Seriously, has anybody ever seen a serious virus problem in Windowswhen using AV protection?


J

James Egan

I'm not interested in your respect. And sir, for the record; you were the
ass in the first place. I just responded in kind.
Way too touchy, raidy.

If his aim was to diss you he would have done it in the thread about
mac address encryption in wep not so long ago so I can't think why
you suddenly think he's got it in for you now.


Jim.
 
Ad

Advertisements

D

Dustin Cook

Ok, I'm curious enough to want to give this a try, though all my
machines are up to date so in order to test this I'm going to have to
do a fresh install on a new HD. Just need to clear some things up
though. Once XP is installed, using the key you mentioned (ends in
2B7Q8, yes?), will sp2 or sp3 fail to install immediately after fresh
Load the virgin OS with that key and try loading sp2 or 3; either is fine
as both will tell you to go away..
install, or will I have to update this machine with the various
updates first, including the WGA update? Don't want to spend over an
hour on this only to find I need to do it again correctly.
No, it'll bitch when you try loading a service pack.
 
F

FromTheRafters

ToolPackinMama said:
In Windows, yes, AV is absolutely necessary. Some people seem to be
asserting that it is not necessary with Linux. Is that true?
It is needed in Linux to the same extent that it *should* be needed in
Windows. That is to say it would be needed to protect against the slight
chance that a *virus* could invade. If you discount exploit based
malware, most other malware could be evaded with policy. It is possible
for viruses to invade without either exploited software vulnerabilities
or lapse in strict adherence to policy.
 
D

David W. Hodgins

It is needed in Linux to the same extent that it *should* be needed in
Windows. That is to say it would be needed to protect against the slight
chance that a *virus* could invade. If you discount exploit based
What av scanner for linux are you thinking about?

As far as I know, the only av scanners that run under linux, are
there only to detect windows viruses. This is only useful if you
are using the linux system as a file/email server for a windows
client.

Linux does have intrusion detection systems, and rootkit scanners.
It does not have any antivirus scanners looking for linux viruses.

If you are not using the linux system as a server for windows
clients, there is no point in running an antivirus program on it.

Regards, Dave Hodgins
 
F

FromTheRafters

[...]
...She never actually uses her computer.
Ahhh, the epitome of safe computing practices.

....but for security, it should be de-energized, encased in concrete, and
buried deep. :blush:)
 
D

Dustin Cook

Load the virgin OS with that key and try loading sp2 or 3; either is
fine as both will tell you to go away..


No, it'll bitch when you try loading a service pack.
Side note, if you don't want to deal with the reformat option after you
get the results; just change the KEY from the bad one back to a good one
and proceed with your service pack install. At that point the system
itself isn't tagged or anything, it just won't accept a service pack with
that particular key (roughly.. 20 or so keys I know of are in it's list).
 
Ad

Advertisements

F

FromTheRafters

[...]

But the bottom line is that AV vendors have an incentive to hype up
lack of security, and i've not seen it done, ergo,there's no problem
to hype.

***
Yes, but the existance of today's AV was born from the real need to be
able to detect *viruses*. The fact that it has become perverted into
what we see today does not negate that actual need (in *any* general
purpose computer running any OS). Yes, they expanded their role to guard
against threats that they should never have gotten the opportunity to
scan, they should have been excluded from the local environment by
policy. Users liked to use these scanners so that they could ignore
policy (my AV program will save me, that's what it's for). Enforcing
policy through software led to the concept of privilege escalation to
circumvent policy - and worms usually attack software vulnerabilities
that result in circumventing policy enforcement. Generally, (true) worms
make holes in the boundaries with which we try to enforce policy.
***
 
F

FromTheRafters

That's a big 'May'. I've attached secondary NTFS volumes on many
occasions without any issues. As far as the original boot O/S is
concerned it's just another HD with files on. You're suggesting it's
going to give it a different volume ID I presume. Never seen it
happen
here.
Then maybe it's time some o/s does CRC checking on all programs and
pops
up a warning if the CRC check fails when trying to run it.
Change detection will work well for not allowing any newly created hosts
to execute. That's not the problem. The problem at that point would be
that you are already executing malware. The inability to replicate in
the environment in which it is executing, may only make that malware a
trojan in that environment. The idea is to prevent that initial
execution, not to try to restrict the scope of the executing malware.
You have no control over the system the program came from - the CRC of
*that* program may have been created post infection.
Obviously the CRC checker software would have to have to be locked
down
tight to prevent it from becoming the target of attacks.
Yes! I assumed a somehow magically protected change detection scheme (it
could happen).
 
