============================>
That's some expected reply. Did you know that these independent test
centers lie and not me and they lie for illicit gain like magazines
they sell ??? If anybody is lying it would be them and if anybody's
head is full of it (lies) it would have to be you and not me..... and
I will tell you why.
This is easily going round and round - a round robin - and you are a
part of that. If there were labrotories with all these "unknown
threats" they use as tests to prove the weaknesses of software - any
type of test program - it would have been stolen and used a long time
ago by the underworld in malware spybots that are currently
responsible for up to 70 percent of world spam and 4 percent annually
of ID Theft in just America and are currently clocked in control of 4
to 11 percent of world computers.
The security industry is well aware of that and do know everything
possible that is used by these independents and for two reasons. Are
they attempting at some time to be running extortion by producing a
proof-of-concept scenario. Number two - are they "selling" to the
underground and what ? Would it surprise you that security software
can purposely give "false readings" to test equipment for these very
reasons ? Are you aware of anti-cracking technology that is software
as well that can be purchased and how this protects security products
against "probes" for reverse engineering and piracy ?
What you are replying to basically is the part of the discussion about
heurisitics fail maybe 50 percent of the time - even if for sake of
arguement you might call that a worst case scenario as opposed to a
conservative estimate. Specific products I have used for over four
years now were Norton Antivirus - 2 years Webroot Spysweeper and Trend
Micro Antispyware which also have heurisitics technology for spyware
and related malware. Several times I have manually inspected every
single file and registry entry in my computer looking for malware.
None was ever found though I have been hit hundreds of times.
Now according to your perspective that heuristics don't work - I
should have found at least 150 malware applications. The hits I am
talking about are not malwares that were removed after scans. I am
talking about drive by installations. Were are they ? There is not so
much as a trace present.
You said...
""QUOTE""> someone has been filling your head with lies, i'm afraid...
"UNQUOTE""
...well you can be afraid all you want but here you can stop telling
LIES as you are doing. There is NO ONE filling my head with lies - not
even me. What I have posted here is the truth - I don't lie where pc
security is concerned. I do know what I am talking about and I am a
groups owner specializing in malware removal and webmaster/creator of
thewww.BlueCollarPC.Net/website for the same which is approaching
one million hits by people who look towards information and advice I
provide as a source of their computing security needs. Not one of my
Visitors and Website Users believes I am a liar.
Now the bottom line here is that I am positively sure you will agree
that any traces or variants of threats from a couple of years ago
would finally have had defintions written for them to remove them in a
scan, that for sake of argument where "missed by heurisitics" ? Okay,
for sake of arguement ? This is what I am telling you - there is no
such thing. The products ARE that good.
You had some kind of problem with the statement about these products's
heurisitics catch virtually ALL malwares. Well they do and did. Why
would I - me as who I am with nothing to gain - why would I lie or be
wrong about that ? Who would believe YOU ?- Hide quoted text -
- Show quoted text -
<snippped rant>.cbgerry said:============================>
Virus Guy wrote
Exploits/viruses don't come from casual browsing of 'normal' websites.
They come from wank/warez sites & spam mail. If people are stupid
enough to visit those sites/open spam mail they're gotta get shit, time
after time.
On Apr 6, 3:45 pm, George Orwell <Use-Author-Supplied-Address-
Header@[127.1]> wrote:
PC Worldhttp://elfurl.com/qymplSome industry analysts are proclaiming the traditional antivirus
method for detecting and eradicating viruses, trojans, spyware and
other baneful code by matching it against a
signaturehttp://snipurl.com/crapwaretobe "dead."They say signature-based checking can't keep up with the flood of
virus variants manufactured by a criminal underworld that is
beating the antivirus vendors at their own game. And they are
arguing it's time for companies to adopt newer approaches, such as
whitelisting or behavior- blocking, to protect desktops and
servers."It's the beginning of the end for antivirus," says Robin Bloor,
partner at consulting firm Hurwitz & Associates, in Boston, who
adds he began his "antivirus is dead" campaign a year ago and
feels even more strongly about it today. "...The approach
antivirus vendors take is completely wrong. The criminals working
to release these viruses against computer users are testing
against antivirus software. They know what works and how to create
variants."..Instead of antivirus software, he says, users should be
investing in whitelisting software that prevents viruses from
running because it only allows authorized applications to run.Whitelisting products are available from SecureWave, Bit9, Savant,
AppSense and CA, the first traditional antivirus vendor to see the
light, in Bloor's view.
They mean "heurisitics" in all descent antivirus paid protection ?
