Free scanner + repair for infected JPEGs (for MS04-028)

***Quote:
Originally Posted by nadirah
This JPEG scanner is just to help people clean their computers of this JPEG problem.
Stefan Kurtzhals, from your posts I think you're about to turn this thread into an argument. I rather you stop posting in this thread, we guys on Wilders Security Forums have better things to do than to argue with you.
****
****************


Wayne can hold his own in a debate an of that you can be fully certain.


debates are many times a common practice in regards to computer security and related products. ...........

 

I was interested in the "discussion" too! No one ever learned anything without asking questions!!

 

Competitors to DCS/TDS would be ewido or Andreas Haak (cough cough) for example - IMHO the AT market is almost dead. At the VB in Chicago, all the *big* customers bugged us about spyware handling, no one is caring for trojans. BTW, I am expressing my personal opinion here, I do not represent the company here I am working for.

Oh it is free and you can evaluate it. Better? How you define better? IMHO, no one can really test an av/at product without having written one - you simply don't know the *real* problems that you can use to measure the quality of the product.

BTW, I find it quite disappointing that the author of such nice programs like TDS and ProcessGuard can't handle a technical discussion on a professional level. I stated why on-demand and on-access scanning are both *no* protection against the JPEG exploits if the exploit is delivered the *regular* way - and I made clear why I made that statement.

 

STEFAN SAID:

***BTW, I find it quite disappointing that the author of such nice programs like TDS and ProcessGuard can't handle a technical discussion on a professional level. ***



***********************************


Stefan

Greetings......speaking only for myself....may I RESPECTFULLY REQUEST that the discussion remain technical an not become a personal attack or what could be concieved as a personmal attack.....on anyone......the discussion is of interest to many....an any distraction would take away from its value.........an no purpose would be served..........
Sir, thank you for whatever consideration you give my request. I am only a member here at the forum....an enjoy reading such discussions...if presented in a calmly manner.


TheSnowGuy/ The Snowman

 

Stefan Kurtzhals

I am just one of those ordinary end user that is willing to try out something and learn about it. My knowledge on all the AT or AV is very limited really but I still want to try out free product to be frank.

If the product is available to be tested then everyone should be given the choice to test it regardless of their knowledge. They can make up their opinion as far as I know.

Yes, you can take the lead by asking technical questions and that's fine with me. I am just learning since my knowledge is limited. That's one way everyone learns.

However, from the business point of view that's entire different story. I am just merely trying to say that in business competition is normal and gaining some sort of ground over competitors by asking deep technical questions to "discredit" or to gain confident from others can be rather common really and not at all surprising. It's competition after all. So that's normal practice. You should not take offence to that. I will ask you technical questions too if I am your business competitor. Just to gain ground. Or as an end user I will ask you to defence you claim too. Then I can make up my mind.

Therefore, the most important thing is for someone to ask questions and for someone to provide alternative to what is available presently (JPEG scan). So if they don't have the knowledge to test out the AV/AT then those with slightly better knowledge should lead by asking technical questions rather than comment on the limited knowledge of end users.

Also if there is an alternative, experts will then be able to test it out and come out with better explanation for the end users. If end user accept their explanation that's fine. If not that's fine too.

As for the definition of better? It is for someone to agree and for someone to disagree. This forum provide the ground just to do that. Please don't take it as personal attack.

By the way, I am still trying to understand the technical aspects of all those AV/AT ... etc.,



P/s: So keep the question going ... I want to see the explanation of them all.

 

Good post, Chew!

I agree with that especially.

 

I personally see a scan for JPEGS quite beneficial and well worth the effort to provide such a program.

Reasons for this:

Jpegscan scans for infected JPG's on the hdd, notifying and fixing the infection thus when viewing a jpeg, no harm can be done.

How different is this from an On-demand anti-trojan program?

The AT 'scans' the hdd for infections, these malware may just sit on the hdd doing nothing, yet if there is no such program to detect them 'on-demand' the user has the danger of actually running it and infecting themselves.

This is NO DIFFERENT to an infected jpeg. Basically from what I've read, I can see that the point of view of some users stating "On-demand jpg scan is useless" therefore, to me I would assume that they think the same that an "On-demand anti-trojan is useless" too..... which is NOT the case.

I have a collection of wallpapers on my hdd, I didn't download them by viewing them, I simply saved them to my hdd. If these were infected, and i did not have jpeg scan, I would be in serious trouble.

 

"We" guys on Wilders Security forum, agree .

 

It's quite a bit different, as trojans aren't normally executed when you view a web page, as are the infected jpegs, unless you have very sloppy security settings. Most people do not have "show images" turned off in their browser so most people are somewhat susceptible to this path of infection, which this tool cannot guard against. As well, anyone interested in protecting themselves against this kind of exploit with such a tool will likely already have their browser and antivirus updated, making such a tool generally redundant.

