Microsoft Policies Help Virus Writers, Says Security Firm 166
Barence writes "Security firm Trend Micro has accused Microsoft of giving malware writers a helping hand by advising users not to scan certain files on their PC because 'they are not at risk of infection.' Trend Micro warns that by making such information available, Microsoft is effectively creating a hit list for malware writers. 'Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one,' the company's researcher, David Sancho, writes on theTrend Micro blog."
Do "Users" have a choice? (Score:3, Insightful)
I load up Malware Bytes or Super Anti Spyware or some other reputable Anti-Malware program, boot into safe mode, and do a scan of the whole PC.
Is it I, or anti malware developers, they are sending the message to? Because I certainly don't want to leave an inch of the computer unchecked.
Re:Do "Users" have a choice? (Score:5, Insightful)
If you trust a single byte on the possibly-infected disk, you're not scanning for viruses: You're asking pretty please for the virus to show itself. Most are polite enough, but why take the chance? Use a known-clean read-only media to boot from, and scan the entire drive.
Re: (Score:2)
I agree - sometimes I get called over because of an "Error" - and I just head over right after work. Turns out the Error is Malware, I didn't bring my LiveCD, what can I do? A majority will get by with safe mode scans. There are those particularily nasty ones though, and as you said, boot from CD, or set it up as a slave drive with the proper security measures.
Re: (Score:2)
Re: (Score:2)
Sounds like it's time for the Avira AntiVir Rescue System [free-av.com].
--- Mr. DOS
Re: (Score:2)
That's why I keep a stack of livecds in my trunk, next to the jack, and an ISO on my keychain in case the CDs warped in the sun.
Lately, most of my relatives have upgraded enough they can boot from USB.
Re: (Score:2)
boot into safe mode, and do a scan of the whole PC
Safe mode will do nothing to keep malware from loading at this point....
Get a WinPE Distro like http://www.ubcd4win.com/ [ubcd4win.com]
Re: (Score:3, Interesting)
To all the people suggesting PE discs - what AV do you use? The vast majority simply do not work in a preboot environment. The ones that do tend to be old versions, which are about as helpful in removing real threats as a dull knife.
In my experience, the overwhelming majority of viruses are removed by MalwareBytes in safe mode. The ones that aren't leave signs that MalwareBytes can detect (infections it can't delete or that reappear, etc.) The paranoid can confirm with a packet sniffer.
If you really wan
Re: (Score:3, Interesting)
To all the people suggesting PE discs - what AV do you use? The vast majority simply do not work in a preboot environment. The ones that do tend to be old versions, which are about as helpful in removing real threats as a dull knife.
You can use the included driverpacks app to include most LAN/WAN drivers and then use an online scanner if you like or you can install PE to a USB disk and install any Antivirus program you like.
In my experience, the overwhelming majority of viruses are removed by MalwareBytes in safe mode.
In my experience those people come back 3 days later with the same virus. MalwareByte's runs in PE now, as does SuperAntiSpyware and HijackThis and a number of Antivirus programs.
get a USB => IDE/SATA adapter from newegg. Pop out the hard drive and hook it up to a clean machine. Mount the registry hives using regedit, and do a scan with your favorite AV product. No relying on a potentially rooted machine, and no relying on an old/gimped AV product that works in a preboot environment.
That works or you can just use an PE Disk [ubcd4win.com] which will auto load your hives for you.
Then you can run which ever programs you want like Malwa
Re: (Score:2)
Use Avira AntiVir Rescue System [free-av.com] to get the system into a state where it can boot into Safe Mode, then finish off with MBAM [malwarebytes.org] and possibly SmitFraudFix [geekstogo.com].
--- Mr. DOS
Re: (Score:2)
It's more than just that. Super Anti Spyware needs to be set to scan all files (all files greater than it's predefined size, and all files of all types). MalwareBytes does not need a settings change.
Most other software either is not configurable (depending on version) or is configured to only scan "infectable" files.
My personal experience of late is that I have seen many "non-infectable" files infected such as images, text documents, "unknown" document types, and so on. When I install any AV or AS softw
Re: (Score:2)
Bart PE is a good way to do this. You create a cd on a different computer and use it to scan your suspect PC.
