Re: How effective is any antivirus program?

"Pete Zahut" <dont@bother> wrote in message
news:QvOdncTD1bZVRQrXnZ2dnUVZ8m2dnZ2d@bt.com...
> Speaking as a reasonably computer-savvy "end-user", I reckon that many
> years ago viruses were just an annoyance and antivirus programs worked
> well.

Not really, some viruses had really nasty payloads and could hide
themselves well from the scanners. The scanners adapted to the new
techniques and the virus writers came up with yet another stealth
mechanism. Back and forth it went until scanners were mostly looking for
self decrypting code - emulating the environment the virus needed
sufficiently for it to decrypt and expose itself.

> Unfortunately, viruses, trojans, keyloggers, spyware etc., etc., etc.,
> have become much more malignant and sinister. They are harder to
> remove, hell, they can even hide themselves from attempts to get rid
> of them.

This is actually old stuff - in a new venue. Most current malware uses
some sort of vulnerability (social engineering or software exploitation)
to gain processor time - whereas viruses used only legitimate means to
gain processor time (they ran hosted by another program). What was
called a form of "stealth" in the virus world, is now called a "rootkit"
(a misused term IMO) in current malware terms.

> So, once infected, can a system _really_ ever be cleaned, disinfected,
> and healed to the point where you could use it for online shopping or
> internet banking again?

Yes, but most savvy users keep appropriate backups (images) so as to
make "flatten and rebuild" not such a daunting prospect. Why do
intricate software surgery when you can just replace the whole shebang.

> The reason I ask is that a friend of mine is antivirus-ed,
> antispyware-ed, antitrojan-ed to the hilt but, if any "anti" program
> triggers and says that something is wrong, he doesn't rely on the
> program to do its job and clean the infection - he takes it as a
> warning that something's wrong and he then deletes the partition,
> recreates the partition, reformats and reinstalls an earlier drive
> image using Acronis. He thinks that that is the only way to be sure he
> can use his bank or credit card details safely.

He's a savvy user IMO.

> Is he paranoid or does he have a point?

You decide.

"FromTheRafters" <erratic@nomail.afraid.org> wrote in
news:h7a6e9$ne5$1@news.eternal-september.org:

> "Pete Zahut" <dont@bother> wrote in message
> news:QvOdncTD1bZVRQrXnZ2dnUVZ8m2dnZ2d@bt.com...
>> Speaking as a reasonably computer-savvy "end-user", I reckon that
>> many years ago viruses were just an annoyance and antivirus programs
>> worked well.
>
>> Unfortunately, viruses, trojans, keyloggers, spyware etc., etc.,
>> etc., have become much more malignant and sinister. They are harder
>> to remove, hell, they can even hide themselves from attempts to get
>> rid of them.
>
> This is actually old stuff - in a new venue. Most current malware uses
> some sort of vulnerability (social engineering or software
> exploitation) to gain processor time - whereas viruses used only
> legitimate means to gain processor time (they ran hosted by another
> program). What was called a form of "stealth" in the virus world, is
> now called a "rootkit" (a misused term IMO) in current malware terms.

I have to agree with the rootkit being a misused term in this case. It's
stealth...




--
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk