Is the "AV" still the cornerstone of a security setup?.

Discussion in 'other anti-virus software' started by tobacco, Apr 17, 2006.

Thread Status:
Not open for further replies.
  1. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Why do you feel this is a real problem that needs to be defended against? In principle possible does not mean it should be a concern, and the qualifiers around the "in principle" in this case are rather daunting.

    Blue
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    So I assume there isn't a security software for this in spite of the fact, that these hardware viruses really exist.
    So the security industry has still work to do. It's not my concern until it really happens.
    I would rather have a protection against hardware viruses, than a protection against other malwares. Most malwares can be destroyed with a clean snapshot, but hardware viruses will damage my hardware and that could be a very expensive repair.
     
  3. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Show me links to credible write-ups about Hardware viruses please. I googled just yet, could not find anything.
     
  4. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    I go along with BlueZannetti, wholeheartedly. As a matter of fact, I'd say the regulars here are the people that don't need a lot of security software because of their knowledge and experience. Actually, it's kind of funny that the people that don't need it use the most of it. Yeah, doing P2P, downloading music or going to crack and porn sites probably do warrant a more robust security setup. I wouldn't know since I don't indulge.

    While I consider myself computer literate, until I join Wilders, I wasn't security literate as far as the multitude of options available. But I felt I possessed the knowledge to harden the OS and lockdown the browser (IE, which I still use), because there are only a certain number of avenues of attack. Therefore, before I started coming here, I only used a router and every so often did on-demand scans and never got infected.

    I also go along with Blue that performance and simplicity of use for everybody and especially newbies would be a -- router, AV and AT -- which is my current setup. Perhaps one of the least talked about security helpers is a LUA, but I guess that's because it's not glamorous enough when someone can talk about HIPS, the various snapshot software or virtual environments.

    A person can worry about the newest malware, rootkits or hardware viruses, but it all comes down to what you let run on your system. It's not as if malware magically appears on your computer. But if you do stupid things online you may or may not pay the price. What are the odds?

    Do you really think that someone is targeting you -- when they can go after the millions of computers that don't protect and update the OS, use an up-to-date AV and firewall (that's configured correctly) or switch browsers -- since I'm sure you use discipline and savvy as Blue so succinctly put it?

    It's fun to discuss the problems and exchange ideas about security but in the end you have to learn to live with a not so perfect entity. Enjoy your computer experience or throw the damn thing out the window. It's a love-hate relationship for me and not all of it has to do with security. I do the best I can but there are more important thinks to concern myself with.

    HTH
     
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Sorry but this sentence is, at best, misguided. You certainly don't need to INTENTIONALLY download and run a malware to get infected. Not at all. The recent createtextrange() and wmf exploits infected computers without any user interaction whatsoever; all user had to do to get infected is visit a web page (and, again, there is no such thing as "safe browsing", since many of these exploits have appeared on defaced/hacked webservers that certainly didn't host malware before).
     
  6. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    TNT, you are right. But even that consists of only a small part of all malware found on systems. IMO most of it comes through cracks (no pun intended :D ), porn and/or other shady-site surfing. Different is e-mail. Lot of problems there, but again the user executes it in most cases.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    In spite of all the experts at Wilders, me, a newbie, has to find some proof of existing hardware viruses. :D
    I hope these links aren't rejected as proof.

    This is the technique behind hardware viruses.. if you remember CIH the virus that attacked 430TX compatible motherboards.. this is the same basic concept...
    http://www.firewall.cx/ftopicp-7854.html
    http://www.hardwaresecrets.com/article/40

    This book has a chapter about hardware viruses.
    http://www.spiritismonline.net/modules.php?name=Amazon&asin=0201786958
     
  8. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Not to be the party-spoiler, but CIH erases target bios, but it does not load/intalls itself into it.

    The Firewall.cx forum-link discusses hardware rootkits, but has no *proof* that thay exist, only statements.

    Seeing how many bios / firmware flash "accidents" there are, even with vendor released tools, I find it difficult to believe that this technique is so widespread that it is cause for concern.
     
  9. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    ErikAlbert,

    Reread my post above, in particular:
    I don't see anything posted as at variance with that assessment.

    Blue
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    You forgot to mention that your motherboard can be "dead" too.
    The chapter "Recovering Dead Motherboards Killed by the CIH Virus" counts 4 pages to save that motherboard.
    Not hardware related ? I even have to open my computer case to fix this motherboard.
     
  11. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    EDIT: I was confused with another thread about Hardware Rootkits. :gack:

    A decent AV should pick up on CIH and alert / remove before damage can be done.

