You Still Think Your Antivirus Is Enough? Take A Look

Let me begin by saying that I usually don't open email attachments. However, I received an email from a friend today. She stated that she had recieved a link to a greeting card sight by a member from aol. She was uneasy about opening it because the extension ended in "sar". She said it was probably infected, and not to open it.

She's very smart with computers, going to school to learn about them. Anyway, I couldn't resist, curiosity killed the cat.LOL I copied and pasted the url into the url box because the link didn't work.

It's been a year and a half since I've had to format, so what the heck After placing the url in the url box. A download immediately started, not asking for my permission of course. So, It downloads to the desktop.

After the download is finished to the desktop. I right click the file. No infections found. I then proceeded to double click the greeting card ...You can see what happened in the screenshot. This is not a fake trojan. It's the real thing. You can read more about it here. http://www.nsclean.com/trolist.html

As you can see. Boclean snatched it as soon as I double clicked the greeting card. There was no harm done to my computer. Boclean zapped it dead, no questions asked

 

and this is why the layered approach is recommended...., for all.

Blue

 

If you use KAV you don't need layered approach.

 

Or ArcaVir or NOD32....heuristics save the day!

 

Hi Firecat. I'm running nod32. I purchased it the other day. That's it running beside Boclean. I believe in the layered approach. Before purchasing Nod, I took it to a website that I knew was infected with some downloader trojans. Nod captured one and took care of it.

However, Boclean is an insurance policy for me. It's just there in case one gets by...Like this one. I have some friends that own Norton 2005. They also run Boclean. However, every now and then norton misses one, and Boclean will catch it. It's just another layered approach to catching all these nasties.

To sum it up. The antivirus will catch most of them. If there is a failure...as in this case. Boclean will get it.

 

well yeah, but there's more about layered protection besides installing KAV, or any other heuristical scanner. There are lots of other threats that you have to take care of. So to catch you average nasty, use your AV scanner. But it will not be the one solution.
I'm running a linux desktop system. Do you think that I don't need layered protection since all (ALL) virusses, adware, spyware, browser hijacks, trojans, worms and other windows crap can not harm me?
I practice safe hex, use a separate linux firewall, don't run as root (admin to Windows folks), do my patching (automatically, very low impact on linux) and don't use IE and OE and other vulnerable software. And I don't run AV, AS, AT, AAw and save lots of resources that way

 

I forgot to mention this. I was running firefox when the download began. When I doubleclicked the greeting card is when "internet explorer" surfaced. I only run IE to do windows updates, or if a site isn't compatible with firefox.

 

If you are the average, low-risk surfer, probably true.

But if you are for example, a College student visiting a whole range of sites, you need all the protection a layered defense will give you.

Even KAV, by itself, cannot catch all the malware out there.

 

KAV is an excellent package against all forms of malware. It is a clearly at the top of the class in detection. The additional layers will certainly be much less stressed with KAV.

However, I wouldn't make a blanket statement that added layers are not needed, even with KAV. KAV does have some weaknesses that can be manipulated. They are subtle, but they exist. This is true of every application.

As Blackcat notes:

I definitely agree, and would add that, right now, low risk surfers are generally covered quite adequately with their current AV/malware solution alone even if it is not KAV.

However, a low risk surfer can very easily and inadvertently jump into the high risk category. I did it myself once. This is a true story. There's a sports/outdoors equipment chain of stores in the US names Dicks Sporting Goods. Everyone refers to it as Dicks. That name, and that name alone, is ingrained is me. A few years ago, my younger son's interest in wrestling increased, it's been his winter sport of choice for a few years now. Anyway, he needed some new wrestling shoes, something that Dicks carries. The store is a few miles from the house, but rather than pop over to the store without any idea of what was in stock, I decided to bring up their website. I hadn't visited their site before, I assumed it existed since they were a large business, so I typed the first obvious domain name that popped into my head. Mind you, we always referred to the store as Dicks, just Dicks. You can probably guess the obvious domain name that I used: hxxp://www.dicks.com. About 2 nanosecond after I hit enter on that domain name, before anything happened, it occurred to me that it might not be the best choice. Within about 1 second, I found myself immersed in a dozen pop-ups from a gay porn site, with additional browser windows being launched at an alarming rate. This was at a time when many of these sites did not offer any protection to inadvertent surfers. No warning entry window to screen, I went right to the heart of the site in all its glory. The only saving grace was that I was alone at the PC. I'm a generally self-aware surfer, but that morning I had obviously taken my stupid pill, and it had kicked into overdrive. The cleanup wasn't difficult, but that was some time ago. Malware today can be more insidious

The point of my story is that even low risk surfers can quickly get in over their heads. It's all about risk analysis and how one goes about mitigating that risk. Anecdotal stories of surfing bare or with minimal protection for some time without incident are no different than the equivalent stories of riding in a car without the seatbelt fastened or cycling without head protection and suffering no ill effects (please - no flame war follow-ups to either of these seemingly religous-war type topics). The thing is, one is not mitigating against the usual events, it is the exceptional confluence of circumstances that one is trying to mitigate against. They are rather infrequent events, which is why it is sometimes hard to get people to seriously plan for them.

My punchlines:

• Being at decidedly lower risk is not the same as being at no risk
• Everyone is at some finite positive risk level regardless of measures taken, even an extensively layered solution
• We can only mitigate that risk level to approach zero, but it will never be zero.
• Although its really a distinct topic, let me add that there are points of rapidly diminishing returns, and even points beyond which added layers become decidedly counterproductive.

Blue

 

Mr2cents,

From what you say I should be quick as to get myself an Anti-Trojan. How about a-squared or Ewido?

Blue is right, I too was a low risk surfer, we cannot decidedly make out levels of risk because even we users would have no idea whether the sites we visit are malicious or not!

While KAV is definitely good, there are some things it misses, and having an Anti-Trojan like TDS3 alongside would be a great idea.

Have a great day everyone!

Best Regards,
Firecat

 

WRONG! Post 2 Correct imo

 

Preach on, brother! It's a mantra with me...layered security, layered security! But seriously, as fine as the top tier A/V programs are, they aren't %100 bullet proof. This is why I tell my clients to spend a little money now, or lose an uncalcuable (yes, I tell them uncalcuable) amount with a system that is much more likely to be compromised. It can't be overstated how valuable a quality A/T program can be as one of these layers.

 

It is actually humorous that people say things like " If you have KAV , " no problem . Two words : Good Luck . lol

 

Se very true, Blue.

 

I just wanted to ask if you have NOD32 Maximum setting ( as posted by blackspear ) on?

Or was it at default setting?

 

Hi iwod. The answer to your question is yes. I have Nod32 on maximum settings, as per Blackspears tutorial.