Can we live without virus and anti-virus

[sooncf]

Say, I partition my harddisk into C: and D:
All Windows and application software ia install in C:
while data is keep in D:
Once a month or two months, I will reformat C:
and reinstall Windows together latest update and all application software

So, I don't need anti-virus software at all.

 

[Thomas G. Marshall]

sooncf coughed up:

Say, I partition my harddisk into C: and D:
All Windows and application software ia install in C:
while data is keep in D:
Once a month or two months, I will reformat C:
and reinstall Windows together latest update and all application
software

So, I don't need anti-virus software at all.

Sure, until one of the viruses decides to wipe out all data on other hd
volumes.

Or until your computer is used in a massive DoS attack before you reformat.

Or until your system emails out copies of the viruses to everyone in your
address book 5 times a day before you reformat.

Or until your system is hit with a dialer virus and you are billed $25/min
for calls you did not make before you reformat.

Even if your system was fully ghosted, the only way I'd see this working is
if the ghost image of c: was brought back everyday.

 

[Conor]

Even if your system was fully ghosted, the only way I'd see this working is
if the ghost image of c: was brought back everyday.

THen you're a cretin. Ditch IE and OE which are the biggest problem
areas. Don't open dodgy e-mails or files you weren't expecting. Use a
webmail service/ISP that provides AV protection.

 

[Thomas G. Marshall]

Conor coughed up:

THen you're a cretin.

Did I personally insult you? Are you 12 or something?

Ditch IE and OE which are the biggest problem
areas. Don't open dodgy e-mails or files you weren't expecting. Use a
webmail service/ISP that provides AV protection.

He wasn't talking about safe conduct! Here is all of what he said. I'll
list it out clearly, because you can't seem to be able to read:

<From sooncf, itemized out line by line>
1. Say, I partition my harddisk into C: and D:

2. All Windows and application software ia install in C:
while data is keep in D:

3. Once a month or two months, I will reformat C: and
reinstall Windows together latest update and all
application software

4. So, I don't need anti-virus software at all.
</From sooncf>

Nothing about safe conduct, nothing about using AV software even from/on the
ISP.

 

[Roger Wilco]

Say, I partition my harddisk into C: and D:

All Windows and application software ia install in C:
while data is keep in D:
Once a month or two months, I will reformat C:
and reinstall Windows together latest update and all application software

So, I don't need anti-virus software at all.

Data can be corrupted in a way to harbor malware, next time you use that
data with your programs you could be reinfected. The idea with
anti-virus used to be prevention not cleanup - you attempt to avoid
bringing malware aboard and executing it by scanning incoming content
for known malware (even in some data filetypes). Your suggested reactive
method leaves you open to activation (payload) and makes your machine a
malware spewing node during the time between cleanups.

Nice try though.

 

[Thomas G. Marshall]

Roger Wilco coughed up:

Data can be corrupted in a way to harbor malware, next time you use
that data with your programs you could be reinfected. The idea with
anti-virus used to be prevention not cleanup - you attempt to avoid
bringing malware aboard and executing it by scanning incoming content
for known malware (even in some data filetypes). Your suggested
reactive method leaves you open to activation (payload) and makes
your machine a malware spewing node during the time between cleanups.

Nice try though.

Bingo. Even an .mpg is susceptible---a buffer overrun error within your
favorite player is all it takes these days. By the way, are there any
buffer overruns ITW affecting jpgs?

 

[Roger Wilco]

"Thomas G. Marshall"

Roger Wilco coughed up:

Bingo. Even an .mpg is susceptible---a buffer overrun error within your
favorite player is all it takes these days. By the way, are there any
buffer overruns ITW affecting jpgs?

IIRC GDI + exploit was ITW in Russia. And then there's this:

http://news.zdnet.co.uk/0,39020330,39168215,00.htm

 

[Ian Kenefick]

IIRC GDI + exploit was ITW in Russia. And then there's this:

http://news.zdnet.co.uk/0,39020330,39168215,00.htm

A virus exploiting this vulnerability was in the wild - an exploit
itself is not in the wild. Besides, this GDI+ vulnerability was a lot
of hype

Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Roger Wilco]

A virus exploiting this vulnerability was in the wild

What is name of this virus?

