Seriously, has anybody ever seen a serious virus problem in Windowswhen using AV protection?

[Leythos]

I also am going to continue to urge people to turn theirs off when not
in use, and I urge you all to do the same - but NOT because it will
extend the life of the components.

If you consider the following:

Your LCD monitor goes to sleep in XX minutes if not used
Your Hard-Drive goes to sleep in XX minutes if not used
Your CPU throttles down in XX minutes under no load
Your case fans throttle down when the heat decreases

If you use your computer for 12-16 hours per day, how much money does it
save you over 1 year to turn it off for 8 hours per day?

Do you actually know the power level difference when all of the power
saving features, except suspend/hibernation, are used vs. turning the
computer completely off?

 

[Dustin Cook]

Yes, you're right. I'm a modern coder, so for me, who knows how to
use the Visual Studio .NET framework, SQL injection attacks are
ancient history, correct.

A modern coder who doesn't know SQL injection exploits? That doesn't make
much sense, my friend. Are you seriously a programmer of any sort? It's
cool if your not man, I don't really care either way. I'm just interested
in why you think the way you do..

Your just ****ing with us all right?

Switch to .NET and join the fun Dustin. What are you, coding in C
still?

I'm not a fan of .net. I don't even have .net runtimes installed. C++,
assembler, even various versions of basic in some flavor or another.

 

[FromTheRafters]

Same with computer viruses. In our modern era John, who is getting
infected? Nobody SAVE zero-day attack victims.

***
There you hit the nail on the head. Most of today's malware relies on
exploiting that zero-day window of opportunity. Many don't even try to
evade detection.
***

So let's ask this question: have you or anybody you know ever been a
zero-day attack victim? Nope? Didn't think so.

***
Antimalware and antivirus using signature based methods must have
signatures. They get signatures when they get samples of malware, from
victims and intended victims, that they can analyze. If there were no
victims, the signature would not have been derived from analysis and
distributed to the scanners to protect us from it. The fact that you
don't know anyone afflicted is more a testament to the success of the
system than evidence that it is not needed.
***

 

[Dustin Cook]

LOL, we still see SQL compromised machines - what I can't believe is
that people still connect their computers directly to the internet
without any NAT/Firewall device at all.

Believe it. I did a service call this afternoon, modern cable modem
install. The customer declined (yep!) the free router included and opted
to plug directly into the cable modem via USB instead of the NIC card.
The customer contacted me due to a "virus" issue they sustained about 3
hours after going online.

It was a bootlegged windows XP pro system with no service pack; and this
is the funniest part, actually using the original blacklisted key; which
is why it had no service packs....Plugged directly into the cable modem,
bypassing any benefits the router would have offered them (they're
rebranded linksys routers), slower speed, and a nice antivirus2010XP
infection.

I removed the problem, fixed the system up as best as I could; and
explained how to keep himself a little safer. As the customer is
unwilling to obtain a legitimate copy of windows, I explained that either
myself would be back or you'd be calling another person, but either way,
your going to pay for the problems of a non updatable copy of windows.

 

[Dustin Cook]

If you consider the following:

Your LCD monitor goes to sleep in XX minutes if not used
Your Hard-Drive goes to sleep in XX minutes if not used
Your CPU throttles down in XX minutes under no load
Your case fans throttle down when the heat decreases

If you use your computer for 12-16 hours per day, how much money does it
save you over 1 year to turn it off for 8 hours per day?

Do you actually know the power level difference when all of the power
saving features, except suspend/hibernation, are used vs. turning the
computer completely off?

A better question would be do they know how to check?

 

[Leythos]

I removed the problem, fixed the system up as best as I could; and
explained how to keep himself a little safer. As the customer is
unwilling to obtain a legitimate copy of windows, I explained that either
myself would be back or you'd be calling another person, but either way,
your going to pay for the problems of a non updatable copy of windows.

If I have serious reason to believe a computer is using pirated software
I won't touch it - I provide a signed statement of the work we do,
including anything we suggest, it would leave us liable in the case of
an audit.

 

[Leythos]

A better question would be do they know how to check?

Having used a amp probe to setup my generator system and transfer box, I
know almost exactly the low use, high use, and surge rating for every
circuit in my house based on the typical devices connected to any
feed....

I'm betting that most people that CLAIM the want to save power don't
have a clue, in reality, and just go by something posted on a blog
somewhere.

 

[FromTheRafters]

Yes. I had to clean up a Windows laptop last year despite things
being kept up to date and AV installed. The AV was bloody hopeless at
setecting it despite being kept up to date.

***
That wasn't me, my contributions are either indented properly, or fixed
between the *** and the *** when "quoted-printable" like this post.
***

[...]


In short, as I code, I know that computers are very predictable. If
your AV program is configured to catch virus "X" then it will catch
it--and you will not be infected.

***
Not *always* the case. Sometimes the signature is in the virus body and
the self-decryptor has to run in emulation for a time before revealing
said virus body. If the self-dycryptor has emulation detection
capability it may fail to reveal the body when it detects that it is
being *watched*.
***

As for the 30-70% of malware that
are not caught (see the PDF in this thread), this could be "zoo" type
malware that is included in the figure but in practice is never seen
'in the wild'.

