Author Topic: I'm tired of being told. (Read 16556 times)

Paul Keith · « **on:** September 29, 2009, 03:05 PM »

Source: http://www.wildersse...wthread.php?t=254088

Today something hit me and it wasnt a bag of dung. A poster made light of a post i had made about avatars and suggesting certain software. I finally came to see the point. Enough for that and I apologize.

What I am tired of it not being able to put my faith in one product and calling it a day. i am tired of being told it wont work. I am tired of being told that i need multiple items to stay safe. Safe from what? Myself? maybe. I am tired of seeing how the so called reality to people popping in here realize, they can not leave their screen doors open because of.....

Why cant we choose one product and be safe and secure. I know why but i am not about to spend 30 minutes explaining because in the end it is pure BS. You can buy one product and be perfectly happy and safe, that, is the reality. The chances of you getting a piece of malware are basically zero if you are what most refer to as a average computer user. I am tired of hearing from so called experts here that I need this and this and this. What is it based on, because that is not true and is a out right lie.

You can choose any product here that fights malware and be perfectly content and safe. You do not have to even think that what others may say is even close to reality. Boy, I am rolling. But the reality is we create a mass hysteria by posting test results, personal test results and the like. Nuff said because I will be bashed like heck for this, but i really, dont care. If you actually read this post remember this. There are good products here, choose one, and you will be fine. Catching just 60 percent of malware is perfectly fine because what they wont say is, you will never encounter the other 40 percent anyway, or your chances are very slim. No, they wont tell you that.

All I can say is, first I dont recomend any product, nor will I ever, but this site was created for a sole purpose and that purpose and/or product is great. But even if you decide to go another route, pick one and move on because you do not need 30 blankets to keep your ass warm in the winter. Just one electric one.

Some of you may accuse me for not going SFO (Search Forum Optimization) on the title but I didn't want it to be this way because we both know that the topic theme goes beyond Antivirus Security.

Still, to limit it to the theme of Windows security, I'm never tired of this becuase no one has made an .exe or Idiot's Guide to Sandboxie + LUA + KAfU + SRP + DEP + SuRun and so I prefer living in the bliss of AV and Antispyware and I feel that if a newb wants to learn this, they're better off buying two PCs.

One using Linux for their main files and another having a Windows drive that isn't connected via networking (so that the virus can not infect Windows even if it infected and is immune in Linux)

Still...in an ideal world, I prefer a world where a Virtualized OS does not require halving and knowing how to set the difference in RAM and GB and it just works out of the box for manipulating files and everything I want to backup, I just drag into a "Backup Bin" and when I'm ready, I just click it and the OS is able to put it into backup mode and you're shown a different layer of the OS specifically for backing up these projects.

(Yes, Sandboxie does a variation of this for security but the ui isn't as convenient as say Dropbox for pure backing up and segmenting of back-up files.)

sri · « **Reply #1 on:** September 29, 2009, 09:51 PM »

I just glanced through the quote and your post.

To me it doesn't look like a headache issue. Just install nod32/kaspersky + Malwarebytes' anti-malware and you are safe.

Paul Keith · « **Reply #2 on:** September 29, 2009, 10:35 PM »

@sri,

Well, I'm not sure where you got your recommendation but that's kind of the ups and downs with Wilders Security.

They are so obsessed with security that many are pioneers for exposing Nod32 and Kaspersky and Malwarebytes so that nowadays we can just recommend them but at the same time, that same obsession means constant comparison and searching for even newer and better ways to secure Windows.

The middle result is that you get posts like these.

sri · « **Reply #3 on:** September 30, 2009, 12:06 AM »

http://www.virus.gr/...-august-05-september

These guys do comprehensive antivirus comparison tests.

Surprising to see the free AVG rank higher than Nod32.

nosh · « **Reply #4 on:** September 30, 2009, 03:33 AM »

+1 for Malwarebytes. It sorted out a nasty rootkit infection for me just two days back.

Truecrypt wouldn't mount anything and I'd get the message "The maximum number of secrets that may be stored in a single system has been exceeded." - hilarious stuff (if it isn't happening to you.)

