Seriously, has anybody ever seen a serious virus problem in Windowswhen using AV protection?

[Rex Ballard]

Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?

In just 2 days, this topic has generated over 200 articles. Most of
whom have had very unpleasant things to say about Microsoft.

You tried valiantly to defend Microsoft, numerous times. But people
felt strongly enough about this issue to respond back several times.
Some just gave up and want back to personal attacks (shame on you Mr
Kohlmann). But that turned into more personal attacks (shame on you
One Shot, One Kill).

You like to claim that 99% of the people who use computers choose
Windows. In reality, most people don't really have much of a choice.
Windows comes on the computer, whether they like it or not, they can't
get service or support if they take it off completely, and Retailers
don't ever put Linux machine on display in the retail stores, in a way
that users can actually take a properly configured Linux machine for a
"Test Drive".

Even more remarkable is that - at minimum - tens of millions of users
(assuming 1% of 1 billion) are willing to install Linux themselves.

Most people really identify with he Mac commercial, enough that
roughly 28 million people decide they would rather spend 3-5 times
more money for a Mac running OS/X than a machine that has only been
configured to run Windows.

Best Buy is now selling separate support program and replacement
program. The support program is for those who stick with Windows, and
plan to stay with it. The replacement program is only if you drop
your computer or for some other reason it needs to be replaced due to
a hardware problem.

This may be because so many people were refusing to pay for a service/
replacement program that was nullified if they installed Linux.

Furthermore, more and more people are opting not to buy new versions
of Microsoft Office. Will Office 97 or Office 2000 run on Windows 7?
Maybe they are just moving Office 2003 over. Still, there isn't
really an overwhelming case to be made for spending even $169 to
upgrade to Office 2007. Microsoft has tried to offset this by
offering free trial-versions that automatically charge your credit
card when you forget to tell them you don't want it.

Even that hasn't worked very well, so now they are offering you a free
download of Office 2010, whenever it becomes available - if you by
Office 2007 now. Furthermore, the retailers are taking as much as $40
off if you buy it in the store.

Of course, if you don't buy the 3 year replacement plan, and the 3
year service plan, for a total price of around $500, then the store
actually loses money on the sale. So does the manufacturer. In fact,
the only company that makes any money on the sale of a Laptop or
desktop system - is Microsoft.

 

[Char Jackson]

So you've never heard of chip creep either then..

Are you actually fixing stuff professionally and charging money for your
services or just some dude helping his neighbors out?

I see from our other thread, and confirmed here, that you're quite
dense and simultaneously quite full of yourself. I'll try to break it
down for you.

I'm quite familiar with chip creep as it pertains to socketed chips. I
have not heard of it being applied to soldered chips until this
thread. If it exists with regard to socketed chips, it's sufficiently
rare to be a non-issue. Does that help you at all?

Seriously, I had a lot more respect for you before you started being
such an ass.

 

[Dustin Cook]

I see from our other thread, and confirmed here, that you're quite
dense and simultaneously quite full of yourself. I'll try to break it
down for you.

dense? and full of myself. Sorry pal, I'm certainly not dense as I
clearly have considerably more knowledge on the subject, and that's
hardly being full of myself. That's just how it is.

I'm quite familiar with chip creep as it pertains to socketed chips. I
have not heard of it being applied to soldered chips until this
thread. If it exists with regard to socketed chips, it's sufficiently

Actually, I didn't say chip creep was an issue on soldered chips; If you
understood the principles behind chip creep in the first place that
wouldn't even be a question you'd consider... Chip creep only applies to
socketed chips.

Seriously, I had a lot more respect for you before you started being
such an ass.

I'm not interested in your respect. And sir, for the record; you were the
ass in the first place. I just responded in kind.

 

[Leythos]

Actually, I didn't say chip creep was an issue on soldered chips; If you
understood the principles behind chip creep in the first place that
wouldn't even be a question you'd consider... Chip creep only applies to
socketed chips.

While chip creep may only apply to socketed chips, I've seen chips,
actually the pins, come unsoldered by hot/cold cycles. We had a real
issue with that in the military in at one point.

 

[RayLopez99]

Here's an example of how code could get on a normal user (who is logged in
with administrator rights) without the user actually being responsible for
it.

http://www.mozilla.org/security/announce/2010/mfsa2010-08.html

Btw, All firefox users should probably go ahead and update if you haven't
already.

