What is the critical areas we should always scan with?

Discussion in 'other software & services' started by sweater, Mar 16, 2006.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I have BitDefender 8 and ClamWin Anti-virus as a back-up on demand virus scanners. I found out that ClamWin is very slow, and it takes about 3 hours to finish scanning my 40Gig HD. I can used to scan BitDefender 8 once a week as it only takes about 1 hour full system scan, but I can’t take to use my ClamWin to have it do a full system scan anymore because of its very slow speed (no wonder they call it Clam). But, I could not rid ClamWin as it’s the only one that can finds some Trojans hidden in some downloaded wallpapers and clip arts.

    Maybe, I can use ClamWin AV to scans only those “critical areas” prone to infections aside from the suspected newly downloaded files to reduce the time it takes when it is scanning. :cautious: :rolleyes:

    In your technical opinion, what do you think is the most critical areas that we should always check for possible infections? o_O :rolleyes: :cautious:
     
  2. Howard Kaikow

    Howard Kaikow Registered Member

    Joined:
    Apr 10, 2005
    Posts:
    2,802

    ALL files need to be scanned.
    Skipping ANYTHING puts you at risk.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    3 + 1 = 4 hours on scanning ? Wow that's a very long time and still not sure your computer is cleaned, because you still have to run all your other AS/AT/AK scanners and even this doesn't guarantee a clean system.
    Why don't you use a clean snapshot of Rollback Rx/FD-ISR to clean your system for 100% ?
     
  4. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Actually, most of the time even if I have 3 anti-virus on my system (1 resident, and 2 on-demand scanners) I just use the quick scanner option by right-clicking and scanning the "suspected" files fast....:cautious: ..that's why to minimized time spent on full system scans (once a week) I want to know what really is the so called critical areas that we should not miss off and are prone to infections. :doubt:
     
  5. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Well probably because not everyone uses your imaginary setup or has your imaginary habits and discipline. Some people actually install and keep software *gasp*, and their systems do change with time, so they probably need an Antivirus to scan.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    DA

    You've got me this time. I am on the floor laughing. But you are so right.

    But to further answer Sweater's question. My approach, is partly Howard, and actuallly partly Erik. If I am going to do risky surfing, I do in fact set up so I can rollback to a known clean snapshot. I am also running KAV 6.0 beta which has a couple of features that fit me. I have the Web AV on so it can catch potential stuff when I do surf. I leave the File AV off so it doesn't slow my work down. Every night I before shutdown, I update sigs, and then do a complete scan of my whole system. WIth the new KAV Iswift technology this takes about 5 minutes. Works for ME.

    Pete
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    As long I install legitimate softwares off-line and I take a clean snapshot every time after that, I can change my system anytime and restore it anytime. What is wrong with that ?
    I never said my setup is finished, I'm just looking through the possibilities and softwares, including scanners, which I don't like and trust, but that's my problem.
    All the rest is Devil's imagination. He has the talent to read people's minds. :)
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    One thing. I know your objection to AV's is they are based on signature lists and aren't perfect, and you are right. I use KAV and they update very frequently, and I update it hourly, but you are right, it's not perfect. In theory I could still get nailed by a new piece of malware before they detect it. Hopefully, I will be alert enough to block it with one of my HIPS programs, but if I screw up, I am nailed.

    And yes FDISR,Rollback, and ShadowUser if used properly can make stuff go away. But you are assuming they are 100% fool proof if used properly, and that is not a valid assumption. If Shadowuser can access a file, and then write to another special spot the disk, later to have the user decide to either keep it, or delete on reboot, then malware can be crafted that could do the same thing. Same with FDISR and Rollback. This is why the layering principle is still totally valid.

    Pete
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Peter2150,

    Suppose I separate my winXPproSP2 + MS Applications + MY Applications FROM my folder "Documents and Settings".
    (MS Applications = legitimate softwares, that come with winXPproSP2)
    (MY Applications = legitimate softwares, I installed myself)

    In that case I have two partitions :
    1. System partition = winXPproSP2 + MS Applications + MY Applications.
    2. Personal partition = Documents and Settings, where all variable objects of MS Applications/MY Applications are stored, including my personal files created with all these MS/MY Applications.
    So the only partition, that changes all the time is the Personal Partition.

