comp/net virus protection

mbpark · 02-01-2009, 04:22 PM

Lumberjim,

The best thing you can do is find someone who has the Ultimate Boot CD for Windows with the AVG 7.5 or other AV plugins updated and available either on CD or USB key.

You are at a point where you cannot boot into Windows to clean the PC. You need to boot into an alternate environment and run AV tools from there on your machine to clean it. That is the only way you will be able to clean your machine of viruses that do a good job of cloaking themselves from the currently running copy of Windows.

That's one thing a lot of people don't understand (and TW, this is how I found a Conficker variant on someone's laptop). You can't accurately scan a known infected machine for viruses using a virus scanner and be 100% sure you got something. It's like fixing a house with a bad foundation. You have to take more direct measures, especially when the Windows API provides many holes to hide DLLs and other injection methods (and you can get the book Security Warrior from O'Reilly, which will show you how to do it).

And yes, Norton AntiVirus used to do this effectively many years ago (boot CD).

Yes, we can talk about how great certain AV programs are, but if you don't have the right methodology for getting at the really nasty ones, it's all moot.

That said, Lumberjim, make friends with someone who has that CD or bootable USB stick. You will find many interesting things.

tw · 02-02-2009, 03:47 AM

Quote:

Originally Posted by mbpark

Yes, we can talk about how great certain AV programs are, but if you don't have the right methodology for getting at the really nasty ones, it's all moot.

Nobody suggests an anti-virus software is perfect. However if Conficker is as widespread as reported, then every decent anti-virus software must have some solution or at least report the worm exists. Currently, you are the only one who even mentions detecting it. Others have said their anti-virus software works great, but never reported anything detected, stopped, or removed.

Currently posted is not a single useful benchmark from which to recommend any anti-virus software. Irrelevant is the methodology for one virus. More important are which anti-viruses see and do not see how many infections. Only then would a potential benchmark exist.

02-01-2009, 04:22 PM	#1
mbpark Lecturer Join Date: Jan 2001 Location: Carmel, Indiana Posts: 761	lumberjim, the best thing you can do.... Lumberjim, The best thing you can do is find someone who has the Ultimate Boot CD for Windows with the AVG 7.5 or other AV plugins updated and available either on CD or USB key. You are at a point where you cannot boot into Windows to clean the PC. You need to boot into an alternate environment and run AV tools from there on your machine to clean it. That is the only way you will be able to clean your machine of viruses that do a good job of cloaking themselves from the currently running copy of Windows. That's one thing a lot of people don't understand (and TW, this is how I found a Conficker variant on someone's laptop). You can't accurately scan a known infected machine for viruses using a virus scanner and be 100% sure you got something. It's like fixing a house with a bad foundation. You have to take more direct measures, especially when the Windows API provides many holes to hide DLLs and other injection methods (and you can get the book Security Warrior from O'Reilly, which will show you how to do it). And yes, Norton AntiVirus used to do this effectively many years ago (boot CD). Yes, we can talk about how great certain AV programs are, but if you don't have the right methodology for getting at the really nasty ones, it's all moot. That said, Lumberjim, make friends with someone who has that CD or bootable USB stick. You will find many interesting things.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)