Are virusscanners really this bad? shocking results

Discussion in 'Security and Anti-Virus Software' started by Phil, Sep 18, 2007.

Thread Status:
Not open for further replies.
  1. Phil

    Phil Retired

    Reputations:
    4,415
    Messages:
    17,036
    Likes Received:
    0
    Trophy Points:
    455
    As far as I can estimate, I would say yes. It will not only infect one account. Either the whole system is infected or the system is not infected.

    This is because once the system is infected, about 10 important .exe system files become infected. I don't think it would make a difference from what account you're running these files system .exe files.
     
  2. j0rdy

    j0rdy Notebook Consultant

    Reputations:
    4
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    30
    erm...You 'Do' know that Kaspersky is one of the top antivirus companies - don't you?

    Kaspersky Internet Security also takes a 'layered' approach at software protection - which is what most security experts recommened.

    I.E. 1st - would be their virus web scanner, 2nd - would be their firewall, 3rd would be the Proactive Defence mechanism (Registry Guards, Application modification analyzer, etc.) and last but not least - the Anti Virus Portion of the software (note: all of the above and more is contained in Kaspersky Internet Security and to a lesser extent the regular Anti Virus).

    Though I'm not too ecstatic about their firewall, it does seem to do a good job, especially when coupled with the built-in banner (ad) blocker - it filters the ads before it reaches your browser - LoL, I only noticed this by accident when I was testing the full package and noticed that one of the ad infested news website I usually visit was missing all the wonderful ads :p


    In any case, Kaspersky, with all or most of it's protection features running DOES catch modifications to your programs/or windows.


    - Jordan

    P.S. If you are going to test this or use kaspersky for your security needs - I would HIGHLY Advise that you put in a simple password inside kaspersky to disallow viruses from simply telling kaspersky to exit :)
     
  3. Sub-D

    Sub-D Notebook Evangelist

    Reputations:
    56
    Messages:
    608
    Likes Received:
    0
    Trophy Points:
    30
    I'm not too sure even Kaspersky would stand up to the concoction of viruses and trojans that are contained in that file. Seems to be like the AV software is just being Zerged to death.

    :D
     
  4. swarmer

    swarmer beep beep

    Reputations:
    2,071
    Messages:
    5,234
    Likes Received:
    0
    Trophy Points:
    205
    I'd bet that the limited account alone would protect you from this thing without any AV software. Of course, adding AV software doesn't hurt and I'd still recommend it.

    I seem to remember that Antivir PE doesn't offer real-time scanning anyway; is that correct? I thought you had to run the scan explicitly.

    That's interesting if some programs ask the admin password. I'm also using XP Pro SP2, and most installers I've seen just fail if you're not an admin user. You usually need to go through Windows' switch users process to become an admin user to install software. For smaller programs that don't need an installer (e.g. PuTTY), there's no need to go into the admin account.

    A few badly-written programs won't work at all with a limited account. Not many though. The only one I have like this is something that came with my old Toshiba mp3 player. You can just use your admin account to run these programs, if you can't find replacements.

    A couple tips: Auto-updaters tend to barf due to the limited account... often with cryptic error messages. I shut off auto-update in Firefox, Yahoo Messenger, etc., and once a month (or so) I switch to my admin account to update those programs. Windows' own auto-update works fine; you don't need to worry about that... but if you run Windows Update explicitly (i.e. for optional updates) you'll need to use your admin account.

    Changing most control panel settings or the registry also requires admin privilege. Finally, you can fine-tune the privileges in Control Panel > Administrative Tools > Computer Management > Local Users and Groups. (This is XP Pro only I think.) I added my limited user to the Network Admins group so I can enable and disable my wireless connection. Don't go too nuts here though, or you'll lose the benefit of having a limited user.

    Vista should make all of this easier with User Account Control, so you can just key in your password for a specific task that requires admin privileges. (I don't have Vista yet though.)
     
  5. Phil

    Phil Retired

    Reputations:
    4,415
    Messages:
    17,036
    Likes Received:
    0
    Trophy Points:
    455
    yeah, like you say one of the top. I tested the rest of the top.

    Do you have any objective research indicating that Kaspersky is considerably better than McAfee, Norton, Avast and all the rest?

    If so I might be tempted to another test. For now I am happy with my new security settings.
     
  6. Phil

    Phil Retired

    Reputations:
    4,415
    Messages:
    17,036
    Likes Received:
    0
    Trophy Points:
    455
    I think it does offer real time scanning, because when I ran the infected .exe file it noticed 3 or 4 infection attempts.


    Yeah only one program did that. I thought it was Acronis True Image.

    I have had installed twice. I went back to XP twice.

    I like the minimalistic XP interface. I also like the higher performance in 3D and less menu latency. Even though my hardware is very suitable for Vista.
     
  7. Tranquility

    Tranquility Notebook Consultant

    Reputations:
    80
    Messages:
    227
    Likes Received:
    0
    Trophy Points:
    30
    I downloaded and ran the file. At least it looks to be the file. The name "VIRUS!!!!!.exe" seems to be a good clue. :D

    What are the signs of infection? I'm using Windows 2000 Professional SP4 and logged in as a restricted user. When I ran the exe file an installation routine for a program called PowerISO38 ran. I received multiple file read errors during that routine. It was attempting to write to 'Program Files/PowerISO' while at the top of the window read a message to rename the files to my user account temp folder after reboot. I clicked retry and then ignore through each of the error messages and then allowed the program to reboot the computer. I haven't noticed anything unusual yet. There are a bunch of new files in my temp folder. There are no new folders in my Program Files folder. The number of running processes in task manager is the same 25 as before.

    It's been installed for about 30 minutes. I have no antivirus/spyware software.

    Edited:
    I've booted a few times and have been internet browsing. I've logged in on a restricted user account and also an administrator account. Still no signs of anything out of the ordinary. About three hours now.
     
  8. Tranquility

    Tranquility Notebook Consultant

    Reputations:
    80
    Messages:
    227
    Likes Received:
    0
    Trophy Points:
    30
    Here is what my temp folder looks like after running the exe file:

    [​IMG]

    I've downloaded Nod32. I'm going to delete everything in the temp folder but leave the files along with the original exe download in the recycle bin and then install and run Nod32. I'll let you know.

    Looking at the dates I see some of the files were there before the program was run. The ones dated 9/19/2007 are certianly from the program. The folder created today contains a single file named PowerISO38.exe.
     
  9. NinjaNoodles

    NinjaNoodles Notebook Evangelist

    Reputations:
    250
    Messages:
    532
    Likes Received:
    0
    Trophy Points:
    30
    My Acronis restarts the computer as it should, but then it just sits and waits. Anything I can do to fix that? (Don't mean to hijack your thread, I'd just rather not deal with Acronis support.)

    Thanks,
    Peter
     
  10. Pitabred

    Pitabred Linux geek con rat flail!

    Reputations:
    3,300
    Messages:
    7,115
    Likes Received:
    3
    Trophy Points:
    206
    Most people run installers as Administrator ;) Viruses expect that. This isn't a terribly brilliant set of viruses, just a very nasty set.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page