Seriously, has anybody ever seen a serious virus problem in Windowswhen using AV protection?

[SteveH]

What websites are you visiting? I have never caught a virus, and I
visit regularly the top three porn sites that come up when you Google
"FREE PORN".

I thought you might..

How can you possibly be cleaning at least one nasty every month?

We don't buy it. Name the last virus you cleaned up.

'We' don't buy it, who the feck do you think you are trollboy?
Why do you think people have to answer to you?

but if you insist:

19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.Chifrax.d P:\System
Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe
High
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.TDSS.amjc P:\System
Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002
High
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.TDSS.amjc P:\System
Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002//data0003
High
19/03/2010 23:01:54 Deleted Trojan program Trojan-Downloader.Win32.Small.kdj
P:\System Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002//data0004
High
19/03/2010 23:01:54 Deleted Trojan program Trojan-Downloader.Win32.Small.kdj
P:\System Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002//data0004//PE-Crypt.Eta
High
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.FraudPack.pto
P:\System Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0002//data0005
High
19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.Chifrax.d P:\System
Volume
Information\_restore{4F779BDD-1E8F-43A5-A7E1-5110978EEAFE}\RP17\A0000682.exe//data0003
High

Part of my Kaspersky log.

 

[Buffalo]

So the estimate that around 30% of all windows computers are infected
is "rare problems"

[snip]

30%?

What an illogical conclusion from what was said.
Are you a politician??
Same kind of logic they use.
Buffalo

 

[Peter Köhlmann]

So the estimate that around 30% of all windows computers are infected
is "rare problems"

[snip]

30%?

What an illogical conclusion from what was said.

It wasn't a conclusion from what was written in this thread

Are you a politician??
Same kind of logic they use.
Buffalo

Are you a Mac user? Those tend to be extremely stupid.
Or are you (even worse) a windows user?

 

[Conor]

Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?

One of the claims of the Linux crowd is that such problems are
legion. But talking so some of the people at alt.comp.anti-virus I
get the impression such problems are rare.

Who is more right?

As someone who repairs a lot, I have. However, these have ended up
installed as a result of the pillock at the keyboard ignoring all the
warnings.

 

[Rex Ballard]

Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?

Bagel, Sky, and several others have variants that can disable actual
virus checking and/or quarantine measures without letting the user
know they have been disabled. Fixing things that have been corrupted
this way can be very ugly.

I've had at least a dozen viruses over the last 10 years that have
been so difficult to remove or did such damage that I eventually had
to re-image the hard drive.

Remember, virus writers are ALWAYS one step ahead of the anti-virus
writers. Most viruses don't get the resources to be blocked unless
they've infected a significant number of computers already. Once the
culprit has been identified, it may take weeks to figure out effective
countermeasures. Once the countermeasures have been coded, it may
take another 2-3 weeks to get it distributed via the automatic update
systems, since many people don't update as often as they should.

Meanwhile, the virus writers and script kiddies are deriving new
mutations and variations, designed to avoid detection by the new
counter-measures.

One of the claims of the Linux crowd is that such problems are
legion.  But talking so some of the people at alt.comp.anti-virus I
get the impression such problems are rare.

It depends on who you are talking to. As one antivirus vendor about
another's product. There are roughly 250,000 new viruses released
every year.
These are the ones that got past kasparsky
http://www.viruslist.com/en/analysis?pubid=204792067

http://www.virusbtn.com/index

Who is more right?

Obviously, an antivirus company is coing to do the best they can to
minimize reports of successful attacks to computers protected by their
software, and maximize reports of successful attacks to computers
protected by the software of others.

These days, many companies have taken a more comprehensive stance on
security. For example, Norton 360 provides firewall, execution
protection, anti-virus, anti-spyware, and update control management to
try and keep the bad guys from coming in the front door, and to keep
trojans from letting them in the back door, and to clean up the messes
of any pets that make it inside.

