory and a extra windows 'help' file MSTASK.GID)

These DLL and EXE files are also (correctly) in C:\windows\system\ as ...
MSTASK.DLL (size 245,760)
MSTASK.EXE (size 118,748)
The odd files in the \VCM\ directory have been tampered with.

I've made suitable changes but expect CoolWWW to remain. There's something
else in there that's not identified. Hope your prog can find it :)

A few months ago I was on dial-up and easily noticed any unwanted programmes
coming in hence pull the plug. Now with broadband, download speeds are about
150kBytes/sec and any old rubbish can pass through in an instant :-[
regards
john
 
K

Ken Smith

Jan 1, 1970
0
Mark Jones said:
I've long-since lobbied for OS-on-EEPROM, especially now that we have
such high-density hardware. Anything without specific permissions just
isn't going to get clearance to write to it, simple as that. Maybe a
"key" you need to insert in the front of the PC to upgrade the
OS/service pack, etc. (Say the switch allows the EEPROM to get +12v.)

When I "upgrade" my toaster, I just buy a new one. Soon the same will be
true of the PC. You will buy it with certain programs on it and thats all
it will do. It will save a lot of trouble.

As far as the programs themselves, I think it should be illegal for
any company to include any kind of "malware" with their software,
known or not. Since it is impossible (and arguably immoral) to police
such companies, they could be added to a blacklist network instead,

I think it perfectly moral to outlaw malware. If we can ban food that
contains toxins and drugs that don't work and cars that don't have breaks
and water heaters that explode, the malware banning seems like just more
of the same.

Enforcement isn't all that hard in many cases. You just have to be
willing to blow up someones house in India or something like that.
 
R

Rich Grise

Jan 1, 1970
0
I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/ [snip stats]
So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.
Unsettling.

Or, you could just run Linux. It doesn't do spyware. But I have been
watching my apache access logs, and I've blacklisted a few IPs that
are sending such extreme garbage:
--------<sample excerpted>------
4.8.194.170 - - [27/Jan/2005:05:38:15 -0800] "GET /default.ida?XXXXXXXXXXXXXXXXXXX
[two lines of XXXXXXX snipped]
4.10.192.232 - - [27/Jan/2005:10:18:08 -0800] "SEARCH /\x90\xc9\xc9\...
Many many \xc9, followed by as many \x90. I know \x90 is an 8086 nop, but it's
followed by:
4.10.192.232 - - [27/Jan/2005:10:18:39 -0800] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 307,
-------<end excerpt>------------
which is clearly a windoze buffer-overflow-type attack. Presumably, that
sequence is the key to the back door of your system.

So, wanna see my current blacklist? No? Sorry, here it is anyway:
BLACKLIST="146.82.109.210
146.82.109.220
206.173.44.115
216.73.86.23
218.235.138.29
218.235.138.5
4.10.111.70
4.10.130.162
4.10.131.233
4.10.133.101
4.10.133.39
4.10.134.223
4.10.135.69
4.10.192.232
4.11.10.236
4.11.102.77
4.11.177.147
4.11.193.186
4.11.203.34
4.11.203.76
4.11.213.233
4.11.236.20
4.11.241.127
4.11.251.128
4.11.44.243
4.11.53.75
4.11.54.16
4.11.60.183
4.11.61.44
4.27.133.163
4.8.194.170"

Cheers!
Rich
 
R

Roger Johansson

Jan 1, 1970
0
Mark Jones said:
I've long-since lobbied for OS-on-EEPROM, especially now that we have
such high-density hardware. Anything without specific permissions just
isn't going to get clearance to write to it, simple as that. Maybe a
"key" you need to insert in the front of the PC to upgrade the
OS/service pack, etc. (Say the switch allows the EEPROM to get +12v.)

You can achieve a similar effect as an eprom OS if you use a partition
saving program to backup your C: partition.

Then you can restore the Operating system anytime to exactly the same
state.

If you like you can even restore instead of rebooting, if you want to
reset the operating system every time you start the computer.

If you have a second partition, or a second hard disk you can keep your
data on that and saved partition images which you can restore to C:
partition.

Both data from the second partition and disk images of the C partition
can also be backed up to CD's, of course, to get a second line defence
against loss of data or programs.

Two good partition saving programs: the commercial norton ghost and the
freeware "Partition Saving".

http://www.partition-saving.com/

This software lets you create a compressed copy of the C: partition, and
store it on another partition/harddisk or on a CD burner.

When something goes wrong, viruses, technical problems, whatever, you
simply restore the C: drive. It takes 2 minutes, a lot faster than
resinstalling windows and all your favorite programs, and faster than the
reboot procedure on many computers filled with ad and spyware routines to
be loaded.

I save the windows installation after I have installed windows and a few
programs I need. Later I install more programs, and make a new backup
with partition saving.

When something goes wrong (or I have installed and tried a load of
useless programs) I can choose which disk image I want to restore, a
really clean and fresh installation, or a more advanced one with several
extra programs and settings. I have 3 saved images to choose from right
now, from a very barebone windows installation, to a copy of my current
system as it was two weeks ago.

I make sure to store my important data on another hard disk, and on
another partition on the first hard disk, and I back up both the data and
the partition images on CD.

If my first hard disk breaks down I simply buy a new one and restore a
partition image to the C partition. If my second hard disk goes down I
copy my data from C and all is well again. If both break down
simultaneously, which is highly unlikely but possible, I buy two new
hard disks and restore the backups from CD.

Both norton ghost and partitionsaving are small programs you run from a
DOS floppy, or live-CD. Ghost has the added advantage of a windows
program which is used to open ghost disk images in a manner like we open
zip files, look inside, copy files out from the archive/image, copy files
into it, so you can change it. This is sometimes useful, for example if
you have a file or a program which cannot be deleted. You make an image
of the partition, go into it like a zip file, and erase the un-erasable
file or program, and restore the image to the C partition.

If you are hit by a virus which makes windows un-usable you can run the
partition saving program from a floppy, make a copy of the current state
of the C partition, restore the latest good partition image, and reboot. Then
you can explore the image which doesn't work from your normal windows
environment, change things, copy files you would have lost otherwise,
etc..

A new way to backup your data files is to store them on internet, so you
can access them from any connection and any computer. Just get an account
where you are allowed to store files.
 
T

Terry Pinnell

Jan 1, 1970
0
Mark Jones said:
I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html

WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.
 
J

JeffM

Jan 1, 1970
0
Changed default browser to [FireFox] 1.0 a week ago.
Just had a couple of sites I can't reach or actions I can't accomplish....
would only work in MSIE - apparently dependent on ActiveX
Terry Pinnell

I can't say I recommend doing business
with companies that are so foolish as to use/require ActiveX,
but if you like playing Russian Roulette with your HDD:
http://www.google.com/search?&q=mozilla+activex-plug-in

I've used Mozilla since 1.2 (they are currently at 1.7.3 Stable)
and I have never felt any desire to use ActiveX.
If the morons at a biz can't figure out how to use Javascript
and allow everybody to play, screw 'em--I'll go elsewhere.
 
Top