Win 7 Antispyware

Discussion in 'malware problems & news' started by WilliamP, Nov 24, 2010.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I just had a grandson call me about his computer. These bogus anti-spyware and anti-virus programs are bad news. He now has a problem. They scare people into clicking and then they have you. Will something like Threatfire catch it? Of course the main thing is don't panic (don't click).
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    His computer has Trend Micro and it said there was no problems. It has control of the computer and won't let him do anything.
     
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Will, your grandson's how old?
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    As i have stated in previous post; most of these cases would be prevented through education alone.
     
  7. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    He is in his twenty's ,married with two children. And he had been warned. The people who created this thing are smart. It is a sophisticated program that takes over the computer. It can panic a person in a hurry. It tried to get on my wife's computer twice. Once with my wife and once with my granddaughter. But they got me to deal with it.
     
    Last edited: Nov 24, 2010
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Threatfire would likely catch threats like these, but it would make no difference because if you are willing to allow a rogue like this to install you would be just as likely to dismiss it being flagged as a threat by a Behavior Blocker. Using a behavior blocker like Threatfire or Mamutu require more knowledge on the users part to be affective. Like i stated above; education would mean a world of difference in this case. Making the wrong choice in this case does not show a lack of intelligence, but a lack of knowledge. That's what the malware writers are relying / banking on.
     
  9. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    How do you get caught? What I mean is that they were not at any questionable web sites. Is it a hacked site or was it redirected.
     
  10. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    your family seems being plagued by this a lot. also your last question was reflected upon in that thread.
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I would advise the following: A total re-design of the security you have in place. And, this re-designing should have in consideration prevention in first place, rather than detection.

    You're right about one thing, if you enter a deemed safe site that has been hacked (You wouldn't know, of course.), and it would redirect you to a website that would exploit your browser to attack your system, then there isn't much education, as in avoiding bad websites, that will save your back. So, you need to take care about all attacking vectors as possible.

    Regarding tools like Threat Fire, which seems to be abandon-ware anyway, unless your relatives can handle them, stay away from them.
     
  12. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    vtol,I appreciate your explanation, but I didn't understand what you were talking about. That is my fault.
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I should have mentioned above that a BB would have been more useful in an incident where the rogue tried to install silently in the background without the user's knowledge. Drive by downloads try to silently install in the background when the user clicks on an infected link or object. They usually use an I-frame or java script to deliver the infected payload. A BB would have been more useful in this scenario.
     
  14. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    the question seems how computer literate your folks are, just putting an OS with an anti-virus on a machine does not do the trick anymore, basically due to the circumstance that black hat has been growing extremely sophisticated, got cloud structured, setup as an industry and deploying social engineering skills.

    that is a lot to cope with on the users end and thus require to spend a bit more time on maintaining and securing the computer, notwithstanding literacy about a few basics.
     
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I would recommend the use of an AE (anti-executable) over a BB since they use a deny by default approach, and I believe they are less likely to let anything slip through. If you want a really solid layer of protection i recommend the use an AE with virtualiztion software like Shadow Defender or Returnil. Returnil already comes with a light version of an AE. Faronic's anti-executable, and BlueRidge Network's Appguard are 2 excellent choices. Appguard is scheduled to be released in 64 bit compatibility next month. If your family or friends do not want to bother with virtualization software because they find it too big of a burden to set exceptions to save their work then they should be fine with an AE. You could also look at using sandboxie.
    http://www.faronics.com/en/Products/AntiExecutable/AntiExecutableCorporate.aspx
    http://www.blueridgenetworks.com/products/appguard.php
    I can't wait until Appguard is released in 64bit compatibility next month. Here are some screen shots on the beta thread of whats to come. https://www.wilderssecurity.com/showthread.php?t=276677&page=12&highlight=appguard
     
    Last edited: Nov 24, 2010
  16. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    When I go on the internet on my computer I am on Firefox with NoScript in Sandboxie and DefenseWall. So far the bogus av hasn't tried to get to mine.
     
  17. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    that makes quite a difference. for a lot of users that would be already too much of a hassle and an inconvenience, understandably when all one want is use the computer and roam the web without being permanently on the lookout for the next sniper or to learn their tactics first and start wearing protection, for that matter

    basically the browsers should be developed (hardened) at the pace those threats are emerging, ideally staying ahead. than most of this extra protection would be obsolete and one could enjoy a peace of mind
     
    Last edited: Nov 24, 2010
  18. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    If people won't use decent security apps why not just put that line in the reg where no exe can be downloaded even from those fake scan sites?

    am.exe - 20/39 (51.3%) - Rogue:Win32/FakeRean

    Same exe run on 7 and XP and I think it can use several different skins for each operating system?

    One.JPG

    Two.JPG
     
  19. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hey Will ... your g-son too busy to administer family-wide security? Simple yes'er no'll do.
     
  20. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    No. Just not computer savy.
     
  21. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Then an *instant recovery* setup would be best, hmm?
     
  22. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    On my computers I have First Defense ISR on the two with XP and Rollback Rx on the laptop with 7. I would guess that a large percentage of the people would panic and click on the bogus program. They make it look so official.
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I have a backup of all my machines on an external drive. Some of my machines are even backed up on more than 1 drive in the event that 1 drive fails. My biggest worry is fire or natural disaster. The only thing else i could really do is off site or online backup. I may even start doing that in the future. Global force is right. Keep regular backups, and if you do get infected you can just roll back your machine to an earlier time. Its a minor inconvenience when it comes to loosing all your data. I always recommend you keep a backup on a drive other than the drive that contains your system partition. Its much more reliable in the event that your OS becomes unbootable to the point you can not access the recovery prompt. It also works well when you have a drive that fails. You can just copy the image over to the new drive.
     
  24. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    I find it more convenient to use throw-away VM clones based on linux for websurfing and separate subnet, less probable to get infected and even if so just deleted it and start with a new clone. that way the production environment stays sane - until the day VM environment gets compromised and leaks into the host...
     
  25. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    As you are knowledgeable but your family members are not so much, you can either try to elevate their knowledge (and/or change behaviour), make an OS partition and image and learn them how to restore it or...let them try a very user friendly linux distro as Linux Mint, that is if they don't use much needed Windows programs.
    Or is linux a no-go?
    Perhaps an ad-blocker (I prefer AdBlock+ for FF) can be a start if they want to stick to Windows. It can at least prevent infections from compromised ad-servers.
     
Thread Status:
Not open for further replies.