LK
Re: (Score:2)
Safe Mode does fine enough for most people. I've been cleaning out viruses for almost a decade now and all it takes is a scan in safe mode and knowing what files to delete. (Temp internet files, any other out of place programs)
There has been one instance where I chose to boot into an antivirus software from a live CD and that was able to clean it out. I would probably use something in the BIOS if I knew of one.
-
And of course, no "security" software is ever going to protect you from everything. No one wants
Re:Do "Users" have a choice? (Score:4, Informative)
Safe Mode does fine enough for most people. I've been cleaning out viruses
Viruses perhaps but malware keeps loaders running hidden in the background. All those things you remove reinstall themselves. I do system clean up work and I see it all the time plus often the malware won't even let you run programs like HijackThis, SuperAntiSpyware, or MalwareBytes.
And of course, no "security" software is ever going to protect you from everything. No one wants pre-emptive protection because it hinders their experience. If you know what you're doing, you won't fall for
This isn't really true. Things like IE, Flash, Shockwave and Acrobat have zero day exploits that will infect your computer if you stumble on the right email or site. I'd say 85% of infections are from user ignorance but the rest is luck and who you have contact with. (Outlook address books, etc)
As for viruses, trojans, spyware, and the likes - I tried to educate people once.
It's hard for people to grasp "there is nothing you can do to protect yourself except become a techie" You can browse the web with Java,Java Script,Flash,etc etc turned off and still have an APP that has a security hole that will infect your system.
But if you mean telling everyone to run Linux than sure that pretty much takes care of most of the problems but then you have to become their go-to person when ever they want to install something. It's all loose-loose, what really needs to happen is better enforcement of the network and better law enforcement involvement. Take all those people trying to protect the children and make them do some real work.
Re: (Score:3, Insightful)
You need not become an expert to protect yourself; you only have to achieve competency. That's all you need to exercise best practices. To give a tired old car analogy, they don't need to be mechanics, they just need to be safe drivers. I'll use the classic T
Re: (Score:2)
We already have laws against computer intrusion. The problem is twofold: catching the actual perpetrators, who go to great lengths to conceal their identities; and prosecuting them when they are in other countries/jurisdictions. Protecting the clueless is the same as protecting the children, only it's worse. It's worse because children cannot be other than children, while the clueless could decide that learning is important to them.
Some of them do go to great lengths, most do not but you are right in that there is only so much law enforcement can do so I'll leave it at that.
I think the marketing of most commercial software is partly to blame here. "Easy to use" isn't an inherently bad thing, but it is a disservice to users
I have problems with the way the software is marketed as well. The whole "protect your computer from everything bad with just our product" part is the worst.
I think the real way to deal with this is to put real security into Windows.
That simply will never happen. If it did then there would be anti-trust cases but it doesn't mater as it just won't happen.
Re: (Score:2)
It might happen if average users see enough counter-examples to understand that frequent malware infection is not some unavoidable, inherent aspect of owning a computer, that the belief that this was ever the case amounts to having had the wool pulled over their eyes. You get people angry because they feel like they've been lied to and screwed over, and they will consider alternative
Re: (Score:2)
I'm sorry but that's crazy talk. If you can't keep their windows free of spyware then it must be your fault.. Microsoft is a huge corp with billions so they must know how computer thingies work. It's all your fault and the fault of the last tech who couldn't help them visit lolcats.... your just trying to make money off them by making them come back over and over for the very same problem... /reality
Re: (Score:2)
Yes there is something you can do, run a base system from a read-only device
That is a good point. using linux to run a Virtual Machine of Windows and then having all of the Bookmarks, Documents, etc, etc pointed back to share's on that linux system while having the VR Windows load from a snapshop does work well. When someone needs to install something new they just need to do a clean boot, install their app and make a new snapshop. This does works in office settings really well.
Since did when did laws prevent the crooks from breaking the law
It doesn't, but putting these people in jail will reduce their numbers but not get rid of the problem com
Re: (Score:2)
That is a good point. using linux to run a Virtual Machine of Windows and then having all of the Bookmarks, Documents, etc, etc pointed back to share's on that linux system while having the VR Windows load from a snapshop does work well. When someone needs to install something new they just need to do a clean boot, install their app and make a new snapshop.
My 86 year old grandmother will be pleased as punch to hear this!! No more answering her stupid Windows questions anymore!!
Re: (Score:2)
My 86 year old grandmother will be pleased as punch to hear this!!
Will she understand any of it???
Re: (Score:3, Funny)
Re: (Score:2)
I doubt it, seeing her grasp on technology is as shaky as your grasp on sarcasm.
