Anti-spyware recommendation

[Jay T. Blocksom]

On Mon, 04 Apr 2005 18:48:13 GMT, in <alt.privacy.spyware>, "cmsix"
<cmsix@cmsix.com> wrote:
>
[snip]
>
> I don't necessarily see the purpose for eschewing a resident
> anti-spyware program, since there are many free choices.
[snip]

Just because something is "free" does not mean it is without cost.

At least most "resident" AV scanners are notorious for sucking up resources
and destablizing the system.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

[Jay T. Blocksom]

On 4 Apr 2005 09:48:48 -0700, in <alt.privacy.spyware>, "AvianFlux"
<neomoniker@hotmail.com> wrote:
>
> Ian JP Kenefick wrote:
[snip]
> >
> > That's not true. The above will not prevent your machine from 'ever
> > becoming infected'.
[snip]

Correct.

> > The 'average user' will get infected with some
> > sort of malware without resident antivirus.
[snip]

Probably true; but that is more because the average user is a ****wit, than
the fact that he/she is or is not running "resident" antivirus. If the system
is set up properly and user is *not* a ****wit, then the resident AV scanner
is not necessary.

> > The above may provide you
> > with some (not all) the required protection for web browsing but you
> > forget the biggest vector of all, email! The proof is in the MyDooms,
> > the Bagles, the Netsky's etc.
> >
[snip]

None of which are an issue *IF* the system is set up properly and the user is
*not* a ****wit.

> > Sorry, but insinuating that you do not need antivirus software is bad
> > advice.
> > --
> >
[snip sig -- "AvianFlux", your newsreader is broken]

> I'm not insinuating anything. It's a fact.
[snip]

Ooops! You just went too far, straight into "flat-out-wrong" territory.

If you do pretty much any sort of interaction with the "outside world" (and
maybe even if you don't), keeping a decent antivirus scanner handy, and it's
definitions/signature files up-to-date, is absolutely necessary.

> As for email attachments, it
> goes without saying, there's always a risk associated with opening them
> from whatever source they originate, known and unknown.
>
[snip]

True as stated; but it ignores the fact that on many (misconfigured) systems,
one does not need to "open" an attachment for a virus/worm/trojan to plant
itself.

> Just delete ALL emails w/attachments from unknown sources.
[snip]

OK as stated; but it bears pointing out that mail doesn't always come from
where you think it's "from".

> For known
> sources, upload/send the emails w/attachments to Jotti's Online Malware
> Scan or VirusTotal before opening them.
[snip]

At the least, that's doing things the hard way; and the specific sites you
mention require that you connect to it/them with Javascript and/or Flash
enabled in order to function as apparently intended. Why not just use your
locally installed AV program to accomplish the same end? It's faster, more
controllable, less risky, and doesn't require passing (probably large) files
back and forth across the 'net.

> If, for some reason, you know or highly suspect some virus/trojan
> componant has infected your computer use Trend Micro's Housecall online
> scanner,
[snip]

Bad idea. VERY bad idea.

First, that site requires that you enable ActiveX in order for it to function.
That's a VERY bad idea even when you *don't* think you have an infection; when
you *do* think you have an infection, it's downright suicidal. Frankly, Trend
Micro completely destroys their own credibility by even attempting to foist
this nonsense off on the public.

But beyond that, ALL so-called "online virus scanners" are by definition
broken and useless. Here's why:

If you have a rational reason to run ANY "virus scanner" against the system as
a whole (as opposed to, for example, a specific "questionable" file that you
just downloaded), then by definition you must consider the target system to be
at least potentially compromised. Quite beyond any issues with ActiveX
itself, allowing the system to connect to the 'net in that state is inherently
self-defeating (not to mention highly risky); no matter what results such an
"online virus scan" might produce, they *CANNOT* be trusted.

The *only* way to reliably scan/disinfect such a system is to physically
disconnect it from ALL other systems/networks, cold-boot it from known-good
(and write-protected!) removable media which contains a stand-alone virus
scanner and up-to-date versions of whatever definitions/signature files it
requires, then use those tools to carry out the disinfection. Until you are
*sure* the system is clean, you do *NOT* allow it to connect (even indirectly)
to ANY other systems/networks.

> No resident, real time, active AV/AT scanner needs to be
> installed/running on a the machine with a correctly configured firewall
> and safe hex operation.

This is certainly true, as stated; but precious few -- apparently including
yourself -- really understand what "safe hex operation" means, much less
actually practice it.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

[Jay T. Blocksom]

On Mon, 04 Apr 2005 20:32:08 +0100, in <alt.privacy.spyware>, Ian JP Kenefick
<ian_kenefick@eircom.net> wrote:
>
> On 4 Apr 2005 12:10:12 -0700, "AvianFlux" <neomoniker@hotmail.com>
> wrote:
>
> >For myself,
>
> But you weren't referring to yourself. You were making a
> recommendation.
>
[snip]

No. He made a general statement -- one which was, at least when taken
literally, correct as it stood. You chose to interpret that statement as "a
recommendation".

