"cquirke (MVP Win9x)" wrote:
.> Relying on av is doomed to Day Zero malware, commercial malware that
what's that? and why's it bad?
Day Zero refers to the time that a new malware hits the 'net, before
av vendors have a sample to work with, reverse engineered it, devised
detection and cleaning data for it, tested that data, and made it
available to your av installation. Then the effect continues for the
time it takes before you get that update.
During this time, your av will not detect the malware in question -
and neither will most other av, for the same reason. So it cuts right
through egress filtering from businesses, your ISP's filtering, and
your own desktop av.
Commercial malware is ignored by traditional av on a "not my problem"
basis. It's not a "virus", it's "legitimate" commercial software, and
in most cases, the user is assumed to have tacitly permitted it to
install (e.g. by downloading the free software that stealthed it in,
visiting a web site that dropped it through MS's defective Java, etc.
Some av vendors are playing catch-up; Kasspersky can look for cm, and
Trend's PC Cillin is also getting a clue. But for now, cm is best
tackled with tools dedicated for that purpose; AdAware, Spybot etc.
, and bad effects from direct network attacks.
If you expose defective networking code to the Internet - as every
duhfault install from any pre-SP2 XP does - then you will be affected
by direct attacks from Lovesan/Blaster, Sasser, etc. Often these fail
to "infect" the PC but cause the attacked service to crash - and
through stunningly stupid duhfault settings, this can cause the whole
PC to shutdown or restart (see all those NT_AUTHORITY threads).
Because this happens before an malware code creates a file or
sucessfully runs as a memory image, av does nothing to help. The fix
is to patch the defective software, and block access by turning on (or
adding a 3rd-party) firewall.
taken care of by a firewall (I've just noticed that this site advertises our
IP addresses!)
IP addresses go wherever TCP/IP network packets go. We've had a
problem in these newsgroups where anonymous posters have pretended to
be individuals they are not; perhaps IP awareness may help there?
.> .> The second can be a side-effect of adding .NET Framework, which may be
Yep. Not happy to have a whole bunch of network services (and
background accounts) rushing to do the Internet's bidding. XP is NT,
and NT was written for professionally-administered corporate networks,
where there's always an IT admin who overrides the user at the
keyboard to enforce company policy.
When NT was rolled out as a consumer os, any two-bit entity on the
Internet can do the same thing, as long as it can pretend to be an
"admin" or "server" more effectively than the user can pretend to be
"IT adminisdtrator" or hide in a limited-rights panic room account as
"untrusted employee number 347". Guess who wins *that* battle.
I don't see MS getting the clue required to dump the whole "let's make
the world one big ecommerce playground" thing. Which means I don't
see malware problems going away any time soon.
If MS *did* have the clue (and more importantly, the nads) to empower
consumers to tell ecommerce pushers to FOAD, there'd be huge trouble
in USA's infotech-orientated paradise ;-)
-------------- ---- --- -- - - - -
"I think it's time we took our
friendship to the next level"
'What, gender roles and abuse?'
