Anti-Virus Software is like Adult Diapers

[David H. Lipman]

From: "darwinist" <[email protected]>


|
| Sure if all programs of the same purpose are equally secure, and if
| none of them have security settings. But all programs of the same
| purpose are not equal, and many of them have security settings, so your
| maths is way off. So far off in fact, as to be useless.
|

All those users who have had vulnerable versions of Sun Java who were subsequently infected
iwth the Vundo trojand and/or Virtuomunde adware will disagree with you.

This family of malware will auto-install on your PC once it exploits the vulnerability in
older versions in Sun Java.

That's just one piece of software and I'll tell you it accounts for many malware infections
!

 

[David H. Lipman]

From: "darwinist" <[email protected]>


|
| Yeah exactly. Isn't that a better approach than waiting for the
| vulnerabilities to be exploited, before acting to catch the intruders?
| If you're in your own house, isn't locking the door better than sitting
| with a shotgun pointed at it?
|

Who said the vulnerabilities weren't actively being exploited ?

 

[David H. Lipman]

From: "darwinist" <[email protected]>


|
| What kind of a browser do you use where a *website* can give you
| malware? The worst I've had from a website was a bunch of pop-ups
| jumping around my screen, so I went to tools->options and disabled the
| ability of javscript to move and resize windows. Problem solved.
|
| Give me any website and I will go there without anti-virus.
|

Don't tempt me. I know some real bad ones !
You *will* get infected !

I'll tell ya what. You need a video codec.

Go to hxxp://www.media-codec.com and download and install the latest version

 

[darwinist]

From: "darwinist" <[email protected]>


|
| Sure if all programs of the same purpose are equally secure, and if
| none of them have security settings. But all programs of the same
| purpose are not equal, and many of them have security settings, so your
| maths is way off. So far off in fact, as to be useless.
|

All those users who have had vulnerable versions of Sun Java who were subsequently infected
iwth the Vundo trojand and/or Virtuomunde adware will disagree with you.

This family of malware will auto-install on your PC once it exploits the vulnerability in
older versions in Sun Java.

That's just one piece of software and I'll tell you it accounts for many malware infections
!

Vundo is spread manually. http://vil.nai.com/vil/content/v_127690.htm

Learn to recognise untrustworthy software, and don't install it.

 

[kurt wismer]

Seatbelts:
- Required by law in many places (is it illegal not to have anti-virus
at home?)
- They can stop you dying

anti-virus can stop you from getting infected...

- No quality of driving can save you if someone else crashes into you

no quality of safe hex can save you if someone releases a zero-day
exploit...

Locks:
- Are exactly what I'm advocating: Secure programs, firewalls, keeping
things out, not leaving your doors and windows unlocked and then
chasing burglars around once they're in the house.

anti-virus products can be used to keep things out...

Safety Goggles:
- Prevent access to your eyes, again they're what i'm advocating;
rather than, say, some kind of "eye cleaning and healing fluid" to be
applied after all the damage is done.

anti-virus products can prevent execution of the virus and therefore
prevent access to the resources required to do damage or infect...

 

[kurt wismer]

David H. Lipman wrote:
[...]

| Safety Goggles:
| - Prevent access to your eyes, again they're what i'm advocating;
| rather than, say, some kind of "eye cleaning and healing fluid" to be
| applied after all the damage is done.

Boy you have this all wrong.

You wear eye protrection to prevent eye damage.

You use anti virus to prevent infections.

No that's a firewall, or a secure client. Anti-virus tries to clean up
the infection.

???!!!

boy have you got it wrong...

known virus scanners are essentially a blacklist technology - the best
place to use a blacklist is at the entrance... av software is for
prevention first and foremost, for detection of preventative failures,
and for recovery from preventative failures...

 

[kurt wismer]

(Who'da thunk?! Our boy, Davy!)

http://video.google.com/videoplay?docid=5430343841227974645&q=the+internet+is+for+porn

(and now i've infected people's minds)

 

[David H. Lipman]

From: "darwinist" <[email protected]>

|
| Vundo is spread manually. http://vil.nai.com/vil/content/v_127690.htm
|
| Learn to recognise untrustworthy software, and don't install it.
|

That's right. It is a Trojan. You go to a malicious web site, it runs a Java Script and it
finds the vulnerable version of Sun Java. You are then infected with the Vundo trojan
and/or the Virtuomunde adware. The BHO then tells you tou are infected with the Beagle
virus or Blackworm Virus or it sends you to AMAENA.COM to to download WinAntivirus 2006 pro
or WinAntispyware 2006 Pro or will auto install winFixer 2006.

 

[darwinist]

From: "darwinist" <[email protected]>


|
| What kind of a browser do you use where a *website* can give you
| malware? The worst I've had from a website was a bunch of pop-ups
| jumping around my screen, so I went to tools->options and disabled the
| ability of javscript to move and resize windows. Problem solved.
|
| Give me any website and I will go there without anti-virus.
|

Don't tempt me. I know some real bad ones !
You *will* get infected !

I'll tell ya what. You need a video codec.

Hmm, all my video files play fine. Why do I need another one?