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

[Jay T. Blocksom]

On 4 Apr 2005 15:53:34 -0700, in <alt.privacy.spyware>, "AvianFlux"
<neomoniker@hotmail.com> wrote:
>
[snip redundant complete copy of previous article -- *please* learn to
quote correctly]
>
> "You may be able to distinguish between legit and illegit email but the
> average user who receive an email from an address that he/she
> recognises will open it."
>
> Legit email is easy to distinguish for anyone.
>
> One) Legitimate email comes from known/legitimate sources, generally,
> without attachments, e.g., family, friends, business associates, etc.
>
[snip]

The trap you're falling into is, while you may trust the *intentions* of those
"family, friends, business associates, etc.", you near-certainly *cannot*
trust their competence and dedication to ensuring that *they* are necessarily
maintaining a "sterile" computing environment. Hence, viruses, trojans,
worms, etc., may indeed come from those sources.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

[Jay T. Blocksom]

On Tue, 5 Apr 2005 00:11:29 +0100, in <alt.privacy.spyware>, Far Canal
<me@privacy.net> wrote:
>
> AvianFlux wrote
>
>
> > Legit email is easy to distinguish for anyone.
> >
> > One) Legitimate email comes from known/legitimate sources, generally,
> > without attachments, e.g., family, friends, business associates, etc.
>
>
> A stupid and basic error. Many viruses and trojans are spread to
> people who receive an infected mail from someone they know.
> often someone who frequently sends them attachments.
[snip]

Correct.

> Not having
> an AVP running opens the door to it's fullest width.
>
[snip]

Incorrect.

As long as you are aware of the former, the latter is not an issue. You would
invariably scan ALL received attachments before opening them, regardless of
whom you "think" they're from. Hence, the full-time "resident" AV scanner is
(at best) a waste of system resources.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

[Jay T. Blocksom]

On Tue, 5 Apr 2005 00:01:55 -0700, in <alt.privacy.spyware>, "Technobarbarian"
<d_murry-ztopzpam@excite.com> wrote:
>
[snip]
>
> LOL, the most ridiculous statement yet in a long string of ridiculous
> statements. What most people want is an appliance that they in fact do not
> have to learn about.
[snip]

And I want the Orgasmatron from that old Woody Allen movie, "Sleeper". But in
both cases, the device in question does not exist.

The advice proffered by "AvianFlux" is certainly flawed in many ways; but he
is correct in his basic premise that ignorance is NOT bliss. Hang around here
for any length of time, and it will be abundantly clear that *most* of the
problems folks report -- especially the ones most desperately reported with
urgent pleas for assistance -- are rooted in the fact that someone did
something stupid with their computer. And most of the arguments are rooted in
the unrealistic quest (on at least some folks' part) to find which
after-the-fact band-aids and fix-ups will best permit the user to continue
doing stupid things with their computer, while still allowing them to escape
the inevitable consequences. But that is a fundamentally unachievable goal,
because all the after-the-fact band-aids and fix-ups in the world *cannot*
change the fact that there is simply no substitute for not doing stupid things
with your computer.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

[Jay T. Blocksom]

On Mon, 04 Apr 2005 14:56:02 -0400, in <alt.privacy.spyware>, Bud
<bud@large.org> wrote:
>
[snip]

> PC World likes Sunbelt Software's CounterSpy and Webroot Software's Spy
> Sweeper. They noted that Microsoft's new beta looks good also.
[snip]

0 for 3. That figures. You can always count on the mass-distribution
"hobbyist" press to get it wrong.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

[AvianFlux]

Thanks for that, Jay T. I think I learned something today. While it may
be true in the extreme sense that you can't trust online antivirus
scanners, when you get right down to it, the very same could be said
for the resident antivirus apps. people install and trust.

So, at some point ,some where along the line, most are trusting someone
else to disinfect their machines of viruses, trojans, etc. I do beleive
Trend Micro is one of those outfits people have come to trust based
upon a solid history and gold standard reputation. If you can't trust
TM, you can't trust anyone; online, offline, removable media, whatever.

[A.Melon]

In article
<adca51dhtt28fhhcq6takihti26qovf55j@news.speakeasy .net>
Jay T. Blocksom <not.deliverable+usenet02@appropriate-tech.net>
wrote:
>
> On Tue, 5 Apr 2005 00:01:55 -0700, in <alt.privacy.spyware>, "Technobarbarian"
> <d_murry-ztopzpam@excite.com> wrote:
> >
> [snip]
> >
> > LOL, the most ridiculous statement yet in a long string of ridiculous
> > statements. What most people want is an appliance that they in fact do not
> > have to learn about.
> [snip]
>
> And I want the Orgasmatron from that old Woody Allen movie, "Sleeper". But in
> both cases, the device in question does not exist.

The Orgasmatron was origninally in the Film "Barbarella",
starring Jane Fonda in 1967-68 and the evil Duran Duran (from
whom the pop-group later took their name) tried to kill
Barbarella in the Orgasmatron, but she overloaded it and it blew
up.

Don't tell me otherwise. I was a pimply teenager and it was the
first film I ever went to see.

Roger Rabbit

[Bud]

> > PC World likes Sunbelt Software's CounterSpy and Webroot Software's Spy
> > Sweeper. They noted that Microsoft's new beta looks good also.
> [snip]
>
> 0 for 3. That figures. You can always count on the mass-distribution
> "hobbyist" press to get it wrong.

Oh, of course, oh great and mighty seer. LOL! It's obvious from your
postings that you haven't a clue but elevate your ego by disparaging
others. B'lieve there's a word for it...lemee see... oh yeah! TROLL!

LMAO!