when was the last time anyone found a real live virus ?

huangker:

it's running Gentoo Linux, with a iptables rule to redirect all outgoing connections on port 80 -> localhost:3128. then squid uses redirectors to call clamav and snort before allowing the request and caching it.

all done by hand, i wouldn't trust any external person to handle my entry point security.

 

That would probably take a bit more linux knowhow than I have. Do you have any experience with the firewall distros like ipcop, smoothwall, untangle or bsd based firewalls like monowall or pfsense?

 

How do you know that them were real attempts of infections and not FPs? How do you know if DrWeb missed other parts of the exploit?

 

i went to the same site with a different snapshot running, it picked up on the same

and regarding removal, i think im using the best av for that

and if you want to go further down the line, if anything tries anything... prevx will pick up on it

 

And this proves what?
AV's signatures and heuristics have a hard time with obfuscated scripts.

DrWeb (apparently) blocked the beginning of the infection, so there is nothing to be cleaned.

Having a non-signature app onboard gives a lot more confidence. The execution control of Prevx should have picked an executable planted by the drive-by if the exploit was executed successfully. This appears not to be the case.

 

well i have a lot of trust in my av, who have kept me safe since first use.

there is no 'apparently' about it.

i know what my av can do,

another debate about soooo called 99% AV's, who cant catch the real threats to users.

 

huangker:

i've poked at comixwall, m0n0wall and smoothwall in a vmware machine for educational purposes but have not used them in a live environment.

so far, m0n0wall is my prefered live cd firewall 'at the first glance' mind you, not sure how it performs under heavy stress.

 

I've never heard of Comixwall but it looks promising.

Why is it that you dont trust these solutions?

 

A few months ago when the Avast forum got hacked F-Prot saved my bacon.

 

avast! forum got hacked? I'm there all the time and i haven't seen it being "hacked"...

 

Yep, On August 24th.

https://www.wilderssecurity.com/showthread.php?t=183634

 

because those products are built on freely available tools, then i can just as well roll my own and make it *just* the way i want it.

 

IE, what else... besides, avast! was detecting it. So where is the harm? Users there are avast! users anyway... Especialyl JeremyWW response is funny.
So i guess if i "hack" the Wilders, all the companies hosted here will lose all the credibility. ROFLMAO It's not like ALWIL invented the forum software which is well taken from 3rd party vendors. Ugh? It's not like they were the first security company that got their forums hacked...

 

Relax, you are correct, it was a vulnerability in the Simple Machines Forum software they were using, not with their Avast AV product.

 

Well i know that, but most of people don't and they may get completelly wrong conclusions about some product. And support forums are typical "problematic" area of any security company. Sure they can track the problems and solve them faster if necessary, but still they simply have to rely on 3rd party stuff already supplied in a package.

 

Boclean 2.5 Saved my bacon again!

------------------------------
01/21/2008 15:35:17: BKDR-BIFROSE. MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\ignored contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: MindlessGenius

------------------------------
01/21/2008 15:36:42: C:\PROGRAM FILES\COMMON FILES\BINARYSENSE\HLDASVC.EXE
Trojan horse was found in above file
BKDR-BIFROSE. MALWARE STOPPED by BOCLEAN!
Logged in user: MindlessGenius
Active trojan horse was shut down. System now safe.
Above file copied to evidence location for examination
Trojan horse was removed, registry cleaned.

 

CBOC is only the last defence against Malware, this means if CBOC catch anything the Malware stays at this Time on your PC and your PC is compromised. If you have a Backdoor, the only thing you can make is to reformat, maybe with your last Image.

 

CBOC ?

 

Comodo Boclean

 

Thanks

 

How can I be 100% sure it's a false positive

Running them for testing inside a sandbox is way too much trouble.

 

you can't. All I know is that when I wasted my time running AV I would get an update from the company I was using. A virus warning would be given. I would contact the AV company point out that 75 other AV programs thought the file was clean and a week later either I would get an apology or the next update would not find the virus. what a joke.

Perhaps I should have asked "when was the last time and how did you get infected ?" unless deliberately harvesting I would have thought that it was quite difficult to get contaminated ?

 

I haven't had a virus in my 17 year computer period yet.

 

Nah.. Security is highly over rated