</ot>

I like the idea of constantly pitting these guys against each other... keeps them on their toes and minimizes the chances of bogus players getting by as legit.

MrCrispy · « **Reply #5 on:** September 30, 2009, 05:09 AM »

There is NO easy solution to security. Its not even a technical problem, its social engineering, and there is a lot more money to be made exploiting it than fixing, so guess who'll always win. Platforms like the Mac give the illusion of being safer while being technically inferior. The moment OSX/Linux reach anything close to Windows' marketshare, they'll face the exact same (and worse) malware issues.

Paul Keith · « **Reply #6 on:** September 30, 2009, 07:02 AM »

@MrCrispy,

That has some truth in it but you forget the fact that Linux has some social engineering of it's own. (Multiple Distroes/Constant new versions coming out.)

It'd be like saying once Firefox or Opera gets as popular as IE, they'd be targeted. That would be true but they still would be better than IE.

@sri,

There was a short while when Nod underperformed against it's competitors. Not by much but not sure if that's why the site ranks it lower.

Can't really say I understand the site though. For example, how can Antivir Free be any less secure than Antivir Premium?

Innuendo · « **Reply #7 on:** September 30, 2009, 09:09 AM »

I just glanced through the quote and your post.

To me it doesn't look like a headache issue. Just install nod32/kaspersky + Malwarebytes' anti-malware and you are safe.
-sri (September 29, 2009, 09:51 PM)

It's obvious you just glanced because the entire meaning of the quoted text was the person was being told what to install to have a secure system & then you reply exhibiting the same behavior that was being complained about.

Can't really say I understand the site though. For example, how can Antivir Free be any less secure than Antivir Premium?
-Paul Keith (September 30, 2009, 07:02 AM)

One factor is probably the fact that the premium version gets signature updates quicker than the free version. It may also be that the free version is using an older version of Avira's detection engine.

Paul Keith · « **Reply #8 on:** September 30, 2009, 11:03 AM »

Ouch Innuendo! Harsh...

One factor is probably the fact that the premium version gets signature updates quicker than the free version. It may also be that the free version is using an older version of Avira's detection engine.

Yeah, that's true but it seems weird if those are the criteria.

Avira Free auto-updates so even when the premium version gets it earlier, it shouldn't really affect performance that much.

Also as far as I know, what makes Avira so great as a free product is that the detection engine is on-par with the paid version except the Premium version has an internet blocker that can sometimes slow down sites. (IMO Avira is Donationware in everything but name. Which still makes it great as action speaks louder than words but words still sell quality products and gets them their revenue.)

Innuendo · « **Reply #9 on:** October 01, 2009, 09:38 AM »

Ouch Innuendo! Harsh...
-Paul Keith (September 30, 2009, 11:03 AM)

Harsh? I hope not...I was just teasing. I didn't mean any malice with my words.

Avira Free auto-updates so even when the premium version gets it earlier, it shouldn't really affect performance that much.

I haven't used Avira for years so I can't speak too specifically about why things might be the way they are. The reason I quit using it was way too many false positives. But the way the test results are could be due to what I referred to about updating. If the paid version updates hourly & the free version weekly then that could cause the results. Also, if the free version is using a detection engine that's 3 or 4 versions older than the paid one does that could cause a huge gap in the detection rates as well.

These companies that offer both paid and free versions of their software have to walk a fine line. They want to put enough features into the free version to entice a person to buy the paid product, but not so many that they tick off their paid customers. If I'm paying $50 or whatever per year for a product I don't want someone to get the same level of protection I do who is paying nothing. I'll just move to the free product and then the company loses revenue.

Paul Keith · « **Reply #10 on:** October 01, 2009, 09:56 AM »

Yeah but that's where Avira separates itself I think. You could be right though about the weekly updates vs. the hourly updates. I haven't really cared since I'm more about it being scanning it weekly once anyways.

The paid users do still get the feel of added protection. Remember alot of paid antivirus software are banking on the fact that users aren't as technical as to know how useless an internet blocker is if you have a secure PC.