- an exploit itself is not in the wild.

The fact that an exploit is not on the 'wild list' does not mean that it
isn't out there being used. But I think you refer to 'in the wild' as
only meaning self-reproducing automata on the 'wild list'. Exploits can
be used in the time between the vulnerability's discovery and its
sightings rising above the noise threshold as when a worm statrts using
it.

Besides, this GDI+ vulnerability was a lot
of hype

True, it's the best thing since "perrun" to spread FUD about so-called
"safe" filetypes. But it is true and does demonstrate that data files
can carry malware.

 

[Thomas G. Marshall]

Roger Wilco coughed up:

What is name of this virus?


The fact that an exploit is not on the 'wild list' does not mean that
it isn't out there being used. But I think you refer to 'in the wild'
as only meaning self-reproducing automata on the 'wild list'.
Exploits can be used in the time between the vulnerability's
discovery and its sightings rising above the noise threshold as when
a worm statrts using it.

Before you two start to duke out over this, what /is/ the strict definition
of "in the wild"? I honestly don't know.


....[rip]...

 

[kurt wismer]

Thomas G. Marshall wrote:
[snip]

Before you two start to duke out over this, what /is/ the strict definition
of "in the wild"? I honestly don't know.

it means exactly what it sounds like it means... if something is in the
wild it exists outside the controlled conditions of a lab or personal
collection...

as for what things get to qualify as being 'in the wild', that depends
entirely on whose counting... if you see it first hand on a machine it
shouldn't be on then you know it's in the wild, but a lot of the time
you have to take someone's word that they saw it or someone they know
saw it, etc...

the wildlist (http://www.wildlist.org) is about the most rigorous
public account of what's in the wild that there is - based on first
hand accounts from a set of known and reasonably trusted
contributors... but it's mostly just for viruses, worms, and the
occasional trojan... when someone says virus X is ITW (rather than in
the wild) they generally mean it's on the wildlist...

 

[Thomas G. Marshall]

kurt wismer coughed up:

Thomas G. Marshall wrote:
[snip]

Before you two start to duke out over this, what /is/ the strict
definition of "in the wild"? I honestly don't know.

it means exactly what it sounds like it means... if something is in
the wild it exists outside the controlled conditions of a lab or
personal collection...

No. That says nothing and is obvious...

as for what things get to qualify as being 'in the wild',

yes, what /qualifies/ is what I'm looking for...

that depends
entirely on whose counting... if you see it first hand on a machine it
shouldn't be on then you know it's in the wild,

but roger wilco just got done saying the following, and this is what
prompted my question.

Roger Wilco
The fact that an exploit is not on the 'wild list'
does not mean that it isn't out there being used.
But I think you refer to 'in the wild' as only meaning
self-reproducing automata on the 'wild list'.

So it's a matter of this "wild list" and /only/ of the wild list?

but a lot of the time
you have to take someone's word that they saw it or someone they know
saw it, etc...

the wildlist (http://www.wildlist.org) is about the most rigorous
public account of what's in the wild that there is - based on first
hand accounts from a set of known and reasonably trusted
contributors... but it's mostly just for viruses, worms, and the
occasional trojan... when someone says virus X is ITW (rather than in
the wild) they generally mean it's on the wildlist...

Ah ok, THANKS. So it's entirely unclear WHAT is meant when one company says
XX is ITW. It's out there, but to what extent it is being prolific is a
metric up to the company.






--
Iamamanofconstantsorrow,I'veseentroubleallmydays.Ibidfarewelltoold
Kentucky,TheplacewhereIwasbornandraised.ForsixlongyearsI'vebeenin
trouble,NopleasureshereonearthIfound.ForinthisworldI'mboundtoramble,
Ihavenofriendstohelpmenow....MaybeyourfriendsthinkI'mjustastrangerMyface,
you'llneverseenomore.ButthereisonepromisethatisgivenI'llmeetyouonGod's
goldenshore.

 

[Art]

kurt wismer coughed up:

Thomas G. Marshall wrote:
[snip]

Before you two start to duke out over this, what /is/ the strict
definition of "in the wild"? I honestly don't know.

it means exactly what it sounds like it means... if something is in
the wild it exists outside the controlled conditions of a lab or
personal collection...