No I got it, perhaps I needed to include some sort of indication of such.
Regardless the only reason it doesn't work well at home is that lots of people want to play 3d games on their systems. Your grandmother would do well with such a setup... but you probably don't really have a grandmother....
Anyway... yeah...
Re: (Score:2)
You can browse the web with Java,Java Script,Flash,etc etc
I see, you're twelve years old and don't understand how to wite yet. Never mind then.
I'm not, but if I was, why would it mater? Are you not allowed to talk with them by court order or something?
Re: (Score:2)
It's not a matter of being allowed, it's a matter of not wanting to.
Re: (Score:2)
- And of course, no "security" software is ever going to protect you from everything. No one wants pre-emptive protection because it hinders their experience.
True... I really like Spyware Terminator with ClamAV, but it creates more problems for my customers than it solves. They either:
(A) Disable it (usually because they keep forgetting to enable "Install Mode" when installing something)
(B) Disable the "Real Time Shield"
(C) Block everything - leading to numerous programs not working properly
(D) Allow everything - leading to a nicely infected machine and ST fighting the never ending battle of removing the infections
Ah well... no amount of attempted trainin
Re: (Score:2)
Try this for size : stop getting viruses.
Then, shock horror, you'd not need to be "cleaning out viruses" for the next ten years.
I know, I know : "it's impossible", "it'll never work", "will nobody think of the poor AV vendors?", "bloody lusers couldn't avoid a virus even if you switched the computer off and arc-welded the removable drive bays shut".
I go
Re: (Score:2)
Actually you can run a command from the installation CD to drop a copy of the recovery console to your PC. The pain in the ass is that the recovery console doesn't allow you to run programs - just a specifically whitelisted set. But of course that set lets you enable/disable drivers and services, as well as manipulate the registry.
Also... (Score:5, Funny)
Re: (Score:2)
So the ext4 approach to data consistency?
This is the worse troll ever...
Are you serious? (Score:4, Insightful)
Re: (Score:2)
And relevant they are.
This week: six different local 'family' machines needed junk scraped from them by yours truly, the tech support guy. Why? They didn't understand about renewing their AV subscriptions-- and got infected. Does Microsoft have something inherent in Windows, native to the OS, that prevents contamination? No. Do their products distribute freely with uptodate malware and virus prevention and thwarting? No. Users have to dig for them, install them, and hope that Microsoft's protection is suffi
Re: (Score:2)
Joe Sixpack does not read the Microsoft KB, true. However, he pays the highest price for the malware problem as you point out. The bickering between Microsoft and AV vendors does at least indirectly affect him. Now, I'd assume that Microsoft would be the foremost expert on Windows for obv
Re: (Score:2)
Even if there were a Final Ultimate Security Solution for Windows
My MS Rep told me Windows 7 WAS that???
Re: (Score:2, Interesting)
Re: (Score:2)
Heck as a 27 year old Marine it makes for some fun reading and something to browse for while at work.
Re: (Score:2)
It's as easy to put your malwars in a secure place as it is to put in "my documents", and would be more effective in a "secure" place. If I were writing/spreading malware I'd be hiding it where AV software doesn't look.
After all, the lowest hanging fruit would be unpatched machines with no AV at all.
I hate to remind you of this, but, (Score:2)
Microsoft doesn't have any real business interest in secure machines.
Their reputation is secure among the believers no matter what they do, and their reputation is un-redeemable among those who are not Microsoft believers. They have enough money to buy the hype necessary to cover anything up, relative to the people who spend the most on Microsoft software.
Shoot, the, "I can't be such a fool!" syndrome helps Microsoft's bottom line when people have to pay to fix Microsoft's bugs.
No, this makes no sense. Sayi
Really? (Score:5, Informative)
Ok, so buried somewhere in the middle of an online support page about some potential file type exclusions MS mentions:
*.edb
*.sdb
*.log
*.chk
Ok first, I have to assume that most computer users will never see this. I am not concerned that the next time I see my parents computers that they'll have set up file type exclusions.
Second, if you're excluding file types from scanning, those are probably good one to exclude. These are files that have contents that are constantly changing and are not generally executable.
Third, this stinks of "Hey listen to us! Then buy our antivirus."
"Following the recommendations does not pose a significant threat as of now" But it may some day? Well no shit, doesn't that go for everything?