***
Actually, the problem with zoo viruses are that they *are* being
detected in the tests, and they make a useless feature appear as an edge
over those that don't (or can't) detect them. To me, it is okay if they
*don't* detect them, but it is not okay if they *can't*. They should be
excluded from test sets, but the technology to detect them should
remain.
***

 

[David H. Lipman]

From: "Char Jackson" <[email protected]>

| Just over 45 years. The end is in sight.

| I know what you're saying is a commonly held belief. I used to repeat
| it myself, but I have to admit that looking back over the last 20-30
| years that it simply isn't true. I think it used to be true in the
| days of vacuum tubes, but not since then.

| Here's someone who agrees with me, or vice versa:
| <http://michaelbluejay.com/electricity/computers-questions.html#turnoff>
| <http://blogs.wsj.com/numbersguy/how-much-juice-is-your-computer-using-at-night-145/>

| The articles are mostly about saving energy, but they touch on the
| power cycle issue, as well.


If chips are soldered down they STILL suffer from chip-creep due to exapansion/contraction
cycles.

 

[FromTheRafters]

(e-mail address removed)>, (e-mail address removed)
says...

In my experience with Windows, the only reason I would have to re-
install because of a virus infection would be if I couldn't get into
the
O/S at all. Either normally or in safe mode.

You don't need "the OS" to affect the files on the suspect disk. You
need "an OS" of sorts. Boot to an alternate OS that supports the file
system structure (CD, USB, many modern BIOSs support USB booting). Scan
infectable files for virus signatures.

Even then you can remove
the HD and scan it from another machine to see if it is actually a
virus
prevent startup or some other problem. If you can get into the O/S
you
can get rid of any virus. Period.

Unless the suspect computer's hardware (firmware) is suspect, there is
no need (and complications can arise from hosting two versions of NTFS
on a system).

Virii have a source. A point of origin when the computer starts.

Virii is the wrong term, and viruses can start when one of their hosts
is invoked.

Eliminate the start point or points from running and the virus becomes
dormant and you can then remove it without it putting itself back on
your system.

Yes, it can be a waste of time trying to fight an active malware
infestation. Stop the process(es) - then remove the files and reverse
the data changes. In a sense, the difference between a worm and a virus
is that the worm instantiates its replicant. The virus *might* execute,
but the worm *will* execute. My point being that the virus need not make
any provision for its replicant to be executed in turn (no startup
mechanism other than the chance a host will be invoked).

 

[FromTheRafters]

The bottom line is that antivirus and antimalware programs only detect
*some* of what they try to detect. The best approach is to limit the
amount of malware that you expose those programs to. Adhering to best
practices may result in avoiding 95% (just a guess) of malware out
there. The rest will be worms (i.e. exploit based autoworms) and
viruses
(downloaded from *reputable* sources).

OK, that 5% interests me. But as a scientist I believe in
verification. Anybody get infected by that 5%, and by what, did it
have a name?

***
Conficker (fairly recent) was (is) an exploit based autoworm. There is
the lag time (zero-day effect) from the time the vulnerability is first
exploited, to the time the patch is applied. Its *intent* seems to be to
annoy you into purchasing something. Using a botnet to keep itself
current, it is much more powerful than that - we were lucky - this might
change.
***

The only thing I can think of is: (1) unnamed viruses
not get discovered by Kaspersky or whoever, and, (2) zero-day attacks
by new viruses (or variants of old) that Kaspersky sends out the patch
but a day late.

***
Yes, there is a lag time also between the analysis of the malware (not
the exploit) and the distribution of the signature obtained from the
analysis (another zero-day effect, this time for the particular malware
now utilizing that exploit. It is not called a "patch" though, usually a
definitions file or signature file (sigfile).

I can't provide you with anything that supports the "trusted channel"
vector except to mention that Energizer USB Charger software trojan.
There have been others, viruses IIRC, on distribution CD for harddrives
and such, but no URLs for you.
***

 

[FromTheRafters]

These were on systems using up-to-date av/m$ software. So the
problem does still exist, but is mostly rootkits and trojans,
rather then true viruses.

Funny how things change. Rootkits used to be used for hiding activity.
Now the activity is "in your face" and the rootkit only hides to make
removal more difficult. Must be damned annoying always getting stuff
like that.

 

[FromTheRafters]

B.S.! You lost the debate and now you're trying ad homenium attacks.

***
Beware of those ad harmonium attacks, they can often lead to violins.
***

 

[Char Jackson]

From: "Char Jackson" <[email protected]>

| Just over 45 years. The end is in sight.


| I know what you're saying is a commonly held belief. I used to repeat
| it myself, but I have to admit that looking back over the last 20-30
| years that it simply isn't true. I think it used to be true in the
| days of vacuum tubes, but not since then.

| Here's someone who agrees with me, or vice versa:
| <http://michaelbluejay.com/electricity/computers-questions.html#turnoff>
| <http://blogs.wsj.com/numbersguy/how-much-juice-is-your-computer-using-at-night-145/>

| The articles are mostly about saving energy, but they touch on the
| power cycle issue, as well.


