!!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and thelike (Rogueware,Scareware)

R

RakperBanengen

I've been Googling for many hours now... In vain!!! This is a pain.

I usually install good commercial Anti-virus+Anti-spyware (Like Panda
or Nod32) to my customers and a week or a month later they call me
because they've been victims of Antivirus 2009 or XP Police Antivirus
or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
http://tinyurl.com/chwpxm).

Does someone knows how to prevent those scareware to install in the
first place?
Should I convert all my customers to use limited privileges user
accounts?
Computer resources-wise, it doesn't make sense to me to run a
commercial antivirus+antispyware AND another antispyware (like
Malwarebytes' Anti-Malware).

I know that user education is one of the best way to prevent those.
But sometimes it's difficult for new users or old fellows to remember
all this technicality.

Any ideas or suggestions?
 
L

Leythos

Does someone knows how to prevent those scareware to install in the
first place?
Should I convert all my customers to use limited privileges user
accounts?

No computer user that is not 100% aware of the threats should be
permitted to run as a anything other than a LIMITED account.

The best way to keep people from being infected, since the infection
happens by means that has been published for more than a decade, my
means that has been in ever major news outlet for 5+ years... is to let
them compromise their computers and then CHARGE them to clean it.

It appears, having worked on thousands of compromised machines, that
those who get infected don't care to learn UNTIL it costs them money.
 
G

Gaz

I've been Googling for many hours now... In vain!!! This is a pain.

I usually install good commercial Anti-virus+Anti-spyware (Like Panda
or Nod32) to my customers and a week or a month later they call me
because they've been victims of Antivirus 2009 or XP Police Antivirus
or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
http://tinyurl.com/chwpxm).

Does someone knows how to prevent those scareware to install in the
first place?
Should I convert all my customers to use limited privileges user
accounts?
Computer resources-wise, it doesn't make sense to me to run a
commercial antivirus+antispyware AND another antispyware (like
Malwarebytes' Anti-Malware).

I know that user education is one of the best way to prevent those.
But sometimes it's difficult for new users or old fellows to remember
all this technicality.

Any ideas or suggestions?

'Web of Trust' can be used to make your customers aware that they are a lot
of sites out there that want to infect their machines, all those innocent
looking screensavers, smileys and free games come with payloads etc. its
very similar to mcafee site advisor and works on ie and ff.

gaz
 
G

Gufus

Hi Leythos,

Wednesday February 18 2009, Leythos writes to All:
From: (e-mail address removed)
It appears, having worked on thousands of compromised
machines, that those who get infected don't care to learn
UNTIL it costs them money.

Learn the hard way eh. :)

Gufus

--
K Klement

Enhance your marketing at http://www.gypsy-designs.com
mailto:[email protected]
Gypsy Designs Fax: (403) 242-3221

.... There are more ways of killing a cat than choking her with cream.
 
J

John

I've been Googling for many hours now... In vain!!! This is a pain.

I usually install good commercial Anti-virus+Anti-spyware (Like Panda
or Nod32) to my customers and a week or a month later they call me
because they've been victims of Antivirus 2009 or XP Police Antivirus
or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
http://tinyurl.com/chwpxm).

Does someone knows how to prevent those scareware to install in the
first place?
Should I convert all my customers to use limited privileges user
accounts?
Computer resources-wise, it doesn't make sense to me to run a
commercial antivirus+antispyware AND another antispyware (like
Malwarebytes' Anti-Malware).

I know that user education is one of the best way to prevent those.
But sometimes it's difficult for new users or old fellows to remember
all this technicality.

Any ideas or suggestions?

NOD32 is OK.
Panda stinks.
 
R

RakperBanengen

How about getting them to use Firefox with the Noscript and Adblocker
extensions?


You better watch out - Xenu will get you now!

Thanks all for your input!

So, Is there a free/low cost solution to stop da XP AntiSpyware 2009
kind of thang? I mean, why can't the legit commercial antivirus
+antispyware able to detect those threats? They kind of all use the
same pattern to infiltrate the system... Will the limited user account
prevent this kind of infection?

RakperBanengen
 
1

1PW

On 02/28/2009 06:34 AM, (e-mail address removed) sent:

Snip, snip...
Thanks all for your input!

So, Is there a free/low cost solution to stop da XP AntiSpyware 2009
kind of thang?

If you're looking for one stop shopping, no! Your enemy is changing its
size, shape, speed and color with every new day. New variants
proliferate at an alarming rate. e.g. first we had Conficker. We now
ALSO have to deal with Conficker B++ and this while its next un-named
variant is probably being tested.
I mean, why can't the legit commercial antivirus+antispyware able to detect those threats?

Inferior or out of date solutions.
They kind of all use the same pattern to infiltrate the system...

No! The attack vectors are numerous.
Will the limited user account prevent this kind of infection?

Helpful, but that is just one piece in the overall and ever changing
solution.
RakperBanengen

We need to use the best of everything available. Even if that means
overlapping antimalware applications plus hardware solutions.
Fortunately for us, many currently good solutions are free.

But try to keep in mind that today's antimalware practices are just
barely good enough to defend against yesterday's malware. We have no
room to be smug for more then a moment because people with the
intelligence of the Conficker authors are coding the next threat as you
read this.

Then, the first time we make poor Internet involved choices, all that
good work goes out the window.

Pete
 
F

FromTheRafters

Dave Baker said:
If you move them inside a magnetic field do they generate an electric
current or not though?

For stators you should always make sure you lock down your wireless
rotor. :blush:)
 
R

RakperBanengen

For stators you should always make sure you lock down your wireless
rotor. :blush:)

Would Malwarebytes' Anti-Malware OR SuperAntispyware be a good
addition to the PC security, working in parallel with the antivirus?
 
F

FromTheRafters

For stators you should always make sure you lock down your wireless
rotor. :blush:)

Would Malwarebytes' Anti-Malware OR SuperAntispyware be a good
addition to the PC security, working in parallel with the antivirus?

Yes!

....and you should change the OR to AND.
 
L

lightningware

Hi,

I've had this happen a million times at customers I support and the
only sure way to prevent it is to stop them being administrator on the
PC and block new activeX from being installed. But this still does not
block downloads and if they manually execute the file :(

I've had a lot of bad experiences with programs like this so I wrote a
small and powerful application that sits in the task bar and monitors
all system changes. It can then be set to quarantine changes to core
system areas such as the windows directory and system 32. It also has
the added benefit of quarantining auto runs from usb disks and can log
serious changes to the firewall and registry. I've found so far that
this has saved me a couple of times either by blocking the install or
by giving me the exact details of what changed.

If your interested the software can be downloaded from:
http://www.lightningware.co.uk/software/details.asp?code=LWS-VMON

Cheers,

Gazza
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top