Announcement

Collapse
No announcement yet.

OT: the reason for firewalls and virus scans

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OT: the reason for firewalls and virus scans

    A friend asked me to look at his computer (actually his wifes). This machine is a 2.1 gHz machine with 256meg ram, a 30 gig disk, that has Win XP sp1 on it, no firewall, no virus software, etc. They have been using it for internet, but it had become so slow it was unusable.

    I got Spybot and adaware on it, and scanned..... 25 assorted pieces of spyware and so forth......

    Then we got AVG onto it, and ran a scan. 45 minutes later, AVG had identified and removed 314 different viruses, trojans, and other assorted malware from the machine......

    I didn't have time to get zonealarm onto it. He had the virus program and firewall combo program, but it was having trouble loading, hung up for 25 min, etc..... At least I had time to disable the messenger service, remote operation, and the universal plug and play features, as a partial help towards preventing further problems.......

    I have never in my life seen as many examples of malware as were on that machine... it just kept adding onto the list and my jaw was dropping further and further.....

    Let it be a lesson to you.....
    1601

    Keep eye on ball.
    Hashim Khan

  • #2
    It would probably be better to just reload windows onto that machine

    Comment


    • #3
      It might.................. although the immediate problems are over with.......

      That's if they could find their XP disks..... and wanted to wait while multi-megs of sp1 and sp2 download over the dialup.........
      1601

      Keep eye on ball.
      Hashim Khan

      Comment


      • #4
        Messaging would have been disabled a long time ago if they were doing the updates. Use the automatic update feature. There's been numerous anivirus and auto-removal updates in the past year.

        Also, download and run one of the root kit checkers.

        Comment


        • #5
          A firewall doesn't stop viruses and you don't need to install one. XP already has one. It's good enough for what it is supposed to do which is to prevent your computer from answering external attempts to access it that it didn't initiate.

          If you can get to a high speed connection somewhere you can download a stand alone SP2 installer and burn it to CD to upgrade the system. You don't need to do SP1 first.

          http://www.microsoft.com/downloads/d...displaylang=en


          If you do this note the additional updates that can also be downloaded as stand alone installs at the bottom of the page.
          Last edited by Evan; 03-24-2007, 02:02 AM.
          Free software for calculating bolt circles and similar: Click Here

          Comment


          • #6
            Originally posted by Evan
            A firewall doesn't stop viruses and you don't need to install one. XP already has one. It's good enough for what it is supposed to do which is to prevent your computer from answering external attempts to access it that it didn't initiate.
            .
            Amazingly, THIS XP does NOT have the firewall.. I looked and confirmed it.

            AND, quite a lot of it is subtly different from the XP I have used (and still don't like).

            One son has worked for Microsoft...... and set up their computer. The best explanation I can come up with is that it is a beta (or earleier) version that he smuggled out and put on Mom's computer...... but I did not try the "about" in help, it was mighty late and I didn't want to know that bad right then.

            That makes it totally un-maintainable, an issue I will have to take up with them later.
            1601

            Keep eye on ball.
            Hashim Khan

            Comment


            • #7
              I’ve said it before, will say it again, the best thing you can do is set them up with a non-admin account and insist they use ONLY that account for accessing the internet. This is done with my wife and children’s computers, they are on the internet all the time (yahoo, myspace, random web sites, etc.) and I have not had any anti-virus/spyware/malware/etc. running in a VERY long time. Not one single virus has appeared in that entire time. Only one spyware that showed up recently on my son’s computer, and that was because I gave him an admin account to use for games that require it, and then (as expected) he “forgot” and used that account to access the internet. If you are even slightly disciplined, you don’t even need to log on/off as different users, but can simply set your web browser and email client (and news reader, etc.) to request alternate credentials when loaded. Then you get prompted to log in and can run with reduced permissions even when logged on as admin.

              That reduced permission alone closes something like 90% of the common propagation vectors (including most social engineering). And you can push it darn near to 100% by also setting “Internet Zone” security setting level higher (Medium at least, preferably High). Of course that means some of your favorite sites (including this one) probably won’t work right. So you just set them as a “Trusted Site” with security set at Medium (or custom). For the first day or two it can be a bit frustrating as you visit sites and realize you need to add them to Trusted, but once you “working set” is established, you are pretty well covered unless you accidentally (or not) wind up on some random site (perhaps an ebay spoof or something?) where the perms are set low and most bad things can’t happen.

