Re: cOOL
From: cquirke (MVP Win9x) (cquirkenews_at_nospam.mvps.org)
Date: 12/06/04
- Next message: Viper: "Re: File Associations GONE!"
- Previous message: Phillip Windell: "Re: Safe Mode and spyware"
- In reply to: Malke: "Re: cOOL"
- Next in thread: paintpearl: "Re: cOOL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 07 Dec 2004 00:15:12 +0200
On Sun, 05 Dec 2004 13:38:08 -0800, Malke
>cquirke (MVP Win9x) wrote:
>> On Sun, 05 Dec 2004 05:05:54 -0800, Malke
>>>paintpearl wrote:
>>>1) Scan in Safe Mode with current version (not earlier than 2003)
>>>antivirus using updated definitions.
>> I've wondered what "not earlier than 2003" refers to - specifically,
>> Norton? I'd have thought if an engine was new enough to still get
>> updates, it would be new enough to use.
>Hahahaha. Since we're at NAV 2005, we're reaching the end of NAV 2003's
>usefulness, including all Symantec support.
My client said: "I bought Norton 2005, but I can't install it".
So I did; it installed after Norton 2003 was uninstalled.
Now it's: "After you worked on the PC, it's slow, and Outlook Express
takes ages to switch identities"
So I'm thinking; I don't play with OE at all, what on earth ...? Oh;
Norton 2005, that just *might* be a factor.
Google: Norton 2005 switch identities Outlook Express slow
Huge wads of hits. Print out a phone book's worth: Exhibit A.
So I'll go back on site, try disabling the av's filtering of mail
(which is the only hope of preventing malware being hidden in the
mailboxes) and if that works, choice of:
- stay at-risk from hidden emaul attackments
- dump OE for a safer email app that doesn't hide attackments
- dump Norton for an av that sucks less at mail scanning
- live with the poor performance
Already it's "I've spent so much on Norton, and now your costs..."
Well, I never suggested using either OE or Norton, and I did suggest
cutting losses and dumping Norton for AVG as first response. The
money made on supplying Norton was made by someone else; now I must
clean up that mess for free? Sit on this, and rotate :-)
>you wouldn't believe how many home users still have the av that
>originally came preinstalled with their machines.
Try me.
I still see MSAV on DOS, which hasn't been updated for a while either
>how many people have NAV2003/4 or McAfee with expired virus
>definition subscriptions.
That's a big reason why I prefer free av. A paid-for av fails every
year, and whenever a product has to be bought, some sort of business
decision has to be made about it, and that means months with no av.
The funniest thing I saw was a commercial malware that popped up a
"your Norton has expired, wave credit card here". Needless to say,
said credit card waving didn't reach Norton's shores.
>Both those programs come preinstalled on OEM machines
I build OEM machines, and toss that junk away :-)
Same thing as "30-day free Internet" ISP disks. It takes an ISP 30
days to figure out a new sign-up's account status; spinning that as a
"free trial" is claiming a virtue of neccessity.
I used the 12-month Trend av; it's a good av, but the first update can
take so long that it never gets done, so I often have to pull it.
>> I wonder what % of infected PCs have malware < 1 week old at time of
>> infection? After all, there's a lot of selection pressure exerted by
>> ISPs that scan for currently-known malware, etc.
>Hahahaha again. My admittedly unscientific answer - based on doing this
>for a living - is if the PC is infected, it has other non-viral
>malware. Survey says - 100%!
No, I wasn't thinking of trad vs. commercial malware (I use the
unqualified term "malware" for both kinds), but traditional malware
under 1 week old vs. that older than a week old.
If a survey counts DSO Exploit (Spybot) or Alexa Related (AdAware) or
thows a frothy about cookies, then sure; 100% (of anything) as you say
My take is: If the av is < 2003 but still receives updates from the av
vendor, it's prolly OK; if it's > 2003 but orphaned by the vendor (as
AVG 6.0 will be in a month or so's time) then it's less OK.
And a 2004 av that's not updated is not too OK either :-)
>> You may need to repeat these scans on a per-account basis, given that
>> they often patch in within account-specific settings that may be
>> missed when scanning from the admin account in Safe Mode.
>Without a doubt, although not the virus scans. When I clean a PC, I go
>through the system manually and run all non-viral malware scans in each
>user account.
There are fashions in malware, e.g. RATs used to like shell= and
exefile as patch-ins, others might bang on RunServices, etc. but I'd
not rely on those. There's no reason why a traditional malware - even
a true but not pure intra-file infector like Jeefo.A - would not make
use of per-account settings to integrate itself, though it's rarer.
Having said that, I do rely on a (preferably formal) scan of all files
to find traditional malware, without sweating user account details
unless there are settings to be cleaned up.
It's a problem posed by multiple user accounts - and one of some
reasons to avoid them - that (AdAware SE's claims notwithstanding),
it's rare to find a cleanup tool that will clean up all accounts.
>>>3) With XP, you can delete all but the most recent (presumably
>>>clean) System Restore point
>> You can only presume the most recent restore point to be clean if you
>> know it was done after the PC was cleaned. The best way to know that,
>> is by manually creating a restore point straight after cleaning up.
>Yes. Exactly. That is SOP. Sometimes I'll even disable System Restore
>before the cleanup, but I don't really like to do that because then you
>have no way to back out.
I don't disable SR before the cleanup for the same reason I don't
purge TIF and Temp yet; I want them included in the scan!
Once cleaned, then I purge these, before setting new baselines.
>--------------- ----- ---- --- -- - - -
Never turn your back on an installer program
>--------------- ----- ---- --- -- - - -
- Next message: Viper: "Re: File Associations GONE!"
- Previous message: Phillip Windell: "Re: Safe Mode and spyware"
- In reply to: Malke: "Re: cOOL"
- Next in thread: paintpearl: "Re: cOOL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
