W
What's in a Name?
But I enjoy giving them a hard way to go!<grin>
-max
-max
N
Norman L. DeForest
Thanks. The zip file provides all you need to have the same thing
including icons for the whole alphabet and full and empty toilet icons.
The zip file contents:
http://www.chebucto.ns.ca/~af380/EtchASketch-files.gif
Someone in another newsgroup wasn't so amused. He *claims* that my
stuff got installed on his desktop without his permission. Is there
*any* version of Windows that is stupid enough to auto-download-and-unzip
files to a user's desktop? Or can anyone suggest an alternative way this
could have happened (besides user stupidity)? (Remotely on-topic here as
similar events could be responsible for some of the "Have I got a virus?"
questions that show up here from time to time.)
The accusation:
On 12 Aug 2005, [snipped to protect the guilty^Wstupid] [1] wrote:
: Norman L. DeForest wrote:
: > --
: > Windows is *not* a "Toy OS". A screenshot of my current desktop:
: > <http://www.chebucto.ns.ca/~af380/MyDeskTop-Jun-22-2005.gif> Want a desktop
: > like that? (change ".zip" to ".gif" or "-files.gif" to see zip contents):
: > <http://www.chebucto.ns.ca/~af380/EtchASketch.zip>
:
: Let me say that whereas I was mildly amused by the above
: links, I am not amused at all with your spammer tactics
: which resulted in the unwarranted invasion of my computer
: with several icons being placed on my desktop due to my
: visit to your links.
[1] Google for it if you really want to know who he is.
N
Norman L. DeForest
And what makes you think that an *on-demand* scan of the floppy disk
would have been less effective in finding the infection than "real time
protection" would have been?
(When viruses first starting spreading I never used any protection other
than on-demand scanning except for (a) not having a hard drive on most of
my systems and (b) write-protecting my boot floppies and (c) sometimes
using DEBUG to disassemble new software to find out what it does before
using it[1]. Trying out the software first on a floppy-only system with
write-protected program disks was one way to see if the software was
trying to change something it shouldn't.)
Not using Windows at all unless I really had to was also a way to avoid
running anything unintentionally.
For years my only Internet connection was through a text-only account
accessed with a DOS-based terminal emulator. Not until I learned enough
to protect my system from infection did I get a PPP account -- and I still
use the text-only system for most of my access (and all of my mail and
news reading).
[1] Some software had such poor documentation that disassembly was
sometimes the only way to find out how to use it in the first
place.[2]
[2] Also, if I wanted to use it on *all* of my PCs, I usually had to
patch it to make it work on my TI Professional.[3][4]
[3] <brag> All of the information in Ralf Brown's famous Interrupt List
that pertains to the Texas Instruments Professional Computer was
supplied by me. </brag>
[4] http://www.chebucto.ns.ca/~af380/TI-Pro.html
R
Roger Wilco
Pastor Dave said:
Yes, but you said 'real time' scanning was needed not 'scanning' was
needed - there is a difference.
Why not?
Could you show me an example of this. I haven't heard of any that do
this - it sounds very unlikely to me.
They can NEVER do this! At best they can say they found nothing.
The real time (on access) scanner will only alert during installation if
new executable content is placed in a file and that file is then
accessed. If the malware is runtime unpacked it will either have been
detected when the installer was scanned or not at all. Yes, malware can
sneak onto a system as part of an installation of software, but there is
no guarantee that real time scanning will be any better at detecting it
than on-demand scanning will. After installation the system can be
scanned again for malware to see if any malware files known to the
scanner were created during installation. The best way to avoid this
would be to extract files from the archives the installer uses and scan
them prior to installation. Many scanners will automate the extraction
when aksed to scan an archive filetype.
Were you using real time scanners twenty years ago?
Okay said:
You saw my response, no?
Hey, I commended you on trying to supply good information. The problem
was that you used search engine results for that file as a basis for
correcting your problem when the procedures were written for someone
else (apparently) with more problems than just the existence of the ottr
file. It's too bad the HJT guru's didn't explain why they suggested
deleting the file.
Don't worry about it - it takes all kinds of people to form a group.
Back to the diverted thread topic - the main difference between real
time scanning and on-demand scanning is that real time scanning scans
the file when it is accessed, and on-demand scanning scans the file when
asked to by the user. If you know when (and how) to ask, the two are
equivalent. When using the on-demand scheme - you don't have background
CPU cycles being used (almost constantly) and you need not be concerned
about RAM footprint because it is only in RAM when you asked it to be.
It is indeed possible to be reasonably assured that no malware is on a
system if you use safe practices with on-demand scanning as a part of
that practice - real time AV is not absolutely necessary.