Go to hxxp://www.media-codec.com

Never heard of it, musn't be a popular codec. Quick google search.

http://www.google.com/search?hl=en&lr=&q=media+codec.com

Oh what? It's a trojan. Good thing I looked into it for 3 seconds.

and download and install the latest version

LOL "download and install the latest version". Two untrustworthy
sources of software quickly identified: media-codec.com and David H.
Lipman.

But you said that websites could give you malware, it hardly counts if
the website is just a conduit for me agreeing to copy and install a
trojan. That's not fair to the web and all the people who work hard on
making secure web clients.

That's like blaming the city gate for the original trojan horse.

 

[darwinist]

From: "darwinist" <[email protected]>


|
| Yeah exactly. Isn't that a better approach than waiting for the
| vulnerabilities to be exploited, before acting to catch the intruders?
| If you're in your own house, isn't locking the door better than sitting
| with a shotgun pointed at it?
|


Who said the vulnerabilities weren't actively being exploited ?

Look it up yourself. I read tech news all the time and I use
thunderbird and firefox myself and I've never seen a security hole in
these programs fixed *after* a real-life attack; rather the pattern is
that someone found a "potential" vulnerability, and a patch was
released within a day. Perhaps fixing the bug after it causes problems
has happened, but it would have to be the exception, unlike outlook
where it is the rule.

Hey don't get me wrong, if you've got a virus, get rid of it. But the
odds of getting a virus without installing it yourself are almost zero.
Any program that allows viruses in and doesn't get patched for months
or years after the hole is discovered, can be considered a virus
itself. Like AIDS which damages your immune system and lets other
viruses in, so is most microsoft software.

 

[darwinist]

From: "darwinist" <[email protected]>

|
| Vundo is spread manually. http://vil.nai.com/vil/content/v_127690.htm
|
| Learn to recognise untrustworthy software, and don't install it.
|

That's right. It is a Trojan. You go to a malicious web site, it runs a Java Script and it
finds the vulnerable version of Sun Java. You are then infected with the Vundo trojan
and/or the Virtuomunde adware. The BHO then tells you tou are infected with the Beagle
virus or Blackworm Virus or it sends you to AMAENA.COM to to download WinAntivirus 2006 pro
or WinAntispyware 2006 Pro or will auto install winFixer 2006.

I've never had one myself, but according to the McAffee site I linked
to: "Trojans do not self-replicate. They are spread manually, often
under the premise that the executable is something beneficial.
Distribution channels include IRC, peer-to-peer networks, newsgroup
postings, etc." - (Under "Method Of Infection")

As I suggested earlier, learn to recognise untrustworthy software.

 

[darwinist]

kurt wismer wrote:
[...]

???!!!

boy have you got it wrong...

known virus scanners are essentially a blacklist technology - the best
place to use a blacklist is at the entrance... av software is for
prevention first and foremost, for detection of preventative failures,
and for recovery from preventative failures...

Anti-virus software is a blacklist applied to what's already on a
computer, so it's already past the entrance. A firewall or secure
client is a whitelist at the door.

Unlike, say, a text-email or an mp3, your default attitude to
executables should not just be to take anything from anyone and try it
out in case you like it. Instead you should whitelist from the start.

 

[darwinist]

anti-virus can stop you from getting infected...

So can switching to pen and paper. In any case it slows you down
needlessly, if all you're trying to do is avoid viruses.

no quality of safe hex can save you if someone releases a zero-day
exploit...

Can you give an example from real life?

anti-virus products can be used to keep things out...

Can you give an example of what you mean? "Anti-Virus" usually refers
to things which scan the contents of your computer (eg filesystem,
outgoing mail, running processes), looking for viruses to deal with.
Keeping things out is usually done by a firewall, or the operating
system.

anti-virus products can prevent execution of the virus and therefore
prevent access to the resources required to do damage or infect...

Or you can prevent the *existence* of the virus on your computer, by
not downloading it.

 

[darwinist]

Actually, I find reading news in a text-only news reader
and not responding to phishing attempts works perfectly
well to keep my computer safe.

I've run for years and years with no AV software, then some new
bout of dire warnings will come up and I'll try some for a while.

1. They never find any viruses on my computer (which ran
unprotected for years without them).

2. It is almost impossible to distinguish between the behavior
of a virus and the behavior of anti-virus software.

You pay for the AV software rather than having it sneak
onto your machine, and it is easier to un-install (thank God!),
but other than that, it is a lot like having a virus. Your
machine is horribly bogged down, ordinary tasks like installing
new software are often blocked by it, it is constantly popping
up annoying windows. In fact, there are a lot of viruses
that aren't as destructive as the anti-virus software .

That's a good point, what is the purpose of the anti-virus software? To
make your life easier? Then it clearly fails when compared to buying a
copy of "Not downloading and running viruses, for dummies", which would
be a source of enlightenment (if in fact such a book existed), rather
than frustration everytime an email is needed quickly but contains a
large attachment.

 

[jm]

As I suggested earlier, learn to recognise untrustworthy software.