They also are the least likely to know how to remove the adware from the free version of Avira.

Avira also wouldn't be as highly praised as a free software if it uses the old engine trick. (As far as I know, AVG is the only top 3 free AV that used that trick)

None of these though should impact security at all. (An internet blocker for example is not a replacement for an Anti-spyware even if Avira's engine has added Anti-spyware capabilities)

You're right though that Avira has lots of false positives but many users do see that aggression as a good thing because every other software has false positives too and even 1 can be just as annoying as 10.

Bamse · « **Reply #11 on:** October 01, 2009, 05:15 PM »

I think Wilders dude forgets to mention that a good part of "average" users also race around on torrent sites, rapidshare etc.

I know what he mean by average and he is spot on, but all he talk about depends entirely on user and usage, no fixed ideas of needs are relevant besides the obvious - a little AV perhaps. You can say more is better, you can say less is better.

98,64% vs. 98,56% is not really much of a difference between Avira free and Premium. I would not lose sleep over that. Free version updates once per day last I tried it. You can force them but not sure that will work. Servers often slow, they might not allow more than 1 update. Regarding scanner I think only difference is "extended antispyware" protection in paid version. What I remember from release notes when version 9 got out.

Actually one of the reasons I only used Avira license for a few months was because of a "useless" internet blocker

I understand why Malwarebytes have started with old as dust IP-blocking. Scanners can only do so much and malware makers are of course aware of limitations. What annoys me about Avira is program already have http scanner/blocker - they just dont use it properly. Such a tool must be fed continuously with fresh links. Not easy to test with just some sort of precision but if interested do it over a period of time, get rss-feed from the most updated sources with malware domains. Made me depressed so I uninstalled. Turn off browser filters or it becomes even more tiresome. Some months since I last did such sessions but not hard to take out AV. The success and must-have status of Malwarebytes and a few other tools show this already. Some areas have simply been neglected.

Innuendo, I think Avast has an official goal of giving everyone free antivirus protection. Not a problem but opportunity

Most other companies will either not have anything for free or limited in one way or another. But how to survive in this business? I think it is clever marketing. They might not really believe free is a goal to make money! but they realize that approach is their chance. Like when Microsoft throw almost free Office packages at students perhaps. Avast, Avast, Avast everywhere. Eventually it will pay off. Dont know but pretty sure Avast is 100% for free stuff, part of their business...

Paul Keith · « **Reply #12 on:** October 02, 2009, 02:10 AM »

Ironically I just got my answer recently

http://www.h-online....oblems--/news/114366

A "huge update" for Avira AntiVir anti-virus products led to issues for users of the free Avira AntiVir Personal when attempting to update to the latest virus signatures. According to reports, the issue even led the program to advise users that there were no additional updates available. It seems Avira's severs were overloaded.

Avira Technical Editor Dirk Knop has said that users of Avira AntiVir Premium, Avira Premium Security Suite and the Professional products, were not affected as they have "dedicated download servers and reserved bandwidth available". The issue should now be resolved, allowing users of the free version to update as normal. The company says that it hopes to deliver a new and faster system in two weeks, which should improve reliability of updates for the free version.

Bamse · « **Reply #13 on:** October 02, 2009, 08:26 AM »

Yeah Avira free and updates have been an issue more than once but way better today than years ago I think. Once per day should work but I had no luck encreasing that number. Worked but took like 10-15 min. Could have been another bad day I guess. If you believe in the need for 4-5 updates per day Premium is probably needed. Avira free no worse than MSE which has more than one update per day but is onlly checked for once a day, through WU.

40hz · « **Reply #14 on:** October 02, 2009, 12:09 PM »

re: Avira updates

If the online update utility is balky, you can almost always grab the most recent updates more quickly here:

http://dl.antivir.de...fusebundle_nt_en.zip

Save the file to your desktop, open Avira, then use the manual update option to get the downloaded zip file installed.

I'm tired of being told.

