Compromised Computers Host an Average of 3 Malware Families

Discussion in 'malware problems & news' started by ronjor, Sep 3, 2009.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    Article
     
  2. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Thanks Ron. Know several people that have been infected recently. Most think just an AV and a firewall is all they need.
     
  3. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Interesting how far the trust in AV's and Firewalls has slipped on this forum.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Trusting in software implies personification. You should use the tools that do the right job, whatever they are. It's just code, after all.

    As to using AV + firewall for security, well you can, but it means nothing either way. You can get happily without or you can use them and still get into trouble. The user is the weakest link.

    Mrk
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    The problem with trusting or not trusting security software is that the focus is on the software as the solution, rather than software complementing policies and procedures. This is evident if you've talked with many first-time buyers of a computer from a retail outlet, where they've walked out the door having been sold an Anti-virus product recommended by the sales person, but have no idea what all of this malware stuff is about.

    Many people get along fine with an AV and firewall. Others with just a firewall and properly configured browser. Their success is due to having learned something about safe computing and how malware exploits work. They are not likely to become a part of the growing club of victims of rogue security products scams, a recent one being:

    Fake anti-virus
    http://isc.sans.org/diary.html?storyid=7066
    Earlier this year I visited a local custom computer shop where I know a couple of the tech people. In asking what types of problems they were seeing, their response: "90% user error."

    The solution is obvious, just not easy to implement on a wide scale.



    -rich
     
  6. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    You're speaking in a very technical point of view - which is obviously correct.

    But you belong in the category that isn't likely to get ripped off paying for scamware and so on. I think the average user has no concept, or very little, of the socially engineered scamwares and software fallibility that you are aware of. Also, I think the average user definitely has no idea how bad the current situation is, with regards to vendors not being able to stay ontop of the daily fakeware creations.

    The old cliche of an anti virus and a firewall being the mainstay of your internet protection needs to move on, so yeah, I agree - smart computer advisory comes ahead of those two dinosaurs.

    -------------------------------------------------​

    Rmus.

    About a week ago I was explaining to some guy the problem with fakeware and non legit download locations advertised on google, yahoo, etc. He was absolutely astonished at the complexity of the problem. He got the socially engineered aspect, but when I explained he would still be at risk as many vendors cannot keep up with the quantity of fakeware being produced, it made him, and me, realise the problem at hand - Whether or not people fall for the scam, paying someone else to remove the fakeware is a scenario for many.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Yes, it is a complex problem, but part of the solution is to also explain to people to check reviews of a particular product. Nortel and Windows Police Pro are two recent fakes. If someone found these on a download site, a quick search on the internet would reveal that they are rogues. These were at the top of their search list:

    Remove Nortel Antivirus, removal instructions
    www.2-spyware.com/remove-nortel-antivirus.html
    How to remove Windows Police Pro Virus
    http://www.softsailor.com/how-to/67...o-virus-windows-police-pro-virus-removal.html
    I tell people that if they can't find numerous positive reviews of a product, to avoid it.

    As far as legitimate programs on non-ligit sites, the old advice to purchase/download from the vendor itself is still sound.

    ----
    rich
     
  8. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Not sure if they are unlucky or if they visit dangerous websites. If someone asks me I tell them AV and firewall a must and make sure all there software (browser, MS office, adobe reader, etc.) fully patched and to check our some sort of HIPS/sandbox software. I think many people know to allow MS updates, but how many think to make sure all their Internet facing software is up to date. Also, answered you pm. Sorry it took so long, but don't check pm's very often.
     
Loading...
Thread Status:
Not open for further replies.