R

RayLopez99

[...]

But the bottom line is that AV vendors have an incentive to hype up
lack of security, and i've not seen it done, ergo,there's no problem
to hype.

***
Yes, but the existance of today's AV was born from the real need to be
able to detect *viruses*. The fact that it has become perverted into
what we see today does not negate that actual need (in *any* general
purpose computer running any OS). Yes, they expanded their role to guard
against threats that they should never have gotten the opportunity to
scan, they should have been excluded from the local environment by
policy. Users liked to use these scanners so that they could ignore
policy (my AV program will save me, that's what it's for). Enforcing
policy through software led to the concept of privilege escalation to
circumvent policy - and worms usually attack software vulnerabilities
that result in circumventing policy enforcement. Generally, (true) worms
make holes in the boundaries with which we try to enforce policy.
***
That's all very well and theoretical, and it appears to argue that
Linux is superior because of the way it handles file extensions, not
"autorunning" them? Or something more "fundamental" to the Linux
architecture kernel? I doubt it, but I'm not an authority.

My argument, based on simple logic, is that Linux viruses are
nonexistent probably not because of any architectural advantages to
Linux/Unix, but because of the less than 1% market share that Linux
has on the desktop. I would ask the Linux advocates, but they're so
brainwashed I don't know if I believe them (not that they know
themselves--COLA is more or less just a 'fun' place to go insult
people rather than learn anything).

Anybody?

RL
 
R

RayLopez99

Yes! I assumed a somehow magically protected change detection scheme (it
could happen).
I'm not following your technical points since it's beyond me, but I
just want to mention that my firewall, Look 'n Stop, a lightweight
rules based firewall for Windows, does have some sort of hash function
to detect when a program it monitors has been changed, and pops up to
ask that you re-approve the program in question when the program
attempts to connect to the internet. I would imagine most other
firewalls also have this feature as well. Apparently Linux has this
"built into" the kernel (if I understood another post correctly), but
add-on vs built-in is no big deal to me, and de facto seems the same.

RL
 
F

FromTheRafters

David W. Hodgins said:
What av scanner for linux are you thinking about?
None in particular, I am trying to dispel the myth that AV (for
*viruses*) can be done completely without in *any* OS that happens to
get targeted by them. Malware in general can exist because the
environment is insufficiently hostile to prevent it. You can build
fortified OSes and make it sufficiently hostile to avoid malware
generally. Any additional hostility will affect the user as well as the
virus - when it is suficiently hostile to prevent viruses, it prevents
the use the users are accustomed to. In short, it becomes a special
purpose computer as opposed to a general purpose computer.
As far as I know, the only av scanners that run under linux, are
there only to detect windows viruses.
Well, *mostly* there to detect Windows viruses (since most viruses are
Windows viruses, why would it be any other way?) Sure, a Linux AV is
most likely not there to protect the local machine, it is there to
protect client machines and other recipients of its programs (and data).

There aren't very many Linux viruses.
This is only useful if you
are using the linux system as a file/email server for a windows
client.
True, for those or something similarly communicative.
Linux does have intrusion detection systems, and rootkit scanners.
It does not have any antivirus scanners looking for linux viruses.
....and they won't, until they (viruses) become a real threat to Linux.
If you are not using the linux system as a server for windows
clients, there is no point in running an antivirus program on it.
I agree, in fact I even said so myself in another part of this thread.
 
