You see this is a perfect example of how "Confusing Advice" propagates.
) Point 1:
You provide this link as proof.
http://antivirus.about.com/cs/allabout/a/bmpagent.htm
First, look at the author's background. She has no BS in Computer Science.
At the least she should have a major security certification. She has neither.
She "pursued" some programming courses. I pursued "medical courses". It
doesn't make me a doctor.
This guy is talking about files residing on his computer. That link talks
about attachments in emails that "drop" and "executable" file to the
computer. You're talking apples we're talking oranges. Just proves what I
stated that malware is useless unless it is in executable form.
) Point 2
You said "As for other extensions, check with your temp directory. Many
*.tmp files, for instance, are *executable* files (DLLs)"
I got news for you, a DLL is not an executable. DLLs are called by
"executables". And as far as a tmp being an executable it is not. It is a
temporary instance of another file. It the other file does not exist neither
does the tmp.
) Point 3
You said: "Although file properties can be faked, that's extra work for the
creator." So in other words I was right again. When we're talking about
malware we need to indicate they can be fake and you didn't. I did.
In summary: I work with so many people that are totally confused because
they get confusing advice from people like you. Be sure of what you say
before you say it. I think Microsoft should require users to be certified in
the areas they are offering advice in. Of course, if they did few of you
would be here with me would you?
Be careful about what you advise. Big fancy words do not equal good advice.
"Detlev Dreyer" wrote:
> "Confusing Advice" <Confusing (E-Mail Removed)> wrote:
>
> > That's incorrect. Any malware can NOT have any filename. Malware must
> > be an executable type file other wise it's useless.
>
> Nope. Just some examples:
> http://antivirus.about.com/cs/allabout/a/bmpagent.htm
> http://www.bluesbrotherscentral.com/...hp/t-2106.html
>
> > What use would "Malware.txt" be to a malicious software writer? None.
>
> As for other extensions, check with your temp directory. Many *.tmp files,
> for instance, are *executable* files (DLLs) which cannot be deleted since
> they are in use. In fact, additional software downloaded by malware comes
> as *.tmp files in many cases and giving them a *.txt extension instead
> wouldn't be a problem.
>
> > And as far as checking a file's properties to check it's origins. That is
> > incorrect too. File properties can be faked and may mean nothing.
>
> Although file properties can be faked, that's extra work for the creator.
> Therefore, malware does not have any file information usually. When there
> are file properties available, however, it's pretty easy to find the
> related software under add/remove programs in most cases.
>
> > And I don't what you mean by "the criteria in contrast to the virus
> ^^^^^^^^^^^^^^^^ that's good english?
> > definition signature". Makes absolutely no sense whatsoever to me and
> > probably not to him either.
>
> Why don't you use the keywords "virus definition signature" for a Google
> search - you'll get many hits.
>
> > All encompassing statements, bad advice and bad english equal confusion.
> > May want to pick up a book on English Composition and take some courses
> > in computer technology before giving advice.
>
> No comment.
>
> --
> d-d
>
