Like Osama, ya gotta admire them even as you hate them. They infect your computer, then offer to clean it for a price. They disable most of the antivirus software, and sometimes the Task Manager. REALLY clever. You delete their .exe files in Task Manager and bingo! They pop right back up! You delete them from Program Files and next thing you know there they are again. Clever, really clever, and profitable too, I suppose. Tried to call them in Braintree MA and natch there's no one there by that name. Russians, I suspect, they honed their skills in this type of activity during the waning days of the cold war.

Anybody know how they reload themselves so fast? Do they just call themselves in from the web? You can remove some of the .exe files yourself in Safe Mode but there are registry files and dlls etc. Fortunately there is a utility that seems to deal with it, which can be found
here (http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=85&blogId=3).

Even legitimate software takes over so much of your processor time these days I'm about ready to swear off the damn thing and just go to the library or an internet cafe when I need to get online. Nobody emails me anyway. I'd miss the forum but I'll get over it.

[ 03-31-2006, 09:17 PM: Message edited by: Victor ]

What part of GET A FIREWALL don't you understand? tongue.gif

Got a firewall. All kindsa blockers too. Even YOU could get this one.

I've got a firewall and that's all I have, aside from advert nit removers like Ad-Aware. I download all sorts of things, although rarely do I download executable files. I've never had a virus!

What firewall are you using?

A firewall won't stop a Trojan horse virus, which is what this sounds like. Firewalls block unwanted access, not viruses and spyware.

You probably allowed it in thinking it was something else. As much as we download routinely, it's not hard to sneak one in.

Even with the best security software running, if a user is fooled into allowing an install of something malicious to take place, it'll take place.

What are you using for anti-virus software, Victor?

The Falcon and SpywareGuard installed themselves. Using Panda now and it won't go away either, not very graciously. Seems like all these software packages, Norton, McAfee, all of em, they're like someone you invited over for dinner and the next thing you know he's living in your house and you're doing his laundry.

I really feel sorry for you guys with your gargantuan hard drives. What do you do when it's infected and you've got 45 gigabytes of data on it? F that. I can reformat quickly and easily, and nothing cleans the disk better than that.

I'm about ready to go to the internet cafe when I need something online. The novelty wore off long ago, now it's just a way to kill time.

The Falcon and SpywareGuard installed themselves. Using Panda now and it won't go away either, What are those?
How did it install itself?

Do you open attachments or click on things in e-mails?

I NEVER open an attachment... unless it's from one guy I know and I am expecting it.

Seems that your Anti virus is not up to par or the firewall is just not much help.

Nope.

Since Joe CSOH hasn't said it :D I will:

Get a Mac.

Built-in firewall. Built-in security. NO virii to speak of outside of Microsoft scripting virii (and only that if you use office).

If wrestling with spyware and viruses have you ready to throw in the towel, consider the practical alternative, a new, cheap computer with the Linspire version of Linux installed.

For example: Tiger Direct's Linpire Machines (http://www.tigerdirect.com/sectors/linspire/index.asp)

While the true Linux afficianados will argue that Linspire is a wussy version of Linux, they're right! It's the easiest to use, very similar to Windows, very user friendly, and rock solid stable with none of the security issues of Windows. MUCH cheaper than the other overpriced Windows alternatives, too.

I'm using Linspire on a test mule and would be happy to share my experiences with anyone who is interested.

This is probably a re-hash, but anyway..

Check out Antivir and AVG . They're both free, and I personally found them superior to Nortons or McAfee.
That said, the dam$$d viruses can still be a pain. It's easy to 'lapse' on some of this stuff.

Reminds me, Zone Alarm just sent a message to update.

I'm fully wrapped, I think, and still don't do commerce on the web. Call me old fashioned.

I know, I know, people do as regular as the morning constitutional, but how do you trust it? I don't. Probably foolish, because your information is there if someone wants to pry.

Originally posted by High C:
A firewall won't stop a Trojan horse virus, which is what this sounds like. Firewalls block unwanted access, not viruses and spyware.
Incorrect: a good firewall will stop any internet activity, coming or going. (NB: The Windows XP firewall is not good.)

Originally posted by Meerkat:
</font><blockquote>quote:</font><hr />Originally posted by High C:
A firewall won't stop a Trojan horse virus, which is what this sounds like. Firewalls block unwanted access, not viruses and spyware.
Incorrect: a good firewall will stop any internet activity, coming or going. (NB: The Windows XP firewall is not good.)</font>[/QUOTE]Well, sure, it can be used to block all activity, but what good is that?

My understanding is that the firewalls that home users tend to use, i.e. affordable, are pretty much source filters, not content filters. They limit access by hiding ports and blocking access from various domains or IP addresses, etc.

If a user grants access to a trusted source or website, a typical home-user type firewall will lack the ability to distinguish malicious content from desirable. A virus can be invited in this way.

Note that products like Zone Alarm now offer a combination program that adds content (virus) scanning capability to their firewall only products. Obviously, they don't claim that their firewall filters viruses, or they wouldn't offer this new product, n'est ce pas?