 

The question of "Resident or On-Demand" is moot. Several points on this could be made an only be wasted energy.....
Jpeg can be easily blocked entirely....or blocked long enough to be scanned...(this way would be a real pain).........(I block it entirely although my system is already immune to the exploit)

There is a responsibilty every User has......an many refuse to accept.......lots of car owners change their oil every so often.......an many computer owners scan their systems "EVERY SO OFTEN" cause the resident scanners get turned off..."cause they slow down the computer" or some such reason.......like.."its to time consuming"
Security SHOULD BE LAYERED....an I doubt that anyone here would disagree with that..........no one tool should be expected to be a cure-all....

if there is a valid issue regarding the exploit geting on the HD...(an imo thats not a valid issue)..then for those concerned...simply block the exploit entirely(which is why the issue is not valid..it can be prevented)

off to the Land of OZ.....seeya

 

COMMENT

with my limited knowledge its not my place to advise......the more knowledgeable vendors and Users would be the proper authority.........in the mean time I'll struggly along with my "made in the land of Oz" fix..cause it works just fine for me.....

Comments Ended

 

There used to be webpage based trojans that would be executed upon viewing a webpage, I believe 'Godwill' was one of them. The point i'm making is that even with trojan horses, you download, you execute. And you can do the 'same' with an infected jpeg, you can download without viewing and then view from the hdd.... an example as mentioned before is downloading a bunch of wallpapers.

With regards to viewing the jpeg off a website, jpeg scanner is a handy tool to make users realise that an infection has probably already occured. If the infected jpeg is in the temp internet folders, then there's a high chance you've already been infected, and Jpeg scan would verify this by detecting the infected file.

 

That must be why NOD32 put special focus on trojan detection due to overwhelming demand? Would that also be why AT programs are popping up regularly? C'mon, just because they aren't making those demands of you, doesn't mean the market is "dead" Nobody ever said these biggest customers were the most knowledgable about the issues at hand, etiher (ask any IT person, lol.) There's a lot more mention of spyware in rags like PC Mag than there is about trojans. I'm sure that some of what they are actually worried about is actually due to RATs and not just adware. Once they catch up with the lingo you'll never hear the end of it.

 

Ah yes, probably that's because their score in backdoor/trojan detection was not that excellent, so they refused to participate in some tests (better no results than average results).

Well, ask them if they make any good money with it. And let's bet how many of them will disappear again soon.

Please, what's the difference between regular malware and trojans/backdoors? Why you need special programs for these? What special features those AT programs offer that the AV programs not have? Memory scan? Did you actually test how reliable the memory scan of the AT programs is? I did. I was not very impressed. They have much worse unpacking engines as for example Kaspersky or McAfee. They have a *much* slower reaction time to new malware.

I think you underestimate spyware. Of course, those "rag papers" have no clue - they don't have any clue about performing propper antivirus/antitrojan tests either. But you seem to forget that there is a big difference between spyware and the other malware. There is a financial interest behind writing and deploying spyware. As soon money is involved, these "programs" are getting much more "professional" written. It is much harder to remove active spyware from a running system.

The money argument applies to the bots too, I expect quantum leaps in "quality" in those as well in the near future.

For me, the trojan problem is "blown up" and artificial. They don't spread and cannot cause widespread outbreaks. They must be delivered manually and most likely are results of a direct attack against a single person/company. And I doubt there is a good protection against a dedicated attack. It takes you just a few minutes to make any trojan undetectable, for both AT or AV programs.

 

Stefan,
Heh, amusing. You don't see any hypocrisy in your statements considering _you_ work and try to make money from the AV industry?

Anyway this is enthralling but some of us (clearly not all) have work to do. I'd imagine your customers would feel the same Stefan, just as I'm sure our customers would raise an eyebrow if we hijacked your forum (if you indeed do offer extra support to users that way). If you want to keep whinging about why AVs or ATs or spyware scanners or whatever are useless then mate take it elsewhere, this thread is about the freeware MS04-028 JPEGScan tool, and for you - a self-proclaimed expert - to spend so much time here crying about it is pretty sad (one would think you'd have something better ie. productive to do ...).

 

So what is this free product, and is there an english version? (since you state that it's free, I'm assuming you're not talking about F/Win)

 

Again, this thread is about the JPEGScan MS04-028 scanner, nothing more. If Stefan's software is any good then I'm sure he can find a more respectable and professional way to promote it than hijacking threads and attacking developers and free software. If Stefan wants to make his own thread to promote his own software then he can do that, but further offtopic posts in this thread will be removed. Thanks for staying on topic.

 

To; Diamond DCS

Thanks for the lovely tool.
For tyros like me, made me feel like I was doing something pro-active.

Find and repair: extra bonus!

Note that no other software developers have offered anything similar!!
How many downloads out of interest?

You just keep pushing me towards that TDS stuff

 

useful tool,I'll keep it