Panda Failure

[Konata Izumi]

I love conficker, I hope someone can find one for me.. i need it
@TOPIC
sandboxie that computer~
mvpshost that~ (optional)

and you take care of the rest.

[Gasp]

You are looking for conficker?

[Konata Izumi]

yes. I will throw it on ClamAV-Immunet to see if it can detect it.

[Ibrad]

We are not allowed to share malware urls on this site.

[ronjor]

Trading malware or pointing to sources is not allowed on Wilders.

[falkor]

Holy crap !!! I hope someone figures something out on this . I have NEVER , and I mean , NEVER seen an AV miss most of that crap . I do not care what sites are visited . If Panda is truly at fault here , that is a huge thumbs down ! This is why I am concerned when people come here and send kudos to new antivirus apps without knowing detection rates and removal . There is something amiss here . I will not even go near saying anything about the OP as I have no reason to not believe him . However ; I also am at a loss as to how any AV could miss all of that . The OP is either mistaken OR Panda stinks bigtime . There is no reason for this kind of failure by any software competitor ! Easy way to check , although some would sy it is a cheap way out , is for Panda to test these one by one . I hope Panda will figure something out somehow .
Good luck

[Gasp]

Panda is not necessarily at total fault here. Without going back into the system and restoring all the infected files, we will never know what caused Panda to malfunction.

Like I said, I suspect a trojan has played with the signature files stopping panda from being able to detect anything. I would like to see Panda add some kind of "self-protection" for its own files to stop this from happening in the future. I think Norton has this feature. It would also be good if Panda could display a warning when the internet is off.

[Brocke]

Quote:

Originally Posted by ronjor

Trading malware or pointing to sources is not allowed on Wilders.

yeah to bad would make for good testing/troubleshoot.

but again understandable for beginners issues would happen

[Saraceno]

The original poster mentioned the logs might have showed his friend's kids etc, or someone, allowed the malware to get through.

All it takes is one threat to get through to do some serious damage. Panda cloud and threatfire are a pretty strong combo, but... a weak combo when the users don't know the difference between a rogue website alert and the antivirus/threatfire alert.

Whenever you install these programs on a friend's system, you have to download the eicar file, demonstrate to everyone how a file will be handled. Dial threatfire up to sensitivity of 4 or 5, show firefox connecting and the threatfire alert.

I'd say it's a user fail here. I'll quote me from yesterday, cause it applies to your friend!

Quote:

Originally Posted by Saraceno

At the end of the day, it's learning to hover the mouse cursor over a link or 'advertisement' and seeing where it points to (since I showed friends, they must look at where a link is taking them, and long random links are no go zones, no problems). People are clicking, and then asking, 'now where am I, what is this?'. Like opening random doors on the street, and asking whose house is this? Dude with a shotgun blows their head off.

I know browser re-directs happen, and some advertisements look legitimate, but people are clearly not spending that extra 10 seconds, to look at what and where they're clicking on. And when it comes to attachments, 'check this out, this is funny', they open it. Buddy, do you need a quick laugh at the risk of losing several months of important work? That'll be a way to take that smile from your face.

Security programs have to strike a fine balance between rock solid security, and a ton of prompts, and user convenience. Here's another analogy for the day, cause I love em. I get the car sideways as I leave my house coming into the first corner, I stomp on the (good old standard) brakes but crash into someone's front fence. Do I blame the car brakes as being poor?

[Saraceno]

Sandboxie and other programs won't be any good, if the user allows a file to be recovered that's malicious. Or a user learns how to commit a file to the real drive (shadow defender).

Shadow Defender could be setup with 'password control' on the right-click and committing of files to the real environment, and could bet set to continue after reboot. So it's always in shadow mode.

But you'd have to ask yourself, who allowed the files? Maybe it wasn't the kids!

[Noob]

I've tried Panda Cloud and IMO it's very capable

I can't believe your friends computer could run with all that LOL
By that time that PC won't even boot up

[hawki]

Quote:

Originally Posted by falkor

Holy crap !!! I hope someone figures something out on this . I have NEVER , and I mean , NEVER seen an AV miss most of that crap . I do not care what sites are visited . If Panda is truly at fault here , that is a huge thumbs down ! This is why I am concerned when people come here and send kudos to new antivirus apps without knowing detection rates and removal . There is something amiss here . I will not even go near saying anything about the OP as I have no reason to not believe him . However ; I also am at a loss as to how any AV could miss all of that . The OP is either mistaken OR Panda stinks bigtime . There is no reason for this kind of failure by any software competitor ! Easy way to check , although some would sy it is a cheap way out , is for Panda to test these one by one . I hope Panda will figure something out somehow .
Good luck

ummmm:

http://www.pcmag.com/image_popup/0,1...=247315,00.asp

"When I opened a folder containing my collection of malware samples, Cloud Antivirus started deleting them right away. Over a period of several minutes it wiped out 80 percent of the samples. It neutralized a few of them as suspicious rather than deleting them outright. Since the neutralized files can't launch, the effect was the same. These files get a special icon in Windows Explorer—a picture of a panda with a question mark.

When I attempted to install the remaining samples, the real-time protection caught all but one. Panda Cloud Antivirus's score of 9.7 points in this test puts it in a tie for first place with Spyware Doctor. It was also effective at blocking installation of commercial keyloggers. With 9.0 points on that test, it edged out previous top scorer Prevx 3.0. True, I don't give as much importance to the keylogger test, but I still celebrate success in that area.

Cloud Antivirus detected every single one of my rootkit samples from both the malware and keylogger collections. It successfully prevented installation for all of them, scoring a perfect 10. Spyware Doctor comes in second, with 9.4 against rootkits. Cloud Antivirus also scored a perfect 10 for blocking scareware (rogue security software), joining the eight other products that have achieved that top score. "

http://www.pcmag.com/article2/0,2817,2355844,00.asp

[Saraceno]

Or install DefenseWall with Panda. Actually, the original one of threatfire and Panda is fine, but the alerts were ignored. Definitely look into how everyone is using the pc, were they using an old version of IE, was it firefox or chrome with WOT or mcafee's site advisot installed (both excellent add-ons, block most malware sites)?

[falkor]

I misread . My apology . So , other people may have been on his computer . That can certainly explain what happened .

[lubieplacki]

Quote:

Originally Posted by pbust

I'm sorry but I find this a little hard to believe.

Agree with this. I know that Panda is not super antivirus, but this is impossible.

I think that 1st post is a provocation, lie. Or something like that.

[Saraceno]

I actually believe the whole system was compromised through user choice and error. For example, similar to me taking files out of quarantine, selecting restore, and letting them run all they want.

[pbust]

Quote:

Originally Posted by Saraceno

I actually believe the whole system was compromised through user choice and error. For example, similar to me taking files out of quarantine, selecting restore, and letting them run all they want.

Good point Saraceno!

Gasp, can you provide the PCA detection log to see if, in addition to the lack of connectivity, this may have happened? (user restoring malware from the Recycle Bin and allowing it to run).

[doktornotor]

Well, my € 0.02:

For similar users, you need at minimum:

- LUA with no priviledge escalation possible
- SRP limited to %ProgramFiles% and %WINDIR%, again no exceptions
- AV which is password-protected and will not let the user select any action or override or disable it

plus I'd personally run all their browser in forced sandbox. Honestly, with such horrible usage habits they'd be better off switching to Linux.