Attacking Anti-Virus Software

Discussion in 'other anti-virus software' started by De Hollander, Mar 31, 2008.

Thread Status:
Not open for further replies.
  1. Nike_P

    Nike_P Registered Member

    Joined:
    Mar 30, 2008
    Posts:
    122
    Location:
    Europe
    but hey guys all this HIPS talking here, isn´t there enough to use nod32 or avira?
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Only if you know where their weaknesses are.

    Otherwise you're just basically putting blind faith in them.
     
  3. SecOmnius

    SecOmnius Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    70
    Location:
    In the Light of PARTHENON
    Dear subset,

    On the other hand, I've seen many ones, who used
    -only- a free AV and the Windows XP Firewall,
    being heavily infected; and I don't talk about risky-surfers.
    They have been provocatively ignorant -about the basic security rules-
    and they overlooked that their PC was infected.
    Only when their PC got so badly infected that couldn't start/reboot etc., they
    realized their ignorance. For a long time, they believed that everything was O.K.
    They had not even taken a backup of their personal data, and they lost everything.

    To be back on the subject of this thread:
    -If the well-advertised security products can be easily compromised, imagine
    what can happen to the free (=limited=cut down) versions of them.
    -If Hackers can easily break-down the layered defense of corporate security software,
    imagine what can happen to the average users who protect themselves
    with the Home versions of
    security software.

    Two more points to dissolve/avoid further misunderstanding:
    >Bringing these issues into the light is one thing.
    >Creating panic just to sell product 'X' is another thing; an unethical one.
     
    Last edited: Apr 1, 2008
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    When you run as limited user in a reasonable solid OS like Unix with a decent Router (including SPI/DPI), I would say yes.

    On the CanSecWest conference (Vancouver) the Mac-OS was hacked within two minutes, Vista was brought down it knees on the third day, while Unix kept proudly standing. See http://cansecwest.com/post/2008-03-20.21:33:00.CanSecWest_PWN2OWN_2008


    On this forum people tend to talk a lot about the impact of a intrusion, while the risk formula is : severity of threat = impact x likelyhood (chance). There are two ways of not getting harmed:
    1) Wearing a harness when walking in streets
    2) Staying out of risky places (only known safe spaces)




    Regards Kees
     
    Last edited: Apr 1, 2008
  5. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    It is not really fair, the guy new in advance there was a weakness (exploit) with the safari browser.
    Otherwise he would not succeed to do this in such a short time.
    Now it looks as if MacOS is unsafer then Windows.
    People who work on multiple OS-es included MacOS know better.

    That is why there are more then 8 Million pieces of malware out there
    that can hurt you fully patched Windows system,
    and how many are there for MacOS ..(that can really hurt your system) ?

    Most MacOS users never used a antimalware program.

    So especially if you look at the percentage of users with a system that has problems because of malware MacOS is excellent.

    It would have been better if they asked every person to hack all systems
    within 3 days a piece, and see what the result would be with that.

    If there was somebody who knew a Vista exploit on forehand the
    result would be different as well, or are there any it took 3 days,
    but does that mean it is better protected ?

    Is it so that any of the OS-es has proven to have more exploits
    after the tests?

    This test can be arranged several times, with any OS being first and last at any time.

    Nevertheless it is good that MacOs users know that even their system is not full proof.

    Safari is not a very safe browser on any system, what would happen if they had tested it on another OS.
    And what about Opera on MacOS :>)

    The test results are very oversimplified near my opinion.
    But i am glad ,that some Vista users are happy they bought the safest OS in the world,
    it might be more expensive then Solaris that can run on a 256 processor platform , but it is so safe that if MacOS users don't need security software, you certainly don't need that for Vista.

    By the way this post was written on a XP system :D
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Looks like the Apple fanboys are out in full force.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Funny how at least one Mac fan just . .

    . . . has proven Solcroft's earlier answer

    ,,,,because it seems to me a big feat to know how much really can harm the Mac OS ;)
     
  8. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    Sorry but i am a ESET/NOD32 fanboy :p

    Let me guess, Microsoft fanboy :D

    I think that Apple is far to expensive with their Hardware ..

    But i don't think it is honest for people that are reading this forum
    and never worked on MacOS Linux, Solaris, Hp-UX etc. etc to give them the impression that Windows is safer.

    But again, i earn my money in the Antimalware industry and not for MacOS,
    even then i think you can write something like this.
    Some people can't work with anything else then Windows anyway ;)
     
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    So I guess it's worse than it sounds. The vulnerability is known to hackers, and there's no patch for it.

    Computer security is a dynamic and ever-evolving field. Those hopelessly stuck within the preconceptions of the past and believe in their own propaganda are the very ones doomed to fail.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last edited: Apr 1, 2008
  11. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    I can agree with that !
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Do you really think that? I'd say that 90 % of Mac users are security analphabets whom think that **** can't happen to them. Add this to the growing number of new Mac users and their higher than average online/general spending and you have a tasty recipe for crimeware. The Mac OS Zlobs are the first step.
     
