I received a warning from Google ......

[~BD~]

~BD~ wrote:

> *Now* you may enjoy the photographs of the luxury yacht!
>
> http://www.uncoached.com/2010/04/06/luxury-yacht/
>
> Fancy a cruise? ;-)

Moving on ..........

At that link, there is an advertisement for working at home which I
followed. I then elected to proceed to
http://myincomeconnection.com/landing-bcv195/ and completed false detail
so that I could watch the video presentation.

I was then asked to complete detailed information on this 'secure' site:-

https://myincomeconnection.com/promo...ntractor_id=1&

OR

http://preview.************/2us8mbl

I've always been led to believe that 'https' (padlocked) sites are safe
to use, but on this occasion I received yet another warning (from the
Browser, I think - Sea Monkey) which said ........

http://i37.tinypic.com/1z2zof5.jpg

I'm simply wondering if there's something not quite bonio fido about
what's going on here.

Thoughts welcomed from the gurus (and others!)

--
Dave - *I* have elected to share this with my pals on scorched-earth!

[Ant]

"~BD~" wrote:

> At that link, there is an advertisement for working at home which I
> followed. I then elected to proceed to
> http://myincomeconnection.com/landing-bcv195/ and completed false detail
> so that I could watch the video presentation.

Why? Don't you know that "work at home" schemes are ripoffs/scams?

> I was then asked to complete detailed information on this 'secure' site:-
>
> https://myincomeconnection.com/promobcv195/?[...]
> OR
> http://preview.************/2us8mbl
>
> I've always been led to believe that 'https' (padlocked) sites are safe
> to use,

It just means that traffic between you and the site is encrypted but
says nothing about the goodness or badness of the site.

> but on this occasion I received yet another warning (from the
> Browser, I think - Sea Monkey) which said ........

"You have requested an encrypted page that contains some unencrypted
info...".

That's true because the video link there is hosted on screencast.com
which is fetched by http rather than https.

[~BD~]

Ant wrote:
> "~BD~" wrote:
>
>> At that link, there is an advertisement for working at home which I
>> followed. I then elected to proceed to
>> http://myincomeconnection.com/landing-bcv195/ and completed false detail
>> so that I could watch the video presentation.
>
> Why? Don't you know that "work at home" schemes are ripoffs/scams?

It was just for general interest because I *had* heard that such schemes
are ripoffs/scams! I wanted to see for myself.

>> I was then asked to complete detailed information on this 'secure' site:-
>>
>> https://myincomeconnection.com/promobcv195/?[...]
>> OR
>> http://preview.************/2us8mbl
>>
>> I've always been led to believe that 'https' (padlocked) sites are safe
>> to use,
>
> It just means that traffic between you and the site is encrypted but
> says nothing about the goodness or badness of the site.

That I /do/ understand! I'm also aware that a key-logger can detect and
store what is being typed on a keyboard *before* such encryption takes
place. That little voice inside my head suggests that if there is a
padlock, the actual site will have been checked more thoroughly - social
engineering, eh?!!!

>> but on this occasion I received yet another warning (from the
>> Browser, I think - Sea Monkey) which said ........
>
> "You have requested an encrypted page that contains some unencrypted
> info...".
>
> That's true because the video link there is hosted on screencast.com
> which is fetched by http rather than https.

Thank you for explaining that. My real concern was that, perhaps,
personal details, including credit card number, might be accessible by
third parties.

Btw, if you had physical access to a Windows machine, is there a simple
check you could carry out to quickly determine if the machine had,
indeed, been compromised? (other than scanning with anti-malware
programmes).

--
Dave - I've learned so much, yet know so little! ;-)

[Wolf K]

Someone wrote:
>>> I've always been led to believe that 'https' (padlocked) sites are safe
>>> to use,

Not so. It just means that messages exchanged between it and your
computer are encrypted. This makes the mutual messaging "safe" in the
sense that an outsider who intercepts the messages will be unable to
read them without some effort (usually more than the likely payoff is
worth.)

But the website itself may still be or contain evil.

cheers,
wolf k.