Duh.... heurisitics. This is activated meaning real time protection
in paid subscription antivirus software programs. Heurisitics is
the ability to identifiy the malware threat by typical behavior
without having the definitions yet written for removal and blocking
of the particular threat - worm, virus, many trojans.""QUOTE""
They say signature-based checking can't keep up with the flood of
virus
""UNQUOTE""...and it never did and never will. For newbies these idiot editors
are writing to (and I am not the only one recognizing this) - for
newbies / novice information here, the writer is calling a system
scan with your antivirus as "signature-based checking" - like duh
a-hole. Why would you do a scan, find and remove malware and then
turn around and say that the PC was protected in the beginning as
"signature-based checking" ??? How the h*ll was the PC ever
protected by "sinature- based checking"?"?? Duh !!!So where's the distinction that something is or did die ???? Idiot
Editors playing with new people's minds. Malicious bad information
even intentionally. I have caught some of the4se creeps before
giving out bad information and responded to it.""QUOTE""
they are arguing it's time for companies to adopt newer approaches,
such as ... behavior- blocking
""UNQUOTE""...You mean BUY some antivirus protection ??? to activate real time
protection - - Duh !!!This is the result of trolls, criminal elements, idiots, plain
newbies, and bragging rights malicious persons giving the constant
idea of freeware security as your silver bullet. That is absurd and
even for the most new person. Anybody new to computers instantly
realizes that the software business is a multi-million and multi-
billion dollar industry. You can't even miss that one on TV News
always informing the public of the amount of trade done over the
internet if you are not a computer owner/operator. I believe it is
in the neighborhood of 16 billion dollars yearly or more. So point
is the "newbie" knows better and are taking their chances and they
know it. They know you are only getting what they pay for in the
worst ignorance of software or computers.A little knowledge spread around stops all of this in a very, very
great degree.
Hell, you don't even have to buy any. You can download avast for free
and it does real time checking, even scans incoming email.
Of course the most common path of infection can be easily blocked by
simply turning off html rendering in your mail client. No text
message has ever infected a machine without the help of that
machine's user.
cmsix
========================>
And what protection does free antivirus offer when browsing the
internet ? Free open source Clam AV has an Outlook plug-in to scan
email. But you are only talking about being protected with email
scanning. What about browsing ? That is absurd to just use a computer
for email - cell phones do that. I have never heard of such a thing
that someone pays up to and over 2 thousand dollars for a computer and
then not use it because free antivirus only scans email. Strange
answer.
Far said:You are clueless. The site you refer has used a shitload of
AVP's ...
kurt said:virus guy's contention that anti-virus products don't detect
exploits on their way in is demonstrably false - there are
products that do have technology for scanning things as they
come off the wire (nod32 is one of the ones that implements...
I don't recall that it was ever shown that any AV product prevented,
for example, IE from crashing when exposed to test samples of the VML
vulnerability.
Can you point to a URL that describes how (or where) nod32 situates
itself such that it's able to be the first process to intercept (scan)
ethernet packets before that data is passed to a higher layer?
Does NOD make such a claim?
<snippped rant>.
You would project a more credible, coherent argument if your spelling and
grammar weren't so awful.
You are truely stupid.
You made a statement that exploits don't come from casual browsing of
"normal" websites.
I show you an example where a normal web site (Asus.com) was hacked.
Why don't you respond to that?
That was the point of my response. Why don't you admit that you are
wrong about exploits NOT being present on "normal" sites?
Wasn't the NFL's web site carrying a payload recently? Or maybe superbowl.com
-- something sports related and legit, as I recall.
Virus said:I don't recall that it was ever shown that any AV product prevented,
for example, IE from crashing when exposed to test samples of the VML
vulnerability.
Can you point to a URL that describes how (or where) nod32 situates
itself such that it's able to be the first process to intercept (scan)
ethernet packets before that data is passed to a higher layer?
http://www.microsoft.com/msj/0599/LayeredService/LayeredService.aspx
Does NOD make such a claim?
cbgerry said:That's some expected reply. Did you know that these independent test
centers lie
and not me and they lie for illicit gain like magazines
they sell ???
If anybody is lying it would be them and if anybody's
head is full of it (lies) it would have to be you and not me..... and
I will tell you why.
This is easily going round and round - a round robin - and you are a
part of that. If there were labrotories with all these "unknown
threats" they use as tests to prove the weaknesses of software - any
type of test program - it would have been stolen and used a long time
ago by the underworld in malware spybots that are currently
responsible for up to 70 percent of world spam and 4 percent annually
of ID Theft in just America and are currently clocked in control of 4
to 11 percent of world computers.
