{QUOTE-> http://www.blackhat.com/html/bh-europe-08/bh-eu-08-speakers.html#Sowhat

This is perhaps the first comprehensive presentation that combines two important topics: How to exploit anti-virus software and how to audit it... <-QUOTE}



{QUOTE-> Whitepaper (pdf)

https://www.blackhat.com/presentations/bh-europe-08/Feng-Xue/Whitepaper/bh-eu-08-xue-WP.pdf <-QUOTE}


Interesting Article

Epitome of this article:

"...end users have been putting so much faith in antivirus solutions,
and have ignored the fact that antivirus software itself can be compromized."

As a Member of this Forum writes:
"There is no Security; only degrees of Insecurity" (or something like that ;D)

If Hackers want..., they -certainly- can...;D

this is scary, because i never had issue with my anti-virus but today it disabled for the first time itself and i got a popup there it showed me that something was wrong..
Right now i use Avira.

{QUOTE-> As a Member of this Forum writes: <-QUOTE}..that is my subline ;)
{QUOTE-> "...end users have been putting so much faith in antivirus solutions,
and have ignored the fact that antivirus software itself can be compromized." <-QUOTE}I never ignored it I watched how they did it.;)
{QUOTE-> this is scary, because i never had <-QUOTE}
That is not scary it is logical, these assembler junkies can interfere and communicate with each little piece of cpu code that is the reason why they can misuse avs for their own purpose and even redirect and use as proxy.
Kind of direct injected/written/redirected process memory (mainly in memory modifications likely even in cpu code)

{QUOTE-> .

That is not scary it is logical, these assembler junkies can interfere and communicate with each little piece of cpu code that is the reason why they can misuse avs for their own purpose and even redirect and use as proxy.
Kind of direct injected/written/redirected process memory (mainly in memory modifications likely even in cpu code) <-QUOTE}

so i am in danger here or what?
what should i do to found if anyone is trying to disable my anti-virus?

{QUOTE-> so i am in danger here or what?
what should i do to found if anyone is trying to disable my anti-virus? <-QUOTE}
well make sure you have an av with self protection and check there website everyso often to make sure there isnt a known remote or local exploit that needs to be plugged by an update.

I prefer to start my attack with a baseball bat.

{QUOTE-> Epitome of this article:

"...end users have been putting so much faith in antivirus solutions,
and have ignored the fact that antivirus software itself can be compromized."... <-QUOTE}
...and with some minor change it could also be as following:

"...end users have been putting so much faith in HIPS solutions,
and have ignored the fact that HIPS software itself can be compromized."

/C.

Not to forget divers phrase:
{QUOTE-> Only those defenses are good, certain and durable, which depend on yourself alone and your own ability. <-QUOTE}

{QUOTE-> "...end users have been putting so much faith in HIPS solutions,
and have ignored the fact that HIPS software itself can be compromized."
<-QUOTE}
I like this one :thumb:

{QUOTE-> well make sure you have an av with self protection and check there website everyso often to make sure there isnt a known remote or local exploit that needs to be plugged by an update. <-QUOTE}

Does anyone know if NOD32 2.7 and 3.0 have self protection for program termination?
What about Avira? Does it have self protection?

The only test I have found regarding anti-virus self protection is here:

http://www.anti-malware-test.com/?q=taxonomy/term/16

The results are from 9/12/2007 however. I do no know how often the test will be conducted.

I wonder how much would avast! score with release version 4.8 which has a dedicated self-defense system...

{QUOTE-> ...and with some minor change it could also be as following:

"...end users have been putting so much faith in HIPS solutions,
and have ignored the fact that HIPS software itself can be compromized."

/C. <-QUOTE}
No objection. Everything can be compromised.
I no longer trust the AV/AS scanners for being my primary protection.
On the other hand, I have no BLIND trust in HIPS, too.
That's why our last resort of defense has been the Instant System Recovery software
and after it the Backup (Imaging) software.