              Windows is NOT the massive vulnerability that everyone likes to make out. The culture of “always run as admin” combined with uneducated users easily falling prey to even the most pathetic attempts at social engineering is the problem. For your typical users, they might be well advised to also run an AV program too, but it will work much better as a back stop than a primary/only defense.
              Russ
              Master Floor Sweeper

              Comment


              • #8
                Well, I disagree....

                Windows IS the problem....... In the sense that it has traditionally been deliberately set up in a default of every door open, every window up, the screens in storage, and all the keys tossed virtually unlabeled in a drawer somewhere in the attic.

                Also, it is default set up in extra simplified big pictures and primary colors "PlaySkool" mode and "advertised" as a "turn it on and use it" trouble free system.

                Then folks such as yourself come and say "well, its the dumb users".

                You got a lot of nerve to say that.

                People have been FORCED to be "dumb users", and it has been made very difficult to FIX all the open unlocked doors and access hatches sprinkled throughout "Windows".

                Then of course the most basic programming errors have been repeated time after time after time after time by "Bill's sheltered workshop"..... If I hear of another "buffer overrun" exploit in Windows, I will gag.

                I would think an AV program is a very basic need, not a "frill"....... YMMV, maybe you never get any virus-laden spam.


                BTW, what the heck is your "social engineering"..... I fail to "get" the reference.
                1601

                Keep eye on ball.
                Hashim Khan

                Comment


                • #9
                  Really? *I* have a lot of nerve eh?

                  I didn’t say “dumb users”, YOU did! Please..., no strike that, this is not a request; DO NOT put words in my mouth. I am a professional software developer, system architect, and from time to time, software security consultant and I do NOT believe the view of users as “dumb”.

                  In my professional opinion, backed up by experience, everything you just posted is flat wrong. And I say that with no hesitation or qualification. Your machining knowledge (along with pretty much everyone else here) is unquestionably superior to mine, but on this you are wrong...

                  People have not been FORCED to be “dumb users”, they’ve demanded the “right” to be “dumb users” (or I would rather say, they demand to be allowed to remain ignorant). And that’s fine as long as they accept the consequences, but they don’t. Just like everything else in modern society, they would rather blame someone else than take responsibility. Every time MS makes the defaults more secure, taking it as THEIR responsibility as you seem to advocate, and which is always inversely proportional to ease of use, there is an unending wailing and gnashing of teeth. This has happened again and again, and it’s happening now with Vista trying to force people to run with reduced permissions (something that is standard procedure in most OS). So they try for a balance that maximizes market penetration and profits, which it seems they’ve achieved rather well.

                  And your “buffer over-run” exploits exist everywhere to greater and lesser degrees, they just get more visibility when it’s on Windows. They also get more attention on Windows from Black Hats because they get more return on investment. But this is covered time and again, and subsequently ignored by those with a MS bashing propensity time and again. Nothing I can say will change your mind, but your comment on not understanding “social engineering”, a concept that is the central to any useful discussion of basic security, provides clear insight into the weight that should be associated with your opinions on the matter.

                  You’ve launched on your anti-Windows tirades before, and I should have known better than to respond to this one. Sorry, that was my own stupidity. I generally avoid these work related topics as I come here for my hobby and other interests to get away from work, I’ll try harder in the future. I really couldn’t care less if all of you run multiple AV/SW/MW/FW/WTF and turn your quad core state of the art systems into slow crawling pieces of crap (which you will no doubt blame MS for, after all, that is the easy answer).

                  In closing, I’ll repeat another thing I’ve said before. I have been running with NO protective software for OVER a year now. My old systems passed down to my family members that run the same config are faster than most brand new state of the art systems running main stream AV. I have INTENTIONALLY navigated to known high risk sites, I have INTENTIONALLY opened KNOWN infected email/attachments, and I have had NO infections to date! And this was as part of a bet with another software consultant that works in the security arena, a certified slash-dot junky with a severe anti-MS fixation that makes you look like a softy. HE picked the high risk tests, and HE lost!

                  Oh, but forgive me, I don’t know what I’m talking about. Go try Google to find out what Social Engineering is, then come back and educate these good people, you are doing a wonderful job otherwise.

