Which virus/spyware scanners?

[Craig]

Straight Talk wrote:
> On Fri, 09 May 2008 06:58:02 GMT, "Just.some.guy"
....
>> Why would anyone *install* spyware? That doesn't make sense since most
>> people are trying to keep it *out* of their computers.
>
> In fact most people *do* install it - by deliberately clicking on all
> kinds of crap and installing all kinds of stuff from dubious sources.

"Dubious" isn't a useful distinction anymore, ST[1].

Legitimate websites (e.g. business and government[2]), have been turned
into malware delivery systems via sql, iframe & javascript exploits.

To the OP;

A lot of us are looking for a silver bullet when it comes to malware
but, it'll never be that simple. It's best to have a /strategy/. This
takes time to learn & research but the benefit is incalculable. There
are a number of security strategies out there. The one that I find
reasonable is referred to as "multi-layered." An explanation of the
multi-layered strategy is offered by Guy Huntington[3]. It may seem
over-the-top but give it time to sink in. It's as relevant to an
end-user as a CIO. Plus, it has pretty pictures <grin>.

hth,
-Craig


1)<http://www.usenix.org/event/hotbots07/tech/full_papers/provos/provos.pdf>
2)<http://www.news.com/8301-10789_3-9925637-57.html?tag=nefd.top>
<http://www.crn.com/security/207401671>
3)<http://www.authenticationworld.com/Access-Control-Authentication/NetworkAccessControlSecurityStrategy2006.pdf>

[baynole2@yahoo.com]

On May 9, 12:42 pm, Straight Talk <b__n...@hotmail.com> wrote:

So stay off the Web!!

[Poky]

On Fri, 09 May 2008 16:42:41 GMT, Straight Talk <b__nice@hotmail.com>
wrote:


>By staying away from inherently broken software and keeping what you
>have continuously patched the likelihood of getting any malware at all
>is reduced to a minimum unless you deliberately install it yourself.


What's broken about Spybot S&D and Defender? In detail, if you don't
mind. This should be good for a laugh.

[Craig]

Straight Talk wrote:
> On Fri, 09 May 2008 11:16:37 -0800, Craig <netburgher@REMOVEgmail.com>
> wrote:
>
>> Straight Talk wrote:
>>> On Fri, 09 May 2008 06:58:02 GMT, "Just.some.guy"
>> ...
>>>> Why would anyone *install* spyware? That doesn't make sense since most
>>>> people are trying to keep it *out* of their computers.
>>> In fact most people *do* install it - by deliberately clicking on all
>>> kinds of crap and installing all kinds of stuff from dubious sources.
>> "Dubious" isn't a useful distinction anymore, ST[1].
>>
>> Legitimate websites (e.g. business and government[2]), have been turned
>> into malware delivery systems via sql, iframe & javascript exploits.
>
> I was referring to deliberately installing stuff from dubious sources
> (web sites, file sharing applications, random CD's etc.) - not to
> accidentally being hit by some drive by malware which again mostly
> target older already patched vulnerabilities.
>
> And honestly, what do you think works most efficiently against a
> vulnerability?
> 1) A patch
> or
> 2) An anti-malware engine which even adds further potentially
> vulnerable code?
>
Honestly, you don't care what I answer. And, wonder of wonders, your
question is tangential at best. One isn't "accidentally being hit by
some drive by malware." To claim as much...

For someone who claims to be informed, you do more disservice to these
discussions of security than the simply ignorant.

-Craig

[Poky]

On Fri, 09 May 2008 19:53:28 GMT, Straight Talk <b__nice@hotmail.com>
wrote:


>You don't?? - Then why are you looking for removal tools???

They aren't just removal tools, dumbass. Ever heard of pre-emptive
protection? And unless you turn off scripting in your browser no one
is complete safe even if they are god's gift to the computer world as
you seem to think you are.

[Poky]

On Fri, 09 May 2008 13:49:42 -0800, Craig <netburgher@REMOVEgmail.com>
wrote:


>For someone who claims to be informed, you do more disservice to these
>discussions of security than the simply ignorant.
>
>-Craig

He is the ignorant, he's just another know-it-all who thinks he is
smarter than us when he really is as dumb as a bag of hammers.

