Results 1 to 10 of 45

Thread: I received a warning from Google ......

Hybrid View

  1. 08-13-2010, 06:29 PM #1
    David H. Lipman Guest

    Re: I received a warning from Google ......

    From: "FromTheRafters" <erratic@nomail.afraid.org>

    | "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message
    | news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d@bt.com...
    >> Dustin wrote:
    >>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
    >>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d@bt.com:

    >>>> Dustin wrote:
    >>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
    >>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:

    >>>>>> /I/ think *Dustin* is wrong. *I believe that installing an
    >>>>>> anti-virus programme on an already compromised machine is, in all
    >>>>>> probability, a futile exercise*.

    >>>>> LOL, you would certainly be in the minority if you think I was
    >>>>> wrong in the advice I provided concerning malware.

    >> [....]


    >> What FTR actually said .....

    >> "True, it could be installed and be kept from accessing certain areas
    >> by a rootkit".

    >> Do you *really* disagree with that?

    | One thing you are apparently not getting the significance of is that the
    | "installation software" for the proposed AV that you want to install on
    | the "compromised" machine likely has its own detection software for
    | known malware (including some rootkits) *and* rootkit detection software
    | that alerts to inconsistancies in what is presented through APIs to the
    | other tools due to filter drivers and the like.

    | It may be impossible to install such AV programs on a "compromised"
    | machine, if the preinstallation detection software is aware of, yet not
    | capable of removing detected malicious activity - it may tell you that
    | you need to address the other issue before attempting to install that
    | software (I'm not aware of this actually happening though).

    | The most likely scenario is that the installation goes off smoothly
    | without a hitch on *most* compromised machines (removing the compromise
    | in the process) - which, I believe, is Dustin's point.


    That a case of an in situ installation of a fully installed AV soloution.

    That's not the case of of the hard disk being removed and placed within a surrogate.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


    Reply With Quote Reply With Quote
  2. 08-13-2010, 06:31 PM #2
    Dustin Guest

    Re: I received a warning from Google ......

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
    news:i44kh0011hs@news2.newsguy.com:

    > From: "FromTheRafters" <erratic@nomail.afraid.org>
    >
    >| "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message
    >| news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d@bt.com...
    >>> Dustin wrote:
    >>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
    >>>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d@bt.com:
    >
    >>>>> Dustin wrote:
    >>>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
    >>>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:
    >
    >>>>>>> /I/ think *Dustin* is wrong. *I believe that installing an
    >>>>>>> anti-virus programme on an already compromised machine is, in
    >>>>>>> all probability, a futile exercise*.
    >
    >>>>>> LOL, you would certainly be in the minority if you think I was
    >>>>>> wrong in the advice I provided concerning malware.
    >
    >>> [....]
    >
    >
    >>> What FTR actually said .....
    >
    >>> "True, it could be installed and be kept from accessing certain
    >>> areas by a rootkit".
    >
    >>> Do you *really* disagree with that?
    >
    >| One thing you are apparently not getting the significance of is
    >| that the "installation software" for the proposed AV that you want
    >| to install on the "compromised" machine likely has its own
    >| detection software for known malware (including some rootkits)
    >| *and* rootkit detection software that alerts to inconsistancies in
    >| what is presented through APIs to the other tools due to filter
    >| drivers and the like.
    >
    >| It may be impossible to install such AV programs on a "compromised"
    >| machine, if the preinstallation detection software is aware of, yet
    >| not capable of removing detected malicious activity - it may tell
    >| you that you need to address the other issue before attempting to
    >| install that software (I'm not aware of this actually happening
    >| though).
    >
    >| The most likely scenario is that the installation goes off smoothly
    >| without a hitch on *most* compromised machines (removing the
    >| compromise in the process) - which, I believe, is Dustin's point.
    >
    >
    > That a case of an in situ installation of a fully installed AV
    > soloution.
    >
    > That's not the case of of the hard disk being removed and placed
    > within a surrogate.

    Well, once you remove the host drive and take the suspect bad host out
    of the equisation, it does make life easier for hunting malware. :P




    --
    "I like your Christ. I don't like your Christians. They are so unlike
    your Christ." - author unknown.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules