SuperAntiSpyware? with Vista

[David H. Lipman]

From: "Gumby" <gumby@is.cool>

| Han <nobody@nospam.not> wrote in
| news:Xns9AAA4B3444533ikkezelf@130.81.64.196:
|
>> In such cases, even UAC does nothing to protect you.
|
| Wrong.
|
| http://www.hardocp.com/news.html?new...VzaWFzdCwsLDE=
|
| Looks like Vista’s much-maligned User Access Control or UAC has one benefit
| for a savvy user: it can detect rootkits before they install. AV-Test.org
| conducted a test of popular antivirus programs to see how well they
| detected rootkits and the tester had to turn off UAC on the Vista test
| systems because it detected every rootkit used in the test.

I'd like to see if UAC worked under the condition of a buffer overflow exploitation which
introduces privilege elevation.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Gaz]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:_l__j.11543$tF1.3314@trnddc01...
> From: "Gumby" <gumby@is.cool>

> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Totally off topic, i had a very nasty experience with multi-av the other
day, i was in the process of updating the multiple ant viruses using the
included instructions, while updating kaspersky the computer froze,
requiring a hard reset, on restart my profile was all screwed up, various
aspects of the profile had simple being deleted included oe identities, ie6
favourites, and all profile shortcuts. Various programmes also no longer
worked (office 2003), .....

Ever had such an encounter? It wasnt caused by infection, and the av had not
got to stage of scanning, just updating....

Gaz

[David H. Lipman]

From: "Gaz" <gazter@msn.com>

|
| Totally off topic, i had a very nasty experience with multi-av the other
| day, i was in the process of updating the multiple ant viruses using the
| included instructions, while updating kaspersky the computer froze,
| requiring a hard reset, on restart my profile was all screwed up, various
| aspects of the profile had simple being deleted included oe identities, ie6
| favourites, and all profile shortcuts. Various programmes also no longer
| worked (office 2003), .....
|
| Ever had such an encounter? It wasnt caused by infection, and the av had not
| got to stage of scanning, just updating....
|
| Gaz
|

Sounds like a pure coincidence.
Updating does nothing but use WGET.EXE to perform a FTP Get from the Kaspersky server.
There is nothing in that process to cause the PC to freeze up. There is something else
going on like you have a hardware error and it just happened during that process. Your
profile was corrupted becauise when your crash occured data was cahched in RAM dealing with
teh User Registry and the cache wasn't flused to disk and the User Registry was corrupted
and thus you could not load your profile but a TEMP or other profile.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Kerry Brown]

"Gumby" <gumby@is.cool> wrote in message
news:GLV_j.298201$pM4.162330@pd7urf1no...
> Han <nobody@nospam.not> wrote in
> news:Xns9AAA4B3444533ikkezelf@130.81.64.196:
>
>>In such cases, even UAC does nothing to protect you.
>
> Wrong.
>
> http://www.hardocp.com/news.html?new...VzaWFzdCwsLDE=
>
> Looks like Vista’s much-maligned User Access Control or UAC has one
> benefit
> for a savvy user: it can detect rootkits before they install. AV-Test.org
> conducted a test of popular antivirus programs to see how well they
> detected rootkits and the tester had to turn off UAC on the Vista test
> systems because it detected every rootkit used in the test.


UAC does not stop rootkits. Running as a standard user stops some rootkit
installers. UAC allows older applications not designed to run as a standard
user to run as a standard user. It's a subtle point but an important one.
UAC didn't detect the rootkits. It detected that a process was trying to
change a protected system area. Unprotect the system area and UAC would have
happily allowed the process to do whatever it wanted. UAC is not really a
security feature. It is a method to allow unsecure programs to run in a more
secure environment than they expect.

--
Kerry Brown