Am I missing something? Is this a ridiculous strech just to bash Microsoft or something? How is this an important read?
It used to be... (Score:5, Insightful)
See the trend ? The problem is not that the content cannot be executed, it is that more and more the decoder/reader for such file is looking at active markup or script which allow virus maker to exploit fault (buffer overflow) or execute their own script. Now a days I would not put it past a crafty virus maker to exploit flaws in notepad...
Re: (Score:2)
Only Windows Media Player accepts executable code at the end of a video. Most other media players still do not do that so they are not susceptible to that attack. With the Outlook image thing, it's actually a VBS file with the .gif or .jpg somewhere else in the name and the actual extension spaced way off at the end, so images are actually still ok. Admittedly, turning off the display of extensions is a boneheaded move that MS still makes on their OS. It seems to be their way of trying to be more "Mac l
Re:It used to be... (Score:4, Informative)
Keep telling your users that. Tell them that QuickTime is just fine. (along with Acrobat reader, while they are at it).. And no 3rd party media players have ever had buffer overflow problems...
then there was the whole Image thing.. http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx [microsoft.com] makes it sound a little more serious than just murking with the file-name.
Re: (Score:2)
Re: (Score:2)
Ahh, remember the 90's, when people would forward chain mails about how even looking at an email with a certain subject would wipe your entire hard drive? And then how us IT people would have to tell people that it was okay, that reading emails was fine, they were just text, just never, ever execute an attachment you weren't expecting...
Then outlook got real popular in companies...
Course, they also used to forward chain mails about "if you forward this to 10 people, Bill Gates would send you $200." and we
Re: (Score:2)
and we would have to tell them that emails can't be tracked like that..
You were wrong!! I can't believe you missed that opportunity!!!1 I just received a check from Bill Gates c/o Microsoft Corp. in Redmond, Washington for $1,689.34. It's works! But if you don't forward this to all your friends, someone from Microsoft will come around to collect what you owe!
...
Re: (Score:2)
Course, they also used to forward chain mails about "if you forward this to 10 people, Bill Gates would send you $200." and we would have to tell them that emails can't be tracked like that.. Of course, with 1x1 images in emails now.. they can..
Actually, the majority of mail clients now won't load images from remote servers. Tracking email was much more effective in the Windows 9x days than it is now.
Re: (Score:2, Insightful)
Meh... I think the problem is that about fifteen-some-odd years ago, Microsoft decided against all convention that storing auto-executable code and scripts inside data files was a great idea.
Re: (Score:2)
Now a days I would not put it past a crafty virus maker to exploit flaws in notepad...
http://seclists.org/fulldisclosure/2008/Jan/339 [seclists.org]
Yes it is a joke, but a funny one!
Re:Really? (Score:4, Informative)
The MS Article also gives specific recommendations for domain controllers and servers, which make good sense as well. The files they list include startup scripts and GPOs which get heavy use. AV can induce severe problems if it kept locking the files. On the flip side, you should keep an eye on those files as a compromise (not necessary a generic detectable virus) could compromise your entire domain. Also note that you should exclude the database files on an Exchange server. Aside from the huge performance hit, you really don't want the a/v software deleting or screwing up the entire exchange store if it sees a virus buried way down in a single email.
Re: (Score:2)
If your AV software is killing your Exchange database then you should be fired for running it. All the relevant AV vendors provide Exchange integration. I've seen NT 4 boxes with it (it's not new).
Home editions are for home computers not for your business' servers. Get the AV package that says "server" on it.
Re: (Score:2)
Okay, hop off that pedestal of superior knowledge for a moment. There are a lot of small businesses running exchange. A significant portion of whom are running consumer or small-business versions of antivirus including those intended for servers. Now realize that their IT guy is usually only part time and probably not an expert. A recipe for disaster I know, but small businesses can't devote much resources to IT.
As for antivirus vendors, Symantec Endpoint Protection client for servers installs just fine an
Re: (Score:2, Interesting)
Excluding any files on the computer is a bad thing, and needs to be discouraged.
Re: (Score:2)
Whose to say that the malware doesn't have an executable renamed to a have a log extension, and the antiviruse skips over it. How trivial would it be to have a loader that does nothing except load "safe" files and do its bad things under the cloak of "but its a log file.... it should be safe".
Excluding any files on the computer is a bad thing, and needs to be discouraged.