Very interesting, thanks. I think buffer overruns is the root of all
evil--I guess when this happens you can do the equivalent of SQL
injection attacks and JavaScript will run wild...or something.

RL

Security researcher Evgeny Legerov of Intevydis reported that the WOFF
decoder contains an integer overflow in a font decompression routine.
This flaw could result in too small a memory buffer being allocated to
store a downloadable font. An attacker could use this vulnerability to
crash a victim's browser and execute arbitrary code on his/her system.

 

[RayLopez99]

In just 2 days, this topic has generated over 200 articles.  Most of
whom have had very unpleasant things to say about Microsoft.

You tried valiantly to defend Microsoft, numerous times.  But people
felt strongly enough about this issue to respond back several times.
Some just gave up and want back to personal attacks (shame on you Mr
Kohlmann).  But that turned into more personal attacks (shame on you
One Shot, One Kill).

Yes, yes, those clowns are just noise. But you Rex, you are a
different animal all together.

You like to claim that 99% of the people who use computers choose
Windows.  In reality, most people don't really have much of a choice.
Windows comes on the computer, whether they like it or not, they can't
get service or support if they take it off completely, and Retailers
don't ever put Linux machine on display in the retail stores, in a way
that users can actually take a properly configured Linux machine for a
"Test Drive".

Right. Marketing it's called. Shelf space.

Even more remarkable is that - at minimum - tens of millions of users
(assuming 1% of 1 billion) are willing to install Linux themselves.

Right. Hobbyists.

Most people really identify with he Mac commercial, enough that
roughly 28 million people decide they would rather spend 3-5 times
more money for a Mac running OS/X than a machine that has only been
configured to run Windows.

Yes, correct again. You're on a roll Rex.

Best Buy is now selling separate support program and replacement
program.  The support program is for those who stick with Windows, and
plan to stay with it.  The replacement program is only if you drop
your computer or for some other reason it needs to be replaced due to
a hardware problem.

This may be because so many people were refusing to pay for a service/
replacement program that was nullified if they installed Linux.

Could be.

Furthermore, more and more people are opting not to buy new versions
of Microsoft Office.  Will Office 97 or Office 2000 run on Windows 7?
Maybe they are just moving Office 2003 over.  Still, there isn't
really an overwhelming case to be made for spending even $169 to
upgrade to Office 2007.  Microsoft has tried to offset this by
offering free trial-versions that automatically charge your credit
card when you forget to tell them you don't want it.

Could be.

Even that hasn't worked very well, so now they are offering you a free
download of Office 2010, whenever it becomes available - if you by
Office 2007 now.  Furthermore, the retailers are taking as much as $40
off if you buy it in the store.

Right. Hard times. Recession.

Of course, if you don't buy the 3 year replacement plan, and the 3
year service plan, for a total price of around $500, then the store
actually loses money on the sale.  So does the manufacturer.  In fact,
the only company that makes any money on the sale of a Laptop or
desktop system - is Microsoft.

Nope. Your one and only big mistake in this thread, and it's
crucial. They will make money at any price a little over zero. The
marginal cost of software is close to $1. Economics 101. Mentioned
in the MSFT-USA antitrust trial.

Good night and good fight Rex!

RL

 

[ToolPackinMama]

While chip creep may only apply to socketed chips, I've seen chips,
actually the pins, come unsoldered by hot/cold cycles. We had a real
issue with that in the military in at one point.

So what happened? Did the military decide to never turn anything off,
ever again?

 

[FromTheRafters]

Well, huge numbers of PCs are infected. In my experience it's more
common for a PC to be infected than not.

I'll go along with that assessment.

Most of them have anti-virus installed and supposedly working at the
time they become infected.

I can believe that too.

Does anybody here believe that what I have just said isn't true?

Not me.

Blah blah blah in an ideal world all PCs are properly protected and
updated and used responsibly blah blah blah. But that is not the
world I live in.

The point I was trying to make was that even *if* that perfect world
could exist, AV would *still* be needed because it is the *virus* that
is the real problem. In that world, the chances of ever encountering a
virus would be very very slim, but when encountered...it could be very
very bad. In the real world, malware is intent upon using your computer
time to do their bidding on your dime. In the perfect world, you could
still have viruses just waiting to do something really really bad, or
data diddling in small chunks that you don't notice (a la ripper) and
ruining your backup strategy.