[~BD~]

Wolf K wrote:
> Someone wrote:
>>>> I've always been led to believe that 'https' (padlocked) sites are safe
>>>> to use,
>
> Not so. It just means that messages exchanged between it and your
> computer are encrypted. This makes the mutual messaging "safe" in the
> sense that an outsider who intercepts the messages will be unable to
> read them without some effort (usually more than the likely payoff is
> worth.)
>
> But the website itself may still be or contain evil.
>
> cheers,
> wolf k.

Thank you 'Wolf K' - your comment appreciated.

[Ant]

"~BD~" wrote:

> Ant wrote:
>> "You have requested an encrypted page that contains some unencrypted
>> info...".
>>
>> That's true because the video link there is hosted on screencast.com
>> which is fetched by http rather than https.
>
> Thank you for explaining that. My real concern was that, perhaps,
> personal details, including credit card number, might be accessible by
> third parties.

Never mind 3rd parties, I wouldn't trust the site itself with details
like that.

> Btw, if you had physical access to a Windows machine, is there a simple
> check you could carry out to quickly determine if the machine had,
> indeed, been compromised? (other than scanning with anti-malware
> programmes).

No.

[FromTheRafters]

"~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message
news:RoCdnRN8Ae0B1P_RnZ2dnUVZ8vGdnZ2d@bt.com...

[...]

> Btw, if you had physical access to a Windows machine, is there a
> simple check you could carry out to quickly determine if the machine
> had, indeed, been compromised? (other than scanning with anti-malware
> programmes).

Yes, but not very simple really. The problem is that you could *not*
determine that it had *not* been compromised. Most malware is going to
want to "do stuff" with the computing power it is stealing from you, if
it does that stuff - you know the machine has been compromised.

IOW, if it spews out malicious packets when you sufficiently emulate a
networking environment for it (or use a "test network"), that's a pretty
good indicator. However, If it doesn't do any obvious stuff, it doesn't
mean anything at all.

[~BD~]

FromTheRafters wrote:
> "~BD~"<BoaterDave~no.spam~@hotmail.co.uk> wrote in message
> news:RoCdnRN8Ae0B1P_RnZ2dnUVZ8vGdnZ2d@bt.com...
>
> [...]
>
>> Btw, if you had physical access to a Windows machine, is there a
>> simple check you could carry out to quickly determine if the machine
>> had, indeed, been compromised? (other than scanning with anti-malware
>> programmes).
>
> Yes, but not very simple really. The problem is that you could *not*
> determine that it had *not* been compromised. Most malware is going to
> want to "do stuff" with the computing power it is stealing from you, if
> it does that stuff - you know the machine has been compromised.
>
> IOW, if it spews out malicious packets when you sufficiently emulate a
> networking environment for it (or use a "test network"), that's a pretty
> good indicator. However, If it doesn't do any obvious stuff, it doesn't
> mean anything at all.

Hmmmmm! Thanks for that. 'Ant' said quite simply, "no"!

I said - on another group:-

> I wonder how many realise that installing an anti-virus programme
> > *after* a machine has already been compromised might well give
> > comfort to the user ...... but provide absolutely NO protection from
> > malware!

Dustin Cook said in reply:-

"*That's not true, BD*. In fact, if the malware is known to the
antivirus app, there's a very good chance it can be removed without harm
to the system."

**

I'd also said:-

> > In other words, today's 'nasties' can (and do) protect themselves
> > when subjected to what they consider an attack! Bad news!

Dustin Cook responded:-

"They don't do anything "new" today that they couldn't do back in the
80s and 90s. "rootkit" on windows is another word for stealth, it just
sounds better in newsprint."

**

/I/ think *Dustin* is wrong. I believe that installing an anti-virus
programme on an already compromised machine is, in all probability, a
futile exercise.

I'd be interested to learn the views of others on this particular matter.

