[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
David Bell wrote:
On Sunday 25 January 2004 9:56 am, Neil Williams wrote:The problem in Windows is that every script kiddie with a grudge can write a malicious agent. The only solution is prevention, not fighting a rearguard action.
Detection remains vital. On all platforms. I think Linux users are complacent in this area. I know I'm complacent on my desktops, but the servers are all trying hard to spot nasty changes.
On the "M$ Dark Side" (OT) - AVG had been installed and updated at weekly intervals over several months on both PCs as a replacement for a freebie version of Norton's AV. I spotted the two virus .exe files, apparently sitting dormant in a directory which holds various programme downloads from the internet e.g. Pegasus Mail, Opera, Mozilla, AVG, Spybot and Zone Alarm on both PCs. It was only when I removed AVG and installed Macafee that they were "detected". Bit puzzled as to why they were sitting there blatently labelled as virus .exe files waiting for someone to execute them.
I think blaiming the AV tools is the wrong approach as well. They can at best only detect known malware, or suspicious activity, and it is damn tough to spot suspicious activity on Windows when any software install can write to the Windows or System directory (activity doesn't get more suspicious that that). Fortunately recent versions require the administrator password for such activity, but how many Windows boxes have you seen where the user has admin rights. Senna Spy appears to be a trojan tool, so sounds like you have very little idea what was delivered or how it was unpacked by the sound of it. Time to reformat and reinstall? Worm.exe - I couldn't find any explanation of a 'NewAOL', although I only found references to software that utilises exploits in of MSHTML rendering (outlook, IE), or IRC and AOL messenging. Does it say any more in Norton, as the Symantec web site is unforthcoming, or is it obvious from this how it got onto you system?
It's the first time that I've come anywhere near to being infected by a virus for 18yrs, apart from receiving dodgy e-mail attachments hastily deleted.
Insert "knowingly". There are probably over a quarter of a million PC's out their with active Windows trojans, whose owners don't know they have a problem. My guess from personal experience is that well over 25% of all Windows boxes have some form of unauthorised software that the owners wouldn't want if they knew what it was. How much more than 10% I hesitate to guess, but depending what MS have installed it could well be 95% (there are always 5% of users who really don't care whatever is installed).
Attachment:
pgp00098.pgp
Description: PGP signature