You need AV to guard against the off chance that you encounter a virus.
AV then tried to become more. The more it became was "more needed" - it
became a crutch and an enabler of the bad computing practices that
resulted in the malware cesspool we all swim in today. I can't argue
against those whos view is that the crutch is not needed (I agree
wholehartedly) - but most people fail to see the baby in the bathwater.

 

[ToolPackinMama]

You need AV to guard against the off chance that you encounter a virus.

In Windows, yes, AV is absolutely necessary. Some people seem to be
asserting that it is not necessary with Linux. Is that true?

 

[The Central Scrutinizer]

Can you guys just get a room or something

So you've never heard of chip creep either then..

Are you actually fixing stuff professionally and charging money for your
services or just some dude helping his neighbors out?

 

[Dustin Cook]

While chip creep may only apply to socketed chips, I've seen chips,
actually the pins, come unsoldered by hot/cold cycles. We had a real
issue with that in the military in at one point.

I've seen finals in CB radios do it too, but that was usually do to
extensive usage and cold solder points to begin with.

 

[ToolPackinMama]

Seriously, to answer the question posed by the thread title...

YES.

I am somebody who has seen a multitude of serious virus and varied
malware problems in Windows PCs when Antivirus protection was installed
and supposedly working - commercial and otherwise.

I have seen it many times. It's a common problem.

It's so common that many of us here have seen it many times, including
recently.

Now, IF an ideal person installs the ideal Windows, with all of the
available updates, and the ideal antivirus program that is also kept up
to date and utilized properly AND if they have a hardware firewall and a
software firewall and if, if, IF!

I feel constrained to point out that THAT was not the original
question... but I waive that point...

Here is the original question:

Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?

One of the claims of the Linux crowd is that such problems are
legion. But talking so some of the people at alt.comp.anti-virus I
get the impression such problems are rare.

Who is more right?

Seriously, Ray, the answer is: the Linux crowd is "more right".

In fact, after all I have seen I believe it's impossible to render
Windows completely secure. It's not possible (without extraordinary
efforts) to keep it even half-ass secure, and that's when a person is
really trying -- which sadly, few people actually do.

I could pick any AV protected Windows PC at random and probably find
malware active on it. The oddity is finding one that isn't infected by
something.

My gal-pal who is still using dial-up to check her email once a week
didn't have anything when I checked her recently, but in her case I
expected that. She never actually uses her computer.

 

[RayLopez99]

In Windows, yes, AV is absolutely necessary.  Some people seem to be
asserting that it is not necessary with Linux.  Is that true?

Well well stated question, and right on point, thank you.

Anybody in the Linux camp or otherwise care to answer ToolPackinMama ?

I can't hear you.

RL

 

[RayLopez99]

I could pick any AV protected Windows PC at random and probably find
malware active on it.  The oddity is finding one that isn't infected by
something.

Nope. Not true. "could" sounds like metaphysics. something not
detected by AV sw does not exist.

I concede Linux is more secure "in theory", but "de facto" *with the
proper AV s/w in place*, Windows is just as secure *for those people
that are not clueless (i.e., not deliberately installing malware by
mistake or otherwise)*.

Hence my second thread, about comparing apples with apples. Actually
when you posed the question in your prior post I thought we were in
that newer thread.

RL

 

[Peter]

*sigh*. This is really easy, I've provided a primary google link; and
then I followed it up with the wikipedia link. I went so far as to
provide the first 5 characters of the infamous blacklisted key. I can do
no more homework for you or anyone else.

If you or anyone else here honestly didn't know about this problem, you
do now. If you still think it's untrue, go fetch the key FCKGW change one
of the VLK machines to this key and try loading a service pack...

Ok, I'm curious enough to want to give this a try, though all my
machines are up to date so in order to test this I'm going to have to do
a fresh install on a new HD. Just need to clear some things up though.
Once XP is installed, using the key you mentioned (ends in 2B7Q8, yes?),
will sp2 or sp3 fail to install immediately after fresh install, or will
I have to update this machine with the various updates first, including
the WGA update? Don't want to spend over an hour on this only to find I
need to do it again correctly.

