Seriously, has anybody ever seen a serious virus problem in Windowswhen using AV protection?

[FromTheRafters]

Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?

Just say "malware" when you want to be all inclusive about malicious
software. Viruses are in only a smallish subcategory of malware. The
terms "rootkit", "adware" and "spyware" are really neutral (some are
malware, some are not).

That being said, even AV aimed at "prevention" has its achilles' heel -
and when prevention fails an attack against the AV can be launched,
which allows *everything* to circumvent it.

One of the claims of the Linux crowd is that such problems are
legion. But talking so some of the people at alt.comp.anti-virus I
get the impression such problems are rare.

The Linux crowd is getting more and more like the Windows crowd every
day. )

Who is more right?

It depends on whom you ask. D

The bottom line is that antivirus and antimalware programs only detect
*some* of what they try to detect. The best approach is to limit the
amount of malware that you expose those programs to. Adhering to best
practices may result in avoiding 95% (just a guess) of malware out
there. The rest will be worms (i.e. exploit based autoworms) and viruses
(downloaded from *reputable* sources).

 

[Lusotec]

This is believable.

34% of respondents had to reinstall/reimage Windows in the past 12 mounths.

(...)
Thanks for keeping this thread short Rex. I lerned a lot actually.
Like I say, Windows is not bad at all vis-a-vis viruses.

Those numbers can't be generalized, but one third had to reinstall/reimage
at least once, and your classify it as "not bad at all"! Are you an idiot?
(just joking!)

Regards.

 

[FromTheRafters]

So the estimate that around 30% of all windows computers are infected
is
"rare problems"

The question was about the subset of all Windows computers that are
"protected" by commercial AV, not the entire set of Windows computers
estimated (by you?) to be infested. I can guess that greater than that
30% of all Windows computers are completely unprotected (after their
bundled AV runs out).

 

[SteveH]

Point being, I never have caught a virus from porn sites, which are
known to have viruses. Safe Hex.
Woosh!


This is indeed a nasty one,
http://www.threatexpert.com/report.aspx?md5=02bf9f780a315067d1de4bf84c30a94f

OK fine. So somebody caught a nasty virus. Perhaps they did not have
AV software, perhaps they accidentally clicked on a button that
installed it. Lots of possibilities here, it proves nothing. Just one
data point of a possibly stupid person, possibly negligent. If they
were running 7/Vista it would ask them permission before installing a
program --XP is less secure in this regard.

Do you actually bother to read what other people write? This was an extract
from the Kaspersky log on MY PC. The Viruses came free with something I
downloaded. I didn't say they became active, Kaspersky stopped that.

If you're going to jump to conclusions and make stupid staements, here's one
for /you/. I assume you must get a problem with sticking keys on your PC
keyboard.

Now be a good chap, and go troll somewhere else.

 

[ToolPackinMama]

As someone who repairs a lot, I have. However, these have ended up
installed as a result of the pillock at the keyboard ignoring all the
warnings.

Any of you have opinions about the security built into Win 7 (UAC), and
about Microsoft Security Essentials?

 

[SteveH]

This is believable. I count myself as "two times" but both times were
not for viruses, but because a certain program or two I installed
would not uninstall itself properly. This is not a virus, as I define
it.

Thanks for keeping this thread short Rex. I lerned a lot actually.
Like I say, Windows is not bad at all vis-a-vis viruses.

RL

I've come to the conclusion, you ARE Skybuck Flying and I claim my £5

 

[FromTheRafters]

It compares 16 commercial programs, and finds Microsoft at #2,
catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
about all viruses, some of which as so obscure I'm sure you'll never
seen one in the wild...

Detecting zoo viruses will skew results. The ability to detect them adds
no protection at all, since you won't be exposed to them. There is much
discussion about this in the AV community. I hold with those that would
ban zoo viruses from "test sets" except for showing that the technology
is there to detect them if they do ever make the ITW list.

Keep the technology that allows the detection of difficult viruses, even
if no viruses of that type are ITW, but exclude them from comparative
tests because to have no real world impact.

 

[ToolPackinMama]

OK, fine, but essentially your brother accidentally installed a
program he should not have had--kind of like those junk shareware
programs that infect your registry and can never be removed, even
after Uninstall

I have urgently warned my friends and family against the use of
file-shareing freeware and such. Heck, convincing them to use even one
antivirus program reliably has proven impossible. Even though I remind
them, and help them, and check up on them, and explain and re-explain
the dangers, they just plain ignore me. They "forget" that it's
important, and forget to update, and forget to run scans, and when I set
the scans to be automatic, they cancel the scanning if they catch it
running, because "they are trying to do something" while it's running.

