Blows

Discussion in 'other security issues & news' started by Rico, Aug 19, 2009.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Guys,

    Recently helping my sister, who runs Vista, Windows Defender,& McAfee, I found allot of malware. She runs with UAC on, I'm not sure if UAC has been turned on/off, or she just routinely 'allows' everything. Her list of start-up items was about 30 - 40 items, some known malware. We were identifying startups when the malware was observed. I had her stop, download SAS & run a scan. The scan contained memory, registry & file malware to the tune of 780 items, marked for quarantine & deletion.

    How can Windows Defender, McAfee, & UAC be so lousy to allow so many malware, to install?

    Can average people trust, the default security apps, thrust upon them when purchasing?

    Rico
     
  2. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Can UAC be bypassed? I dont think ive heard of such a situation, but i just may be ignorant of this issue. What exactly are the weaknesses of UAC?
     
  3. wat0114

    wat0114 Guest

    The weaknesses lie not with UAC, but with the end user allowing the malicious file to run.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    The default settings suck. You need to enable most of the protection.
     
  5. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    You're right but Im just curious, does UAC have any weaknesses and can it be bypassed?
     
  6. wat0114

    wat0114 Guest


    I don't know. I would think under a limited account, at least, it is quite robust.
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    As mentioned, the user is the biggest weakness.
    Mrk
     
  8. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Ok! But Vista comes with 'Windows Defender' + it's Firewall enabled, plus Mcafee AV AS, this is as main stream as you can get & does not stop anything. Granted folks here, know this is not much defense, but the average person going into best buy, is in for a rude awakening or false sense of security. Which just seems wrong, for majors in the security industry.

    Rico
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I don't know anything about Windows Defender. I don't have any experience with Vista, but that shouldn't matter. What type of Vista (home basic, premium, ultimate) does she use ?
    Is McAfee always 'on', scanning real-time, and up to date ? Any missing components ? What version (SecurityCenter, Antivirus, engine etc) does she have ? Does she perform on demand scans regulary ?
    I don't know WHEN she got the infections. These days McAfee is pretty good, especially with Artemis (called 'active protection', somewhere in the menus) enabled. Of course, it won't catch all.
    McAfee shouldn't have allowed this. Can you provide more information ? I might be able to provide useful information. I have used McAfee for years, until recently.

    No AV will provide 100 % protection, the user needs to practice 'computer hygiene', like not clicking on ads, not responding to spam, installing patches, making sure a program is safe before downloading it.

    What browser does she use ? I find the default security settings in IE 7 insufficient.

    780 items ? :blink:
    I wouldn't trust a computer that is that heavily infected. How would you know you got them all ? My suggestion would be to back up all data, wipe (DBAN), reinstall Vista and the rest. Scan the data for malware before restoring it. Make sure you have the necessary drivers/CDs before doing this !

    If you decide not to reformat, I'd recommend a more thorough cleaning of the system. You could try Avira live CD/Avira rescue CD, Dr Web live CD, trial version of Counterspy, MBAM. Perhaps it's wise to ask for professional assistance, for example on www.bleepingcomputer.com. Combofix can be used, but it's a tool for experts.

    Btw, what kind of malware ? Cookies, rootkits, trojans, adware ?
     
    Last edited: Aug 19, 2009
  10. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    btw as default windows defender only gets updated once a week via windows update.
     
  11. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Thanks Guys,

    Absolutely proiblem is with user no doubt about! The problem is marketing PC's in general, while downplaying (not mentioning) security. Should the subject come up at the time of sale, it's glossed over with, that's covered by ... , apps that don't do the job, aka WD & McaFee etc. The end user knowledge, I'm seeing (I'm new to cleaning other, peoples machines) is like: Buying a new car (with 0 knowledge about cars) running out of gas, and calling a mechanic to fix the broken car. I've seen more than once peoples frustrations, with malware swearing off PC's & joining the Apple crowd. What this says is, with the exception of forums like "Wilders" security is ignored & the user should not be concerned.

    Fly - Thanks for the informative/supportive post, my sister, in another state typifies the above end user I'm seeing lately. I asked my sister If she had a blank "CD" her answer was no. I thought guide her through & running an Avira rescue disc.

    Real world is not the folks posting here @Wilders, & I guess I'm still somewhat shocked, by the lack of knowledge.

    Rico
     
  12. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    Hi there,

    I think your sister needs something like Shadow Defender or Returnil. She can download freely anything and when she restarts her computer, nothing good or bad will be there. They are very simple to use.

    I use Vista most of the time, and even with only UAC and WD it would be difficult to get infected, unless one allows anything. McAfee would not be my choice of antimalware, but it's not a bad AV and 780 items are really too many.
     
  13. Dogbiscuit

    Dogbiscuit Guest

  14. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Guys,

    Dogbiscuit - Wow! I thought UAC was like SuRun or DropMyRights, porous protection = pseudo security.

    Osban - I agree! My favorite security app is "ShadowDefender"... Why are SD & Returnil snubbed by the big publication (PC World etc)? Big all in one, security apps from ( corporate America ) are featured in the mags. I guess it's a function of "Ad dollars" buy full page ads & you will be featured or discussed.
    The security industry needs, must have, the bad guys, resulting in the dog chasing it's own tail.

    Will Windows 7 virtual feature, make Returnil & SD also rans? Like UAC was supposed to make SuRun & DMR not necessary?
     
  15. Dogbiscuit

    Dogbiscuit Guest

    From: Inside Windows Vista User Account Control, by Mark Russinovich.
     
Thread Status:
Not open for further replies.