Free scanner + repair for infected JPEGs (for MS04-028)

Discussion in 'other anti-virus software' started by Wayne - DiamondCS, Oct 22, 2004.

Thread Status:
Not open for further replies.
  1. TheSnowGuy

    TheSnowGuy Guest

    ***Quote:
    Originally Posted by nadirah
    This JPEG scanner is just to help people clean their computers of this JPEG problem.
    Stefan Kurtzhals, from your posts I think you're about to turn this thread into an argument. I rather you stop posting in this thread, we guys on Wilders Security Forums have better things to do than to argue with you.
    ****
    ****************


    Wayne can hold his own in a debate an of that you can be fully certain.


    debates are many times a common practice in regards to computer security and related products. ...........
     
  2. Jxkrruzzn

    Jxkrruzzn Guest

    I was interested in the "discussion" too! No one ever learned anything without asking questions!!
     
  3. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Competitors to DCS/TDS would be ewido or Andreas Haak (cough cough) for example - IMHO the AT market is almost dead. At the VB in Chicago, all the *big* customers bugged us about spyware handling, no one is caring for trojans. BTW, I am expressing my personal opinion here, I do not represent the company here I am working for.

    Oh it is free and you can evaluate it. Better? How you define better? IMHO, no one can really test an av/at product without having written one - you simply don't know the *real* problems that you can use to measure the quality of the product.

    BTW, I find it quite disappointing that the author of such nice programs like TDS and ProcessGuard can't handle a technical discussion on a professional level. I stated why on-demand and on-access scanning are both *no* protection against the JPEG exploits if the exploit is delivered the *regular* way - and I made clear why I made that statement.
     
  4. TheSnowGuy

    TheSnowGuy Guest

    STEFAN SAID:

    ***BTW, I find it quite disappointing that the author of such nice programs like TDS and ProcessGuard can't handle a technical discussion on a professional level. ***



    ***********************************


    Stefan

    Greetings......speaking only for myself....may I RESPECTFULLY REQUEST that the discussion remain technical an not become a personal attack or what could be concieved as a personmal attack.....on anyone......the discussion is of interest to many....an any distraction would take away from its value.........an no purpose would be served..........
    Sir, thank you for whatever consideration you give my request. I am only a member here at the forum....an enjoy reading such discussions...if presented in a calmly manner.


    TheSnowGuy/ The Snowman
     
  5. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    Stefan Kurtzhals

    I am just one of those ordinary end user that is willing to try out something and learn about it. My knowledge on all the AT or AV is very limited really but I still want to try out free product to be frank.

    If the product is available to be tested then everyone should be given the choice to test it regardless of their knowledge. They can make up their opinion as far as I know.

    Yes, you can take the lead by asking technical questions and that's fine with me. I am just learning since my knowledge is limited. That's one way everyone learns.

    However, from the business point of view that's entire different story. I am just merely trying to say that in business competition is normal and gaining some sort of ground over competitors by asking deep technical questions to "discredit" or to gain confident from others can be rather common really and not at all surprising. It's competition after all. So that's normal practice. You should not take offence to that. I will ask you technical questions too if I am your business competitor. Just to gain ground. Or as an end user I will ask you to defence you claim too. Then I can make up my mind.

    Therefore, the most important thing is for someone to ask questions and for someone to provide alternative to what is available presently (JPEG scan). So if they don't have the knowledge to test out the AV/AT then those with slightly better knowledge should lead by asking technical questions rather than comment on the limited knowledge of end users.

    Also if there is an alternative, experts will then be able to test it out and come out with better explanation for the end users. If end user accept their explanation that's fine. If not that's fine too.

    As for the definition of better? It is for someone to agree and for someone to disagree. This forum provide the ground just to do that. Please don't take it as personal attack.

    By the way, I am still trying to understand the technical aspects of all those AV/AT ... etc.,

    :)

    P/s: So keep the question going ... I want to see the explanation of them all.
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Good post, Chew!

    I agree with that especially.
     
  7. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    I personally see a scan for JPEGS quite beneficial and well worth the effort to provide such a program.

    Reasons for this:

    Jpegscan scans for infected JPG's on the hdd, notifying and fixing the infection thus when viewing a jpeg, no harm can be done.

    How different is this from an On-demand anti-trojan program?

    The AT 'scans' the hdd for infections, these malware may just sit on the hdd doing nothing, yet if there is no such program to detect them 'on-demand' the user has the danger of actually running it and infecting themselves.

    This is NO DIFFERENT to an infected jpeg. Basically from what I've read, I can see that the point of view of some users stating "On-demand jpg scan is useless" therefore, to me I would assume that they think the same that an "On-demand anti-trojan is useless" too..... which is NOT the case.

    I have a collection of wallpapers on my hdd, I didn't download them by viewing them, I simply saved them to my hdd. If these were infected, and i did not have jpeg scan, I would be in serious trouble.
     
  8. Raffles

    Raffles Guest

    "We" guys on Wilders Security forum, agree . :)
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I agree that the Jpeg scanner has it's uses, it's not the 100% cure, nothing is

    Yes it will not protect you from viewing an infected jpeg on a website, that is the job of your antivirus and teh M$ patch that is supposed to cure the problem, but it will protect you from the other more common way that this exploit is being used

    EMAIL

    if you save all jpegs (indeed all attachments) before viewing and openimg them, scan with antivirus and Jpeg scanner it will warn you

    I have seen quite a few infections with this exploit and 99% of them have come via email with the usual " look at this picture of XXXXXX nude" or whatever or some other equally enticing picture
     
  10. fgfgfgeee

    fgfgfgeee Guest

    It's quite a bit different, as trojans aren't normally executed when you view a web page, as are the infected jpegs, unless you have very sloppy security settings. Most people do not have "show images" turned off in their browser so most people are somewhat susceptible to this path of infection, which this tool cannot guard against. As well, anyone interested in protecting themselves against this kind of exploit with such a tool will likely already have their browser and antivirus updated, making such a tool generally redundant.
     