    If I protect my System Partition against any change by using ShadowUser OR FD-ISR OR RollbackRx OR DeepFreeze OR ... I always can restore my System Partition in a clean state by reboot or restoring a clean snapshot.

    Are there any good reasons why I would allow changes in the System Partition, except for Windows Update, new softwares and updating of softwares ?
     
    Last edited: Mar 17, 2006
  10. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Nothing wrong, except it requires discipline, something as I pointed out numerous times, you don't know if you possess yet, hence currently imaginary.

    But you also don't always mention your setup is imaginary either when advising/lecturing people. No wonder so many people think you are finished already.

    That's the best comeback you can do? :)

    Anyone with the ability to read, knows what you think about security. You aren't exactly shy about flaunting them in the strongest possible way.

    .
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    None that are obvious which means eventually you will find one. What you have described above should work, but it is complicated. I find that if I make something that complicated, yes it might protect me from something external, but it greatly increases the danger that I myself will screw it up. So I keep it simple. I use only one partition on my drive, all my apps write their data files to subfolders under one backup folder in my docs. I protect my system with layering, by using KAV, a firewall, OA,APP/RD and SNS. Also I use Rollback/FDISR to protect the system mainly from bad beta's when I am testing. Also if I am going to do high risk surfing. These apps are quiet and unobtrusive when I don't mess with my system. If I wasn't beta testing some of these products, they would almost never bother me.

    The reason I would never use FDISR/Rollback by themself is that requires the assumption, that malware can't get by them. While the likelihood is small as it is a small target, still it is technically possible.

    Pete
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks for the reply.
    Technically everything is indeed possible, but you can say this about any security setup.
    So that remark has no value anymore, because it is common for all security setups.
    You seem to assume, that I'm looking for 100% security. Do you really think, I'm that stupid ?
    Anything that was ever made by mankind, FAILED more than once and history has proven this over and over again.
    Don't ask me for examples of these failures, because Wilders will be too small.
    So it's a waste of time to talk about 100% security, because it doesn't exist and it will never exist.

    Image backup on my external harddisk is my very last hope to restore my system and personal files.
    And one day some sneaky malware on my internal harddisk will be waiting for the moment, I connect my external harddisk and then destroy my image backup on my external harddisk.
    To make the disaster complete, the same malware will destroy all my snapshots and make all my system/personal files useless.
    Or a hardware virus that infects all my hardware components and make them useless.
    Or my internal harddisks and external harddisk have a crash at the same time, not even caused by a malware.
    After all everything is technically possible and I can create such disaster scenarios until my fantasy is dead.
    Well, it's my assumption that such disaster scenarios will never happen on my computer and if it happens, I have just bad luck.
    Nothing serious, because I'm still alive and kicking, only my computer is dead and can be replaced.
    Even in my newbie time, when I surfed on the most dangerous websites and downloaded/installed everything, I was always able to restore my computer.
    Was I lucky ? Of course I was lucky. I'm 57 and I'm still alive. Am I lucky ? Of course I'm lucky. Many people died alot sooner than me.
    I've noticed this several times, when members suggest a new security setup, other members come up with the worst scenarios and when you talk about these scenarios without mentioning a new security setup, they will tell you that these scenarios are very rare.
    These scenarios can happen on any computer and what can happen on any computer, isn't worth to talk about.

    You call separating my system from "Documents and Settings" complicated ? You could be right.
    I know at least two softwares to execute that separation easily, including the additional registry changes.
    1. TweakUI, created by Microsoft (Powertoys).
    2. Folder Mover, created by the same company of Rollback Rx.
    So that part must be easy.

    Will it work in practice for every software ? That's what I'm worried about.
    That depends on where a software keeps its variable objects :
    - registry ?
    - its installation folder ?
    - the folder "Documents and Settings ?
    - maybe somewhere else, I don't know about.
    For me to find out, when my new computer is ready.
    Nevertheless, several members at Wilders are doing this already.
    I understand, that you don't like to do this, but that doesn't mean it isn't possible.
    That's a matter of opinions, opinions, opinions, ... I can't listen to everybody's opinion, because my computer is too small to handle them all.

    Of course separating my system from "Documents and Settings" is a start and it doesn't solve my security problems. It's just a preparation.
     
Loading...
Thread Status:
Not open for further replies.