Attacking Anti-Virus Software

Discussion in 'other anti-virus software' started by De Hollander, Mar 31, 2008.

Thread Status:
Not open for further replies.
  1. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
  2. SecOmnius

    SecOmnius Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    70
    Location:
    In the Light of PARTHENON
    Epitome of this article:

    "...end users have been putting so much faith in antivirus solutions,
    and have ignored the fact that antivirus software itself can be compromized
    ."

    As a Member of this Forum writes:
    "There is no Security; only degrees of Insecurity" (or something like that :D)

    If Hackers want..., they -certainly- can...:D
     
  3. Nike_P

    Nike_P Registered Member

    Joined:
    Mar 30, 2008
    Posts:
    122
    Location:
    Europe
    this is scary, because i never had issue with my anti-virus but today it disabled for the first time itself and i got a popup there it showed me that something was wrong..
    Right now i use Avira.
     
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    ..that is my subline ;)
    I never ignored it I watched how they did it.;)
    That is not scary it is logical, these assembler junkies can interfere and communicate with each little piece of cpu code that is the reason why they can misuse avs for their own purpose and even redirect and use as proxy.
    Kind of direct injected/written/redirected process memory (mainly in memory modifications likely even in cpu code)
     
  5. Nike_P

    Nike_P Registered Member

    Joined:
    Mar 30, 2008
    Posts:
    122
    Location:
    Europe
    so i am in danger here or what?
    what should i do to found if anyone is trying to disable my anti-virus?
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    well make sure you have an av with self protection and check there website everyso often to make sure there isnt a known remote or local exploit that needs to be plugged by an update.
     
  7. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I prefer to start my attack with a baseball bat.
     
  8. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    ...and with some minor change it could also be as following:

    "...end users have been putting so much faith in HIPS solutions,
    and have ignored the fact that HIPS software itself can be compromized."

    /C.
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Not to forget divers phrase:
     
  10. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    I like this one :thumb:
     
  11. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Does anyone know if NOD32 2.7 and 3.0 have self protection for program termination?
    What about Avira? Does it have self protection?
     
  12. Soujirou

    Soujirou Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    62
  13. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I wonder how much would avast! score with release version 4.8 which has a dedicated self-defense system...
     
  14. SecOmnius

    SecOmnius Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    70
    Location:
    In the Light of PARTHENON
    No objection. Everything can be compromised.
    I no longer trust the AV/AS scanners for being my primary protection.
    On the other hand, I have no BLIND trust in HIPS, too.
    That's why our last resort of defense has been the Instant System Recovery software
    and after it the Backup (Imaging) software.

    Only naive Funboys or Shills claim that their 'X' AV/AS scanner, or HIPS or Sandbox
    or ISR or Backup or whatever offers bullet-proof protection.
    -The first ones are ignorant enough to believe it.
    -The second ones simply want to promote their products.

    Some times, Hackers laugh so much here...:D:D:D
     
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Very true and a very good post.:thumb:
     
  16. Dwarden

    Dwarden Registered Member

    Joined:
    Apr 11, 2003
    Posts:
    176
    Location:
    Czech Republic
    only protection is EM shielded computer with self sustained powersource w/o access to internet lol :)
    sry for being offtopic but that's only what come to my mind
     
  17. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Yes, but the truth is bad for sales and marketing. Acronis is really my defense; if any of the "protectors" fail, you simply go back a day before the **** hit the fan. Real simple-real basic. I am not sure it matters which AV or HIPS you use. Just restore an image and you are back to a working system. No stress.
     
  18. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I certainly am no expert and I wouldn't even dare to claim that my AV/AS/Backup offers bulletproof protection, but I do think that the level of protection also depends on your needs and computer habits.
     
  19. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Just a simple question...., could we try to have a discussion without abusively trying to categorize and personalize the subject in terms of fanboys/funboys and shills? It's not necessary to make the underlying technical points, but it sure starts the discussion on a downward spiral. How about we all aim a little higher in the discourse?