Only naive Funboys or Shills claim that their 'X' AV/AS scanner, or HIPS or Sandbox
or ISR or Backup or whatever offers bullet-proof protection.
-The first ones are ignorant enough to believe it.
-The second ones simply want to promote their products.

Some times, Hackers laugh so much here...;D;D;D

{QUOTE-> No objection. Everything can be compromised.
I no longer trust the AV/AS scanners for being my primary protection.
On the other hand, I have no BLIND trust in HIPS, too.
That's why our last resort of defense has been the Instant System Recovery software
and after it the Backup (Imaging) software.

Only naive Funboys or Shills claim that their 'X' AV/AS scanner, or HIPS or Sandbox
or ISR or Backup or whatever offers bullet-proof protection.
-The first ones are ignorant enough to believe it.
-The second ones simply want to promote their products.

Some times, Hackers laugh so much here...;D;D;D <-QUOTE}
Very true and a very good post.:thumb:

only protection is EM shielded computer with self sustained powersource w/o access to internet lol :)
sry for being offtopic but that's only what come to my mind

{QUOTE-> No objection. Everything can be compromised.
I no longer trust the AV/AS scanners for being my primary protection.
On the other hand, I have no BLIND trust in HIPS, too.
That's why our last resort of defense has been the Instant System Recovery software
and after it the Backup (Imaging) software.

Only naive Funboys or Shills claim that their 'X' AV/AS scanner, or HIPS or Sandbox
or ISR or Backup or whatever offers bullet-proof protection.
-The first ones are ignorant enough to believe it.
-The second ones simply want to promote their products.

Some times, Hackers laugh so much here...;D;D;D <-QUOTE}

Yes, but the truth is bad for sales and marketing. Acronis is really my defense; if any of the "protectors" fail, you simply go back a day before the shit hit the fan. Real simple-real basic. I am not sure it matters which AV or HIPS you use. Just restore an image and you are back to a working system. No stress.

{QUOTE-> No objection. Everything can be compromised.
I no longer trust the AV/AS scanners for being my primary protection.
On the other hand, I have no BLIND trust in HIPS, too.
That's why our last resort of defense has been the Instant System Recovery software
and after it the Backup (Imaging) software.

Only naive Funboys or Shills claim that their 'X' AV/AS scanner, or HIPS or Sandbox
or ISR or Backup or whatever offers bullet-proof protection.
-The first ones are ignorant enough to believe it.
-The second ones simply want to promote their products.

Some times, Hackers laugh so much here...;D;D;D <-QUOTE}

I certainly am no expert and I wouldn't even dare to claim that my AV/AS/Backup offers bulletproof protection, but I do think that the level of protection also depends on your needs and computer habits.

Just a simple question...., could we try to have a discussion without abusively trying to categorize and personalize the subject in terms of fanboys/funboys and shills? It's not necessary to make the underlying technical points, but it sure starts the discussion on a downward spiral. How about we all aim a little higher in the discourse?

Blue

I only trust ShadowProtect and then FDISR (Frozen) in that order.
Both restore my computer in a fresh installed, malware-free and unused state.
If FDISR fails and it will in the future, SP will do the job + my Zero Tool, if necessary.

Once I turn ON my internet connection, I consider my system partition already as possibly infected, because I don't trust any of my security softwares to keep my computer clean. That's why I replace my system partition with a clean one during each reboot in order to remove the daily mistakes of all my security softwares. I only need my security software to stop the execution of malware during two reboots, because my boot-to-restore only removes malware during reboot and that is too late.
FDISR is also constantly online and can't be trusted either and that's why I need ShadowProtect (+ Zero Tool) to get my FDISR back as it was. Until now FDISR isn't compromised, but that will happen one day.
That's why I have a double recovery set : clean and daily.

I don't use any security software based on blacklists or partly based on blacklists, only evergreens like Anti-Executable, DefenseWall HIPS, Sandboxie, ...