If chips are soldered down they STILL suffer from chip-creep due to exapansion/contraction
cycles.

I hear you, but I just don't buy that it's a significant issue. In
fact, I don't think it's an issue at all.

 

[SteveH]

That's fine for you, but, since we mostly do BUSINESS systems, those
updates have caused exactly 2 problems impacting about 30 out of
thousands of machines we monitor and support.

Well as you don't know what I do and don't do, that's a stupid statement. I
may have mentioned /my/ PC, but you don't know what I do the rest of the
time, so no need to get cocky with yer 'we mostly do business' - I couldn't
give a toss what you do.

As it happens, most of the fixes (apart from hardware) I do for people are
either malware or crappy/incompatible windows updates.

Thinking about it, some of you folks out of the AV group are belligerent
little buggers aint'cha?

 

[Char Jackson]

If you consider the following:

Your LCD monitor goes to sleep in XX minutes if not used
Your Hard-Drive goes to sleep in XX minutes if not used
Your CPU throttles down in XX minutes under no load
Your case fans throttle down when the heat decreases

If you use your computer for 12-16 hours per day, how much money does it
save you over 1 year to turn it off for 8 hours per day?

Do you actually know the power level difference when all of the power
saving features, except suspend/hibernation, are used vs. turning the
computer completely off?

If you assume a power savings of 50 watts (low power state versus off
state) and a KWh cost of $.10, my back of the napkin calculation is
just under $15 a year in savings. Obviously, the actual numbers will
vary depending on the specific system and the local cost of power,
causing the result to vary.

 

[Char Jackson]

I did a service call this afternoon, modern cable modem
install. The customer declined (yep!) the free router included and opted
to plug directly into the cable modem via USB instead of the NIC card.
The customer contacted me due to a "virus" issue they sustained about 3
hours after going online.

It was a bootlegged windows XP pro system with no service pack; and this
is the funniest part, actually using the original blacklisted key; which
is why it had no service packs....Plugged directly into the cable modem,
bypassing any benefits the router would have offered them (they're
rebranded linksys routers), slower speed, and a nice antivirus2010XP
infection.

I removed the problem, fixed the system up as best as I could; and
explained how to keep himself a little safer. As the customer is
unwilling to obtain a legitimate copy of windows, I explained that either
myself would be back or you'd be calling another person, but either way,
your going to pay for the problems of a non updatable copy of windows.

I've seen more than my share of non-legitimate XP installations, but
I've never seen one that wasn't updatable via Service Packs and
security patches. If the system wasn't able to be updated, I doubt it
was because of the license status.

 

[Dustin Cook]

If you assume a power savings of 50 watts (low power state versus off
state) and a KWh cost of $.10, my back of the napkin calculation is
just under $15 a year in savings. Obviously, the actual numbers will
vary depending on the specific system and the local cost of power,
causing the result to vary.

So.. thats a no then? Not very difficult to see how much wattage your
system is actually using in a low power state... Bad to just take a guess
and try to pass that off as knowing... ?

 

[Dustin Cook]

I've seen more than my share of non-legitimate XP installations, but
I've never seen one that wasn't updatable via Service Packs and
security patches. If the system wasn't able to be updated, I doubt it
was because of the license status.

Sigh, sorry jack.. No cigar for you. It's a known fact (look it up!) that
certain VLK keys (which is what it actually is) are infact, blacklisted
and you cannot apply a later service pack which is aware of the key if
your using one. Any, servicepacks that is which are aware of the
blacklisted key. As the original SP1 is no longer available (it's 1a now)
that includes.. well, all of them.

Essentially, any system that informs you it's counterfeit may or may not
allow you to reinstall; say.. SP3. Sadly tho, this guy as I said used the
original bad boy VLK key which started it all. Service packs since v1a
know this key and will not allow you to install them. In fact, your shown
a nice screen about the disadvantages of pirating software and offered
ways to contact microsoft to resolve this issue.

Resolving means, reinstalling Windows; as you have a VLK edition and
short of having done the VLK licensing, you aren't supposed to have this
version. The VLK windows are not OEM nor are they retail...

They are a modified OEM, with a specialized key which does not ever
require activation. It's to make life easier for some...

 

[FromTheRafters]

More... for the whole rest of their lives? Or more for the rest of
the day? Or more... what do you mean by "more"?

Greater than less ( more > less ). With a motor, it takes more ( >
less) power until the motor spins up to generate the opposing "back
voltage" that a spinning motor generates. Running for some period of
time is equal to this power consumption. De-energizing for less than
that period of time will not save you any power. As for the bulbs, there
is that factor plus the efficiency and the life expectancy of the bulb
is reduced with multiple starts (though I don't know exactly why).

[...]

I still am turning my computer off when I am not using it. If not
using it actually reduces the life-cycle of the components (by
whatever means), then I guess I can live with that.

Me too. We unplug most of our "vampire electronics".

[...]