Very Interesting video - worth a watch

D

Dustin


Interesting in what way Bear? This guy is boring me to tears. I could make
a few comments on things I disagree with, but.. I'd just be repeating
myself and the comments already left for him. Comodo AV is junk, imo.

Multiple DNS servers? WTF!?!

Here we go:

"I tired using it once, I could not take it anymore, I had to uninstall
it. Just the FP from the web scanner was driving me to the point it
madness, it kept? blocking tons of sites. "

So he's basically like you... That's his comment.

How does this help people with malware issues Bear? Load em up, watch
systems without the hardware slow to a crawl, users get pissed, uninstall
this and that...Seems counter productive.
 
B

Bear

Interesting in what way Bear? This guy is boring me to tears. I could
make a few comments on things I disagree with, but.. I'd just be
repeating myself and the comments already left for him. Comodo AV is
junk, imo.

Multiple DNS servers? WTF!?!

Here we go:

"I tired using it once, I could not take it anymore, I had to
uninstall it. Just the FP from the web scanner was driving me to the
point it madness, it kept? blocking tons of sites. "

So he's basically like you... That's his comment.

How does this help people with malware issues Bear? Load em up, watch
systems without the hardware slow to a crawl, users get pissed,
uninstall this and that...Seems counter productive.

I'm not that keen on Comodo Internet Security but Norton's DNS servers
are good. So is AVG LinkScanner. Also Comodo Cleaning Essentials with
Kill Switch and Autoruns is very good.

I've never been one to profess loading a machine up with malware tools
as can be seen from my recommendations and comments on my website,
however a few good essential tools are the smart right thing to do.

I do not like the current version of avast! I do not like AVG. I would
rather use MS Security Essentials with Immunet on top of that than
either of those. However, I always go back to PandaCloud Beta and either
Norton or Google DNS which seems to work well enough.

You know my philosophy...keep it simple, keep it light, and make sure
you can quickly recover if anything happens.

If you load up your machine to a crawl with tools, you still aren't
guaranteed protection, so why bother and suffer. Safe Hex is fine, but I
go many places and download from many unknown sites searching for
programs that might be good. If I run into a problem, which I haven't,
well...it actually really isn't a problem.

As for Languy99, he is a savvy tech and I haven't met too many techs who
agree with each other so your opinion is just that. The 'suite' he puts
together works very well and is very light on system resources. Wheter
you agree with him or not, his videos are very informative from various
aspects.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail
 
B

Bear

Ditto ;-)

It's not like he's taking from MDL a Blackhole URL and deobfuscating
the Javascript and showing how to obtain the SWF, PDF and Java
exploits and the subsequent payload(s).

His videos target average users and provides very informative information
about various tools. I don't see you providing informative narratives for
folks.
 
D

Dustin

His videos target average users and provides very informative
information about various tools. I don't see you providing
informative narratives for folks.

I don't maintain a youtube channel, nor a facebook, myspace, twitter,
(insert your favorite social site here)... So no, You won't see me
providing an informative narrative of anything. I don't think it would
be a good idea for me to provide a video of disecting malware. One wrong
move, poof; damn thing gets loose and I have pissed off users to deal
with. Not to mention the possible problems from the antimalware
community for showing users how to do dangerous or otherwise, unsafe
things... Hell, I couldn't do much worse if I posted how to troubleshoot
the electrical on your microwave. Many have, it's not difficult to work
on in most cases, but it can kill you dead should you touch the wrong
components.. So, for safety, somebody else can take the risk.. It won't
be me.
 
B

Bear

I don't maintain a youtube channel, nor a facebook, myspace, twitter,
(insert your favorite social site here)... So no, You won't see me
providing an informative narrative of anything. I don't think it would
be a good idea for me to provide a video of disecting malware. One
wrong move, poof; damn thing gets loose and I have pissed off users to
deal with. Not to mention the possible problems from the antimalware
community for showing users how to do dangerous or otherwise, unsafe
things... Hell, I couldn't do much worse if I posted how to
troubleshoot the electrical on your microwave. Many have, it's not
difficult to work on in most cases, but it can kill you dead should
you touch the wrong components.. So, for safety, somebody else can
take the risk.. It won't be me.
yeah, I don't suppose many people are interested in dissecting
malware..including myself. Now preventing as much as possible and
recovering easily is a different story.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail
 
B

Bear

Quite a few actually, especially in these computer security related
groups. Giving an antimalware program the ability to detect some kinds
of malware often involves having to have someone do the work of
dissecting that malware.