    If I were you, I would stop worrying about software solutions for your fears; instead go looking for an insurance to cover damage / loss to your machine due to malicious software. :)
     
  12. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Corrupting your BIOS or hard drive, which any inattentive user could do yesterday, today, or tomorrow, is rather different than what is generally claimed as "hardware viruses".

    Blue
     
    Last edited: Apr 18, 2006
  13. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I don't want to hear this anymore :D .. *puppy*
     
  14. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    ...sorry... :ninja:
     
  15. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    No probs SSK! ..

    Personaly I truely doubt that AV's will become completely obsolete in the future .. as long as the big public, and that's still by far the biggest part of Internet Users I guess - doesn't want to educate themselves and persist on keeping it too easy ..

    .. 90% of the people I know does not want to see any popup asking what to do with this or that lol ... they just allow on everything to access that site :cool:
    It has been said a lot now .. without taking the necessary steps to realy learn some basic stuff about the registry and processes .. things won't get any better I'm afraid :doubt:
     
  16. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Hi Erik, regarding hardware malware :) I would like to see the first real proof of existance, some real and backed up story of someone getting hit by this kind of threat .. and I bet a 100€ that you'll have a greater chance to win the "EuroMillions" completely on your own then you'll get hit with something like this! *just keep Wilders as your homepage and you'll manage :D *

    Like in most situations, some simple steps can be taken in realtime, before that rootkit gets into my pcix card .. I cannot see why I would not get notified if this would happen on this machine :) at least I hope so :p
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Infinite,
    Many months ago, I posted my new security setup (at that time : Firewall + ShadowUser) and asked people's opinions.
    One of the first negative comments on my new setup was "WATCH OUT for hardware viruses, they will KILL YOU."
    Now they act like they don't even exist LOL.

    It doesn't really matter and I agree with everybody, nevertheless it was amusing.
     
  18. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    the chances are minimal Erik if they exist .. I never saw it to be honest ..
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I know, in my newbie time, I lived very dangerously and I had to reinstall my computer many times, but I never had a hardware failure.
     
  20. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,531
    Location:
    British Columbia
    Prevx1 is basically saying, you don't need your AV anymore.Never tried this software.Could any users comment on this.And Prevx1 is considered HIPS isn't it?.
     

    Attached Files:

  21. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I've trialed it, but not used it extensively. Notok has a fair amount of experience with this application. It is a bit of a hybrid approach. Pure HIPS flag on behavior, Prevx uses a community based whitelist and prescans your drive on install to catalog your complement of program against it's database. From what I've seen, it works well. Would I replace my AV with it? Probably not until I saw more action in the field, but it does coexist with a standard AV if you want to try it out.

    Blue
     
  22. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Image backups and sandboxes do seem to be getting considerable mention - while they can allow recovery from some security situations, they can't be considered a 100% failsafe.

    In the case of sandboxes, it will always be possible for malware to "leak" outside the sandbox because users will need to allow some programs to make permanent changes (e.g. an email client needs to be able to save emails without them disappearing in the next session). Such exceptions could be abused to allow an exploit to be stored (e.g. a Word document with malware images), even if the sandbox can prevent changes to core Windows components.

    For image backups to be effective, malware infections need to be discovered quickly. If a rootkit lurks on a system for several months, how many users will even have a backup from that far back, let alone be willing to throw away all the changes made to their system since?

    As for "hardware viruses", I'd agree with others that this is not currently a practical threat. Overwriting a BIOS and causing hardware to malfunction is one thing - inserting a program that the computer will subsequently run on startup and which is capable of making changes to Windows itself (i.e. able to decode and modify raw hard disk data) is quite another and would involve a degree of effort comparable to writing a new Operating System. This would place it out of the realm of lone crackers and would require significant group effort - most likely from well-resourced criminal syndicates or rogue governments.

    AV scanners will likely be around for at least the next decade, though it may be that only the largest security vendors can maintain good detection rates in the face of an exponential rise in malware.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    I am interested to know about Hardware viruses. I never know that viruses can damage the hardware as well.

    So that means u are never safe even with SU or DF etc.
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Another reason for AV to be cornerstone is the average user. Most of them like to use an AV plus windows firewall- install and forget. They don,t like to play around with the programmes.
     
  25. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    A "hardware virus" (as in malware that can be stored and replicate itself from flash memory in the system/video BIOS or other firmware) is a theoretical threat only at the moment. It is possible to render some hardware useless by overwriting its flash firmware with garbage but this does not allow malware to replicate so could not become a widespread threat.

    As for SU/DF, they can improve your security significantly but they are not 100% solutions and have their limitations - as do AV/AT scanners and behaviour blockers.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.