Personally, I consider scanners as a sissy way to fight against malware. You don't win the malware war by running AFTER the bad guys and collecting their droppings. You have to run faster than them.

{QUOTE-> Personally, I consider scanners as a sissy way to fight against malware. You don't win the malware war by running AFTER the bad guys and collecting their droppings. You have to run faster than them. <-QUOTE}

Sissy way or not, unfortunately it's the only way for 70-80% of computer users to fight the battle. Most people don't understand how other, more advanced, appz work I'm afraid.

Then again, not everyone needs all kinds of appz to protect themselves on the web. It also depends on what YOU do when you're online.
Go looking for trouble and you're bound to find it. Or doesn't this make sense?

@ErikAlbert: Is ShadowProtect a StorageCraft product? Can it be compared to Acronis TI?

{QUOTE->
@ErikAlbert: Is ShadowProtect a StorageCraft product? Can it be compared to Acronis TI? <-QUOTE}
Yes, ShadowProtect is also an Image Backup software (Desktop and Server version).
http://www.storagecraft.com/products/ShadowProtectDesktop/

After reading the witepaper, this question comes in mind for me "Is it correct to asume that using a security product for protecting your "data" isn't enough anymore. And a end user wood be better off with a wider range of products.

{QUOTE-> Just a simple question...., could we try to have a discussion without abusively trying to categorize and personalize the subject in terms of fanboys/funboys and shills? It's not necessary to make the underlying technical points, but it sure starts the discussion on a downward spiral. How about we all aim a little higher in the discourse?

Blue <-QUOTE}
Dear Blue,

There is NO way to have an -Objective- discussion with the fanboys/funboys and shills.
Everytime, I say that I used/tested product 'X', but I did't like it because of the
a), b), c) reasons, the fanboys/funboys and shills of product 'X' came and attacked on me.
For example, in a previous thread, I wrote some things about several AS products
I had used/tested. Then, some members moved/wrote against me. Who were they?
After reading some previous posts of them, I clearly found that they were
-Constantly- promoting a specific AS product.

-Being a user who tests a lot of security products is one thing.
-Being a naive/ignorant/blind/stupid fanboy/fun(ny)boy of a security product is another thing.
-Being a shill, who came here to promote specific products and attack on
the ones who dislike his products and have valid reasons to do so, is a PURE HYPOCRISY.

Some last points:
-We all saw what happened with av-comparatives and F-Prot.
-We all saw the recent story with the last Matousec test, Comodo and Online Armor.
Final Result: The average user doesn't know what to believe anymore.

Like I said before: Sometimes, Hackers laugh so much here.

Hi,

the funny thing is, most of the people I know are not so called security experts,
they are just ordinary users, they surf, share, skype or whatever.

They run their desktops and labtops with a free av and the windows firewall
(but only because the FW is active by default...).

They sit in front of their computers for ten years or longer,
but they don't ever use chkdsk, defrag, backup or such things.
Nor do they even know what a HIPS, imaging tool or sandbox is good for.

Most of them run their system for years without problems,
which I know for sure, because if there is a problem, I'll be the first to be told.

Sometimes I ask myself, what would they all think about all these bombastic lines from first-rated experts?
Maybe "Outlandish! What a waste of time!"

Cheers

but hey guys all this HIPS talking here, isn´t there enough to use nod32 or avira?

{QUOTE-> but hey guys all this HIPS talking here, isn´t there enough to use nod32 or avira? <-QUOTE}
Only if you know where their weaknesses are.

Otherwise you're just basically putting blind faith in them.

Dear subset,

On the other hand, I've seen many ones, who used
-only- a free AV and the Windows XP Firewall,
being heavily infected; and I don't talk about risky-surfers.
They have been provocatively ignorant -about the basic security rules-
and they overlooked that their PC was infected.
Only when their PC got so badly infected that couldn't start/reboot etc., they
realized their ignorance. For a long time, they believed that everything was O.K.
They had not even taken a backup of their personal data, and they lost everything.

