Re: DHL Trojan email

On Mon, 26 Apr 2010 19:25:47 GMT, sfdavidkaye2@xxxxxxxxx (David Kaye)

"Daniel" <noone@xxxxxxxxxxx> wrote:

I just received an email from someone that said it was from
DHL but it contained a Trojan, why did Windows Security Essentials not pick
it up?

What is a trojan? A trojan is software that pretends to be something else.
For instance, Weather Bug pretends to give you the weather, but when, for
instance, you enter "Miami" for the Miami weather, you begin getting pop-ups
for hotels in Miami when your browser is open. What they're doing is selling
you stuff under the guise of giving you a weather gadget. So, technically
Weather Bug is a trojan. But most people wouldn't call it a trojan. They'd
just call it annoying.

The problem with trojans is one of social engineering. How do you qualify
what a trojan is if the result is something you may want, even if it's not
portrayed that way?

Another point is that all A-V scanners that depend on definition files
are reactive in nature and always lag behind the threats. New threats
must be suspected, forwarded, analyzed and confirmed before the new
definitions can be propagated. Then you have embarrassing debacles
like the recent McAfee definitions file that caused systems to go into
endless reboot because someone didn't validate the def files properly.

For all A-V systems of this nature you are going to have a window of
vulnerability where a new threat (a zero-day threat) can exploit
unprepared systems. This is why the argument still rages between the
ease-of-use camp and the security-first camp.

Windows CAN be properly secured but it takes some work and some skill
to get it done. Then you have to deal with basic user accounts vs.
running as administrator and all the configuration problems that go
with installing and maintaining programs. Microsoft has decided to
take an incremental approach and move users and developers into the
security-first camp slowly by "evolving" Windows. I can't say I agree
with this, sometimes it's better to just rip that Band-Aid off and get
the pain over with quickly.

I must say I prefer the way OS X / Linux does it. One is running in
user mode by default. When it comes to installation of a new
application you must give the root password to become SU, then the
installation proceeds under that higher privilege. And it is very
clear that you are entering a new level, one you should be conscious
of since if you are suddenly asked for a password that you didn't
deliberately initiate you had better not give it. It also keeps the
kids out of the system if you don't give them the root password and
you "administer" their accounts for them.

I good friend of mine was constantly fixing his PC at home because he
was too lazy to set up individual accounts for his daughters and wife
on their XP system and they kept installing crapware.

Relevant Pages

  • Re: Security POP update
    ... So run antivirus and anti-spyware in regular mode. ... runsrv32.exe seems to be a trojan. ... Name Troj/Spyre-A ... Affected operating systems Windows ...
  • Re: OT - Browser question
    ... the only requirement is a genuine Windows ... And a anti rootkit, anti trojan, block almost all the known exploits, ... computers or the ones that I maintain for my family or friends. ... "My impressions of MSE are quite good as I have experienced no stability ...
  • SYMANTEC doesnt detect TROJAN, !!WARNING TROJAN ATTACHED!! - first_3sum.wri (0/1)
    ... ATTACHED FILE IS INFECTED WITH A TROJAN. ... me some advise on how to completely remove the infection. ... My OS is Windows ME. ... I am using Norton Internet Security2002. ...
  • Re: operating error
    ... You may have a Backdoor Trojan that creates randomly generated names. ... When you get to a C: prompt, type: CD windows and hit enter. ... Open the registry editor ... Ron Badour, MS MVP W95/98 Systems ...
  • Re: Trojan horse Downloader.Generic.ML
    ... connection running Windows 98 with ALL updates and clicked one of the links. ... I got rid of the trojan file about a week later, it was kept only to verify ... firewall down completely, it might prevent the firewall from getting ... To do that you arrange to prevent any executable code getting ...