Unfortunately, the biggest trojans - IE and Outlook, cannot be
disabled, and cannot be blocked.

BTW, check out this PDF on AV software:http://www.google.com/url?sa=D&q=http://www.av-comparatives.org/image...

It compares 16 commercial programs, and finds Microsoft at #2,
catching 60% of all viruses (Avanti is #1 at 70%).  And we're taking
about all viruses, some of which as so obscure I'm sure you'll never
seen one in the wild...

Since you like this source, here's another good report from them.

http://www.av-comparatives.org/component/poll/17-reinstalled

How often have you reinstalled (or rollback of image) windows due an
infection in the last 12 months?

never 2258 65.8%
1 time 479 13.9%
2 times 227 6.6%
more than 4 times 194 5.6%
3 times 114 3.3%
living with known infection 86 2.5%
4 times 76 2.2%

So roughly 40 percent of all Windows users have had infections so bad
that they had to , or should have, re-imaged their hard drive at least
once a year.

As for the other 65%, they probably didn't use their computers that
much this year ;-)
Either that, or Microsoft rallied about 2000 of their staunch
supporters to select "never".

 

[RayLopez99]

My brothers home PC was hit by a hacked button on website that he visited
daily for a year or more.  His WindowsXP SP3 was attacked by Ransomwarethat
put a big blurb on the his desktop about needing some fictional antivirus
and it trashed his Microsoft Office and some of his Windows stuff.  I ran a
full scan on his system with his Norton 360 and it fixed the Windows problem
and desktop blurb but had to reinstall Office and a couple other programs
trashed.  It wasn't a Trojan or something Antivirus could stop since itran
when he hit link on a normally safe webpage and he didn't do something risky
to do.  His is the only system attacked like that I've personally seen;
that is one threat that I've read about in a PC World Security Threats

OK, fine, but essentially your brother accidentally installed a
program he should not have had--kind of like those junk shareware
programs that infect your registry and can never be removed, even
after Uninstall (I have a few myself). But strictly speaking I would
not call this a true virus or rootkit.

And it could happen to somebody in Linux land (accidental installation
of a program).

Anybody else? So far nobody has proved a serious true virus infection
has occurred on a Windows machine.

RL

 

[larry moe 'n curly]

What OS? What year? What was the name of the virus if I can ask?
That sounds incredible.

XP Home 32-bit, before Feb. 18, 2008, and I can't remember.

 

[RayLopez99]

I thought you might..

Point being, I never have caught a virus from porn sites, which are
known to have viruses. Safe Hex.

'We' don't buy it, who the feck do you think you are trollboy?
Why do you think people have to answer to you?

but if you insist:

19/03/2010 23:01:54 Deleted Trojan program Trojan.Win32.Chifrax.d P:\System
Volume

This is indeed a nasty one, http://www.threatexpert.com/report.aspx?md5=02bf9f780a315067d1de4bf84c30a94f

OK fine. So somebody caught a nasty virus. Perhaps they did not have
AV software, perhaps they accidentally clicked on a button that
installed it. Lots of possibilities here, it proves nothing. Just one
data point of a possibly stupid person, possibly negligent. If they
were running 7/Vista it would ask them permission before installing a
program --XP is less secure in this regard.

Anybody else? So far nobody has showed there's a real threat from
viruses in Windows land, just a few isolated examples, and a few
replies are like mine: no viruses ever, or in years...

RL

 

[bbgruff]

Anybody else?  So far nobody has proved a serious true virus infection
has occurred on a Windows machine.

So have you talked to Manchester City Council or the Greater Manchester
Police Dept. now? What did they say? Was it all a hoax, and they coughed
up nearly £2,000,000 between them on that account?

 

[RayLopez99]

As someone who repairs a lot, I have. However, these have ended up
installed as a result of the pillock at the keyboard ignoring all the
warnings.

