Program integrity

  • Thread starter Thread starter Morgan Ohlson
  • Start date Start date
M

Morgan Ohlson

The last year I have seen many free scanners and free firewalls put out of
function by malware. Some of these have been private versions of full-pay
software. In most cases it is noticable that something is wrong, but in some
cases most things have looked right, but double checks has shown that there
have been problem.

Now I wonder, do any of the software give the user a true, easy way to know
if...
.....a scan is ran with all scanner components?
..... if scanner is "ordered" by other components to jump some parts?
.....a firewall really is active ...or just "showing-off".

A guess says that some of you reding this have applications seem to work,
but actually do not do their job because of different malware.


Morgan O.
 
Morgan said:
The last year I have seen many free scanners and free firewalls put out of
function by malware. Some of these have been private versions of full-pay
software. In most cases it is noticable that something is wrong, but in some
cases most things have looked right, but double checks has shown that there
have been problem.

Now I wonder, do any of the software give the user a true, easy way to know
if...
....a scan is ran with all scanner components?
.... if scanner is "ordered" by other components to jump some parts?
....a firewall really is active ...or just "showing-off".

A guess says that some of you reding this have applications seem to work,
but actually do not do their job because of different malware.


Morgan O.
Click to expand...
It is a sure bet that software from Micro$oft or $ymantec have those
"seem to work" "features" built in...
 
The last year I have seen many free scanners and free firewalls put out of
function by malware. Some of these have been private versions of full-pay
software. In most cases it is noticable that something is wrong, but in some
cases most things have looked right, but double checks has shown that there
have been problem.

Now I wonder, do any of the software give the user a true, easy way to know
if...
....a scan is ran with all scanner components?
.... if scanner is "ordered" by other components to jump some parts?
....a firewall really is active ...or just "showing-off".

A guess says that some of you reding this have applications seem to work,
but actually do not do their job because of different malware.


Morgan O.
Click to expand...

I used to keep an updated rescue CD with current virus defs.
 
Morgan said:
The last year I have seen many free scanners and free firewalls put out of
function by malware. Some of these have been private versions of full-pay
software. In most cases it is noticable that something is wrong, but in some
cases most things have looked right, but double checks has shown that there
have been problem.

Now I wonder, do any of the software give the user a true, easy way to know
if...
....a scan is ran with all scanner components?
.... if scanner is "ordered" by other components to jump some parts?
....a firewall really is active ...or just "showing-off".

A guess says that some of you reding this have applications seem to work,
but actually do not do their job because of different malware.


Morgan O.
Click to expand...

What do you mean by "in some cases most things have looked right"? Do
you have an example? From what I understood, these kinds of malware
compromises were done by either killing services or blocking them from
loading. Perhaps that isn't correct. But, if it is, I'd try using
something like Process Explorer to make sure that what you expect to be
running is. Or, perhaps a product like TaskCatcher
<http://www.taskcatcher.com/>.
 
What do you mean by "in some cases most things have looked right"?
Click to expand...

Ex. Symantec firewall seemed to work. It was several months ago now so I'm
not all up to detail. But everything looked right, but it didn't do anything
at all... port scan showed lot's of problems.

Also Antivir had problems. For a while all programs found viruses, but not
antivir. I can't explain why and how. Antivir was simply a lame duck.

Just a thought. Lets say some malware changes the virus-definition in a
scanner. Instead of 100.000 def's there is 1 in a list 100.000 times. I have
no knowledge of this, but if there is no integrity control in a scanner...
It could "count sheep" just to let the proper scan time pass.

Do
you have an example? From what I understood, these kinds of malware
compromises were done by either killing services or blocking them from
loading. Perhaps that isn't correct.
Click to expand...

Reasently I had this problem where SpyBoot froze and reported some file
missing. Almost identical problem also with Avast. I have uninstalled and
reinstalled and the fault came back in both cases. Since a week or so both
runs well again.

Naturally it can be "normal" technicalities... but anyhow a good scanner in
some way should test it's integrity and inform the user.

But, if it is, I'd try using
something like Process Explorer to make sure that what you expect to be
running is.
Click to expand...

If a prog called Antivir.exe is running, how could you tell if it is
scanning or just counting fantasy files!?
....I couldn't... and probably most users couldn't.