 

[Peter]

When the host machine sees the NTFS volume, it may revise it. Bringing
it back to its home system may create version soup problems where the
file system is a "newer" revision than the current OS supports.

That's a big 'May'. I've attached secondary NTFS volumes on many
occasions without any issues. As far as the original boot O/S is
concerned it's just another HD with files on. You're suggesting it's
going to give it a different volume ID I presume. Never seen it happen
here.

[...]

That last line doesn't seem clear. You seem to be saying that a virus
can run without requiring any means to get it started other than the
host machine starting up.

No, viruses (in this vein) are hosted by "programs" not "machines". You
can start the machine, look at all known start methods (run keys, BHOs,
etc...), find no suspicious processes running. No active malware at all
(full scan by antimalware also finds no inactive malware). Yet, when
(for instance) an "infected" text editor is invoked, the virus becomes
resident.
,

How can that be? Of course I'm aware of new
XP machines with no updates or service packs and open connections to
the
internet getting infected within minutes/hours, but how does a machine
become infected if it's completely cut off and there is no obvious
connection to the virus to get it started? Despite the fact the virus
file(s) may well still be on the machine, but not yet located.

If self-replicating malware doesn't use a host "program", it will
probably have another way to start. These types are commonly termed
"worms".

A virus can hide in a program that you use every time you fire up the
computer, or in a program that you only use once in a blue moon. Viruses
don't "care" whether they run or not - they might not be interested in
anything (data, computing power, serving you advertisements) they may
just sit there until you fire up your tax program for the 2013 tax
season and activate a payload if the date is after dec 21st 2012.

(I do expect a rash of malware to have trigger dates in line with the
ending of the Mayan calendar)

People are so used to having malware that wants to *use* their computing
power that they forget that malware can also just be interested in
spoiling your day by ending their computing power - like the old days.

Then maybe it's time some o/s does CRC checking on all programs and pops
up a warning if the CRC check fails when trying to run it.

Obviously the CRC checker software would have to have to be locked down
tight to prevent it from becoming the target of attacks.

 

[Lusotec]

In Windows, yes, AV is absolutely necessary. Some people seem to be
asserting that it is not necessary with Linux. Is that true?

There is little malware for GNU/Linux. Almost all is in the form of root
kits. The tools rkhunter and chkrootkit are used to hunt them.

The few virus that affected GNU/Linux are all inactive, and there are no
reports of new virus.

Security vulnerabilities in software, and the worms that exploit them are
another threat. For that, making regular updates, and using mandatory access
control are the best protections.

Users are the biggest propagation vector for malware, specifically torjans.
There is a prototype trojan for GNU/Linux that uses *.directory files, but
like all executable scripts/binaries, execute permission are required. This
alone, is a great way to prevent clueless users from running trojans.

Users that have enough knowledge to circumvent no exec file permissions and
go out of their way to run executables they received by email or downloaded
from the internet are a bigger problem. For that setting the noexec
parameter for the file systems the user can write to are a great way to stop
these users shooting them selfs.

Regards.

 

[Lusotec]

Nope. Not true. "could" sounds like metaphysics. something not
detected by AV sw does not exist.

HA HA HA. All *new* malware is not detected by AV programs. Even the stats
you posted show tha tthe best AV finds only 70% of malware.

I concede Linux is more secure "in theory", but "de facto" *with the
proper AV s/w in place*, Windows is just as secure *for those people
that are not clueless (i.e., not deliberately installing malware by
mistake or otherwise)*.

History of malware proves you totally *wrong*. Windows has a history full of
malware that requires absolutely no user intervention. Windows *is* far more
insecure than GNU/Linux in theory, in fact, in reality, in history, in
everywhere except your head.

Hence my second thread, about comparing apples with apples. Actually
when you posed the question in your prior post I thought we were in
that newer thread.

If you want to start a second thread the do so.

Regards.

 

[Dewey Edwards]

I feel constrained to point out that if they can't be bothered to keep
their PC free of malware, that it's probably better if their equipment
fails sooner.

Tough love.

 

[James Egan]

While chip creep may only apply to socketed chips, I've seen chips,
actually the pins, come unsoldered by hot/cold cycles. We had a real
issue with that in the military in at one point.

From the keyboard of the world's leading googler who's been there and
done that before everyone else.

lol