To be back on the subject of this thread:
-If the well-advertised security products can be easily compromised, imagine
what can happen to the free (=limited=cut down) versions of them.
-If Hackers can easily break-down the layered defense of corporate security software,
imagine what can happen to the average users who protect themselves
with the Home versions of security software.

Two more points to dissolve/avoid further misunderstanding:
>Bringing these issues into the light is one thing.
>Creating panic just to sell product 'X' is another thing; an unethical one.

{QUOTE-> but hey guys all this HIPS talking here, isn´t there enough to use nod32 or avira? <-QUOTE}

When you run as limited user in a reasonable solid OS like Unix with a decent Router (including SPI/DPI), I would say yes.

On the CanSecWest conference (Vancouver) the Mac-OS was hacked within two minutes, Vista was brought down it knees on the third day, while Unix kept proudly standing. See http://cansecwest.com/post/2008-03-20.21:33:00.CanSecWest_PWN2OWN_2008


On this forum people tend to talk a lot about the impact of a intrusion, while the risk formula is : severity of threat = impact x likelyhood (chance). There are two ways of not getting harmed:
1) Wearing a harness when walking in streets
2) Staying out of risky places (only known safe spaces)




Regards Kees

It is not really fair, the guy new in advance there was a weakness (exploit) with the safari browser.
Otherwise he would not succeed to do this in such a short time.
Now it looks as if MacOS is unsafer then Windows.
People who work on multiple OS-es included MacOS know better.

That is why there are more then 8 Million pieces of malware out there
that can hurt you fully patched Windows system,
and how many are there for MacOS ..(that can really hurt your system) ?

Most MacOS users never used a antimalware program.

So especially if you look at the percentage of users with a system that has problems because of malware MacOS is excellent.

It would have been better if they asked every person to hack all systems
within 3 days a piece, and see what the result would be with that.

If there was somebody who knew a Vista exploit on forehand the
result would be different as well, or are there any it took 3 days,
but does that mean it is better protected ?

Is it so that any of the OS-es has proven to have more exploits
after the tests?

This test can be arranged several times, with any OS being first and last at any time.

Nevertheless it is good that MacOs users know that even their system is not full proof.

Safari is not a very safe browser on any system, what would happen if they had tested it on another OS.
And what about Opera on MacOS :>)

The test results are very oversimplified near my opinion.
But i am glad ,that some Vista users are happy they bought the safest OS in the world,
it might be more expensive then Solaris that can run on a 256 processor platform , but it is so safe that if MacOS users don't need security software, you certainly don't need that for Vista.

By the way this post was written on a XP system ;D

Looks like the Apple fanboys are out in full force.

Funny how at least one Mac fan just . .

{QUOTE-> How many are there for MacOS ..(that can really hurt your system) ?

Most MacOS users never used a antimalware program.

<-QUOTE}

. . . has proven Solcroft's earlier answer

{QUOTE-> Only if you know where their weaknesses are.

Otherwise you're just basically putting blind faith in them. <-QUOTE}

,,,,because it seems to me a big feat to know how much really can harm the Mac OS ;)

{QUOTE-> Looks like the Apple fanboys are out in full force. <-QUOTE}

Sorry but i am a ESET/NOD32 fanboy :P

{QUOTE-> Looks like the Apple fanboys are out in full force. <-QUOTE}

Let me guess, Microsoft fanboy ;D

I think that Apple is far to expensive with their Hardware ..

But i don't think it is honest for people that are reading this forum
and never worked on MacOS Linux, Solaris, Hp-UX etc. etc to give them the impression that Windows is safer.

But again, i earn my money in the Antimalware industry and not for MacOS,
even then i think you can write something like this.
Some people can't work with anything else then Windows anyway ;)

{QUOTE-> It is not really fair, the guy new in advance there was a weakness (exploit) with the safari browser.
Otherwise he would not succeed to do this in such a short time. <-QUOTE}
So I guess it's worse than it sounds. The vulnerability is known to hackers, and there's no patch for it.