And how do you do that? One of the tactics used by malware writers is
to disguise things so that they look trustworthy. You can't tell
whether something has a virus just by looking at it. The only way to be
100% sure of not getting a virus is to stay off the Internet and never
install anything. Even with AV software you're only 99.9% sure, but
that's still a lot better than relying on instinct.

The PC Guru: www.the-pc-guru.com

 

[edgewalker]

Any program that allows viruses in and doesn't get patched for months
or years after the hole is discovered, can be considered a virus
itself.

Being bad software is not the same as being a virus, plus you are
confusing viruses with exploit based malware.Viruses don't need
vulnerabilities to work, they only require normal functionality. You
admitted to your use of Thunderbird as a browser after declaring
that all one has to do is not use vulnerable software while even
Thunderbird has had vulnerabilities (you break your own rule).

If you don't have the means to detect viruses, then you are vulnerable
to them if you take in and execute executables (including mobile code
such as Java which may be tranparent).

I use IE w/no ActiveX, scripting, Java, or Flash animation (I set them
all to prompt).

 

[David H. Lipman]

From: "darwinist" <[email protected]>


| I've never had one myself, but according to the McAffee site I linked
| to: "Trojans do not self-replicate. They are spread manually, often
| under the premise that the executable is something beneficial.
| Distribution channels include IRC, peer-to-peer networks, newsgroup
| postings, etc." - (Under "Method Of Infection")
|
| As I suggested earlier, learn to recognise untrustworthy software.

You have much to learn about vulnerabilities and exploitation !

BTW: McAfee's web site has inadequate information on this subject matter.

 

[David H. Lipman]

From: "darwinist" <[email protected]>

|>> What kind of a browser do you use where a *website* can give you
|>> malware? The worst I've had from a website was a bunch of pop-ups
|>> jumping around my screen, so I went to tools->options and disabled the
|>> ability of javscript to move and resize windows. Problem solved.
|>>
|>> Give me any website and I will go there without anti-virus.
|>>|
| Hmm, all my video files play fine. Why do I need another one?
||
| Never heard of it, musn't be a popular codec. Quick google search.
|
| http://www.google.com/search?hl=en&lr=&q=media+codec.com
|
| Oh what? It's a trojan. Good thing I looked into it for 3 seconds.
||
| LOL "download and install the latest version". Two untrustworthy
| sources of software quickly identified: media-codec.com and David H.
| Lipman.
|
| But you said that websites could give you malware, it hardly counts if
| the website is just a conduit for me agreeing to copy and install a
| trojan. That's not fair to the web and all the people who work hard on
| making secure web clients.
|
| That's like blaming the city gate for the original trojan horse.
|


Yeah, there are a couple dozen web sites puporting to be a Digital Key Generator or Media
Codec and are really ZLob Trojan installers. The web sites are auto-generating new variants
on a daily basis. Usually the same named file but the MD5 checksum gives it away.

Obviously I new they are malicious sites and that why I posted the URL obfuscated.

However, it was meant to drive home a point. A good Social Engineering disguise will allow
a well crafted malicious site and malware combo to get past one's personal defenses. The
anti malware community is working hard with the AV vendors to h\get these new variants to be
better detected via heuristics.

 

[kurt wismer]

kurt wismer wrote:
[...]

???!!!

boy have you got it wrong...

known virus scanners are essentially a blacklist technology - the best
place to use a blacklist is at the entrance... av software is for
prevention first and foremost, for detection of preventative failures,
and for recovery from preventative failures...

Anti-virus software is a blacklist applied to what's already on a
computer, so it's already past the entrance. A firewall or secure
client is a whitelist at the door.

Unlike, say, a text-email or an mp3, your default attitude to
executables should not just be to take anything from anyone and try it
out in case you like it. Instead you should whitelist from the start.

ok, i think there's a bit of a crossed wire here... you seem to be
seeing only 2 possibilities - either it never gets to the actual machine
at all or it gets to the machine *and* gets executed... i'm talking
about the 3rd scenario where you download it to a holding area to be
scanned first before doing anything else with it...

yes it is technically 'inside' the system at that point, but it is just
barely inside the entry point...

 

[kurt wismer]

So can switching to pen and paper. In any case it slows you down
needlessly, if all you're trying to do is avoid viruses.

hard to avoid what you can't easily recognize...

Can you give an example from real life?

well, i've written the name twice already today so a 3rd time won't
hurt... js/yamanner...

Can you give an example of what you mean? "Anti-Virus" usually refers
to things which scan the contents of your computer (eg filesystem,
outgoing mail, running processes), looking for viruses to deal with.
Keeping things out is usually done by a firewall, or the operating
system.

i think this is a difference of perspective - from where i sit, just
being on the drive is not quite the same as being _in_ the system...

so my example is that i download something (on purpose) and i unpack it
(if necessary) and scan it with my anti-virus program... if it says
something's wrong then i delete it (long before it ever gets it's nasty
hooks into my system), otherwise i use it...

Or you can prevent the *existence* of the virus on your computer, by
not downloading it.

i'm sorry, prescience doesn't seem to come standard with the human
condition...