No. That says nothing and is obvious...

as for what things get to qualify as being 'in the wild',

yes, what /qualifies/ is what I'm looking for...

that depends
entirely on whose counting... if you see it first hand on a machine it
shouldn't be on then you know it's in the wild,

but roger wilco just got done saying the following, and this is what
prompted my question.

Roger Wilco
The fact that an exploit is not on the 'wild list'
does not mean that it isn't out there being used.
But I think you refer to 'in the wild' as only meaning
self-reproducing automata on the 'wild list'.

So it's a matter of this "wild list" and /only/ of the wild list?

but a lot of the time
you have to take someone's word that they saw it or someone they know
saw it, etc...

the wildlist (http://www.wildlist.org) is about the most rigorous
public account of what's in the wild that there is - based on first
hand accounts from a set of known and reasonably trusted
contributors... but it's mostly just for viruses, worms, and the
occasional trojan... when someone says virus X is ITW (rather than in
the wild) they generally mean it's on the wildlist...

Ah ok, THANKS. So it's entirely unclear WHAT is meant when one company says
XX is ITW. It's out there, but to what extent it is being prolific is a
metric up to the company.

I see no end of confusion over this question. I don't have a url
handy, but not long ago I read an article by a virus scene watcher
who pointed out that a couple of very well known malwares in
circulation, and doing quite a bit of damage, never made it to
the official Wild List.

There are quite a number of malwares that are hitting users which
never make it to the official Wild List. IMO, far too much importance
and significance is placed on av scanner test results where only
officially ITW malwares are used in the tests.


http://home.epix.net/~artnpeg

 

[Roger Wilco]

Before you two start to duke out over this, what /is/ the strict definition
of "in the wild"? I honestly don't know.

No "duking" needed. "In the wild" just means it is not "only" seen in
captivity. ITW (in the wild) usually (in virus circles) means a bit more
than that (it refers to a 'wildlist' of some sort). Some malware exists
in the wild in such low number that wildlists don't list them as they
are not considered significant risks in such low number.

Regarding my post, IIRC the exploit was used in a Russian language worm
and went ITW for a time (I could be wrong, but Ian seems to back me up
on this although he didn't name the malware). He stated something about
exploits not being in the wild - and that is why I assume he was talking
about ITW or wildlist which doesn't usually list non-replicators and not
that they don't exist outside the lab.

Bottom line is the vulnerability (and exploit code) is out there and is
a risk, but there is no rampant autospreading malware using it at the
moment.

 

[kurt wismer]

kurt wismer coughed up: [snip]

that depends
entirely on whose counting... if you see it first hand on a machine it
shouldn't be on then you know it's in the wild,

but roger wilco just got done saying the following, and this is what
prompted my question.

Roger Wilco
The fact that an exploit is not on the 'wild list'
does not mean that it isn't out there being used.
But I think you refer to 'in the wild' as only meaning
self-reproducing automata on the 'wild list'.

So it's a matter of this "wild list" and /only/ of the wild list?

i suspect he was referring to the wildlist (http://www.wildlist.org) or
something similar to it... basically an 'official' list of what is in
the wild...

i further suspect that he was alluding to the fact that all such lists
are less than 100% accurate - if for no other reason than they miss
things (though the fact that what's actually in the wild changes
between the time such a list is authored and the time it is read also
plays a part in it)...

Ah ok, THANKS. So it's entirely unclear WHAT is meant when one company says
XX is ITW.

actually, the opposite... if XX is ITW it's quite clear what is meant -
it means that at least 2 of the contributors to the wildlist have seen
it in the wild, and if you go to www.wildlist.org you can find out who
those contributors are and how to contact them...

It's out there, but to what extent it is being prolific is a
metric up to the company.

generally speaking, the more wildlist contributors that see it in the
wild, the more widespread you can assume it to be... but it's a very
grainy metric... the wildlist doesn't really deal with prevalence, just
the boolean answer to 'has it been seen in the wild?'... av companies,
seem to look at prevalence more...