The security industry is well aware of that and do know everything
possible that is used by these independents and for two reasons. Are
they attempting at some time to be running extortion by producing a
proof-of-concept scenario. Number two - are they "selling" to the
underground and what ? Would it surprise you that security software
can purposely give "false readings" to test equipment for these very
reasons ? Are you aware of anti-cracking technology that is software
as well that can be purchased and how this protects security products
against "probes" for reverse engineering and piracy ?
What you are replying to basically is the part of the discussion about
heurisitics fail maybe 50 percent of the time - even if for sake of
arguement you might call that a worst case scenario as opposed to a
conservative estimate.
Specific products I have used for over four
years now were Norton Antivirus - 2 years Webroot Spysweeper and Trend
Micro Antispyware which also have heurisitics technology for spyware
and related malware. Several times I have manually inspected every
single file and registry entry in my computer looking for malware.
None was ever found though I have been hit hundreds of times.
Now according to your perspective that heuristics don't work - I
should have found at least 150 malware applications. The hits I am
talking about are not malwares that were removed after scans. I am
talking about drive by installations. Were are they ? There is not so
much as a trace present.
You said...
""QUOTE""
"UNQUOTE""
...well you can be afraid all you want but here you can stop telling
LIES as you are doing. There is NO ONE filling my head with lies
- not
even me. What I have posted here is the truth - I don't lie where pc
security is concerned. I do know what I am talking about and I am a
groups owner specializing in malware removal and webmaster/creator of
the www.BlueCollarPC.Net/ website for the same which is approaching
one million hits by people who look towards information and advice I
provide as a source of their computing security needs. Not one of my
Visitors and Website Users believes I am a liar.
Now the bottom line here is that I am positively sure you will agree
that any traces or variants of threats from a couple of years ago
would finally have had defintions written for them to remove them in a
scan, that for sake of argument where "missed by heurisitics" ? Okay,
for sake of arguement ? This is what I am telling you - there is no
such thing. The products ARE that good.
You had some kind of problem with the statement about these products's
heurisitics catch virtually ALL malwares. Well they do and did.
Why
would I - me as who I am with nothing to gain - why would I lie or be
wrong about that ?
Who would believe YOU ?
kurt said:i don't recall it either, but that doesn't mean it didn't happen..
Why don't you try something then.
Swap out your patched vgx.dll for an older one, then try this page:
http://209.85.165.104/search?q=cache:fbdJRQS1FxwJ:zert.isotf.org/testv
ml.htm+testvml.htm&hl=en&ct=clnk&cd=1&gl=ca
It's the google cached version of this:
http://zert.isotf.org/testvml.htm
or this:
http://www.isotf.org/zert/testvml.htm
Which doesn't seem to exist any more, but was designed to trigger the
VML vulnerability.
Presumably NOD-32 should intercept the code before IE is crashed by
it.
What's in a Name? said:I just checked it out (with an unpatched W2K) and Nod alerted
and blocked loading of page! I guess it works!
Virus said:Why don't you try something then.
Swap out your patched vgx.dll for an older one, then try this page:
http://209.85.165.104/search?q=cach...tvml.htm+testvml.htm&hl=en&ct=clnk&cd=1&gl=ca
It's the google cached version of this:
http://zert.isotf.org/testvml.htm
or this:
http://www.isotf.org/zert/testvml.htm
Which doesn't seem to exist any more, but was designed to trigger the
VML vulnerability.
Presumably NOD-32 should intercept the code before IE is crashed by
it.
What's in a Name? said:After much thought,Virus Guy came up with this jewel: [snip]Swap out your patched vgx.dll for an older one, then try this page:
http://209.85.165.104/search?q=cache:fbdJRQS1FxwJ:zert.isotf.org/testv
ml.htm+testvml.htm&hl=en&ct=clnk&cd=1&gl=ca
It's the google cached version of this:
http://zert.isotf.org/testvml.htm
or this:
http://www.isotf.org/zert/testvml.htm
Which doesn't seem to exist any more, but was designed to trigger the
VML vulnerability.
Presumably NOD-32 should intercept the code before IE is crashed by
it.
I just checked it out (with an unpatched W2K) and Nod alerted and
blocked loading of page! I guess it works!
thanks for the verification... i think it's safe to say now
that nod32 qualifies as a first line of defense at the end-point
Just to make things clear - even if NOD displayed a detection message
- did IE crash, or did it give a "page not found" error? What exactly
was IE's behavior when it was pointed at that page?
Does anyone else find it interesting that Google served up that page
without any warning, especially since it came from their own cache?
It's sad that after all this time, that Google still has little to no
ability (or they choose not to deploy) more sophisticated exploit
detection and warning mechanisms on their search page.
What's in a Name? said:I don't think it is feasible for google to check on every link
provided in a search,nor do I want them to.