{QUOTE-> So especially if you look at the percentage of users with a system that has problems because of malware MacOS is excellent. <-QUOTE}
Computer security is a dynamic and ever-evolving field. Those hopelessly stuck within the preconceptions of the past and believe in their own propaganda are the very ones doomed to fail.

{QUOTE-> Let me guess, Microsoft fanboy ;D
<-QUOTE}

Not really, see http://www.wilderssecurity.com/showpost.php?p=1067345&postcount=1

Correction on this post after many months of using Vista64: UAC off in the post should have been UAC in quiet mode

{QUOTE-> Computer security is a dynamic and ever-evolving field. Those hopelessly stuck within the preconceptions of the past and believe in their own propaganda are the very ones doomed to fail. <-QUOTE}

I can agree with that !

{QUOTE-> Nevertheless it is good that MacOs users know that even their system is not full proof. <-QUOTE}
Do you really think that? I'd say that 90 % of Mac users are security analphabets whom think that shit can't happen to them. Add this to the growing number of new Mac users and their higher than average online/general spending and you have a tasty recipe for crimeware. The Mac OS Zlobs are the first step.

Slightly off-topic, but maybe interesting to some extent is the OS's marketshare:

Windows: ~95%

MacOS: ~4%

Linux: ~1%

Source: http://www.microsoft-watch.com/content/operating_systems/windows_a_monopoly_shakes.html

/C.

{QUOTE-> Dear Blue,

There is NO way to have an -Objective- discussion with the fanboys/funboys and shills. <-QUOTE}It takes two to have either a productive or unproductive exchange. I've never felt the need to become overly boorish, even if the other person has chosen that route.
{QUOTE-> Everytime, I say that I used/tested product 'X', but I did't like it because of the
a), b), c) reasons, the fanboys/funboys and shills of product 'X' came and attacked on me. <-QUOTE}It happens, it's how you react to the situation that matters.
{QUOTE->
For example, in a previous thread, I wrote some things about several AS products
I had used/tested. Then, some members moved/wrote against me. Who were they?
After reading some previous posts of them, I clearly found that they were
-Constantly- promoting a specific AS product. <-QUOTE}Let's face it - look at the avatars and signatures around you (including your own) as well as the discussions in progress - many users seem to define themselves by the products they use. It's true with security software and, invoking the obligatory automobile based analogy, it's true with cars. To me, these are tools, not an affirmation of a lifestyle.
{QUOTE-> -Being a user who tests a lot of security products is one thing.
-Being a naive/ignorant/blind/stupid fanboy/fun(ny)boy of a security product is another thing.
-Being a shill, who came here to promote specific products and attack on
the ones who dislike his products and have valid reasons to do so, is a PURE HYPOCRISY. <-QUOTE}I've never really felt the need to devote the time required to distinguish among these options.
{QUOTE-> Some last points:
-We all saw what happened with av-comparatives and F-Prot.
-We all saw the recent story with the last Matousec test, Comodo and Online Armor.
Final Result: The average user doesn't know what to believe anymore. <-QUOTE}I tend to agree, although I'd throw in that the flood of divergent market options to address the same end result has also confused the end-user market. The current situation is not sustainable. There are too many options per category and too many categories with overlapping functionality. While it is hard to know who to believe, it's often much easier to identify those one should generally disbelieve.
{QUOTE-> Like I said before: Sometimes, Hackers laugh so much here. <-QUOTE}I have to ask - if they're really hackers, why would they even bother?

Cheers,

Blue

@ERIKALBERT

a bit off-topic , but with a educational value ..

{QUOTE->
Yes, ShadowProtect is also an Image Backup software (Desktop and Server version). <-QUOTE}

Since i never used this product (but use shadowuser) is it reliable?
Have you restored form these backups often?
Not that i doubt the brand, never had anything to complain about that.
But i never used this, and it might be something that i like to test, but it is the kind of software that you must be able to rely on.
The software that i am using now, in the same category ,is not able to restore backups on different hardware. (no brand names here)

???