This is also a good way to do it if you need to update multiple machines and you don't want to waste internet bandwidth downloading a big update file several times.

Bamse · « **Reply #15 on:** October 02, 2009, 01:25 PM »

Neat. Ive seen infections remove all signature files from Avira so good to know. I thought they only had daily updates for downloads, this includes everything. Malwarebytes also have a tool to replace hijacked update domain, http://mbam.malwareb...abase/mbam-rules.exe Might come in handy one day.

sajman99 · « **Reply #16 on:** October 03, 2009, 01:16 PM »

I'm not telling anybody anything here, so please don't be tired.

All I'm saying is if someone were to tell me the new Hitman Pro is self-described as "the first behavioral scan and multi-vendor cloud confirmation anti-malware", then I would probably take a look. And if they were to tell me "you must be online to scan" or "you cannot remove malware without a license", then I would say "hey, get your facts straight before you go spouting off".

Mind you, I'm just saying if. http://www.wildersse...?t=236732&page=8 (see erikloman's comments near the bottom of the page)

Bamse · « **Reply #17 on:** October 03, 2009, 03:15 PM »

Oh dont ask to get an idea of what an 18 page Wilders thread is about sayman99, that is pushing it

I would guess just about everything or nothing.

Dont know Hitman, or rather have some memories of program downloading and installing a bunch of free different tools. Like a tool for the lazy, bundle scan. Spybot, Ad-aware - faded out I think? Now more or less the same, just more advanced?

I know Wilders and the nature of things there so used to see wonder-tool pop up every now and again. Possible there are meat on story but be more direct with info. From a quick-scan of thread I would say nothing is new.

If you are saying this could be the answer to all infection problems then I suggest you dig into the world of removal

Tons of highly effective tools available for free. Hitman dude has "written" agreements with vendors because more is better as in 1+1=2 but also because Hitman is nothing on its own. Zero. Nice idea but never going to kick off.

sajman99 · « **Reply #18 on:** October 03, 2009, 05:38 PM »

Dont know Hitman, or rather have some memories of program downloading and installing a bunch of free different tools.
-Bamse (October 03, 2009, 03:15 PM)

Indeed. Please note the all-important adjective preceding the phrase Hitman Pro--new. A short visit to the site and/or Wilders link will reveal that this program is decidely different from the old program of the same name which was nothing more than a GUI for popular/well-known anti-spyware tools-- all of which had to be downloaded.

The Wilders link was to a specific page and specific comments of an individual purportedly representing Hitman Pro. Never did I suggest that you read the entire 18 page thread--hopefully you have better things to do with your valuable time. Nor did I make a foolish assertion about Hitman Pro being a malware panacea. My intent was to simply point out a new and possibly effective malware tool.

Yes, I already have a multitude of effective anti-malware tools at my disposal, but that doesn't stop me from learning about new tools which become available. As to whether the concept of this new Hitman Pro succeeds, your prognostication skills may be better than mine, but I prefer to reserve judgment for now. Personally, I found the Wilders link to be interesting and not particularly well-known info at the present time. If you're simply not interested, then that's your prerogative.

Bamse · « **Reply #19 on:** October 04, 2009, 03:22 AM »

I had trouble seeing point of your link in the context of this thread. May be you posted about Hitman as a reply to "Im tired of being told" post? Like dump resident 24/7 protection and just use Hitman? May be you did not. Well, if you want to know pros and cons about this one has to start from page 1. Reps. do not speak loudly of problems, like for example lack of quarantine so not able to deal with FPs. Might be ok to detect infections for the file types it can handle, removal/repair seems impossible to do safely. Impressive if Hitman can remove the latest and greatest rootkits, must have some offline features for that. Most other tools, even dedicated rootkit cleaners, struggle with this. Here just an added bonus in a file scanner. Of course that is how they announce product, called advertising. Cant see how it is more than an extended VirusTotal service. Not sure how much importance you think it has.

