[Schadenfreude]

I spent all day trying to rid myself of some major bad-ass fleas I picked up when I laid down 'mongst the dogs of Demonoid.

Seems some damn Trojan or some damn Worm or some damn Bot or some damn malicious piece of code was preventing me from logging on to Yahoo, Google, Altavista, AOl, or any of the major search and/or email sites. Fortunately, Apple's Safari Browser was not affected and it can be used by Windows machines now.

I think I had tried ESET, BitDefender, Trojan Remover 6.6.9, XPOnlineScanner remover, SmitFraudFix, Vundo Remover and others before I downloaded the latest free version of AVG and ran it. And it solved the problem!

I used to use AVG but abandoned it a couple of years ago when it wasn't keeping up with the rest of the pack. Now it looks like its ahead again. (I sometimes suspect that these AV outfits deliberately spread a few of these beasties around which only their programs can fix, just to force people to switch over).

Anyway, here's a good article from a couple of months ago comparing different AV software.

btw, I really liked Trojan Remover 6.6.9. It works really cool and it swept up everything - that is, except for what was ailing me.

It looks like the name of the game now is to use several of these packages in tandem. The trick is in knowing which ones complement one another.

I'm going to be getting a 64-bit machine in the very near future. I wonder if it's easier or harder to pick up fleas with one of those?

The Best Antivirus in 2008

$this->bbcode_second_pass_quote('', 'J')an 29, 2008

A new year... A new beginning... And the inevitable security solution smackdown. In this context, AV-Test has thrown together in the same arena no less than 24 antivirus products from the heavyweights of the security market.

The security solutions were tested against in excess of 1 million malware samples from the last six months. According to Av-Test's Andreas Marx, the test involved only the top of the line, "'best' available Security Suite edition" from each vendor, last updated on January 7, 2008, and running on Windows XP SP2. And yes Microsoft's Windows Live OneCare 2.0 was tested, but no, it's not the best antivirus of 2008. Well, of the beginning of 2008, anyway...

"First, we checked the signature-based on-demand detection of all products against more than 1 Mio. samples we've found spreading or which were distributed during the last six months (this means, we have not used any 'historic' samples.) We included all malware categories in the test: Trojan Horses, backdoors, bots, worm and viruses. Instead of just presenting the results, we have ranked the product this time, from 'very good' (++) if the scanner detected more than 98% of the samples to 'poor' (--) when less than 85% of the malware was detected," Marx revealed.

In terms of signature-based on-demand detection, Windows Live OneCare 2.0 held its own. Microsoft's security solution ended up detecting a total of 992,880 out of all the malware samples thrown against it, and accounting for a "Signature Detection" rate of 96.9%. This is nothing short of an excellent score for Windows Live OneCare, an antivirus that at the beginning of 2007 managed to occupy positions only towards the bottom of the security solution pack in early 2007. In the latest AV-Test "Signature Detection" test OneCare 2.0 came on top of F-Prot (986,961 – 96.3%), Panda (979,409 – 95.6%), McAfee (959,919 – 93.7%) and Nod32 (953,936 – 93.1%).

However, OneCare 2.0 was bested by the likes of AVK 2008 (1,022,418 – 99.8%); AntiVir (1,020,627 – 99.6%); Avast! (1,018,204 – 99.4%); Trend Micro (1,009,662 – 98.6%); Symantec (1,006,849 – 98.3%); AVG (1,005,006 – 98.1%); BitDefender (1,003,902 – 98.0%); Kaspersky (1,003,470 – 98.0%); Sophos (1,001,655 – 97.8%) and F-Secure (999,806 – 97.6%). The complete results of the "Signature Detection" test from AV-Test can be accessed here, courtesy of Sunbelt Software...

[Ainan]

You might want to try the Linux operating system, Ubuntu in particular. If not i recommend adware and avg free.

[jasonraymondson]

Get a lighter linux, the preassembled packages are too damn bulky and take up way to many resources. Compile your own debian and then you should be okay. I am getting tired of these one size fits all piles of shit being put out by these companies hoping to capitalize by selling support to their distro's

[ColossalContrarian]

Mandriva 2008 is nice

but I would suggest having two machines. One to download porn on (any old piece of shit PC will do) and one for gaming/surfing...

[Schadenfreude]

I'm going have two internal drives: One for Windows, the other for Debian Linux probably. My Dad's sending me a copy of it to try.

Keeping windows at hand will still mean that I will still have to worry about viruses, worms, etc. so it's good to keep up with the latest.

