d/l-ing updates from MS site find viruses

[Karen]

NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

Duane,
(below)

I use NOD32 on XP Pro. I cannot say that it's not impossible for the MS
download site to not have a virus. But on the other hand, NOD32 has never
altered on the download then install the software process on any of my
Win 2K, or XP Pro machines.

It alerts on the install, not the download.

After the download and install process was terminated and you scanned the
machine with NOD32 did it find any malware?

I didn't scan but did a system restore to a few days earlier thinking that
I'd get rid of the "partial" install that stopped when the virus alert
happened.

During some install processes of software, it may require that the AV
software be disabled during the process so that the AV program will not
interfere with a false positive hit.

Perhaps I should disable the Nod32 service prior to doing the update? Then
do a scan. Then if infected, delete and then restore the system to an
earlier date?

I guess part of this is paranoia that I'm being somehow diverted to another
site (other tham M$) for the update. Reading too much Slashdot perhaps

Karen

 

[Duane Arnold]

(e-mail address removed) (Karen) wrote in

NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

Duane,
(below)


It alerts on the install, not the download.

Yes, this is what I mean that the AV can make a false positive on any
installing of software. It has the potential to interfere with any type of
install. It is recommended in some cases that you disable the AV during
some install situations so that the AV will not interfere. This doesn't
solely pertain to installing MS software but other installs of software as
well.

I didn't scan but did a system restore to a few days earlier thinking
that I'd get rid of the "partial" install that stopped when the virus
alert happened.

That was a waste of time and you should just repeat or continue the install
process. There is no need to be doing a system restore, unless the O/S
flat-out stops working during an aborted install process of the MS updates.

Perhaps I should disable the Nod32 service prior to doing the update?
Then do a scan. Then if infected, delete and then restore the system
to an earlier date?

You should just go to the Nod32 shield in the job tray and tell it to
unload, which should unload AMON. I think that's all you need to do and not
stop the service.

I guess part of this is paranoia that I'm being somehow diverted to
another site (other tham M$) for the update. Reading too much
Slashdot perhaps

I think that MS is using a HTTPS connection between the website and your
machine. You can use Google to look up what HTTPS means. You can also use
Active Ports to watch the connections.

http://www.protect-me.com/freeware.html

You can cut down on some of the paranoia by using the HOST

http://www.mvps.org/winhelp2002/hosts.htm
http://www.snapfiles.com/get/hoststoggle.html

You should think about *hardening* the XP O/S to attack by implementing a
lot of what's in the link for the XP O/S.

http://www.uksecurityonline.com/index5.php

Duane