Ad

Advertisements

F

FromTheRafters

[...]

But the bottom line is that AV vendors have an incentive to hype up
lack of security, and i've not seen it done, ergo,there's no problem
to hype.

***
Yes, but the existance of today's AV was born from the real need to be
able to detect *viruses*. The fact that it has become perverted into
what we see today does not negate that actual need (in *any* general
purpose computer running any OS). Yes, they expanded their role to
guard
against threats that they should never have gotten the opportunity to
scan, they should have been excluded from the local environment by
policy. Users liked to use these scanners so that they could ignore
policy (my AV program will save me, that's what it's for). Enforcing
policy through software led to the concept of privilege escalation to
circumvent policy - and worms usually attack software vulnerabilities
that result in circumventing policy enforcement. Generally, (true)
worms
make holes in the boundaries with which we try to enforce policy.
***
That's all very well and theoretical, and it appears to argue that
Linux is superior because of the way it handles file extensions, not
"autorunning" them?

***
No, I made no mention of file extensions at all. I mean policies, like
not downloading programs from anywhere but a known trusted source (this
one alone will avoid a very large percentage of malware. Maybe a
software restriction policy that prevents certain filetypes from
executing from certain locations or from executing at all until certain
requirements are met?
***

Or something more "fundamental" to the Linux
architecture kernel? I doubt it, but I'm not an authority.

My argument, based on simple logic, is that Linux viruses are
nonexistent

***
They're not "nonexistant".
***

probably not because of any architectural advantages to
Linux/Unix, but because of the less than 1% market share that Linux
has on the desktop. I would ask the Linux advocates, but they're so
brainwashed I don't know if I believe them (not that they know
themselves--COLA is more or less just a 'fun' place to go insult
people rather than learn anything).

Anybody?

***
It always comes back to you trying to troll the Linux group doesn't it?
***
 
T

trigonometry1972

If I have serious reason to believe a computer is using pirated software
I won't touch it - I provide a signed statement of the work we do,
including anything we suggest, it would leave us liable in the case of
an audit.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
(e-mail address removed) (remove 999 for proper email address)
I'd touch it on a home machine. My cure would be some flavor of linux
plus a bit of wine
provided the desperate sap doesn't have an AMD CPU. Then I'd try to
install her old issue windows office 2000 at least in theory.

Then again I've got enough wine on board, I am not legal to
drive..............Trig

"I admit to being a complete jackass."
 
L

Leythos

(e-mail address removed)>, (e-mail address removed)
says...
I'd touch it on a home machine. My cure would be some flavor of linux
plus a bit of wine[snip]
But that's not the same - I would install nix too, but not reinstall a
pirated copy of XP/Win.
 
P

Peter

Change detection will work well for not allowing any newly created hosts
to execute. That's not the problem. The problem at that point would be
that you are already executing malware. The inability to replicate in
the environment in which it is executing, may only make that malware a
trojan in that environment. The idea is to prevent that initial
execution, not to try to restrict the scope of the executing malware.
You have no control over the system the program came from - the CRC of
*that* program may have been created post infection.
Sure, no point in closing the door after the horse... etc. :)

What I meant was the new O/S having this built into it, so that it is
there right from the O/S install (pre-infection). Maybe it's about time
the next new O/S has this built in. Didn't quite make that clear.
 
P

Peter

Load the virgin OS with that key and try loading sp2 or 3; either is fine
as both will tell you to go away..


No, it'll bitch when you try loading a service pack.
Cheers Dustin, will give this a try over the weekend. Nothing better
than personal experience. ;-)
 
Ad

Advertisements

P

Peter

Load the virgin OS with that key and try loading sp2 or 3; either is fine
as both will tell you to go away..


No, it'll bitch when you try loading a service pack.
Installed O/S. Tried installing sp2 from disc. It wouldn't let me
because of the product key. Just like you said.
 
D

Dustin Cook

Installed O/S. Tried installing sp2 from disc. It wouldn't let me
because of the product key. Just like you said.
Thanks for testing it Peter.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top