Fake Antivirus Overwhelming Scanners 334
ChiefMonkeyGrinder writes "Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008."
Re:The worst offenders (Score:4, Interesting)
Makes me wonder how many computers percentage wise are really infected out there with back-doors.
Very scary zombies everywhere.
Yeah, very very scary... (Score:5, Interesting)
My netbook required an update to MacAfee ("free" from Comcast) because one part of it stopped working, and during its first scan, it started reporting a problem. Wouldn't tell me what the problem was unless I let it run for twelve hours to scan the whole system. I tried stopping it and looking at logs, I tried looking at logs while it was running, nothing other than the "ominous" 1 under "detected threats".
Turned out that it was reporting the crack program that allows me to run Duke Nukem without the CD -- since the netbook doesn't have a damn CD and I own the copy of Duke Nukem. MacAfraid called it "a program you might not want to have".
Phhhht.
Re:The worst offenders (Score:4, Interesting)
McAfee is bad lately as well. Completely ignored the infection of two machines on our network the other day. We had to use Malwarebytes to find on one, and interestingly enough, Microsoft Security Essentials seemed to do a good job at finding and cleaning the other one.
McAfee not even detecting these is worrisome though. We've got like 300 CPU's, all EPO protected, and for all I know they could all be infected.
Re: Fake Antivirus Overwhelming Scanners (Score:3, Interesting)
frustrating as hell (Score:5, Interesting)
What really annoys me is the fact that the mainstream antivirus products (Panda, Symantec, McAfee, etc.) do such a crappy job of dealing with these rogue antivirus things. Most of them don't do a thing. Don't detect the rogue stuff, don't disinfect it, nothing.
Which means that we have to use something like Malwarebytes or Spyware Doctor to remove them.
This is especially annoying for us... We're outsourced IT for our clients. We aren't there every day to take care of everything they need. We set things up as safely and securely as we can, manage it all as best we can, but we can't lock things down as tightly as I'd like because these folks need to be able to operate without us - installing their own software and updates, things like that. So it's only a matter of time before one of our clients stumbles into one of these rogue antivirus products.
Does anyone know of a good, centrally-managed (like Symantec of Panda) anti-virus/malware package that actually detects these rogue things?
Motivation (Score:5, Interesting)
This is all the free market working against the unfree market. In a free market competitors work to make the best product to make the most money. Right now, that's malware writers, each trying to outdo one another and make the best trojans to get the most bots and personal info.
In a free market consumers would buy computers best suited to deal with this threat, with defenses that appropriately reduce this threat to a small subset of their customers. But, since we have one player with a huge amount of influence on the desktop OS market, with huge influence on computer makers and other markets and who has built substantial barriers to prevent consumers from trying other options, desktop OS's are not adapting appropriately. Why should they if it is not losing them significant money?
Trojans aren't some unsolvable problem, but for the most part they are a problem that needs to be dealt with at the OS level. Add on software from computer makers is only going to be partially effective. SELinux, for example, does a reasonable job of mitigating trojans in the secure workstation market, but has not been adapted to the consumer desktop market as yet because it requires integration on the part of application developers and there is no real motivation to do that. Linux and OS X desktops don't face significant levels of attack. Windows doesn't lose real money when it fails to defend against them. Why would anyone who understands the benefits of free market capitalism expect anything but to have malware writers win. They have direct, financial motivation.
Seriously, MS could easily create a sandboxed backwards compatibility layer (they already have). They could easily require all software that did not have a proper signature and an ACL to run in a restricted sandbox. They could dump money into crafting a good UI for it and motivating developers by restricting access to new, useful APIs. The real question is, why should they, as a business, spend that money?
I have a modest proposal that will solve this problem and a lot of other problems all stemming from the same cause. Break up Microsoft. Seriously. They're repeat offender antitrust violators. Break them up and give at least two new companies complete rights to use all the source code and patents and an equal portion of the human resources and capital. Forbid these companies from any nonpublic communication or any agreements they don't offer to other companies with the same terms.
When you have executives at MS-A and at MS-B both realizing they have to do something to win sales contracts from Dell and HP and Sony and Asus guess what, they'll have to compete. Then their financial well being will depend upon which can deliver a better product at a lower price. Neither will be able to strongarm customers or people in other markets. They'll have motivation to fix the flaws in Windows and the accompanying software that people have been learning to work around for decades. And neither company will have to worry about antitrust concerns and will be able to bundle whatever crap they want including their version of IE. I'd be willing to bet if our justice department had the balls, the malware problem would be a minor annoyance in 5 years time.
Re:The worst offenders (Score:2, Interesting)
Re:Pay For Full Version (Score:0, Interesting)
The best part comes when you start firefox again after killing it, it will automatically go back to the website you were on WITHOUT ASKING.
Re:Major pain (Score:2, Interesting)
Re:Getting these all over the place (Score:3, Interesting)
Agreed. Until very recently, I worked in a computer service shop, and MBAM proved so useful that I purchased a license for the full version just to support Malwarebytes (I wasn't running Windows at the time, so the license was essentially useless to me). Well, now I'm back running Windows (I installed 7 on my laptop Tuesday night to get a good look at it before people start bugging me with questions about it), and I must say, the real-time scanner is nice - it's very lightweight (the service is currently consuming just over 25MB memory; about half of what AVG 8.5 usually grabs), and it's successfully detected a few test cases I threw at it.
--- Mr. DOS
Re:Try Moon Secure (Score:2, Interesting)
Re:AV2009 To The Rescue (Score:2, Interesting)