{QUOTE-> well make sure you have an av with self protection and check there website everyso often to make sure there isnt a known remote or local exploit that needs to be plugged by an update. <-QUOTE}


no I disagree because if you go find an antivirus with good self protection, the chances are that the anti virus won't have as a good a detection as others.

use a hips instead, a good hips program can protect your av from being modified or shut down.

{QUOTE-> no I disagree because if you go find an antivirus with good self protection, the chances are that the anti virus won't have as a good a detection as others.

use a hips instead, a good hips program can protect your av from being modified or shut down. <-QUOTE}

What would your suggestion be?
Isn't a HIPS program vulnerable to shutdown as well?

not all HIPs are vulnerable to shutdown.

{QUOTE-> not all HIPs are vulnerable to shutdown. <-QUOTE}

I know and I wasn't saying that (I'm just guessing that some of them CAN be shutdown). What HIPS program would you recommend personally?

I have tested a few hips with system shut down simulator and dfk threat simulator, the links to download these tests are here, http://www.firewallleaktester.com/mirror/zeroday_software/sss.htm
http://www.morgud.com/interests/security/dfk-threat-simulator-v2.asp

be careful with dfk threat simulator if you use it, it can stuff up your pc.

anyway Ive found that comodo 3 hips and Eqsecure can not be shut down.

they both have Excellent self defense so I would recommend either one of those.

{QUOTE-> @ERIKALBERT

a bit off-topic , but with a educational value ..



Since i never used this product (but use shadowuser) is it reliable?
Have you restored form these backups often?
Not that i doubt the brand, never had anything to complain about that.
But i never used this, and it might be something that i like to test, but it is the kind of software that you must be able to rely on.
The software that i am using now, in the same category ,is not able to restore backups on different hardware. (no brand names here)

??? <-QUOTE}
I've done numerous backups and restores with ShadowProtect Desktop without any failure.
SPD v3 has also Hardware Independent Restoration (HIR). I have no practical experience with HIR, but Peter has and was satisfied.
Do a "Request Full Evaluation" in order to get the Recovery CD, because the "30 Day Free Trial" is without Recovery CD and that is not good for testing.
After that you can download an ISO-file and create the CD, which is ready-to-use as Recovery CD and as Installation CD of SPD.
Peter can inform you better, because he has several PC's, he uses more functions and has done alot of tests. I have only one computer for hobby and work, not for business, but I like to have a very reliable professional Image Backup software

{QUOTE->
be careful with dfk threat simulator if you use it, it can stuff up your pc.
anyway Ive found that comodo 3 hips and Eqsecure can not be shut down.
they both have Excellent self defense so I would recommend either one of those. <-QUOTE}
As far as I know dfk doesn't even try to disable or shut down Comodo nor EQSecure.
This is no offense against the self protection of Comodo or EQSecure, for sure they have a solid one.
I am only afraid that dfk is not a usable self protection test for both.

Cheers

@ErikAlbert

Thanks !

:thumb:

Dear Blue,
{QUOTE-> It takes two to have either a productive or unproductive exchange.
I've never felt the need to become overly boorish, even if the other person
has chosen that route. <-QUOTE}
A simple user or an independent tester will never walk together with a
devoted software promoter (=shill) and/or an ignorant (=blind) fanboy/fun(ny)boy.
Objectivity can never be aligned with biased thinking.
Instead of having hidden motives (i.e. promoting software 'X' by pretending the happy customer),
I prefer to be overly boorish (if this is the way you judge my writings.
BTW, I've never made personal comments against you or any other member).
{QUOTE-> It happens, it's how you react to the situation that matters. <-QUOTE} This is the way I react to the ones who don't have the strength to
admit that they are not simply happy/satisfied users.
Why don't they have the courage to admit it?
Is it a crime to have a signature saying "Official Reseller of product X"?
No, it is not a crime. Simply, it is more convenient to pretend the happy user of product 'X'.
By using this method, it is easier for them to influence -especially novice- users.
I have nothing against the ones who -Openly- come here as representatives
of various software vendors. We know who they are, and we respect what they stand for.
{QUOTE-> Let's face it - look at the avatars and signatures around you (including your own) as well as the discussions in progress - many users seem to define themselves by the products they use. <-QUOTE} Having a signature/avatar doesn't -automatically- make you an official promoter of product X'.
However, there are members, even without a signature and/or avatar,
who are not simply "define" themselves by the products they use.
These members Hijack specific threads and try to stick the products they sell to our face.
For example, I use Sandboxie, ThreatFire, Rollback etc.
(I have NO Official/Unofficial relationship with any software vendor).
-Have I ever said that these are the best products, 100% protection, better than the rest ones?
-Have I ever attacked on someone who uses different brands of similar products?
No, I haven't. And I will never do it.
On the other hand, I am not eager to passively agree with what some guys come here
to sell. Especially when they do it in an indirect (i.e. sly) way; the shills' way.
{QUOTE-> I have to ask - if they're really hackers, why would they even bother? <-QUOTE} Because, Wilders is among the places where some (Black & White Hat) Hackers
1. Love to read what shills write about their "Bullet-Proof" security software
(which in turn can be compromised even in seconds. But that's another story.)
2. Read about the results of highly respected -or not- testing sites for security software.
Then, breaking-down the top scorers easily. Imagine what will happen to the low-performers..
Especially, read fascinating/revealing stories about the 'nurturing' relationships between
some security software vendors and some testing sites.
(F-Prot & Dr.Web with AV-C), (AV-Test with Eset), (OA & Comodo with Matousec) etc.
3. See how Shills or ignorant fanboys/fun(ny)boys so intensively antagonize each
other for software that turns to be full of security holes.
4. Read the comments of many 'experts' presenting their security setup
and characterizing it as '100% Protection', 'Total Protection', 'Total Malware Lock'
and other fancy titles.

And the list is countless...

Good Bye

{QUOTE-> Dear subset,

On the other hand, I've seen many ones, who used
-only- a free AV and the Windows XP Firewall,
being heavily infected; and I don't talk about risky-surfers.
They have been provocatively ignorant -about the basic security rules-
and they overlooked that their PC was infected.
Only when their PC got so badly infected that couldn't start/reboot etc., they
realized their ignorance. For a long time, they believed that everything was O.K.
They had not even taken a backup of their personal data, and they lost everything.

To be back on the subject of this thread:
-If the well-advertised security products can be easily compromised, imagine
what can happen to the free (=limited=cut down) versions of them.
-If Hackers can easily break-down the layered defense of corporate security software,
imagine what can happen to the average users who protect themselves
with the Home versions of security software.

Two more points to dissolve/avoid further misunderstanding:
>Bringing these issues into the light is one thing.
>Creating panic just to sell product 'X' is another thing; an unethical one.
<-QUOTE}


Ok, so what should i do? i have Vista and use right now Avira and windows firewall, so what should i add to keep me not infected?

A healthy dose of paranoia.

{QUOTE-> As far as I know dfk doesn't even try to disable or shut down Comodo nor EQSecure.
This is no offense against the self protection of Comodo or EQSecure, for sure they have a solid one.
I am only afraid that dfk is not a usable self protection test for both.

Cheers <-QUOTE}


hmm wasn't aware of that, however the system shut down simulator test trys to shut them down and it can't. and I have both comodo and eqsecure both protecting each other from being shut down. So it would be highly unlikely for them to be shut down.

