Blows

Hi Guys,

Recently helping my sister, who runs Vista, Windows Defender,& McAfee, I found allot of malware. She runs with UAC on, I'm not sure if UAC has been turned on/off, or she just routinely 'allows' everything. Her list of start-up items was about 30 - 40 items, some known malware. We were identifying startups when the malware was observed. I had her stop, download SAS & run a scan. The scan contained memory, registry & file malware to the tune of 780 items, marked for quarantine & deletion.

How can Windows Defender, McAfee, & UAC be so lousy to allow so many malware, to install?

Can average people trust, the default security apps, thrust upon them when purchasing?

Rico

 

Can UAC be bypassed? I dont think ive heard of such a situation, but i just may be ignorant of this issue. What exactly are the weaknesses of UAC?

 

The weaknesses lie not with UAC, but with the end user allowing the malicious file to run.

 

The default settings suck. You need to enable most of the protection.

 

You're right but Im just curious, does UAC have any weaknesses and can it be bypassed?

 

I don't know. I would think under a limited account, at least, it is quite robust.

 

As mentioned, the user is the biggest weakness.
Mrk

 

Ok! But Vista comes with 'Windows Defender' + it's Firewall enabled, plus Mcafee AV AS, this is as main stream as you can get & does not stop anything. Granted folks here, know this is not much defense, but the average person going into best buy, is in for a rude awakening or false sense of security. Which just seems wrong, for majors in the security industry.

Rico

 

I don't know anything about Windows Defender. I don't have any experience with Vista, but that shouldn't matter. What type of Vista (home basic, premium, ultimate) does she use ?
Is McAfee always 'on', scanning real-time, and up to date ? Any missing components ? What version (SecurityCenter, Antivirus, engine etc) does she have ? Does she perform on demand scans regulary ?
I don't know WHEN she got the infections. These days McAfee is pretty good, especially with Artemis (called 'active protection', somewhere in the menus) enabled. Of course, it won't catch all.
McAfee shouldn't have allowed this. Can you provide more information ? I might be able to provide useful information. I have used McAfee for years, until recently.

No AV will provide 100 % protection, the user needs to practice 'computer hygiene', like not clicking on ads, not responding to spam, installing patches, making sure a program is safe before downloading it.

What browser does she use ? I find the default security settings in IE 7 insufficient.

780 items ?
I wouldn't trust a computer that is that heavily infected. How would you know you got them all ? My suggestion would be to back up all data, wipe (DBAN), reinstall Vista and the rest. Scan the data for malware before restoring it. Make sure you have the necessary drivers/CDs before doing this !

If you decide not to reformat, I'd recommend a more thorough cleaning of the system. You could try Avira live CD/Avira rescue CD, Dr Web live CD, trial version of Counterspy, MBAM. Perhaps it's wise to ask for professional assistance, for example on www.bleepingcomputer.com. Combofix can be used, but it's a tool for experts.

Btw, what kind of malware ? Cookies, rootkits, trojans, adware ?

 

btw as default windows defender only gets updated once a week via windows update.

 

Thanks Guys,

Absolutely proiblem is with user no doubt about! The problem is marketing PC's in general, while downplaying (not mentioning) security. Should the subject come up at the time of sale, it's glossed over with, that's covered by ... , apps that don't do the job, aka WD & McaFee etc. The end user knowledge, I'm seeing (I'm new to cleaning other, peoples machines) is like: Buying a new car (with 0 knowledge about cars) running out of gas, and calling a mechanic to fix the broken car. I've seen more than once peoples frustrations, with malware swearing off PC's & joining the Apple crowd. What this says is, with the exception of forums like "Wilders" security is ignored & the user should not be concerned.

Fly - Thanks for the informative/supportive post, my sister, in another state typifies the above end user I'm seeing lately. I asked my sister If she had a blank "CD" her answer was no. I thought guide her through & running an Avira rescue disc.

Real world is not the folks posting here @Wilders, & I guess I'm still somewhat shocked, by the lack of knowledge.

Rico

 

Hi there,

I think your sister needs something like Shadow Defender or Returnil. She can download freely anything and when she restarts her computer, nothing good or bad will be there. They are very simple to use.

I use Vista most of the time, and even with only UAC and WD it would be difficult to get infected, unless one allows anything. McAfee would not be my choice of antimalware, but it's not a bad AV and 780 items are really too many.

 

Microsoft: UAC not a security feature

 

Hi Guys,

Dogbiscuit - Wow! I thought UAC was like SuRun or DropMyRights, porous protection = pseudo security.

Osban - I agree! My favorite security app is "ShadowDefender"... Why are SD & Returnil snubbed by the big publication (PC World etc)? Big all in one, security apps from ( corporate America ) are featured in the mags. I guess it's a function of "Ad dollars" buy full page ads & you will be featured or discussed.
The security industry needs, must have, the bad guys, resulting in the dog chasing it's own tail.

Will Windows 7 virtual feature, make Returnil & SD also rans? Like UAC was supposed to make SuRun & DMR not necessary?

 

From: Inside Windows Vista User Account Control, by Mark Russinovich.