    Last edited: Apr 1, 2008
  13. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
  14. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    It takes two to have either a productive or unproductive exchange. I've never felt the need to become overly boorish, even if the other person has chosen that route.
    It happens, it's how you react to the situation that matters.
    Let's face it - look at the avatars and signatures around you (including your own) as well as the discussions in progress - many users seem to define themselves by the products they use. It's true with security software and, invoking the obligatory automobile based analogy, it's true with cars. To me, these are tools, not an affirmation of a lifestyle.
    I've never really felt the need to devote the time required to distinguish among these options.
    I tend to agree, although I'd throw in that the flood of divergent market options to address the same end result has also confused the end-user market. The current situation is not sustainable. There are too many options per category and too many categories with overlapping functionality. While it is hard to know who to believe, it's often much easier to identify those one should generally disbelieve.
    I have to ask - if they're really hackers, why would they even bother?

    Cheers,

    Blue
     
  15. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    @ERIKALBERT

    a bit off-topic , but with a educational value ..

    Since i never used this product (but use shadowuser) is it reliable?
    Have you restored form these backups often?
    Not that i doubt the brand, never had anything to complain about that.
    But i never used this, and it might be something that i like to test, but it is the kind of software that you must be able to rely on.
    The software that i am using now, in the same category ,is not able to restore backups on different hardware. (no brand names here)

    o_O
     
  16. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156

    no I disagree because if you go find an antivirus with good self protection, the chances are that the anti virus won't have as a good a detection as others.

    use a hips instead, a good hips program can protect your av from being modified or shut down.
     
  17. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    What would your suggestion be?
    Isn't a HIPS program vulnerable to shutdown as well?
     
  18. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    not all HIPs are vulnerable to shutdown.
     
  19. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I know and I wasn't saying that (I'm just guessing that some of them CAN be shutdown). What HIPS program would you recommend personally?
     
  20. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I've done numerous backups and restores with ShadowProtect Desktop without any failure.
    SPD v3 has also Hardware Independent Restoration (HIR). I have no practical experience with HIR, but Peter has and was satisfied.
    Do a "Request Full Evaluation" in order to get the Recovery CD, because the "30 Day Free Trial" is without Recovery CD and that is not good for testing.
    After that you can download an ISO-file and create the CD, which is ready-to-use as Recovery CD and as Installation CD of SPD.
    Peter can inform you better, because he has several PC's, he uses more functions and has done alot of tests. I have only one computer for hobby and work, not for business, but I like to have a very reliable professional Image Backup software
     
  22. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    As far as I know dfk doesn't even try to disable or shut down Comodo nor EQSecure.
    This is no offense against the self protection of Comodo or EQSecure, for sure they have a solid one.
    I am only afraid that dfk is not a usable self protection test for both.

    Cheers
     
  23. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    @ErikAlbert

    Thanks !

    :thumb:
     
  24. SecOmnius

    SecOmnius Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    70
    Location:
    In the Light of PARTHENON
    Dear Blue,
    A simple user or an independent tester will never walk together with a
    devoted software promoter (=shill) and/or an ignorant (=blind) fanboy/fun(ny)boy.
    Objectivity can never be aligned with biased thinking.
    Instead of having hidden motives (i.e. promoting software 'X' by pretending the happy customer),
    I prefer to be overly boorish (if this is the way you judge my writings.
    BTW, I've never made personal comments against you or any other member).
    This is the way I react to the ones who don't have the strength to
    admit that they are not simply happy/satisfied users.
    Why don't they have the courage to admit it?
    Is it a crime to have a signature saying "Official Reseller of product X"?
    No, it is not a crime. Simply, it is more convenient to pretend the happy user of product 'X'.
    By using this method, it is easier for them to influence -especially novice- users.
    I have nothing against the ones who -Openly- come here as representatives
    of various software vendors. We know who they are, and we respect what they stand for.
    Having a signature/avatar doesn't -automatically- make you an official promoter of product X'.
    However, there are members, even without a signature and/or avatar,
    who are not simply "define" themselves by the products they use.
    These members Hijack specific threads and try to stick the products they sell to our face.
    For example, I use Sandboxie, ThreatFire, Rollback etc.
    (I have NO Official/Unofficial relationship with any software vendor).
    -Have I ever said that these are the best products, 100% protection, better than the rest ones?
    -Have I ever attacked on someone who uses different brands of similar products?
    No, I haven't. And I will never do it.
    On the other hand, I am not eager to passively agree with what some guys come here
    to sell. Especially when they do it in an indirect (i.e. sly) way; the shills' way.
    Because, Wilders is among the places where some (Black & White Hat) Hackers
    1. Love to read what shills write about their "Bullet-Proof" security software
    (which in turn can be compromised even in seconds. But that's another story.)
    2. Read about the results of highly respected -or not- testing sites for security software.
    Then, breaking-down the top scorers easily. Imagine what will happen to the low-performers..
    Especially, read fascinating/revealing stories about the 'nurturing' relationships between
    some security software vendors and some testing sites.
    (F-Prot & Dr.Web with AV-C), (AV-Test with Eset), (OA & Comodo with Matousec) etc.
    3. See how Shills or ignorant fanboys/fun(ny)boys so intensively antagonize each
    other for software that turns to be full of security holes.
    4. Read the comments of many 'experts' presenting their security setup
    and characterizing it as '100% Protection', 'Total Protection', 'Total Malware Lock'
    and other fancy titles.

    And the list is countless...

    Good Bye
     
  25. Nike_P

    Nike_P Registered Member

    Joined:
    Mar 30, 2008
    Posts:
    122
    Location:
    Europe

    Ok, so what should i do? i have Vista and use right now Avira and windows firewall, so what should i add to keep me not infected?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.