So if you manage to get an executable onto the system, you can then use it to execute a malicious payload hidden in a seemingly innocuous file?
If I can get an executable on the system, I have already compromised your security. Why bother with a hidden payload at that point?
Re: (Score:2)
The point is that I have already gotten you to execute a malicious executable. What more have I gained with a hidden payload? The damage is already done.
I will grant that this does open up one new vulnerability - I can write new malware that can be used to help the user execute old malware that is already known to the AV scanners.
But I still say that once I have gotten you to execute malware I don't worry about getting a second payload in place.
Re: (Score:2)
i didn't read the article or the KB but from the types you have listed - first thing came to mind.
exchange.
edb/sdb belong to exchange stores - log is common but also used for transaction longs and chk if i remember right is used when rebuilding from TL's or doing an offline defrag.
given the type of shit thats in mailboxes and queues and that it isn't executable - sure stuff is there but not a risk.
then given the normal actions of AV software (hey i found shit in this file -remove handles deny access - hey u
Re: (Score:2)
Yeah, in exchange's case what you need is something that hooks into the databases and scans the mail directly. Scanning a database as a virus just isn't going to work. It's like a zip file with a virus inside. You can scan the zip file and it'll pass. You need to look inside to figure out if you're safe.
Re: (Score:2)
Third, this stinks of "Hey listen to us! Then buy our antivirus."
It's an antivirus vendor blog FFS, what did you expect?
Why do so many of them end up as front-page stories? Don't ask me.
Re: (Score:2)
Am I missing something? Is this a ridiculous strech just to bash Microsoft or something? How is this an important read?
The entire idea of scanning for signatures is what's ridiculous. This broken model of ring-based security is what's ridiculous. Buy into those ideas and yeah, it would make sense then to exclude certain file types.
What's needed is something like Tripwire, built into a bootable flash drive and Microsoft (and other vendors) releasing hashes of their files. But it's easier to do reactive security than proactive security -- and by easier I mean shoving the costs onto the consumers. At least then we could verify
Re: (Score:2)
I don't think that ring-based security is broken merely because Microsoft and developers of most Windows software refuse to utilize the principle of least-privilege. OpenBSD uses the ring-based security of modern processors to great effect.
Re: (Score:2)
OpenBSD uses the ring-based security of modern processors to great effect.
True, but then OpenBSD was designed with security in mind from the ground up.
Re: (Score:2)
True, but then OpenBSD was designed with security in mind from the ground up.
No, it's just really well audited and minimally configured to the point of uselessness by default.
If it was designed "with security in mind from the ground up", it wouldn't have a superuser and it sure as hell wouldn't be using the archaic user/group/other security model of traditional UNIX.
Vista & Windows 7 (Score:2)
Maybe Microsoft should just say: Vista and Windows 7 are so secure there is no point in scanning anything. As these OSs are safe because of UAC :)
Re: (Score:2)
Mac's attitude towards viruses is they don't exist.
What is this round Earth concept you speak of? It intrigues me.
Nothing new (Score:4, Informative)
Re: (Score:2)
You mean like DEC [wikipedia.org] helped to write the first computer virus in the world?
Don't virus-check database files (Score:5, Informative)
The blog points out that edb.chk and *.log files should be excluded. These files are used by the ESE/ESENT database engine (used by the Active Directory, Exchange Server, Windows Desktop Search, etc.) for database recovery and contain a list of physical database updates, in binary form. Historically the problem has been that these files can contain almost any byte sequence so virus checkers would start flagging them as infected and quarantine them, breaking database recovery. This can be particularily nefarious for Exchange Server because mailing an infected file as an attachment causes the same bytes to appear in the logfiles. If a virus checker quarantines the logfile then database recovery can be broken -- a neat DOS attack.
As the logfiles aren't executable, but can contain any byte sequence there isn't any benefit to checking the files, but a lot of damage can be done by 'repairing' or quarantining them.
Re: (Score:3, Interesting)
But by the same logic, I could write a virus that hides itself in files called edb.chk and mail.log and keep the code that a virus scanner would find in there. Then just load that into memory from some stub program.
That's what the article is warning about.
Re: (Score:3, Informative)
Any such stub program that loads random binary code from a non-executable file and executes it would likely be identified as a virus itself by any decent AV scanner.
Re: (Score:2)
But by the same logic, I could write a virus that hides itself in files called edb.chk and mail.log and keep the code that a virus scanner would find in there.
