Trojans are crazy !

Some might, but i can't in all honesty, mostly because i have zero experience/results with it aside from trying it out for a few days. The fact it requires internet connection to it's website Db doesn't par with me for confidence, but that's my own preference, others seem to prefer the opposite, and hey, if it works, fantastic. I would much rather choose to keep a local database of detectionables like most anti-spyware apps that can be updated from the server just long enough to build on the list and then stop.

 

Last evening Bell South support page - a reputable site by all accounts - was hacked (first reported on DSLR), and a trojan attempted to download by remote code execution.

I don't know about the "mighty HIPS" - I'm not even sure what qualifies a program to be HIPS - but the lowly old Process Guard would have snagged this exploit. Or any program that has execution protection. See the other on-going threads about zero-day protection.

Whether or not an AV or AT program flags a particular file depends on the current status of the database (Black List)

But if your security setup includes White List protection, this will catch *any* malware executable that attempts to sneak in by remote code execution.

What to choose? There are so many, that one needs to evaluate them to see how they fit in with your current setup.

Here is analysis of the bell south exploit, and you can see that all of the obfuscation and trickery boils down to one simple task/goal: install a trojan.

Bell South Exploit


regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

No matter how good these trojans are in installing themselves, they have to change my harddisk and my frozen snapshot removes any change after reboot. Case closed. Next malware please.

 

Well if they even come close to my system it's like they've crossed an invisible but detectable radiation screen so they're presence is going to be picked up at once. Also i would have to be the one to infect my system, and many times i do , but now i also run FD-ISR i can use Power Shadow to cover over my snapshots and if they're so cleverly crafted as to refuse to leave even then after being invited, i can always dump the snapshot entirely, and simply re-create a new one (via stored archives), with all programs completely intact and simply start afresh again. A win, win situation!

 

Indeed a win, win situation. That's why I spend so much time on RECOVERY.
My philosophy is based on "I wear a clean shirt every day, why not give my computer a clean shirt every day (=reboot)".
I'm still polishing my recovery, but it's getting better and better.

The bad guys can't do anything to me, if I start with a clean snapshot after each reboot.
Now I'm looking for the right security softwares on my frozen snapshot.

 

While I have not had a chance to read all the posts to this thread, I have always viewed the Trojan type of malware as the most damaging of all. They can not only mess up your machine but the deeds they do can mess up your life.

Note: While I know what root kits are they are still new to me and I have not gotten a real handle on those yet.

EDIT: Still looking carefully at all the behavoir security apps. before picking one. I am still leaning heavily toward Cyberhawk, for the Family Machine as SSM would cause family members to deal with to many questions.