Well, have at it. I'm not interested in anything but keeping them out or
recovering from them...which is what most people care about. This is not
a malware dissection group. It is an anti-virus group as in preventing
and as not in dissecting.
Actually, that's two stories, each with a different plot and cast of
characters.

Both are necessary and go hand in hand.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail
 
B

Bear

Then why did you post this youtube garbage?

Pooh didn't post it, I did. You can't tell the difference between the
forger and me? I thought you were an expert?
 
D

Dustin

Pooh didn't post it, I did. You can't tell the difference between the
forger and me? I thought you were an expert?

Bear,

I think you resort to using forger whenever someone asks you a question
you can't readily answer. I have no way of really knowing if you aren't
posting under both servers. Only your word (hah!) that it's not you.

In any event, they aren't forgeries as the header information doesn't
match. It's just two people posting using the same username Bear. Maybe,
two people.

That person expressed they had no interest disecting malware,
incidently,you expressed the same opinion here:

Message-ID: <[email protected]>

yeah, I don't suppose many people are interested in dissecting
malware..including myself. Now preventing as much as possible and
recovering easily is a different story.

So my question still stands. Why did you post a youtube video link in
this newsgroup? It's junk. The only way it could possibly qualify under
antivirus is because he mentions using one. Otherwise... Junk.

Neither Bear has interest in disect or serious discussion of ANTIVIRUS
(as opposed to malware) and an image isn't really a good way to recover
from a virus. Some viruses have imaging users in mind... lol.
 
B

Beauregard T. Shagnasty

Dustin said:
Bear,

I think you resort to using forger whenever someone asks you a question
you can't readily answer. I have no way of really knowing if you aren't
posting under both servers. Only your word (hah!) that it's not you.

In any event, they aren't forgeries as the header information doesn't
match. It's just two people posting using the same username Bear. Maybe,
two people.

It is him, and not a forger. User-Agent: Xnews/5.04.25
He's just using two NNTP accounts.
 
B

Bear

Bear,

I think you resort to using forger whenever someone asks you a question
you can't readily answer. I have no way of really knowing if you aren't
posting under both servers. Only your word (hah!) that it's not you.


Think all you want. You would still be wrong...and you do know it.
In any event, they aren't forgeries as the header information doesn't
match. It's just two people posting using the same username Bear. Maybe,
two people.

I don't really care. It's flattering in many ways.
That person expressed they had no interest disecting malware,
incidently,you expressed the same opinion here:

No cite necessary...I have no interest in dissecting malware.
Message-ID: <[email protected]>

yeah, I don't suppose many people are interested in dissecting
malware..including myself. Now preventing as much as possible and
recovering easily is a different story.

I agree.
So my question still stands. Why did you post a youtube video link in
this newsgroup? It's junk. The only way it could possibly qualify under
antivirus is because he mentions using one. Otherwise... Junk.

I disagree.
Neither Bear has interest in disect or serious discussion of ANTIVIRUS
(as opposed to malware) and an image isn't really a good way to recover
from a virus. Some viruses have imaging users in mind... lol.
I disagree. A virus can have imaging in mind all it wants...when I
reload an image ... the virus is gone. If it's in the firmware or
embedded on the motherboard somewhere or hiding in the speaker, well I
might call for your help. Don't hold your breath.



--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail
 
D

Dustin

I disagree. A virus can have imaging in mind all it wants...when I
reload an image ... the virus is gone. If it's in the firmware or
embedded on the motherboard somewhere or hiding in the speaker, well I
might call for your help. Don't hold your breath.

By the time you realize you have this style of virus, your images already
contain it as well. It's known as a slow infector and for very good
reason. If you have a drive split into multiple partitions and you dont
restore a clean mbr, you run the risk of a virus maintaining it's presence
and still placing you right back to square one. Images are primarily for
hardware failure and known workstation state integrity.

The idea was never a silver bullet to a virus issue. Sometimes,
inexperienced users do mistake it for a cure-all tho. Backups are an
excellent thing to be doing, but the way in which you pass them off just
isn't honest.
 
B

Bear

By the time you realize you have this style of virus, your images
already contain it as well. It's known as a slow infector and for very
good reason. If you have a drive split into multiple partitions and
you dont restore a clean mbr, you run the risk of a virus maintaining
it's presence and still placing you right back to square one. Images
are primarily for hardware failure and known workstation state
integrity.