Look, the malware guys will keep winning and keep getting what they
want, because idiots aren't required to have a license to drive a
computer. It's just like nearly any idiot woman can become a mother.

It's a very touchy subject, because actually controlling what people do
becomes a rights issue. At this time, people generally have a right to
be idiots, even when it causes problems for others. What can you do?
You can't make stupidity illegal, or else 7/8th of the world's human
beings would have to be imprisoned.

It's clear why Linux is not the solution. Idiots can't use Linux.
Gloat all you want, you Linux lovers, but your services and businesses
are still going to be shut down, because the people running the world
are not you.

 

[FromTheRafters]

Hm, download http://www.virtualbox.org/wiki/Downloads,
make virtual machine file, install os.
Make backup of file.
Surf the interent in virtual machine.
After serf, erase virtual machine file. Restore from backup.
Rinse and repeat. No need for AV at all

This neglects "in session" malware, and the possibility of detection and
escape from emulated environments.

This is an example of "recovery" (actually a restore) - AV is (was)
primarily a "prevention" scheme.

 

[FromTheRafters]

Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?

Yes. I had to clean up a Windows laptop last year despite things
being kept up to date and AV installed. The AV was bloody hopeless at
setecting it despite being kept up to date.

***
It might be worth considering that AVs are *never* up to date, and even
if they were capable of being so, would *still* miss some malware.
The key is to not expose the AV to malware.
***

 

[FromTheRafters]

RayLopez99 wrote:
[...]

We don't buy it. Name the last virus you cleaned up.

'We' don't buy it, who the feck do you think you are trollboy?
Why do you think people have to answer to you?

but if you insist:

[...]

None of those were viruses.

 

[tom]

Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?

One of the claims of the Linux crowd is that such problems are
legion. But talking so some of the people at alt.comp.anti-virus I
get the impression such problems are rare.

Who is more right?

BTW, check out this PDF on AV software:
http://www.google.com/url?sa=D&q=ht...22.pdf&usg=AFQjCNEDInyvV2WgWDzeAWeAjzJKLymkDA

It compares 16 commercial programs, and finds Microsoft at #2,
catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
about all viruses, some of which as so obscure I'm sure you'll never
seen one in the wild...

Yes, while using XP. I clicked on a site from a cigar NG that sold torch
lighters. Got shot to some chinese site and my "free" CA AV program lit up
like a xmas tree. It warned me of the infection and supposedly deleted it.
But it wasn't gone. It eventually took over the whole machine and ended up
doing a reformat to regain control. Needless to say that was the end of my
using CA products...whatever the price.

 

[SteveH]

RayLopez99 wrote:
[...]

We don't buy it. Name the last virus you cleaned up.

'We' don't buy it, who the feck do you think you are trollboy?
Why do you think people have to answer to you?

but if you insist:

[...]

None of those were viruses.

Malware, whatever. I think you'll find the PC in question don't give a ****
what it is when it falls over from one. But while people want to pay me to
clean their infected PC's for them, neither do I.

 

[Leythos]

OK, fine. The "one of the worse" examples was spread through Yahoo
IM. I don't use that program. Nor do most people who do serious
work. So yes, some teens who use IM and who may or may not practice
Safe Hex (which is simply using an AV program in Windows), got
infected. Shame, but it proves nothing.

RL, you seem to be a combative personality type based on your posts.

Many people that do REAL work use IM all over the planet, many
development teams, support teams, etc...

What you seem to be missing is the concept of how malware is spread on
windows machines - exploits and social engineering as well as drive-by
web attacks. Like many malware spread via IM, Facebook, email, they all
appear to be legit attachments, files, links, until you inspect them and
for most people that's too late.

I've already proven that having an Antivirus solution doesn't protect
you in all cases. We've all, at least those of us that run IT companies,
have seen exploits get past "Local User" accounts, such as the SQL
injection ones....

So, running as a local user, with any version of anti-virus software
from any vendor, all patches installed from MS, I've seen, first hand,
hundreds of Windows WP and now Vista/Win 7 computers compromised.

Oh, and most of those computers were not using IM, didn't even have it
installed.

