Re: Trojan horse Downloader.Generic.ML

From: Ron Reaugh (ron-reaugh_at_worldnet.att.net)
Date: 06/17/05 

Date: Fri, 17 Jun 2005 00:33:04 GMT

"kurt wismer" <kurtw@sympatico.ca> wrote in message
news:hGdse.6369$Qr3.978584@news20.bellglobal.com...
> Ron Reaugh wrote:
> > "Roger Wilco" <yesman@yourservice.invalid> wrote in message
> >>"Ron Reaugh" <ron-reaugh@worldnet.att.net> wrote in message
> [snip]
> >>>HOWEVER also
> >>>my understanding is that between a virus checker(AVG), SpyBot and
> >>>ZoneAlarm
> >>>that nothing should be able to arbitrarily go out and put some file
> >>>named
> >>>c:\null in the root directory regardless of any def file entry. Am I
> >>>missing something here?
> >>
> >>Yes, virus checkers generally don't prevent the creation of files,
> >
> > I thought they protected against virus like behavior.
>
> only behaviour blockers stop so-called 'virus-like' behaviour... nobody
> uses behaviour blockers, though... probably because they typically ask
> the user far too many questions s/he doesn't have good answers for...
>
> >>they
> >>only scan on-access (usually on opening the file). For instance if for
> >>some reason your system configuration allows sharing of the root
> >>directory (not a good thing), none of the measures you mention will have
> >>any affect on the creation of a file in the root directory.
> >
> > AH, how about ZoneAlarm???
>
> only if it blocks the sharing of the root directory itself...

Well, "blocks" or notices and queries? Does ZA deal with sharing settings
or only deal with actual file access attempts?