I tried the highest ranked AV in the article above but it is incredibly slow. So I tried Avira, which also received high marks. It found 10 more "threats" - nothing terribly awful in the bunch. Looks good.

[ColossalContrarian]

$this->bbcode_second_pass_quote('Schadenfreude', 'I')'m going have two internal drives: One for Windows, the other for Debian Linux probably. My Dad's sending me a copy of it to try.

Keeping windows at hand will still mean that I will still have to worry about viruses, worms, etc. so it's good to keep up with the latest.

I tried the highest ranked AV in the article above but it is incredibly slow. So I tried Avira, which also received high marks. It found 10 more "threats" - nothing terribly awful in the bunch. Looks good.

[Schadenfreude]

$this->bbcode_second_pass_quote('ColossalContrarian', '')$this->bbcode_second_pass_quote('Schadenfreude', 'I')'m going have two internal drives: One for Windows, the other for Debian Linux probably. My Dad's sending me a copy of it to try.

Keeping windows at hand will still mean that I will still have to worry about viruses, worms, etc. so it's good to keep up with the latest.

I tried the highest ranked AV in the article above but it is incredibly slow. So I tried Avira, which also received high marks. It found 10 more "threats" - nothing terribly awful in the bunch. Looks good.

[bodigami]

I'm using Mac OS X, with no anti-malware, just a software firewall.

[JeeBoomba]

$this->bbcode_second_pass_quote('zensui', 'I')'m using Mac OS X, with no anti-malware, just a software firewall.

[GoghGoner]

$this->bbcode_second_pass_quote('JeeBoomba', '')$this->bbcode_second_pass_quote('zensui', 'I')'m using Mac OS X, with no anti-malware, just a software firewall.

[Stratovarius]

Use hijackthis...then send the log after you do a scan to someone that's computer savvy and they'll tell you what's going on.

[Schadenfreude]

Yeah, but, how innately protected are Mac OSX and Linux OS when you frequently visit torrent sites and download questionable files and that sort of thing?

I'm just using Windows XP Pro and would never have any problems at all except that I download .exe torrents and the whole damn dangerous bit. I've gotten used to having to disinfect the occasional trojan or nuisance piece of adware or whatever. And it really hasn't been all that big a hassle. In fact, sometimes it's been kind of like solving a puzzle to try to figure what file(s) are the culprit and how to get rid of the infection.

The reason I started this thread is because I suddenly became aware of the proliferation of specialized antivirus software out there and I thought people might have favorites or know things about these different packages.

Also, I found that the AntiVirus Software rankings have changed - the former leaders are now the laggards and vice versa.

When I get my new Linux system working, and I use it to download executables from the internet, will I be greatly more protected or completely safe?

Say I download some highly questionable executable file designed for Windows. Could I check it over using a Linux based antivirus software?

[bodigami]

$this->bbcode_second_pass_quote('Schadenfreude', 'Y')eah, but, how innately protected are Mac OSX and Linux OS when you frequently visit torrent sites and download questionable files and that sort of thing?
(...)

[evilgenius]

I use a combination of AVG and the free version of Spyware Doctor. When it was still free I got AVG's anti-rootkit, but they don't support that anymore. A while back I had some real trouble trying to get rid of a rootkit. Many AV's found it, but no one but Spyware Doctor could get rid of it because you can turn on the free version of Spyware Doctor's anti-rootkit and have it run with the rest of the stuff. I have to say for awhile AVG seemed to really slow up my machine, but it doesn't so much anymore since I started using Firefox almost exclusively.

I also like to run a registry cleaner that allows me to back up my existing before any changes take place. Backing up when it comes to cleaning the registry is very important.

Use a Firewall too, they really help even though they are so annoying.

[strider3700]

$this->bbcode_second_pass_quote('zensui', '')$this->bbcode_second_pass_quote('Schadenfreude', 'Y')eah, but, how innately protected are Mac OSX and Linux OS when you frequently visit torrent sites and download questionable files and that sort of thing?
(...)

[Schadenfreude]

I'm pretty sure that I got a few Trojans from a recent download at Mininova.org but now I'm thinking that I might have picked up the real trouble because I've been actively hacked - all the way from Beijing, China.

After I got rid of my viruses (which I'm used to dealing with), I found that this thing called XPOnlineScanner would keep re-asserting itself. It closes the browser window down and throws a Windows-like message screen up which warns you that you need to download antivirus software and run a scan to protect your system. Well, I'm sure this must fool a lot of people. Suckers will end up buying "XPAntiVirus" for $30 or $40 bucks. Who knows what XPAntiVirus will REALLY do for you?