As I've said, you seem to be a combative type person and you don't want
to learn from those of us that have real-world, decades of experience
doing this.

 

[Leythos]

Well that does sound problematic. Trouble is, a brief Google search
found nothing... If you can find a cite, it might make your point,
but otherwise I'm afraid I have to classify this as Urban Legend.

Anybody else?

HA HA HA - and yet it just about shutdown internet use for days in many
locations.

You really didn't look very long or hard, it's one of the largest events
in the history of the internet.

http://en.wikipedia.org/wiki/SQL_slammer_(computer_worm)

 

[ToolPackinMama]

People I meet have many times asked me if they should shut their Windows
computers off at night, and I always say, "Yes, keep your PC off unless
you are using it."

I figure if it's off, an infected computer can do less damage.

Somebody out there keeps advising people that it's "better for the
computer" to leave it on all the time. If you are one of the people
that is doing that, stop doing that. A computer is not a refrigerator:
the data won't go bad if the power is off.

Please, guys and gals, urge your friends and customers to turn the
computers off when they are not using them... unless there is a
compelling reason to do otherwise.

I don't think it's too extreme to ask people to remain unconnected from
the net unless they are actively sending/receiving. A person doesn't
have to be connected to compose an email, only to send it.

 

[Lusotec]

All the time. The first thing many types of malware do is disable
the antivirus. It's trivially easy on windows where any process can
overwrite any part of the system at any time.

I have seen a case of malware that disabled the antivirus (Avira), disabled
windows update, disabled access to antivirus web sites, and disabled the
administrator account (changed the password). Also, it was consuming
bandwidth like crazy.

Regards.

 

[FromTheRafters]

Anybody else? So far nobody has proved a serious true virus infection
has occurred on a Windows machine.

***
Well, I guess you're going to have to tell us what your definition of a
"true virus" is. I suspect that you're after the reason AV would still
be needed even if everyone followed safe practices otherwise. There
haven't been that many viruses running in trusted channels lately,
mostly because the money is in other types of malware that partake of
the low hanging fruit.

If a USB Battery charger's companion software can be a trojan, certainly
it is not out of the realm of possibility that a vendor could pass a
virus *unintentionally* in their otherwise legitimate software. That is
one consequence of infectious self-replication - it is an automatic
trojan creator. I would say that it is *more* likely to find a "virus"
in a legitimately obtained program file than it would be to find a
trojan function (in fact, I can't recall another case where the malware
was intentionally included, usually it was a virus).
***

 

[FromTheRafters]

Yes, while using XP. I clicked on a site from a cigar NG that sold
torch lighters. Got shot to some chinese site and my "free" CA AV
program lit up like a xmas tree. It warned me of the infection and
supposedly deleted it. But it wasn't gone. It eventually took over the
whole machine and ended up doing a reformat to regain control.
Needless to say that was the end of my using CA products...whatever
the price.

So, you blamed your AV program for what probably resulted from a
browser, script, or pdf exploit. Your AV program probably detected only
one part of the total amount of malware instantiated in the attack.
Don't be fooled into believing the better AVs will be that much better.

 

[FromTheRafters]

People I meet have many times asked me if they should shut their
Windows computers off at night, and I always say, "Yes, keep your PC
off unless you are using it."

Yep, same with the bathroom lights.

....and with the PC it becomes less accessible and thus less useful to
outsiders.

I figure if it's off, an infected computer can do less damage.

It is best to ensure an infected computer is not connected to others.
Off is generally a good idea, but in some cases the "damage" can be done
by your turning it off.

Somebody out there keeps advising people that it's "better for the
computer" to leave it on all the time.

That argument goes back and forth. Mostly it is wear and tear due to
thermal expansion/contraction, and motor startup surges cited. It's
true, but it's less true than it used to be.

If you are one of the people that is doing that, stop doing that. A
computer is not a refrigerator: the data won't go bad if the power is
off.

I even poweroff my laptop rather than let it sleep or hibernate.

Please, guys and gals, urge your friends and customers to turn the
computers off when they are not using them... unless there is a
compelling reason to do otherwise.

Most everybody I know does already. \

I don't think it's too extreme to ask people to remain unconnected
from the net unless they are actively sending/receiving. A person
doesn't have to be connected to compose an email, only to send it.

Well, I connect to the LAN and the WAN at the same time. Actually, the
cable company owns the equipment and it is (nearly) always on.