Re: Safe Mode and spyware
From: cquirke (MVP Win9x) (cquirkenews_at_nospam.mvps.org)
Date: 12/05/04
- Next message: Miss Perspicacia Tick: "Re: Microsoft word art problem"
- Previous message: Malke: "Re: Can folders shared through "File and Print sharing" be seen over the internet?"
- In reply to: GTS: "Re: Safe Mode and spyware"
- Next in thread: Phillip Windell: "Re: Safe Mode and spyware"
- Reply: Phillip Windell: "Re: Safe Mode and spyware"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 05 Dec 2004 16:09:29 +0200
On Sat, 4 Dec 2004 18:02:23 -0500, "GTS" <x> wrote:
>You give a good summary, but I'm not sure what your point is. The ability
>or inability of automated tools to remove severe parasites, IS the measure
>of their effectiveness regardless of the reason for it. When they fail, the
>extent of manual actions necessary is often beyond the non-technical user
Unpalitable but true. So points you can deduce include:
- automated tools cannot be expected to be enough in all cases
- there's more to malware safety than "run an antivirus"
>Your comment re. NTFS access and related issues is quite right.
I wish I was wrong there, because this truth is also unpalitable and
hard to live with. When users say "But that's terrible! What can I
do?" it's a drag to have to say 'Sorry, you're stuffed'.
>I sometimes find it useful to put the client's drive as a secondary
>in a service machine, or to boot from a Knoppix CD, for cleanup/repair
Yep - that's hosted and formal scanning, respecively.
Have you found a good knoppix-hosted av that can pull updates from a
USB stick and scan the whole of an NTFS system? Is the depth of
current Knoppix NTFS support deep enough to manage ADS?
I tried Bit Defender's "Live" a while ago, as it looked like it would
fit the shoes that MS have so far ignored. It was basically Debian
(Knoppix) + the "capture" NTFS support project + Bit Defender.
I've yet to see it complete a full system scan without crashing, and
haven't got as far as getting it to update off USB stick. I did get
Capture to pull NTFS code from USB stick, rather than HD, as is
required if the scanning process is to be formal.
>With severely infected machines, often with expired AV programs,
>no critical updates, no firewall, no Spyware protections and dozens or
>hundreds of Trojans and parasites (I see these all the time), professional
>help to both clean the machine and properly secure it may be a necessity.
This is true - and this is the reality that "just wipe and start over"
or "update your av and scan the whole PC" or "go to an online scanning
site" cannot hope to manage effectively.
It's not only end users who read in these forums; there will be techs
too - those with pro interest and expertise in these matters (who will
hopefully correct my mistakes), tech pros who don't yet have expertise
in these matters, and non-pros with an interest, e.g. the geeky
neighbor or the power user in cubicle 7 who are asked to help.
So I don't think tech detail that's over end user's heads should be
excluded in these discussions. As a reader here, this would be the
sort of level that I would be most interested in reading.
Even a PC that had good defences when it was infected, may not
anymore. Not only were those good defences not good enough, but it's
more than likely the malware has broken fences by killing the av,
hijacking the av's update access, and/or disabling the firewall.
So IMO whenever you clean a system, you need to check and fix defences
as well as endevour to block the method that was used to infect the
PC. If you never find out what infected the PC, you can't know how it
got in, and you can't be sure you've blocked it - and that's why I
don't see "wipe and start over" as an effective strategy.
>-------------------- ----- ---- --- -- - - - -
"If I'd known it was harmless, I'd have
killed it myself" (PKD)
>-------------------- ----- ---- --- -- - - - -
- Next message: Miss Perspicacia Tick: "Re: Microsoft word art problem"
- Previous message: Malke: "Re: Can folders shared through "File and Print sharing" be seen over the internet?"
- In reply to: GTS: "Re: Safe Mode and spyware"
- Next in thread: Phillip Windell: "Re: Safe Mode and spyware"
- Reply: Phillip Windell: "Re: Safe Mode and spyware"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
