when was the last time anyone found a real live virus ?

Discussion in 'other anti-virus software' started by Long View, Dec 7, 2007.

Thread Status:
Not open for further replies.
  1. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    huangker:

    it's running Gentoo Linux, with a iptables rule to redirect all outgoing connections on port 80 -> localhost:3128. then squid uses redirectors to call clamav and snort before allowing the request and caching it.

    all done by hand, i wouldn't trust any external person to handle my entry point security. :ninja:
     
  2. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    That would probably take a bit more linux knowhow than I have. Do you have any experience with the firewall distros like ipcop, smoothwall, untangle or bsd based firewalls like monowall or pfsense?
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    How do you know that them were real attempts of infections and not FPs? How do you know if DrWeb missed other parts of the exploit?
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i went to the same site with a different snapshot running, it picked up on the same :)

    and regarding removal, i think im using the best av for that ;)

    and if you want to go further down the line, if anything tries anything... prevx will pick up on it :)
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    And this proves what? :blink:
    AV's signatures and heuristics have a hard time with obfuscated scripts.
    DrWeb (apparently) blocked the beginning of the infection, so there is nothing to be cleaned.
    Having a non-signature app onboard gives a lot more confidence. The execution control of Prevx should have picked an executable planted by the drive-by if the exploit was executed successfully. This appears not to be the case.
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    well i have a lot of trust in my av, who have kept me safe since first use.

    there is no 'apparently' about it.

    i know what my av can do, :)

    another debate about soooo called 99% AV's, who cant catch the real threats to users.
     
  7. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    huangker:

    i've poked at comixwall, m0n0wall and smoothwall in a vmware machine for educational purposes but have not used them in a live environment.

    so far, m0n0wall is my prefered live cd firewall 'at the first glance' mind you, not sure how it performs under heavy stress.
     
  8. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I've never heard of Comixwall but it looks promising.

    Why is it that you dont trust these solutions?
     
  9. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,227
    A few months ago when the Avast forum got hacked F-Prot saved my bacon.
     
  10. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    avast! forum got hacked? I'm there all the time and i haven't seen it being "hacked"...
     
  11. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,227
  12. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    because those products are built on freely available tools, then i can just as well roll my own and make it *just* the way i want it.
     
  13. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    IE, what else... besides, avast! was detecting it. So where is the harm? Users there are avast! users anyway... Especialyl JeremyWW response is funny.
    So i guess if i "hack" the Wilders, all the companies hosted here will lose all the credibility. ROFLMAO :rolleyes: It's not like ALWIL invented the forum software which is well taken from 3rd party vendors. Ugh? It's not like they were the first security company that got their forums hacked...
     
  14. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,227
    Relax, you are correct, it was a vulnerability in the Simple Machines Forum software they were using, not with their Avast AV product.
     
  15. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well i know that, but most of people don't and they may get completelly wrong conclusions about some product. And support forums are typical "problematic" area of any security company. Sure they can track the problems and solve them faster if necessary, but still they simply have to rely on 3rd party stuff already supplied in a package.
     
  16. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Boclean 2.5 Saved my bacon again!

    ------------------------------
    01/21/2008 15:35:17: BKDR-BIFROSE. MALWARE STOPPED by BOCLEAN!
    Trojan horse was found in memory.
    C:\ignored contained the trojan.
    Active trojan horse WAS shut down. System now safe.
    Logged in user: MindlessGenius

    ------------------------------
    01/21/2008 15:36:42: C:\PROGRAM FILES\COMMON FILES\BINARYSENSE\HLDASVC.EXE
    Trojan horse was found in above file
    BKDR-BIFROSE. MALWARE STOPPED by BOCLEAN!
    Logged in user: MindlessGenius
    Active trojan horse was shut down. System now safe.
    Above file copied to evidence location for examination
    Trojan horse was removed, registry cleaned.
     
  17. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    CBOC is only the last defence against Malware, this means if CBOC catch anything the Malware stays at this Time on your PC and your PC is compromised. If you have a Backdoor, the only thing you can make is to reformat, maybe with your last Image.
     
  18. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
  19. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
  20. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
  21. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    How can I be 100% sure it's a false positive :)

    Running them for testing inside a sandbox is way too much trouble.
     
  22. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    you can't. All I know is that when I wasted my time running AV I would get an update from the company I was using. A virus warning would be given. I would contact the AV company point out that 75 other AV programs thought the file was clean and a week later either I would get an apology or the next update would not find the virus. what a joke.

    Perhaps I should have asked "when was the last time and how did you get infected ?" unless deliberately harvesting I would have thought that it was quite difficult to get contaminated ?
     
  23. ChicknDip

    ChicknDip Registered Member

    Joined:
    Aug 15, 2007
    Posts:
    59
    I haven't had a virus in my 17 year computer period yet.:doubt:
     
  24. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Nah.. Security is highly over rated :rolleyes:
     

    Attached Files:

  25. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    I think that's more then 4 or 5 years ago when I was still installing everything that asked me if it could be installed ;) .
    Since then: I've got some warnings but most (all) of them where harmless (like websites that were blocked or program's that weren't active).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.