Originally posted by High C:

My understanding is that the firewalls that home users tend to use, i.e. affordable, are pretty much source filters, not content filters. They limit access by hiding ports and blocking access from various domains or IP addresses, etc.
Your understanding is incorrect. A good affordable consumer firewall (less than $50 at most) will do both inbound and outbound access control. It will alert you when any outside source attempts to connect on any port and give you the option of either temporarily or permanently preventing the access. For outbound connections, the firewall will ask you if a particular app is allowed to access the internet. It will also create a "signature" for that app such that if it changes, you will again be asked if the app is authorized. This prevents viruses and trojans from taking over an app and attempting to do harm. (It also alerts in the case of a legitimate update, but only once and that's ok.)

The rest of the solution is to deny scripts or active-x controls from running in email programs and never run an email attachment from an untrusted source. For browsers, deny the use of java and active-x controls (javascript is ok due to it's built-in security - unless the browser has a flaw).

Vendors make money from virus software because people don't know how easy they are to prevent. If you don't allow viruses to enter your system in the first place, you won't have the problem. If, somehow, they do get in, preventing them from spreading is the next line of defense.

Selling anti-virus software is easy money and the vendors have zero incentive to stop the virus makers.

[ 04-03-2006, 04:10 AM: Message edited by: Meerkat ]

Originally posted by Meerkat:
</font><blockquote>quote:</font><hr />Originally posted by High C:

My understanding is that the firewalls that home users tend to use, i.e. affordable, are pretty much source filters, not content filters. They limit access by hiding ports and blocking access from various domains or IP addresses, etc.
Your understanding is incorrect. A good affordable consumer firewall (less than $50 at most) will do both inbound and outbound access control. It will alert you when any outside source attempts to connect on any port and give you the option of either temporarily or permanently preventing the access. For outbound connections, the firewall will ask you if a particular app is allowed to access the internet. It will also create a "signature" for that app such that if it changes, you will again be asked if the app is authorized. This prevents viruses and trojans from taking over an app and attempting to do harm...</font>[/QUOTE]You have just described a source filter, not a content filter. Even the freebies do all that.

Content is not being scanned. Once you allow access to, say a browser, a firewall will not balk at anything coming through that pathway. Lacking a comparative database, it doesn't know a virus from any other app.

Of course, the other things you mention about browser settings (scripts and active-x) are fine practice, though they do limit some capabilities, and do not protect you from viruses from other pathways.

Sure, a firewall can stop some viruses from some sources, but it is not a comprehensive tool for stopping viruses.

How do you know you have no viruses if you don't run anti-virus software? You might be surprised.

What exactly do you consider a virus to be and how do you think a virus can enter your system?

I would be drop-dead fall over amazed if I had a virus.

Originally posted by Meerkat:
What exactly do you consider a virus to be and how do you think a virus can enter your system?

I would be drop-dead fall over amazed if I had a virus.Well that's the interesting thing about viruses, they're kind of like weeds, a matter of perspective. They're just programs, or applets, not really diseases in the human sense. Is this a desirable applet, or undesirable? Will it do what is claimed, or will it do something else that I don't want to happen? Am I even aware that I have installed or downloaded it?

To differentiate between desirable apps and undesirable apps requires someone to make a judgement, about every dang one of them.

That's what anti-virus programs do that a firewall doesn't. They have a room full of people supporting them who analyze these buggers, learn what they do, and add them to the update database.

[ 04-03-2006, 07:44 PM: Message edited by: High C ]

Originally posted by High C:
Am I even aware that I have installed or downloaded it?
I am aware of everyting I download and/or install.

This (Tiny Personal Firewall) is what a GOOD firewall does:


Here is the list of the most attractive features from the network security standpoint:

* stateful packet filtering
* prevents unknown processes from stealing your data to the internet
* prevents unknown processes from misusing your trusted applications
* selective filtering of endpoint and pass-through traffic
* selective filtering of the network traffic per interfaces
* selective filtering of a network traffic coming to an interface with multiple IP addresses
* interfaces divided into zones
* full support for terminal services - rules per process per user
* time restrictions on network traffic
* integration with Active Directory for gateway deployment
* fully XML compliant policies
* ... and many more

Stateful
TF6's network firewall is a combination of stateful filtering on NDIS and TDI layers - in simple terms the firewall ties specific network activity to specific applications.

Filter per interfaces
TF6's firewall allows to differentiate between the network traffic coming through specific network interfaces and apply different rules based on which interface is used.

Stealth
TF6 can make the computer completely stealthed and invisible from the Internet.
Optionally there could be different rules for a single network interface when multiple IP addresses are assigned to the interface.

Pass-Through Traffic
If TF is running on a computer with more than one network interface card and the computer is configured as a bridge or a router, IP traffic coming through this bridge/router can be controlled by a special set of Network Security rules.

Active Directory
A translation from local IP address to a computer name or the currently logged on user is optional (user groups use is based on LDAP settings). In Windows 2000 and 2003 environments it allows setting up user based policies no matter of their actual IP address.

Integrated Intrusion Detection and Prevention
IDS/IPS rules (especially from SNORT) fit into the bridge/router configuration even better then to an endpoint computer.

Here is a good article that is sort of connected to all this. Business Week (http://tinyurl.com/m7wwf)
Which just goes to show that a good firewall is essential software, because getting malicious software on your machine is easier than you think.

[ 04-03-2006, 09:42 PM: Message edited by: GregW ]