So, I've had to kill the browser in Task Manager to get rid of the message. I went into the registry looking for signs of XPonlinescanner and such. Found some stuff and deleted it. But it has come back again at least once so far. Now it seems to be gone.

I've been trying various AntiVirus packages out of curiousity lately. Today I ran Kaspersky which I really like alot. It has this live "Intrusion Detection System". And whenever your computer is being hacked from without, a little warning screen in the lower right appears which identifies the threat and the IP Address from which it is coming.

Well, ever since I installed Kaspersky's earlier, I've been getting these "intrusion detection" alerts. And as it's gotten later in the night, the frequency of these alerts has increased. I checked out a few of the IP Addresses and they are all coming from Beijing. Who knows what those nippers want to drop on to my system? Is it all an XPAntiVirus related scam? Gotta be something bigger than that.

Kaspersky's alert reads "Intrusion.Win.MSSQL.worm. Helkern".

I searched a couple of these IPs on google too and found this guy's online comment about home hacks from places all over the world.

$this->bbcode_second_pass_quote('', 'S')o who is attacking me ?

Interestly, most trafic was attemps to display Windows messages on my computer via ports 1026, 1027 and 1028. These messages where intended at having me purchase a Registry Cleaning software.

[Schadenfreude]

Found something on Helkern on the Kaspersky forums:

"Helkern" - 376 Bytes That Shook The World

$this->bbcode_second_pass_quote('VirusList Jan 2003', 'K')aspersky Labs, an international data security software developer, is warning users to look our for the new Internet-worm "Helkern" (also known as "Slammer" or "Sapphire") that infects servers running under the popular Web-enabled database Microsoft SQL Server 2000. The extremely small size of the worm (only 376 bytes), a unique technology it employs for penetrating target computers and an extraordinarily high spreading speed allow us to proclaim "Helkern" one of the biggest dangers threatening the normal operation of the Internet to come along in years. There have already been reports of serious disruptions to Internet functioning in South Korea, Australia and New Zealand.

It is possible to say the worm has caused one of the largest virus outbreaks in history that has affected user from all corners of the globe: messages describing infections from "Helkern" are being received from Europe, the United States and Eastern Asia.

"Helkern" belongs to the "fileless" worms category. This type of malicious programs performs all operations (including infection and spreading) exclusively in the computer's operating memory without using any permanent or temporary files. These features seriously complicate the detection and disinfection of such worms using contemporary anti-virus technologies (on-demand and on-access scanners). The first malicious code of this type, "CodeRed", was discovered on July 20, 2001. At that time it caused a wide-scale outbreak infecting dozens of thousands of systems around the world. Up until now, with the exception of "CodeRed", "fileless" worms had not shown themselves.

"Helkern" infects only computers running Microsoft SQL Server 2000, a multi-functional database system widely used primarily on Web-servers. To home users of any Windows version without the installion of Microsoft SQL Server the worm poses no threat.

"Helkern" exploits a security breach ("Buffer Overrun") in Microsoft SQL Server that was first detected in July, 2002. To accomplish the "buffer overrun" exploit the worm sends a special request to a target computer. When the request is processed the system automatically executes the worm's code contained in this request. In this way a malefactor can run malicious code without a user's knowledge.

Next, "Helkern" initiates its spreading routine. This process features the extremely rapid sending of the worm's copies to other Internet users: "Helkern" starts an endless spawning loop that many times increases network traffic. "Within just 3 hours from the start of the outbreak began we have detected more than 20 thousand attempts by "Helkern" to penetrate our network, - says Igor Mitiurin, Head of the Information Security Department at Russlavbank, a major Russian financial institution, - Fortunately all these penetration attempts were successfully blocked thanks to our implementation of an effective information security policy that includes the timely installation of security patches for all software used in our corporate network." ...

[lowem]

Sometimes it might be easier to just re-format and re-install.

It's exasperating to keep fighting these viruses and worms, especially if they use a "dropper" technique that's like a shotgun going off, installing multiple different kinds of malware in one go.

[Schadenfreude]

$this->bbcode_second_pass_quote('lowem', 'S')ometimes it might be easier to just re-format and re-install.

It's exasperating to keep fighting these viruses and worms, especially if they use a "dropper" technique that's like a shotgun going off, installing multiple different kinds of malware in one go.

[bodigami]

$this->bbcode_second_pass_quote('Schadenfreude', '')$this->bbcode_second_pass_quote('lowem', 'S')ometimes it might be easier to just re-format and re-install.

It's exasperating to keep fighting these viruses and worms, especially if they use a "dropper" technique that's like a shotgun going off, installing multiple different kinds of malware in one go.