Morgan said:
Wouldn't it be possible to automatical track all IP's that software try to
reach from own pc? (all are not pros who know such stuff).
Just as McAffe advice on sites it could perhaps be possible to analyze IPs
before contacting them?
I have lost _all_ respect for SiteAdvisor. In MNSHO, SA should be
listed here:
http://thesaurus.reference.com/browse/capriciousness
And all of these anti-phishing measures, IMNSHO, are nothing but snake
oil. One, the phishers will always be two steps ahead of those
tracking them, and two, those who display these HTML documents are the
_least_ capable of dealing with them. There is _nothing_ worse than a
false sense of security.
A way to improve antivirus applications would be to increase the amount of
money in the buying-antivirus market. Some ideas:
1) Magazines (and perhaps also government) arrange more tests of antivirus
and put'em in official websites.
Magazines are revenue-driven. 'Nuff said. And Consumer Reports is run
by a bunch of altruistic, PBS-watching commies. [bg]
http://www.aynrand.org/
2) Let private pc owners have tax reduction when showing receipts for buying
anti-virus software and hardware firewalls.
Screw the tax incentives. See agriculuture for how subsidization is
counter-productive.
Those who get hacked and start spewing crap as a result of being
incorporated into a botnet should lose their ISP service, or go back
to dialup, until they clean up their boxes. Most of this crap could be
controlled if (in the US, for example) these guys
http://www.isp-planet.com/research/rankings/usa.html
would control the botnets in their own back yards. These clowns could
start by blocking port 25.
http://cbl.abuseat.org/nat.html
You won't find too many people on dial-up who have become part of a
botnet. At least not for long. They can't take the bandwidth hit.
3) Banks and large webshops sell _leading_ antivirus at reduced prices to
customers.
If it costs _you_ when your computer gets hacked and you start sending
spam and malware to _me_, then the market will take care of itself.
The problem is that currently there are no incentives to keep one's
box clean. Some idiot with a 100 Mbps connection doesn't care about 30
Kbps worth of his bandwidth being eaten up by the botnet worm that he
got using P2P. This same clown will spend $300 on an online game, but
won't spend $50 to secure his box.
There are only a couple of tests worth anything, and they have their
limits. These are the only links (including yours) that I post anymore.
AV-Test (Andreas Marx - Germany)
http://www.av-test.org/
AV-Comparatives (Andreas Clementi - Austria)
http://www.av-comparatives.org/
Food for thought (Eugene Kaspersky)
http://www.viruslist.com/en/analysis?pubid=174405517
Unless I want to piss off some smart-ass NOD32 user.* Then I post this:
http://www.virus.gr/english/fullxml/default.asp?id=82&mnu=82
*I am talking about jerking certain people's chains. If I didn't use
KAV, I would use NOD32. It's a great product. VirusP's work, on the
surface, appears intriguing, but most analysts would tell you that the
methodology does not pass muster from a scientific standpoint.
My belief is that there is a BIG need for NEW creative ways to pinpoint
/identify malware.
The other day I saw, with my own eyes how someone from outside erased a
antivirus-shield from my pc.
And it gets easier with wireless.
I have also reasently had "invisible" email (shown by scanners, not seen in
mailbox) and other crazy stuff.
Not in _my_ mailbox. I only use text for email, and as a result, I am
immune to almost every email scam out there. Most of the /invisible/
images are web bugs,
http://en.wikipedia.org/wiki/Web_bug
Fred Langa adds this garbage to his newsletter in order to generate
revenue. If you use text-only for email and/or disable inline images,
you are immune to this crap.
Here is a perfect example of why the fight against the creeps is
probably a lost cause. People use HTML for email, with ActiveX, Java,
Javascript, cookies, Flashcrap, iFrames, Preview, and all kinds of
other crap enabled. For what? So that some idiot can embed animated
smiley GIFs in his/her email? You need to format your email message to
tell your colleagues that the meeting has been moved from 10:00 AM to
2:00 PM? Give me a break.
http://isc.sans.org/diary.html?storyid=1954&isc=dc0d8f499f2eddf98afebda490e128d8
Short Version:
http://tinyurl.com/ycljp6
Quote: "Remember: when Moses came down off the mountain, it was with
text chiseled into stone; not DHTML, JavaScript, and animated GIFs.
If text is good enough for God, then it's good enough for you. ;-) "
I have one of those banks that almost in panic during last months have been
forced to add extra code-tables with codes sent out to customers.
The criminals will always stay ahead of those who fight them. Until
there is no money in it. See the War on Drugs.
http://www.leap.cc/
And the banks are part of the problem. If you call most of them, they
will tell you that you must use IE and ActiveX in order to use their
online services. Why? Because their online department is staffed by a
bunch of kids who just got out of a computer class taught by some
commie professor who has been wined and dined by Microsoft. But do
they ask you whether or not your box is secure enough to make a
financial transaction over the internet? Hell no.
So, perhaps the AV-comparatives testing should be enlarged to realy tell
something valuable about antiviruses.
The only thing that you can really go by when it comes to AV testing
are the trends. Every vendor gets beat from time to time, but the good
ones are at or near the top, month after month, year after year.
Follow the trends, and avoid the snake oil.
There is a new paradigm in the purveyance of malware and that is
email. Specifically HTML email. And so in the middle of this war, what
do most people do? Sign up for crap like Gmail, Hotmail, Yahoo! Mail,
and then use their browsers to send and receive email. You know, their
browsers. The browsers that have had every fricking feature enabled
since they bought the box. Beam me up, Scottie. Please.
Those who want to know the future of waging war against all of this
only need look to the world-wide War on Drugs. The War on Drugs should
be listed here:
http://thesaurus.reference.com/browse/lost cause
We are _not_ in the middle of a War against Spam, Phishers, Spoofers,
botnets, whatever. The War is over. We lost. Get over it.
http://www.eweek.com/article2/0,1895,2029720,00.asp
http://it.slashdot.org/article.pl?sid=06/10/17/002251&from=rss
Quote: "There is a general feeling of hopelessness as botnet hunters
discover that, after years of mitigating command and controls, the
effort has largely gone to waste. 'We've managed to hold back the
tide, but, for the most part, it's been useless,' said Gadi Evron, a
security evangelist at Beyond Security, in Netanya, Israel, and a
leader in the botnet-hunting community. 'When we disable a
command-and-control server, the botnet is immediately re-created on
another host. We're not hurting them anymore.' "
Nothing will change until the ISPs change. And that ain't gonna
happen. I mean how hard is it to block port 25, and they won't even do
that. Sigh.
Thanks for your thoughts, Morgan.
Ron