My imaging plan takes care of that nicely thank you very much :)
The idea was never a silver bullet to a virus issue. Sometimes,
inexperienced users do mistake it for a cure-all tho. Backups are an
excellent thing to be doing, but the way in which you pass them off
just isn't honest.
I disagree...the plan is as solid as it gets.



--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail
 
F

FromTheRafters

Dustin said:
By the time you realize you have this style of virus, your images already
contain it as well.

His scheme, as laid out, does not allow this to happen. He uses a
previous clean image to get the machine to the point where it can
install the latest cumulative updates.

It does seem like a lot of work doing that when images are not the right
tool to battle malware. For the type of disaster recovery images *do*
address - there's no need to avoid slipstreaming.
It's known as a slow infector and for very good
reason. If you have a drive split into multiple partitions and you dont
restore a clean mbr, you run the risk of a virus maintaining it's presence
and still placing you right back to square one. Images are primarily for
hardware failure and known workstation state integrity.

The idea was never a silver bullet to a virus issue. Sometimes,
inexperienced users do mistake it for a cure-all tho.

And, it doesn't help matters when Bear keeps presenting it as such.
Backups are an
excellent thing to be doing, but the way in which you pass them off just
isn't honest.

Yep, he shouldn't even mention malware in that context.
 
D

Dustin

His scheme, as laid out, does not allow this to happen. He uses a
previous clean image to get the machine to the point where it can
install the latest cumulative updates.

I'm not sure I'd credit him as the author... Possible, but not entirely
likely. The slow infector relies on it not being detected for sometime,
so that it can slowly work it's way into your backup history. As it's
unknown at that point, it's a safe bet he'd include it in a supposedly
"clean" image-short of install from clean media on known clean HD and no
3rd party apps. In reality this wouldn't work anymore due to the rapid
rate in which samples are passed around and new definitions are posted
to deal with them.

In the past tho, the slow infector did have these backup systems in mind
and intended to take advantage of the process.
It does seem like a lot of work doing that when images are not the
right tool to battle malware. For the type of disaster recovery
images *do* address - there's no need to avoid slipstreaming.
Agreed.

And, it doesn't help matters when Bear keeps presenting it as such.

Based on his posts recently, he seems to behold some sort of grudge
against techie types. Perhaps he feels they rip people off. He feels his
plan puts techies out of business.
 
B

Bear

His scheme, as laid out, does not allow this to happen. He uses a
previous clean image to get the machine to the point where it can
install the latest cumulative updates.

It does seem like a lot of work doing that when images are not the
right tool to battle malware. For the type of disaster recovery images
*do* address - there's no need to avoid slipstreaming.

It's not a lot of work at all. If I'm going to make an image, I do it
when I take a break or eat lunch or go to bed or whatever...and it
actually only takes an average of about 20 minutes for my system anyway.

Restoring an image, well the same thing applies. It's a very simple
thing to do.
And, it doesn't help matters when Bear keeps presenting it as such.

This makes no sense. There are no silver bullets when it comes to
malware prevention. I've said that here many times. There is no such
thing as a cure-all for anything. I've never said there was. What I have
said is the process I use is the best approach using today's tools and
it includes several safety nets.
Yep, he shouldn't even mention malware in that context.

Why else would you need to recover...it is exactly a plan to manage your
system and data and free yourself from the harm malware can inflict. Of
course it also applies to hard drive failure or the like, but such is
more rare and some people can change out their own hard drive and some
can't. Anyone can do the Pristine image and data management plans.

I'd like for you to list a comprehensive plan that would be more
efficient than the one I propose. If you are going to poo poo my plan,
then at least have the courtesy to back it up with a specific
alternative that works better and is easier, takes less time and allows
any skill level to do so. Balls in your court.


--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail
 
F

FromTheRafters

Dustin said:
I'm not sure I'd credit him as the author... Possible, but not entirely
likely. The slow infector relies on it not being detected for sometime,
so that it can slowly work it's way into your backup history. As it's
unknown at that point, it's a safe bet he'd include it in a supposedly
"clean" image-short of install from clean media on known clean HD and no
3rd party apps. In reality this wouldn't work anymore due to the rapid
rate in which samples are passed around and new definitions are posted
to deal with them.

In the past tho, the slow infector did have these backup systems in mind
and intended to take advantage of the process.


Based on his posts recently, he seems to behold some sort of grudge
against techie types. Perhaps he feels they rip people off. He feels his
plan puts techies out of business.
He is very trollish.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top