YES! I believe you Conor. This is exactly what I suspected. Sure,
if you ignore all the warnings from your AV software, and click
through them, yes you can install a virus on your system. That's
axiomatic.

In fact, in one of the top three porn sites under FREE PORN (Googling
that phrase) the other day I came across a video that said "you must
install the latest version of Adobe Flash to view this video...click
here to install", which I assumed was a clever attempt to install a
virus/rootkit on my system. But of course I ignored it.

Anybody else? No proof so far.

RL

 

[bbgruff]

Anybody else?  So far nobody has showed there's a real threat from
viruses in Windows land, just a few isolated examples, and a few
replies are like mine:  no viruses ever, or in years...

http://www.computerworlduk.com/management/government-law/public-sector/news/index.cfm?newsId=15477

http://news.bbc.co.uk/1/hi/england/manchester/8492669.stm

 

[RayLopez99]

Bagel, Sky, and several others have variants that can disable actual
virus checking and/or quarantine measures without letting the user
know they have been disabled.  Fixing things that have been corrupted
this way can be very ugly.

I've had at least a dozen viruses over the last 10 years that have
been so difficult to remove or did such damage that I eventually had
to re-image the hard drive.

For your machine? I doubt it. Probably for others. And who knows
what stupid thing they did to install those viruses.

These are the ones that got past kasparskyhttp://www.viruslist.com/en/analysis?pubid=204792067

http://www.virusbtn.com/index

Yeah, nice links, thanks, but they prove my point: the #1 on the list
Net-Worm.Win32.Kido.ih has infected 58200 machines, which sounds like
a lot, until you realize there are nearly 1 billion Windows machines
out there. Let's make it easy and say there are 582000000 Windows
machines (a low number). So one out of 10000 Windows machines are
infected by this #1 virus. Second place was half this number, so one
out of 20000 Windows machines. And these are high estimates--the
actual number is probably half that. I'm sure a lot of people are
dumb out there.

Unfortunately, the biggest trojans - IE and Outlook, cannot be
disabled, and cannot be blocked.

OK now I see your dishonest tactics. You define IE and Outlook as
"viruses", hence the claim that the majority of Windows PCs are
"infected". Dishonesty noted.

Since you like this source, here's another good report from them.

http://www.av-comparatives.org/component/poll/17-reinstalled

How often have you reinstalled (or rollback of image) windows due an
infection in the last 12 months?

never   2258    65.8%
1 time  479     13.9%
2 times  227    6.6%
more than 4 times       194     5.6%
3 times 114     3.3%
living with known infection             86      2.5%
4 times 76      2.2%

This is believable. I count myself as "two times" but both times were
not for viruses, but because a certain program or two I installed
would not uninstall itself properly. This is not a virus, as I define
it.

Thanks for keeping this thread short Rex. I lerned a lot actually.
Like I say, Windows is not bad at all vis-a-vis viruses.

RL

 

[Buffalo]

Buffalo wrote:
It wasn't a conclusion from what was written in this thread
is "rare problems"


Are you a Mac user? Those tend to be extremely stupid.
Or are you (even worse) a windows user?

Another illogical comment . Must be a Republican !! Are you Rush L. in
disguise??

Of course it was. If you can't see that, you have a problem.

Quote below from the OP first post.

"It compares 16 commercial programs, and finds Microsoft at #2,
catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
about all viruses, some of which as so obscure I'm sure you'll never
seen one in the wild..."

So I guess the "Avanti is #1 at 70%" was not the premise of the reply?
C'mon!
Perhaps the 30 % was taken from that comment, since I did not see 70 or 30%
mentioned elseware.
BTW, what is Avanti ?
Damn!!
Buffalo

 

[Leythos]

Anybody else? So far nobody has proved a serious true virus infection
has occurred on a Windows machine.

Sorry, you're wrong - seen it many times, many. One of the worst I saw
was a malware spread via Yahoo Instant Messenger that contained a SMTP
engine. This happened at a sorority, in about 30 minutes 45 computers
were compromised as it spread to each of their lists....