{QUOTE-> Dear Blue,

A simple user or an independent tester will never walk together with a
devoted software promoter (=shill) and/or an ignorant (=blind) fanboy/fun(ny)boy.
Objectivity can never be aligned with biased thinking.
Instead of having hidden motives (i.e. promoting software 'X' by pretending the happy customer),
Good Bye <-QUOTE}
Chill out buddy, it's not the end of the world... yet ;)

{QUOTE-> A healthy dose of paranoia. <-QUOTE}
Nicely said ;D

{QUOTE-> Ok, so what should i do? i have Vista and use right now Avira and windows firewall, so what should i add to keep me not infected? <-QUOTE}

Here are five tips:

Use LUA
Use User Account Control (UAC) by running Limited User Account. When you can not deal with the elevation prompts, simply use Tweak UAC and use LUA/UAC in quiet mode (although it is a bit less secure).

When you see you screen darken every now and then, you already running LUA. Keep it that way.

Easy outbound FireWall control
Try Vista Fire Wall Control 1.3 It is free and easy to use. Adds outbound protection while using Vista's Firewall engine (make sure you download the correct 32/64 bits version).

Free easy to use Sandbox/surf guard
Download HauteSecure (make sure you download the correct 32/64 bits version). Install and forget. It is still in Beta, but we use it for several months without a problem.

When your internet service provider does not faciliate email scanning
Use Avast free. It comes with mail/web/P2P shields and a lightweight NIDS. Runs a little faster on our Vista64 dual core than Avira (but that is a matter of taste/personal preference, we have Avira on the XP-box single core)

Use common sense
When you download cracks/serials you ask to be infected, so stay away from those sites (Haute Secure will warn you for it).

With that you will be fine

Regards Kees

{QUOTE-> Ok, so what should i do? i have Vista and use right now Avira and windows firewall, so what should i add to keep me not infected? <-QUOTE}

I use windows xp firewall plus what is listed on my signature, and I have never been infected since using PCs starting in 1981. It is not about being low-risk, in fact, it is the opposite. So the conclusion I have drawn and stated on this site many times to the consternation of the true-believers, is that about 99% of the threats are imagined- not real. But cover yourself on the 1%.

{QUOTE-> Here are five tips:

Use LUA
Use User Account Control (UAC) by running Limited User Account. When you can not deal with the elevation prompts, simply use Tweak UAC and use LUA/UAC in quiet mode (although it is a bit less secure).

When you see you screen darken every now and then, you already running LUA. Keep it that way.

Easy outbound FireWall control
Try Vista Fire Wall Control 1.3 It is free and easy to use. Adds outbound protection while using Vista's Firewall engine (make sure you download the correct 32/64 bits version).

Free easy to use Sandbox/surf guard
Download HauteSecure (make sure you download the correct 32/64 bits version). Install and forget. It is still in Beta, but we use it for several months without a problem.

When your internet service provider does not faciliate email scanning
Use Avast free. It comes with mail/web/P2P shields and a lightweight NIDS. Runs a little faster on our Vista64 dual core than Avira (but that is a matter of taste/personal preference, we have Avira on the XP-box single core)

Use common sense
When you download cracks/serials you ask to be infected, so stay away from those sites (Haute Secure will warn you for it).

With that you will be fine


Regards Kees <-QUOTE}

Avast free ? Really ? I recall that the Avast forum got hacked, that doesn't inspire confidence.

{QUOTE-> Avast free ? Really ? I recall that the Avast forum got hacked, that doesn't inspire confidence. <-QUOTE}
Forums getting hacked is a reality, no matter what the field is. The forum software is not one of alwil's products btw. So I fail to see how that would inspire unconfidence.

{QUOTE-> Forums getting hacked is a reality, no matter what the field is. The forum software is not one of alwil's products btw. So I fail to see how that would inspire unconfidence. <-QUOTE}

Apparently the company that produces Avast was careless enough to allow its forum to get hacked.

You don't see a high-profile forum like McAfee's getting hacked, do you ?
I suggests carelessness.

{QUOTE-> You don't see a high-profile forum like McAfee's getting hacked, do you ? I suggests carelessness. <-QUOTE}
Suggest all you want :) It's not that simple. It depends on the forum software, its vendor, the number and nature of vulnerabilities available, and how fast the vendor is willing and able to patch them. After that comes the end user and their patching policy.