This virus brought to you by the Dept. of Redundancy Department.
Re: (Score:2)
You also don't want to check any intensively accessed files in general. It can add a lot of overhead if the thing is being continually accessed by many different users/processes.
For example on my system I have excepted EWI and EWS files from checking. Those files are the instruments and samples for the virtual instruments I use. The reason for the exception is that they are accessed in a very intense manner. The system has to read them in very quickly to stream sample data off the disk in realtime and you c
won't make a bit of difference (Score:2)
It won't make a bit of difference,as AV software don't work already. A more realistic solution being to allow a whitelist of know good software.
'Why is "Enumerating Badness [ranum.com]" a dumb idea? It's a dumb idea because sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of
Re: (Score:2)
Then the malware writers would write viruses that attacked programs in the white list. A better approach would be better QC by the software companies; it's hard for a worm to wiggle through a hole that isn't there.
get your solution here .. (Score:2)
The whole point is... (Score:2, Interesting)
Re: (Score:2)
Yes, so really, if you're already infected, the virus can pretty much do whatever it wants to your system, including breaking your antivirus. The "security concerns" with excluding those extensions are not really security concerns at all.
Alternate Data Streams (Score:2, Informative)
As I understand it, any file in an NTFS partition can have one or more Alternate Data Streams [securityfocus.com] associated with it, regardless of its type or location. So if you tell someone not to scan something like "Edb.log", does that imply that they should not scan "Edb.log:virus.exe" either?
I have to agree with Trend Micro on this one. Completely skipping specific files in specific directories may prevent performance issues, but it may also make it easier for malware authors to find new hiding places.
This is sick! (Score:2)
In this day and age we should not need antivirus software and firewalls- Microsoft wake up! What the hell is going on here? A whole market devoted to protecting an OS that we all have to pay for when we buy a new PC? ... every day ... until they give in...
So, Microsoft taxes all new PCs, and we pay av vendors even more to protect the Microsoft OS.
This is surreal and sick.
We should ALL demand that our employers use Ubuntu
Re: (Score:2)
So exactly how do you propose that an operating system prevent a user from downloading m
Re: (Score:3, Insightful)
Partly because the notion of distro-maintained repositories, containing tens of thousands of packages, vetted and verified by people who know way more than you or I, and subsequently checked by thousands of people who use them and examine them, is an inherently safer method than the Microsoft ecosystem method of "search the web and download unknown binary installers from god-kno
Re: (Score:3, Funny)
We should ALL demand that our employers use Ubuntu
Mr Employer, can I interest you in an open-source, free, screensaver ?
Re: (Score:2)
Then when Linux is attacked in the same way as Windows we will see just how secure it is? There have been viruses written for Linux, it is not inherently secure.
Re: (Score:3, Insightful)
Then when Linux is attacked in the same way as Windows we will see just how secure it is? There have been viruses written for Linux, it is not inherently secure.
With the millions of Linux machines out there, you'd think at least some of those viruses would be propagating in the wild. Not a large number, mind you, because of Linux's small percentage of marketshare. But if Linux is no more secure than Windows, that number should be significantly more than zero. Yet it isn't. Your common sense should tell you that this is a flaw in your theory there.
The viruses that exist for Linux are generally proof-of-concept examples, but they aren't actually attacking and
Re: (Score:2)
Network affect [wikipedia.org].
Re: (Score:2)
Simplistically, an operating system's job is to move the magnetic head on the hard disk and load bits from the hard disk, copy them into memory and set the CPU instruction pointer so the bits are read by the CPU as instructions and thus the executable executes till a pre-emptive interrupt is triggered after the specified time slice.
I cant for the life of me think of anything in *ANY* operating system that would prevent that. The only way to prevent such an executable from executing would be to know before h
Re: (Score:2)
That would require that the target have python.
Re: (Score:2)
We should ALL demand that our employers use Ubuntu ... every day ... until they give in...
Oh boy.
Oh boy.
Your employer pays Microsoft to use Microsoft's OSs. If your employer wants to stop paying Microsoft and use Ubuntu, I'm sure they can. Maybe they don't want to. In which case, demanding it probably won't do too much for you.
Of course, if someone actually demonstrated the same efficiency, no configuration issues, no breakages every time Ubuntu decides to roll out an upgrade, etc., maybe more employers would listen. Or perhaps if Ubuntu offered paid support (do they? I don't know).