The ISP saw it also, they turned off their internet connection in under
2 hours because of all the spam containing malware that their machines
were sending out.

 

[Leythos]

YES! I believe you Conor. This is exactly what I suspected. Sure,
if you ignore all the warnings from your AV software, and click
through them, yes you can install a virus on your system. That's
axiomatic.

What about all of the compromised computers, Windows computer, that had
Office Business Contact Manager installed and were not secured - BCM
includes SQL server and when the PC is connected directly to the
internet it can easily be compromised without triggering an AV event.

 

[Buffalo]

Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?

One of the claims of the Linux crowd is that such problems are
legion. But talking so some of the people at alt.comp.anti-virus I
get the impression such problems are rare.

Who is more right?

BTW, check out this PDF on AV software:
http://www.google.com/url?sa=D&q=ht...22.pdf&usg=AFQjCNEDInyvV2WgWDzeAWeAjzJKLymkDA

It compares 16 commercial programs, and finds Microsoft at #2,
catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
about all viruses, some of which as so obscure I'm sure you'll never
seen one in the wild...

RL

Anti-virus program definitions are updated 'after' new viruse are found.
Practicing 'Safe Hex' is very important also, rather than just depending
solely on an Anti-virus program to protect you.
If, and I do mean if, Linux ever gets really popular, there will be many
exploits on it also.
Buffalo

 

[RayLopez99]

Sorry, you're wrong - seen it many times, many. One of the worst I saw
was a malware spread via Yahoo Instant Messenger that contained a SMTP
engine. This happened at a sorority, in about 30 minutes 45 computers
were compromised as it spread to each of their lists....

OK, fine. The "one of the worse" examples was spread through Yahoo
IM. I don't use that program. Nor do most people who do serious
work. So yes, some teens who use IM and who may or may not practice
Safe Hex (which is simply using an AV program in Windows), got
infected. Shame, but it proves nothing.


RL

 

[RayLopez99]

What about all of the compromised computers, Windows computer, that had
Office Business Contact Manager installed and were not secured - BCM
includes SQL server and when the PC is connected directly to the
internet it can easily be compromised without triggering an AV event.

Well that does sound problematic. Trouble is, a brief Google search
found nothing... If you can find a cite, it might make your point,
but otherwise I'm afraid I have to classify this as Urban Legend.

Anybody else?

RL

 

[TomB]

["Followup-To:" header set to comp.os.linux.advocacy.]

Anybody else? So far nobody has showed there's a real threat from
viruses in Windows land, just a few isolated examples, and a few
replies are like mine: no viruses ever, or in years...

Sure, little Ray. And that's exactly why millions of zombified Windows
machines are sending millions of spam each day again. All because of a
few isolated examples.

Years ago I read that an idle, unprotected Windows 2000 machine would be owned
within 10 minutes after putting it on the internet. So I installed W2K
on a spare HDD and connected it to the internet without any
protection. No NAT router, no firewall, no antivirus. Nothing. In less
than *five* minutes CPU usage was 100 % and the machine was pushing
network traffic at maximum upstream bandwidth. It became a zombie
without even touching it.

 

[John Williamson]

OK fine. So somebody caught a nasty virus. Perhaps they did not have
AV software, perhaps they accidentally clicked on a button that
installed it. Lots of possibilities here, it proves nothing. Just one
data point of a possibly stupid person, possibly negligent.

People seem to be posting an awful lot of "single data points" here. How
long before you admit there is a trend?

For what it's worth, my first virus attack happened in 1978 via
Floppynet from our office system. It was a boot sector virus that
installed itself on every floppy that was used on their system, and on
mine until I disinfected every single one of the 150 floppies I used on
a regular basis. Then, a few months later I found out I'd missed one.....

Kaspersky is currently warning me of a few malware attacks each week,
mainly from websites mentioned on this newsgroup.