  11. TheSnowGuy

    TheSnowGuy Guest

    The question of "Resident or On-Demand" is moot. Several points on this could be made an only be wasted energy.....
    Jpeg can be easily blocked entirely....or blocked long enough to be scanned...(this way would be a real pain).........(I block it entirely although my system is already immune to the exploit)

    There is a responsibilty every User has......an many refuse to accept.......lots of car owners change their oil every so often.......an many computer owners scan their systems "EVERY SO OFTEN" cause the resident scanners get turned off..."cause they slow down the computer" or some such reason.......like.."its to time consuming"
    Security SHOULD BE LAYERED....an I doubt that anyone here would disagree with that..........no one tool should be expected to be a cure-all....

    if there is a valid issue regarding the exploit geting on the HD...(an imo thats not a valid issue)..then for those concerned...simply block the exploit entirely(which is why the issue is not valid..it can be prevented)

    off to the Land of OZ.....seeya
     
  12. TheSnowGuy

    TheSnowGuy Guest

    COMMENT

    with my limited knowledge its not my place to advise......the more knowledgeable vendors and Users would be the proper authority.........in the mean time I'll struggly along with my "made in the land of Oz" fix..cause it works just fine for me.....

    Comments Ended
     
  13. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    There used to be webpage based trojans that would be executed upon viewing a webpage, I believe 'Godwill' was one of them. The point i'm making is that even with trojan horses, you download, you execute. And you can do the 'same' with an infected jpeg, you can download without viewing and then view from the hdd.... an example as mentioned before is downloading a bunch of wallpapers.

    With regards to viewing the jpeg off a website, jpeg scanner is a handy tool to make users realise that an infection has probably already occured. If the infected jpeg is in the temp internet folders, then there's a high chance you've already been infected, and Jpeg scan would verify this by detecting the infected file.
     
  14. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    That must be why NOD32 put special focus on trojan detection due to overwhelming demand? Would that also be why AT programs are popping up regularly? C'mon, just because they aren't making those demands of you, doesn't mean the market is "dead" Nobody ever said these biggest customers were the most knowledgable about the issues at hand, etiher (ask any IT person, lol.) There's a lot more mention of spyware in rags like PC Mag than there is about trojans. I'm sure that some of what they are actually worried about is actually due to RATs and not just adware. Once they catch up with the lingo you'll never hear the end of it.
     
  15. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Ah yes, probably that's because their score in backdoor/trojan detection was not that excellent, so they refused to participate in some tests (better no results than average results).

    Well, ask them if they make any good money with it. And let's bet how many of them will disappear again soon.

    Please, what's the difference between regular malware and trojans/backdoors? Why you need special programs for these? What special features those AT programs offer that the AV programs not have? Memory scan? Did you actually test how reliable the memory scan of the AT programs is? I did. I was not very impressed. They have much worse unpacking engines as for example Kaspersky or McAfee. They have a *much* slower reaction time to new malware.

    I think you underestimate spyware. Of course, those "rag papers" have no clue - they don't have any clue about performing propper antivirus/antitrojan tests either. But you seem to forget that there is a big difference between spyware and the other malware. There is a financial interest behind writing and deploying spyware. As soon money is involved, these "programs" are getting much more "professional" written. It is much harder to remove active spyware from a running system.

    The money argument applies to the bots too, I expect quantum leaps in "quality" in those as well in the near future.

    For me, the trojan problem is "blown up" and artificial. They don't spread and cannot cause widespread outbreaks. They must be delivered manually and most likely are results of a direct attack against a single person/company. And I doubt there is a good protection against a dedicated attack. It takes you just a few minutes to make any trojan undetectable, for both AT or AV programs.
     
  16. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Stefan,
    Heh, amusing. You don't see any hypocrisy in your statements considering _you_ work and try to make money from the AV industry?

    Anyway this is enthralling but some of us (clearly not all) have work to do. I'd imagine your customers would feel the same Stefan, just as I'm sure our customers would raise an eyebrow if we hijacked your forum (if you indeed do offer extra support to users that way). If you want to keep whinging about why AVs or ATs or spyware scanners or whatever are useless then mate take it elsewhere, this thread is about the freeware MS04-028 JPEGScan tool, and for you - a self-proclaimed expert - to spend so much time here crying about it is pretty sad (one would think you'd have something better ie. productive to do ...).
     
  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    So what is this free product, and is there an english version? (since you state that it's free, I'm assuming you're not talking about F/Win)
     
  18. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Again, this thread is about the JPEGScan MS04-028 scanner, nothing more. If Stefan's software is any good then I'm sure he can find a more respectable and professional way to promote it than hijacking threads and attacking developers and free software. If Stefan wants to make his own thread to promote his own software then he can do that, but further offtopic posts in this thread will be removed. Thanks for staying on topic.
     
  19. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,219
    Location:
    Sydney, Australia
    To; Diamond DCS

    Thanks for the lovely tool.
    For tyros like me, made me feel like I was doing something pro-active.

    Find and repair: extra bonus!

    Note that no other software developers have offered anything similar!!
    How many downloads out of interest?

    You just keep pushing me towards that TDS stuff :)
     
  20. westwind

    westwind Registered Member

    Joined:
    Oct 31, 2004
    Posts:
    19
    useful tool,I'll keep it
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.