                  I guess I also shouldn’t post when I’m already in a bad mood from unrelated events. Carry on...
                  Last edited by BadDog; 03-25-2007, 01:51 AM.
                  Russ
                  Master Floor Sweeper

                  Comment


                  • #10
                    All versions of XP have a firewall, even the first pre-service pack RTM version. On the release version the firewall is disabled by default and must be explicitly turned on in the network connections dialog. That may no longer be possible as some of the viri will set a remote policy in the registry that removes the firewall settings from view. In that case the only course of action is to reinstall.
                    Free software for calculating bolt circles and similar: Click Here

                    Comment


                    • #11
                      This is social engineering:

                      Dear xxxxxxx @ vts.bc.ca,
                      As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

                      We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

                      Case ID Number: PP-157-769-503

                      To restore your Account Access click on the link below:
                      ttps://www.paypal.com/cgi-bin/webscr.php?cmd=_processing_Account_login43689473fg h5g4HGGTYGTCCL

                      Completing all of the checklist items will automatically restore your account access.

                      This is a third and final reminder to log in to PayPal as soon as possible.

                      Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.
                      In accordance with PayPal's User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your PayPal account as soon as possible to help avoid this.
                      To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us".
                      We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.


                      Sincerely,

                      PayPal Account Review Department
                      ----------------------------------------------------------------

                      PayPal Email ID PP638
                      This was in my mail today. It's a scam of course. I didn't have to think twice about it. I don't have a Pay Pal account.
                      Free software for calculating bolt circles and similar: Click Here

                      Comment


                      • #12
                        Seems to me that there is a dead simple solution here if Microsoft wanted to take it. Just have IE shut down in admin mode. It just does not work, period. And you have to go to a more restrictive mode to use it.

                        Of course, the pros who are working on the machines would have to switch back and forth when doing installations, etc., but what the heck. The cost of progress.
                        ...
                        ...
                        ...
                        ...
                        ...
                        Yes, I know I am being overly simple here. But, I do believe that Microsoft could make their software a lot safer.

                        They could also make it a lot cheaper, but that is another issue.
                        Paul A.

                        Make it fit.
                        You can't win and there is a penalty for trying!

                        Comment


                        • #13
                          In the not very far future, like next year or so, everyone with a brain will be running virtual machines. The host operating system will barely have network connectivity and so will be impervious to infection and it will have a console. On it you will install the virtual machine of your choice, Linux, Windows d' jour, Unix (except Mac OS X), or all of them.

                          When you run Windows for example, it will be in a virtual machine. It will become infected as Windows always does, and you will delete it entirely by dragging it to the trash bin of your host system - a virtual machine is a single file on your host, and you will start a snapshot of that virtual machine and all your applications minutes, not hours later.

                          This will make you chuckle to yourself as you recall all the horror stories of having to scratch install from CD or DVD in the 'old' days of 2007 and prior. In 3 years time people will have forgotten what it is like to have an infected system and the hell it brought. You won't go back to a stand-alone system. Microsoft products will be a commodity. They're already planning for this.

                          Virtualizing software will replace your current bios, and the system you buy then will only run virtual machines. When your system boots up it will load all the operating systems you have specified and life will be good.

                          Comment


                          • #14
                            Originally posted by Evan
                            This is social engineering:


                            This was in my mail today. It's a scam of course. I didn't have to think twice about it. I don't have a Pay Pal account.
                            A fully capable firewall includes anti-virus, anti-spam, anti-phishing protection as well as packet filtering, port management, and connection abuse defense, and could easily have stopped this. Some of the systems I run stop thousands of these each day, and the ones that get through become the resource for the filters of tomorrow. Some filters are anticipatory and can block classes of such messages even when they morph and do so with remarkably low false positives. Some get through, of course, but it's an insignificant amount. At this time, on a 1,000,000 message/week system, I'm blocking 90% of all incoming messages and with less than 10 false positives/month based on user-initiated help desk tickets.

                            Comment


                            • #15
                              Originally posted by J Tiers

                              I have never in my life seen as many examples of malware as were on that machine... it just kept adding onto the list and my jaw was dropping further and further.....

                              Let it be a lesson to you.....
                              I had almost excatly the same experience with my dad's PC a year or two back. Machine slowed to near standstill. Took an hour or two to get all the rubbish out. He's now on broadband and fully loaded with the holy trinity of Spybot, Adaware and AVG.

                              I think that it's just one of the tasks that a child in has to do for 70 year old father - be his unpaid IT engineer.

                              Charles
                              Last edited by Charles Ping; 03-25-2007, 03:32 AM.

                              Comment

                              Working...
                              X