Generally AV is reactive - someone has to get bit before a new malware
gets noticed. The real time AV users are like the penguins that must
check the waters for predators before the rest of the penguins can
forage. Proper use of safe practices and on-demand scanning allows you
to let others be the sacrificial penguins.
P
Pastor Dave
Thank you for proving my point. The most anyone
can say is, "I have never had a virus, as far as I
know". What I am dealing with here, is someone
claiming that they have never had one, period.
When that was pointed out, the personal attacks
began.
But hey, it's better to attack, than be honest,
right?
--
Pastor Dave
"If you believe what you like in the Gospel,
and reject what you like - it is not the Gospel
you believe, but yourselves." - St. Augustine
http://www.ecclesia.org/truth/solution.html
http://tinyurl.com/ce97m
C
* * Chas
|
message
| | | Pastor Dave wrote:
| | > On Tue, 9 Aug 2005 21:31:32 -0700, "* * Chas"
| | > <[email protected]> spake thusly:
| <snip>
|
| | Chas, try A² from Emisoft. It is an anti-trojan program, and free
for
| | home use.
| | http://www.emsisoft.com/en/
| | Scroll down to "a-squared Free"
|
| Thanks, I installed A² on a test PC a number of months ago but never
| configured it because I was turned off by the number of hoops required
| to jump through in order to activate the program.
|
| I looked at again this evening and they seemed to have toned down the
| intrusiveness a lot. I updated A² and ran it, seemed to work pretty
| well.
|
| Chas.
A² can check networked PCs. Click the Add Drives button, select Network
and select the drive or computer, close and run.
Chas.
message
| | | Pastor Dave wrote:
| | > On Tue, 9 Aug 2005 21:31:32 -0700, "* * Chas"
| | > <[email protected]> spake thusly:
| <snip>
|
| | Chas, try A² from Emisoft. It is an anti-trojan program, and free
for
| | home use.
| | http://www.emsisoft.com/en/
| | Scroll down to "a-squared Free"
|
| Thanks, I installed A² on a test PC a number of months ago but never
| configured it because I was turned off by the number of hoops required
| to jump through in order to activate the program.
|
| I looked at again this evening and they seemed to have toned down the
| intrusiveness a lot. I updated A² and ran it, seemed to work pretty
| well.
|
| Chas.
A² can check networked PCs. Click the Add Drives button, select Network
and select the drive or computer, close and run.
Chas.
K
kurt wismer
Pastor said:
not true... the most a virus scanner can say is that it didn't find a
virus, but virus scanners aren't the only technology out there...
there are products that can detect changes (when a virus infects it
necessarily makes changes) with a much higher degree of certainty... the
problem is that it's an after-the-fact detection rather than a
preventative detection so most people don't bother with it...
however after-the-fact detection is still good enough to say "i have
never had a virus"...
R
Roger Wilco
Pastor Dave said:
He didn't say that he relied on an AV scanner to make that assertion
though. I didn't say that there was no way to make that assertion, only
that AV software can't.
Well - - you basically called him a liar. To some, that would be an
attack on their character. Don't be too surprised when someone objects
to being called a liar.
T
Tore Lund
kurt said:
I have been wondering about that. How could I track file sizes,
registry and directory changes in such a way that I could be sure to
detect the presence of any virus? I have thought up some schemes - I am
just not sure whether they are good enough.
And I don't need any "product". I could do it myself. But I have some
doubts about whether I could be sure to catch ANY malware hiding
ANYWHERE on my computer. Anyone care to elaborate?
Most us never get infected anyway, so after-the-fact detection will
probably be good enough.
K
kurt wismer
Tore said:
well if you're just looking at file sizes then you're not going to have
quite the same degree of certainty as i was talking about above...
cavity infectors don't change the file size...
i'm not sure i know what you mean by 'directory changes'...
well, say we're talking about file infectors - how would you generally
go about determining if the contents of a file has changed? would you
look at file size (which doesn't necessarily change)? would you look at
timestamps (which can be forged)? or would you compare some sort of
checksum of the file in it's current state against one generated when
the file was known to be clean?
well, see, that's part of the problem - with so few real infections some
people find it hard to justify the cost of using change detection
software (although, from my experience it's not too much different from
doing a system wide virus scan)...
P
Pastor Dave
Okay, you've never had one. You are God
and know everything and no one, nor nothing
that can possibly slip by you. Gotcha.
Only in the mind of someone arrogant,
who is run by their ego.
And with that, I'm done.
--
Pastor Dave
http://www.ecclesia.org/truth/solution.html
http://tinyurl.com/ce97m
"The word 'believe' comes from an Old English word,
'bylive'. What we believe, is what we live by.
Don't tell me you believe, if you don't live by it."