To this day I have seen strange malfunction in almost all scanners, also
some online ones.


Morgan O.
 
The last year I have seen many free scanners and free firewalls put out of
function by malware. Some of these have been private versions of full-pay
software. In most cases it is noticable that something is wrong, but in some
cases most things have looked right, but double checks has shown that there
have been problem.

Now I wonder, do any of the software give the user a true, easy way to know
if...
....a scan is ran with all scanner components?
.... if scanner is "ordered" by other components to jump some parts?
....a firewall really is active ...or just "showing-off".

A guess says that some of you reding this have applications seem to work,
but actually do not do their job because of different malware.


Morgan O.
Click to expand...

I think this is, perhaps not the best but a good example.

http://www.nod32.com/msgs/baglecm.htm


Morgan O.
 
Morgan said:
If a prog called Antivir.exe is running, how could you tell if it is
scanning or just counting fantasy files!?
...I couldn't... and probably most users couldn't.
Click to expand...

Morgan, in the example you provided under separate post, the Trojan
renames executables and blocks services, as I suspected would be the
routine. Therefore, a Program like TaskCatcher or WinPatrol should be
able to detect these changes.
 
Morgan, in the example you provided under separate post, the Trojan
renames executables and blocks services, as I suspected would be the
routine. Therefore, a Program like TaskCatcher or WinPatrol should be
able to detect these changes.
Click to expand...

Yes... I use WinPatrol... but unfortunetaley all normal pc users most
likely, sometimes have to pass WinPatrol notifiers that isn't 100% clear.

As I understand it most shitty things that happens in a computer are
triggered by some "normal event" wich makes it hard to separate good
prg-starts from bad.

Just the other day my Avast started to automatic check for updates. I don't
remember accepting that...and the Avast definitely didn't ask me !!!
Security software must act to improve user trust. That means every change
should be asked for, and something like a link given to official homepage
where the change is described to prove the change official status.
___All security software must improve it's cooperation with the pc user in
a simple but realiable way. Scanners are not magical, and they shouldn't try
to give that impression, as most (all I have seen) do today.

Morgan O.
 
Morgan said:
___All security software must improve it's cooperation with the pc user in
a simple but realiable way. Scanners are not magical, and they shouldn't try
to give that impression, as most (all I have seen) do today.
Click to expand...

Well, they have a wide range of customers with a wide range of
expectations, and every one of them is going to complain if the program
does not behave as they expect or want. Most don't know enough to
criticize intelligently, or use more versatile tools.

Your name does not stand out in my memory. If you are new, you might go
back through the old posts and see how many times people complain about
"friends" shutting down fire walls or anti virus programs in order to
view or run something the safety program does not like, and the computer
gets some sort of malware.

At the other end, you have people like Art, David, and several others
(some not currently posting) who only need anti malware programs in case
some new approach slips something in on them. They don't really need
"consumer quality" safety programs.

In the middle, there's a wide variety of people who want to control
their computers but don't know enough to be as safe as Art, David, etc.
And that sounds like where you are, right now.

Study more, gripe less.
 
Well, they have a wide range of customers with a wide range of
expectations, and every one of them is going to complain if the program
does not behave as they expect or want. Most don't know enough to
criticize intelligently, or use more versatile tools.

Your name does not stand out in my memory. If you are new, you might go
back through the old posts and see how many times people complain about
"friends" shutting down fire walls or anti virus programs in order to
view or run something the safety program does not like, and the computer
gets some sort of malware.

At the other end, you have people like Art, David, and several others
(some not currently posting) who only need anti malware programs in case
some new approach slips something in on them. They don't really need
"consumer quality" safety programs.

In the middle, there's a wide variety of people who want to control
their computers but don't know enough to be as safe as Art, David, etc.
And that sounds like where you are, right now.

Study more, gripe less.
Click to expand...

U sound like some kind of pro status quo fighter.

Isn't that way too defensive when it comes to a global growing problem for
the masses!?


Morgan O.
 
Morgan said:
U sound like some kind of pro status quo fighter.
Click to expand...

I'm a "don't bitch about what you can do yourself" type. Don't know
about "fighter" part.
Isn't that way too defensive when it comes to a global growing problem for
the masses!?
Click to expand...

Nope. Knowledge is power. Learn, or be enslaved to those who know more.
 
Back
Top