[Poky]

On Fri, 09 May 2008 04:30:45 GMT, Straight Talk <b__nice@hotmail.com>
wrote:


>Better to avoid installing malware in the first place (it's actually
>not that hard).

So how do you post here since you unplugged your PC from the internet?

[Poky]

On Thu, 08 May 2008 19:12:56 -0700, Ike <binarydotike@gmail.com>
wrote:

>Avast! or AVG (free) or NOD (pay)
> plus
>Spybot
> plus
>GMER
> plus
>An occasional HiJack This scan and 3rd party
> analysis of the results

I like to do some pre-emptive blocking with Spywareblaster and the
Hosts file from mvpshosts. Also, use noscript and adblock in Firefox.
I have Spybot and use it to scan on occasion but with pre-emptive
blocking it never finds any adware or such.

http://www.mvps.org/winhelp2002/hosts.htm

[Kayman]

On Fri, 09 May 2008 21:58:57 GMT, Poky wrote:

> On Fri, 09 May 2008 04:30:45 GMT, Straight Talk <b__nice@hotmail.com>
> wrote:
>
>>Better to avoid installing malware in the first place (it's actually
>>not that hard).
>
> So how do you post here since you unplugged your PC from the internet?

It's not to difficult to do, Poky
Security software manufacturers tend to overstate their product description
to instill fear and uncertainty; After all it's all about the $ almighty.
Please step back and try to remove the advertisement hype from your mind.

In WinXP the most dependable defenses are:
1. Do not work as 'Administrator'; For day-to-day work routinely use a
Limited User Account (LUA).
2. Secure (Harden) your operating system (OS).
3. Keep your OS and all software on it updated/patched.
4. Reconsider the usage of MSIE and MSOE.
5. Review your installed 3rd party software applications/utilities;
Remove clutter.
6. Don't expose services to public networks.
7. Activate the in-build firewall and configure Windows not to use
TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving
TCP/UDP ports 135,137-139 and 445 (the most exploited Windows
networking weak point) closed.
7a. If on high-speed internet use a router as well.
8. Routinely practice safe-hex.
9. Regularly back-up data/files.
10. Familiarize yourself with crash recovery tools and re-installing
your OS.
11. Utilize a real-time anti-virus (AV) application and vital system
monitoring utilities/applications.
12. Keep abreast of latest developments - Sh!t happens...you know.
The least preferred defenses are:
Myriads of popular anti-whatever things and staying ignorant.
Educational Reading:
Security @ home
http://home20.inet.tele.dk/b_nice/index.htm

Good luck

[Kayman]

On Thu, 8 May 2008 23:48:56 -0700 (PDT), rodney.usenet@gmail.com wrote:

> On 9 mei, 06:36, Straight Talk <b__n...@hotmail.com> wrote:
>>
>>>I go tohttp://housecall65.trendmicro.com/
>>
>> You really can't rely on online scanners.
>>
>> Online scans are a joke.
>
> Hi ST,
>
> Could you explain why online scanners are not reliable ?

On-line scanners are the most unsafe and next to useless. Because by the
time you've started your infected Windows and connected to the
Internet via this infected code base, and start to look for scanning sites
through infected DNS, you are almost certain to have the malware
perfectly positioned to overrule your attempts to clean it.
What happens if active malware is found? Don't expect that the on-line
scanner will do anything about it. Most of them are just just marketing
tools for selling you their products. Quite often, malware removal on the
NT based OS (Win 2K and XP) is far from easy. Sometimes a (good) resident
AV can deal with it in Safe Mode.

David's Multi-AV is *better and safer*, because you don't have to be
on-line to use it (it has no dependencies on using a web browser to perform
its function), and it can be used in Safe Mode.

Download David H. Lipman's MULTI_AV.EXE from the URL:
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.
Additional Instructions:
http://pcdid.com/Multi_AV.htm

It's safer still if you can avoid running any code from the infected system
at all, and that can be done by working from Bart CDR boot.
But that means having a clean system to build the Bart disk, and more to
the point, a fair bit of effort and technical fiddling.

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Good luck