- Adrian Rogers
"Never give the devil a ride.
He will always want to drive."
This signature was made by SigChanger.
You can find SigChanger at: http://www.phranc.nl/
P
Pastor Dave
Anyone who says that they know for a fact
that they have never had a virus, is a liar.
The most anyone can say is, "As far as I know".
--
Pastor Dave
http://www.ecclesia.org/truth/solution.html
http://tinyurl.com/ce97m
"The word 'believe' comes from an Old English word,
'bylive'. What we believe, is what we live by.
Don't tell me you believe, if you don't live by it."
- Adrian Rogers
"Never give the devil a ride.
He will always want to drive."
This signature was made by SigChanger.
You can find SigChanger at: http://www.phranc.nl/
W
What's in a Name?
And with that utterance of stupidity,
I put you back into my killfile
<plonk>
-max
H
Heather
What's in a Name? said:
Max.....you shouldn't have bothered taking him out of it. Perhaps if he
re-reads what he wrote, he just might get a huge clue as to his own
arrogance. He is the one who thinks he is God. Pity!!
Cheers...Heather
W
What's in a Name?
sing with me now
I'm just no fun anymore....
T
Tore Lund
kurt said:
I was hoping you could tell me. I suppose the products that detect file
changes make checksums. In any case, I don't think it's worth the
bother as long as there are free tools that will pick up virtually all
of the malware one is likely to get.
R
Roger Wilco
Pastor Dave said:
Wrong, there are ways to be sure about never having a virus. Just
because you fail to grasp the concept doesn't mean it isn't so.
True, but in this case it IS possible for someone to actually "know"
this (as opposed to just believing it).
T
tim
Hey! I resemble that remark
tim
K
kurt wismer
Pastor said:
actually, i'm not a god just because i've never had a virus infection...
if anything were going to qualify me as a (geek) god it would be
whistling a 2400 baud carrier signal...
properly implemented and used change detection software has a 0% false
positive rate and a 0% false negative rate (technically the probability
of a false negative is 1/(2^n) where n is the number of bits in the
output space of the hash used, which is sufficiently close to zero that
it can safely be ignored)...
because it's detecting changes, of course, and those are much easier
detect...
since a virus has to change something in order to infect, change
detection software will detect it - though it won't be able to
differentiate it from other changes, that requires additional know-how...
so really, knowing that a virus has never infected my computer would
down to knowing that the changes detected by the change detection
software were all non-viral in nature...
a) changes to executable file should never happen unless i'm updating a
program...
b) new executables should never happen unless i install an application...
c) changes to documents aren't an issue as i don't use formats that
support macro viruses...
d) new or changed script files follow approximately the same rules as
new or changed executable files...
e) for any new executable or script i add to my system i should be able
to check the integrity against the source...
it's not impossible to rule out viral activity in the change detection
log...
speaking of arrogant, ego-driven know-it-alls...
i'm just trying to tell you about something you might not have otherwise
known about...
maybe if you stick your fingers in your ears and go "nyah nyah nyah nyah
i can't hear you" you won't hear these ideas that contradict your own
enough for you to be snide but not enough for you to respond with
reasoned counter-arguments...
N
Norman L. DeForest
1. How about someone who owns a machine with the operating system in ROM
who can compare any other software with the original installation disks
to detect any changes? (Wasn't it the Tandy 2000 series that had a
model with MS-DOS 2-point-something in ROM? You could boot from ROM,
from your hard drive, or from a floppy disk. One Radio Shack dealer
told me that he had a lot of problems with people returning systems
that were supposed to have DOS 3.3 on the hard drive and didn't until
I pointed out to him that the computers he had on display were all
booted off the ROM and one menu item in the graphical shell the ROM
put up was "Format" which defaulted to formatting the current (hard)
drive.)
2. How about someone who uses a floppy-only system and has their program
disks *all* write-protected? Or boots from write-protected floppies,
has their software on write-protected floppies and puts only data on
their hard drives?
3. How about someone who owns a computer that is unique and therefore
never targetted by virus authors? (How many viruses target MP/M-86
machines? How about the Texas Instruments Professional Computer?)
4. How about someone who uses the software his system came with and
nothing else whatsoever (except what they wrote themselves)?
I have known people in all of those catagories.
For the longest time, I was in catagories 2 *and* 3 until I finally
got an MP/M-86 machine with a 5MB hard drive (so I was not restricted
to floppies) and, later, a PC-DOS 3.3 machine with Windows 3.1.
I now use a Windows 98 machine I was given. I estimate the chances of
it not being infected are about 99.9999% or better.
Then there are the people who have never had a computer. They can all say
with 100% certainty that they have never had a computer infected with a
virus.