Re: How good is Comodo Internet Security?



Ο "Ansgar -59cobalt- Wiechers" <usenet-2008@xxxxxxxxxxxxxxxx> έγραψε στο μήνυμα news:gjd6v2UecgL1@xxxxxxxxxxxxxxxxx

So if we are infected on LUA we just delete this user account for good
and create another one with the same name under our admin account?

You don't even have to delete the account. Just delete the profile (or
rename it, so you can recover non-infected data from it, do forensic
examinations, etc.).

Currently iam logged in on windows vista as standard user "nik" but I'm a member of admin groups.
Where can I see my profile so to alter it or delete it?

What the difference betweena user account and a user profile?

Where are profiles stored?

Will I be safe if every time I egt infected I delete my user profile?

a) Determine exactly when the infection occurred and what was altered
on the system afterwards (files and registry), and then take back
those alterations

How? You can get infected without knowing you are at the time, so it
would be even more difficult to actually find alternation to files and
registry?

Well, that's the tricky part. You need to have a baseline to compare
against, e.g. checksums for all files and dumps of the relevant parts
of the registry, so you can compare. You can't simply compare checksums
of the files the registry is stored in, because Windows stores a lot of
dynamic stuff in it, so it's constantly changing.

Isn't there some Windows application or console command that will compare my current system files to clean ones on my dvd and re-overwrite the tampered files with its initial clean versions?

I leave alone the dump registry part. sicne the user installed programs and there is no way current registry size be the same as the after format registry.

baseline = a measure of cmparisation?
checksum = comparisation of sizes between 2 files?

And last, I think ill just leave my routers hardware firewall enabled to filter(sort out) connections but an application level software firewall with statefull packet inspection would help as well, yes? I'm talking only for inbound protection.

.

Relevant Pages

  • Re: DPAPI Encryption Constraints & implementation
    ... this last approach use the registry. ... the main benefits of using DPAPI is that you can avoid the key management ... I have a situation here, I would not want the DPAPI User profile to> be Administrator dependent, and I would like to load a user profile I ... Even if I would want to> hard code the password string what would be the safest approach, I> could use unmanaged code, but then I would want to make this access> hard for access. ...
    (microsoft.public.dotnet.security)
  • RE: Error 1324
    ... contains an invalid character". ... Important This article contains information about modifying the registry. ... Run Setup Under a Different Profile ... For additional information about removing an existing user profile, ...
    (microsoft.public.office.setup)
  • RE: Slow "saving your settings"
    ... It's the registry portion of user profile that fails to unload and update ...
    (microsoft.public.windows.server.sbs)
  • RE: Shell Extension problem?
    ... recently closed a file and then double-click on it, then it opens quickly. ... Windows saved user xxxxxx\xxxx registry while an application or service was ... still using the registry during log off. ... The system may not unload your user profile correctly when you log off from ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: this computer is in use and has been locked
    ... >>You are still posting small bits from error messages. ... Windows cannot unload your registry file. ... use the Microsoft User Profile Hive Cleanup ... the computer can unload and reconcile user profiles. ...
    (microsoft.public.windowsxp.general)