Re: Trojan horse Downloader.Generic.ML

From: kurt wismer (
Date: 06/18/05

  • Next message: Zvi Netiv: "Re: Trojan horse Downloader.Generic.ML"
    Date: Sat, 18 Jun 2005 00:36:09 -0400

    Ron Reaugh wrote:
    > "kurt wismer" <> wrote in message
    >>Jason Edwards wrote:
    >>>Virus scanners are useless for exactly the reason that you are
    >>>understandably upset about discovering for yourself. You thought you
    >> were
    >>>doing everything possible but you still got a trojan.
    >>fallibility is not the same as uselessness... no security is perfect,
    >>does that render all security useless? no...
    > RIGHT, and your view plus the apparent failure of the normal model in my
    > case is why I'm the OP of this thread and am trolling for hints about an
    > improved model.

    there will always be occasional failures, it's just a fact of life...

    to try and deal with the failures in preventative measures one must
    realize there's more to security than just preventative measures, and
    there's more to preventative measures than just using the best scanner...

    within the realm of preventative measures there's OS hardening and
    keeping your applications/OS up-to-date and patched... there's process
    whitelisting (i don't know about other software firewalls but kerio
    personal firewall has something called application launch control which
    is sort of along those lines)... also, on the behavioural side there's
    the simple avoidance of new executable material (ie. keep your playing
    around with new software/cracks/keygens/whatever to a bare minimum)...

    besides preventative measures there are also detective and restorative
    measures... detective measures include virus detectors (we actually use
    their detective capabilities to try an implement a preventative measure)
    but also change detectors (integrity checkers),
    network/registry/filesystem/process monitoring tools, so-called rootkit
    detection software, an observant user, etc... restorative measures are,
    of course, the various backup facilities that are available, the
    dedicated malware removal tools when available, and detailed manual
    removal instructions when available...

    when gauging how effective your security response to an incident was you
    need to look at the whole picture, not just part... so your preventative
    measures failed - how quickly were your detective measures able to sound
    the alarm and how easy was it to recover?

    if the only issue is the frequency of preventative failures then look at
    exactly what security (not necessarily software) vulnerability is
    involved in those failures and tighten that up...

    "they threw a rope around yer neck to watch you dance the jig of death
    then left ya for the starvin' crows, hoverin' like hungry whores
    one flew down plucked out yer eye, the other he had in his sights
    ya snarled at him, said leave me be - i need the bugger so i can see"

  • Next message: Zvi Netiv: "Re: Trojan horse Downloader.Generic.ML"

    Relevant Pages

    • Re: Trojan horse Downloader.Generic.ML
      ... >>does that render all security useless? ... there will always be occasional failures, it's just a fact of life... ... detective measures include virus detectors (we actually use ...
    • Re: biometric locksets -- experience?
      ... to do is provide barriers to the casual thief, and hope to ensure the alarm ... A brief dissertation on home security follows. ... Self-locking door locks should have ... etc. Glass break detectors are not 100% reliable though. ...
    • High-Tech Sniffers Try to Stop Dirty Bombs
      ... Radiation detectors rushed into service since 9/11 might ... seeing the next generation of [nuclear and radiological] detectors," ... Technology & Security Policy at the American ... Next-generation sensors will generally be far smaller, often mobile, and ...
    • Re: How to solve Error message 401.2 in IIS 5.1?
      ... To check for security access failures, ... Goto Administrative Tools - Local Security Policy, then to to "Local Policies - Audit Policy". ... As a side-note, the "SQL Server Web Data Administrator" is probably Microsoft's utility that allows you to manage SQL and MSDE databases, which don't need to be local but could reside on other servers. ...
    • HTDig on the forum archive is borked
      ... another List to resolve my FreeBSD 5.3-RELEASE issue at startup. ... I'm all about security, believe me. ... everything basically fails because of the lack of entropy. ... Mount failures for one slice of a RAID ...