--
Dave

[FromTheRafters]

"~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message
news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com...
> FromTheRafters wrote:
>> "~BD~"<BoaterDave~no.spam~@hotmail.co.uk> wrote in message
>> news:RoCdnRN8Ae0B1P_RnZ2dnUVZ8vGdnZ2d@bt.com...
>>
>> [...]
>>
>>> Btw, if you had physical access to a Windows machine, is there a
>>> simple check you could carry out to quickly determine if the machine
>>> had, indeed, been compromised? (other than scanning with
>>> anti-malware
>>> programmes).
>>
>> Yes, but not very simple really. The problem is that you could *not*
>> determine that it had *not* been compromised. Most malware is going
>> to
>> want to "do stuff" with the computing power it is stealing from you,
>> if
>> it does that stuff - you know the machine has been compromised.
>>
>> IOW, if it spews out malicious packets when you sufficiently emulate
>> a
>> networking environment for it (or use a "test network"), that's a
>> pretty
>> good indicator. However, If it doesn't do any obvious stuff, it
>> doesn't
>> mean anything at all.
>
> Hmmmmm! Thanks for that. 'Ant' said quite simply, "no"!

He answered the question I think that you *meant* to ask.

"Is there a simple way to show a system is *not* compromised once you
have physical access to the machine aside from using antimalware
antivirus tools?" - and since absence of evidence is not evidence of
absence the answer is indeed no - even with AM/AV.

> I said - on another group:-
>
> > I wonder how many realise that installing an anti-virus programme
> > > *after* a machine has already been compromised might well give
> > > comfort to the user ...... but provide absolutely NO protection
> > > from
> > > malware!

True, it could be installed and be kept from accessing certain areas by
a rootkit.

> Dustin Cook said in reply:-
>
> "*That's not true, BD*. In fact, if the malware is known to the
> antivirus app, there's a very good chance it can be removed without
> harm to the system."

True, and the reason is that most of those apps will attempt to remove
known installed malware before it actually installs itself on the
machine. Many of them check for rootkits before allowing installation to
proceed. So, what Dustin said was true, but your eyes might have glazed
over when he wrote the word "known".

The Virus Description Language used to create the definitions to detect
and identify a malware item also includes clues as to how to go about
removing the identified malware.

> I'd also said:-
>
> > > In other words, today's 'nasties' can (and do) protect themselves
> > > when subjected to what they consider an attack! Bad news!
>
> Dustin Cook responded:-
>
> "They don't do anything "new" today that they couldn't do back in the
> 80s and 90s. "rootkit" on windows is another word for stealth, it just
> sounds better in newsprint."

True again, some actual viruses have in the past used some of the same
tricks that are essential to rootkit technology. The term "rootkit" is
just a renaming of these stealth methods that are used similarly to the
unix style tool replacement kits. That is to say that in addition to
stealing your computer power, they steal more in order to take measures
to hide that fact from the user (or admin, or even the system itself).

> /I/ think *Dustin* is wrong. I believe that installing an anti-virus
> programme on an already compromised machine is, in all probability, a
> futile exercise.

They used to say that you shouldn't install an AV on a compromised
machine.

Dustin didn't actually say otherwise, but he *did* say that known
malware would probably be removed without a problem when an attempt is
made to install the AV. My guess is that he considers the scan to be
part of the install process, and I believe it is these days.

> I'd be interested to learn the views of others on this particular
> matter.

Are you asking if flatten and rebuild is actually the *only* way to be
absolutely sure? Keep in mind that most people are content to be
'reasonably sure' after scanning their system and installing their AV
program. If reasonably sure isn't good enough for someone, I recommend a
robust back-up/restore method so that 'flatten and rebuild' does not
seem so daunting as it *does* provide better confidence.

Another thing, it would be important to know what you mean by
"compromised". Some malware is pretty lame, would it constitute a
compromise to you if it sent spam but had no command and control network
activity? Hell, sometimes all you need to do is hit the delete button to
send a malware to the bit bucket.

[Dustin]

~BD~ <BoaterDave~no.spam~@hotmail.co.uk> wrote in
news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:

> /I/ think *Dustin* is wrong. I believe that installing an anti-virus
> programme on an already compromised machine is, in all probability,
> a futile exercise.

LOL, you would certainly be in the minority if you think I was wrong in
the advice I provided concerning malware. Remember one important aspect,
****stick; I know malware from two sides: coding it AND removing it. You
don't even know it well from the removal side.

> I'd be interested to learn the views of others on this particular
> matter.

And atleast one knowledgable fellow posted, further clarifying what I
said and agreeing with me.

Any more **** you'd like to try and stir, moron?




--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.