Have you tried it out? Seems to me it is hardly useful as an on-demand scanner. I put 9 highly malicious files in a c:\1 folder. Hitman skips. Report 2 files as Malware, both FPs. Not too bad actually but I have doubts how much it scans. Seems mighty fast. I move those 9 files under program files and try again, still skipped! So does Hitman check add/remove before starting to scan? Weird, but at least nothing went wrong during removal/repair

sajman99 · « **Reply #20 on:** October 04, 2009, 02:49 PM »

Bamse, no problem mate. I was just mentioning Hitman Pro as a new malware tool to generate discussion, not trying to make a recommendation for some wonder tool. Other posters seem to have broadly interpreted this thread so I figured what the heck.

Thanks for throwing some malware at Hitman Pro and giving your impressions. Seems too early to tell if it will evolve into a reliable on-demand scanner. I tested with Early Warning Scoring (EWS) enabled, and it scanned about 15,500 files in just under 2 minutes--great speed. But I agree it's hard to know precisely what this "behavioral scanner" is actually scanning (versus a more conventional signature-based scanner). It didn't detect anything on my system, but that wasn't surprising and it's hard for me to draw conclusions.

I definitely agree the lack of quarantine is a major flaw. Hitman Pro may still be in its early stages of development, but I'm not ready to fully trust any malware scanner without a quarantine option. If they add quarantine and continue to improve it over the next year or so, I could see myself adding it to MBAM, SAS, and a-squared(btw--likely to dump this one due to huge signature updates) for occasional checkups.

Innuendo · « **Reply #21 on:** October 04, 2009, 03:12 PM »

a-squared(btw--likely to dump this one due to huge signature updates)
-sajman99 (October 04, 2009, 02:49 PM)

Just installed A-Squared Free the other day and was shocked. 52MB download for the program and then a 60+MB download for the signatures. Holy crap!

Lashiec · « **Reply #22 on:** October 04, 2009, 03:40 PM »

Just installed A-Squared Free the other day and was shocked. 52MB download for the program and then a 60+MB download for the signatures. Holy crap!
-Innuendo (October 04, 2009, 03:12 PM)

Plus if you don't update it often, you have to download a fresh signature package next time you do it. Extremely clever app.

Bamse · « **Reply #23 on:** October 04, 2009, 03:49 PM »

Try Kaspersky

I did some more testing with a fresh infection which should be a nasty one "zeus/wsnpoem v2" - google it! Was a sad experience. Dr. Web Cureit found download and fixed hosts file, Norman Malware Scanner found download, Kaspersky Virus Removal Tool found download, Avast found download. None noticed it was already installed and running. Hitman found 1 of the infected files but it is recreated at boot. ESETs brilliant online scanner zero, Trend Micro scanner zero, Nortons zero. Could not test MSE since this Virtualbox Windows seems to have problems getting activated... I knew they would use MSE for extended check. So I fired up Malwarebytes - all detected, all removed/repaired. Got infected again, this time SuperAntiSpyware removed all except quite a few registry entries. Last ComboFix, did a 100% job except a few registry entries (I think). Problem is I can do this again with another type of infection and then may be Normans tool is the only one to offer any help. Toolbox must be huge. Good idea to always start with Malwarebytes and SuperAntiSpyware.

A2 Squared is pretty good, ugly and slow but massive database - I forgot to test that one. Be careful with FPs, expect tons. Malwarebytes is so great when it recognize stuff but price to pay is smaller view on the world of infections.

Malwarebytes perfect cleanup

Spoiler

Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 3

10/4/2009 7:40:10 PM
mbam-log-2009-10-04 (19-40-10).txt

Scan type: Quick Scan
Objects scanned: 83001
Time elapsed: 1 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

sajman99 · « **Reply #24 on:** October 04, 2009, 04:03 PM »

I've really liked a-squared (free version) for at least the last few years, but "holy crap" is exactly my reaction of late. While I realize you're supposed to update often to avoid large sig packages, who can remember to do that? I have an irregular work schedule, and I always forget despite best intentions.

Life is too darn short to spend all your time updating security apps.

Bamse, unfortunately you are correct about the false postives with a-squared. Still though-I've really like it until this update avalanche lately.