    Blue
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I only trust ShadowProtect and then FDISR (Frozen) in that order.
    Both restore my computer in a fresh installed, malware-free and unused state.
    If FDISR fails and it will in the future, SP will do the job + my Zero Tool, if necessary.

    Once I turn ON my internet connection, I consider my system partition already as possibly infected, because I don't trust any of my security softwares to keep my computer clean. That's why I replace my system partition with a clean one during each reboot in order to remove the daily mistakes of all my security softwares. I only need my security software to stop the execution of malware during two reboots, because my boot-to-restore only removes malware during reboot and that is too late.
    FDISR is also constantly online and can't be trusted either and that's why I need ShadowProtect (+ Zero Tool) to get my FDISR back as it was. Until now FDISR isn't compromised, but that will happen one day.
    That's why I have a double recovery set : clean and daily.

    I don't use any security software based on blacklists or partly based on blacklists, only evergreens like Anti-Executable, DefenseWall HIPS, Sandboxie, ...

    Personally, I consider scanners as a sissy way to fight against malware. You don't win the malware war by running AFTER the bad guys and collecting their droppings. You have to run faster than them.
     
    Last edited: Apr 1, 2008
  21. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Sissy way or not, unfortunately it's the only way for 70-80% of computer users to fight the battle. Most people don't understand how other, more advanced, appz work I'm afraid.

    Then again, not everyone needs all kinds of appz to protect themselves on the web. It also depends on what YOU do when you're online.
    Go looking for trouble and you're bound to find it. Or doesn't this make sense?

    @ErikAlbert: Is ShadowProtect a StorageCraft product? Can it be compared to Acronis TI?
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  23. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    After reading the witepaper, this question comes in mind for me "Is it correct to asume that using a security product for protecting your "data" isn't enough anymore. And a end user wood be better off with a wider range of products.
     
  24. SecOmnius

    SecOmnius Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    70
    Location:
    In the Light of PARTHENON
    Dear Blue,

    There is NO way to have an -Objective- discussion with the fanboys/funboys and shills.
    Everytime, I say that I used/tested product 'X', but I did't like it because of the
    a), b), c) reasons, the fanboys/funboys and shills of product 'X' came and attacked on me.
    For example, in a previous thread, I wrote some things about several AS products
    I had used/tested. Then, some members moved/wrote against me. Who were they?
    After reading some previous posts of them, I clearly found that they were
    -Constantly- promoting a specific AS product.

    -Being a user who tests a lot of security products is one thing.
    -Being a naive/ignorant/blind/stupid fanboy/fun(ny)boy of a security product is another thing.
    -Being a shill, who came here to promote specific products and attack on
    the ones who dislike his products and have valid reasons to do so, is a PURE HYPOCRISY.

    Some last points:
    -We all saw what happened with av-comparatives and F-Prot.
    -We all saw the recent story with the last Matousec test, Comodo and Online Armor.
    Final Result: The average user doesn't know what to believe anymore.

    Like I said before: Sometimes, Hackers laugh so much here.
     
    Last edited: Apr 1, 2008
  25. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    the funny thing is, most of the people I know are not so called security experts,
    they are just ordinary users, they surf, share, skype or whatever.

    They run their desktops and labtops with a free av and the windows firewall
    (but only because the FW is active by default...).

    They sit in front of their computers for ten years or longer,
    but they don't ever use chkdsk, defrag, backup or such things.
    Nor do they even know what a HIPS, imaging tool or sandbox is good for.

    Most of them run their system for years without problems,
    which I know for sure, because if there is a problem, I'll be the first to be told.

    Sometimes I ask myself, what would they all think about all these bombastic lines from first-rated experts?
    Maybe "Outlandish! What a waste of time!"

    Cheers
     
Loading...
Thread Status:
Not open for further replies.