There's a
Re: (Score:2)
Re: (Score:2)
Yeah, good luck with that. I'm sure the other guy, ya know, the one that's willing to use Windows, will enjoy taking your job.
Question (Score:3, Interesting)
I've just configured a new laptop and told the anti-virus to ignore *.jpg, *.avi and *.mp3 on my understanding that it's not possible to hide malware in them and that it will make the scan significantly quicker.
Am I right? Or is it a good idea to remove those exclusions?
Re: (Score:3, Informative)
There have been issues with actual media files like *.png that caused a buffer overload in the image decoder and would allow execution of code embedded in the image itself.
However it is better to actually fix the buffer overflow instead of scanning files. I guess the only real use for virus scanners, if you and manufacturers keep your system up to date, is to not allow said file to be transported to an other computer that has not been updated.
That is what most linux and os x virus scanners mostly do, to mak
Re: (Score:3, Informative)
I've just configured a new laptop and told the anti-virus to ignore *.jpg, *.avi and *.mp3 on my understanding that it's not possible to hide malware in them and that it will make the scan significantly quicker.
If you're running an operating system where the permissions are such that everthing is executable by default, do you really think that pursuing file extension related tweaks will solve your problems?
Sorry, but I'm having trouble not laughing. Not at you personally. You'd think Microsoft would have
Re: (Score:3, Informative)
You'd think Microsoft would have weaned itself from their perverse reliance of file extensions years ago when people first started clamoring about .386 files. JPEG files have a .jpg or .jpeg extension, but log files have an .evt extension. Unless it's a log file. But what kind of log file is it?
Don't forget .nfo files. For the longest time, I could count on .nfo files containing the oh some important information about who cracked and couriered my warez. Then Microsoft decided to co-opt the file extension
Re: (Score:2)
Don't forget .nfo files .. Microsoft decided to co-opt the file extension for System Information files. The bastards!
LOL. I haven't gotten over that one myself. At the time, I suspected it was deliberate choice, and a portent of Bad Things to come (WGA, as it turned out).
IIRC, within a year of that change, I stopped using Windows altogether and left the warez scene behind me. Funny how those two go hand in hand.
Re: (Score:3, Informative)
My virus scanner (MS Security Essentials) picked up a few viruses in mp3 files recently. On further investigation, apparently they weren't mp3 files at all. They were labled as mp3 files, but were in some other format that prompted Windows Media Player to download a codec from somewhere that contained the payload.
If you listen to your mp3 files on Winamp, maybe you are OK. Or maybe you are only OK if you update to the latest version which has a security fix.
Re: (Score:3, Informative)
You're all right with JPG, not sure about AVI, but if you use Windows Media Player don't whitelist MP3. WMA files (IIRC, it's windows' compressed sound files that are the problem) can have DRM, and its DRM allows it to run other programs. If you rename them with an MP3 extension, most media players will choke, but Windows Media Player will happily run it, DRM virus and all. I tested this several years ago.
I do remember a few years ago that one picture viewer (don't remember which one) had a bug that allowed
Re: (Score:3, Informative)
A computer law is needed (Score:4, Insightful)
Wait a minute! (Score:2)
Any AV has a select files to avoid functionality, to bypass going through files that you know are ok, and save some time from the memory hog that our AVs are these days. So in fact, if we can say forget about these to an AV, why would this be any different.
As long as M$ allows that list to be modified to have nothing in the list to avoid, as per each user's preference when installing, I have no problem. The problem comes when M$ decides for you, and does not allow any changes to that config.
I am not a fan o
File extensions aren't the biggest problem (Score:2)
The biggest problem is getting the system secured to the point where remote sites can't drop the files in the first place. Scanning executables isn't going to get you 100% infection free anyway because newer exploits change the stealth algorithm all the time. People need to move away from this idea that virus scanning is the first line of defense because it's not. All it is, is damage control.
Re: (Score:2)
I've used Zonealarm in the past (was one of the beta testers long ago) but now that Win7 includes a true bi-directional firewall, I don't use it. What I've done is the same as I would on a *nix box. Simply deny all both directions then open the minimal exceptions I actually need. Yep even firefox gets no direct connection (goes through my proxy server) and it's the same for those few apps that actually need net access. Otherwise Nothing and I mean absolutely nothing is granted permission by default, includi