1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News New research unveils anti-virus bypass

Discussion in 'Article Discussion' started by CardJoe, 10 May 2010.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
  2. rickysio

    rickysio N900 | HJE900

    Joined:
    6 Jun 2009
    Posts:
    964
    Likes Received:
    5
    Now my PC is ever safe.

    Like it ever was.

    To be 100% safe, you should unplug your internet connection and throw your hard drive out of the window.
     
  3. ZeDestructor

    ZeDestructor Minimodder

    Joined:
    24 Feb 2010
    Posts:
    226
    Likes Received:
    4
    Well, at least we should expect the AV makers to patch themselves up eventually
     
  4. GFC

    GFC What's a Dremel?

    Joined:
    7 Nov 2008
    Posts:
    118
    Likes Received:
    0
    Biggest anti virus and firewall is yourself. If you go to azi0npr0nx0x all day long - well... Then you might need a bit more than a strong anti virus.
     
  5. ripmax

    ripmax Minimodder

    Joined:
    8 Apr 2010
    Posts:
    370
    Likes Received:
    29
    Just be carfull when browsing, use firefox with no script and don't download anything you don't trust.
     
  6. B1GBUD

    B1GBUD ¯\_(ツ)_/¯ Accidentally Funny

    Joined:
    29 May 2008
    Posts:
    3,557
    Likes Received:
    558
    Yay for MS Security Essentials!
     
  7. EvilRusk

    EvilRusk What's a Dremel?

    Joined:
    23 Jan 2006
    Posts:
    110
    Likes Received:
    2
    But then anyone could just pick up your hard drive and walk off with it!

    Anyway, since the biggest danger to any pc is the user, good practice should still help with this one.

    Also, how does the "bad" code get onto the system with the "good" code in the first place? Wouldn't it be caught in a file scan?
     
  8. Psytek

    Psytek What's a Dremel?

    Joined:
    23 Dec 2008
    Posts:
    159
    Likes Received:
    3
    Anyone who thought their anti virus was protecting them was just deluding themselves.

    For this software to get on your computer, you'd have to download and run it, just like 99% of other malware, and anti-virus software does nothing to stop that.

    UAC is a step in the right direction, but let's be honest, people are too narcissistic to ever stop and think "maybe I've just downloaded a bad program, I should double check where I got it from is legitimate" ... everyone just turns UAC off and installs every exe they receive in an e-mail that says 'click me to speed up your computer'.
     
  9. aussiebear

    aussiebear What's a Dremel?

    Joined:
    13 Nov 2008
    Posts:
    36
    Likes Received:
    8
    The problem with Windows users is that they have not been told what good security practice is. The "install AV; set and forget" is downright sloppy.

    You don't need AV when you change the default approach from:
    "Default Allow"; (Allow ANYTHING to run.)
    to
    "Default Deny". (Only allow what you need and nothing more.)

    * Get the edition of Windows with Software Restriction Policy (SRP) or AppLocker. Set it to deny everything except for the apps you need to work with. (So your Limited/Restricted account can read and write in its assigned folders; but not allowed to execute any random code in those areas. Only Program Files or Windows folders are allowed to have executables running by default.)

    * Use Limited/Restricted User for day-to-day usage.
    (The reason is because you don't have write access to Program Files or Windows folders. Only Read and Execute.)

    * Only use Administrator account for maintenance, troubleshooting, etc.
    (This is from the Linux/Unix way. Using root for day-to-day computer use is considered bad practice and looked down upon.)

    * Be strict in where you get your software from. If you don't know where it came from (untrusted or unverified source). Don't run it; just delete it.

    ...I have tested this approach against real drive-by downloads and such with various folks from business and home. It works. Malware doesn't infect if it can't run. (Malware is just software written for a purpose. You're just preventing execution of it with SRP.)

    Breaking bad computing habits and replacing them with effective practices is the key.

    The AV approach is the dumbest, most insecure way to computer security. It has never been an effective method of prevention against real world attacks.
     
  10. Redbeaver

    Redbeaver The Other Red Meat

    Joined:
    15 Feb 2006
    Posts:
    2,062
    Likes Received:
    36
    but it's a good first step.
     
  11. paisa666

    paisa666 I WILL END YOU!!!

    Joined:
    4 Mar 2009
    Posts:
    810
    Likes Received:
    42
    like i always have said.

    The best way to be protected againts virus its common sense.. that's all you need

    (just dont click on that "you won money" or "hey look my pics at www.face-book/virus.exe") DAMN IT DONT DO IT
     
  12. Shagbag

    Shagbag All glory to the Hypnotoad!

    Joined:
    9 Nov 2006
    Posts:
    320
    Likes Received:
    4
    Security is a process, not a product.
     
  13. rickysio

    rickysio N900 | HJE900

    Joined:
    6 Jun 2009
    Posts:
    964
    Likes Received:
    5
    Best security?

    Lock the user out of the room where the PC is housed.
     
  14. Fordy

    Fordy Minimodder

    Joined:
    28 Feb 2010
    Posts:
    163
    Likes Received:
    1
    Ha, I love how there's just a subtle picture of some of the code :p

    (Could be code for anything, but y'know.. The effects priceless :p)
     
  15. Arj12

    Arj12 What's a Dremel?

    Joined:
    6 May 2010
    Posts:
    106
    Likes Received:
    0
    hmmm, what exactly am I doing reading all these articles on bit-tech when I could be picking up a virus at any time ! :p
    How to stop your pc from getting infected : use antibacterial wipes!!
     
  16. mjm25

    mjm25 What's a Dremel?

    Joined:
    19 Jan 2009
    Posts:
    507
    Likes Received:
    28
    The old switcheroo!
     
  17. shanky887614

    shanky887614 What's a Dremel?

    Joined:
    13 May 2009
    Posts:
    203
    Likes Received:
    0
    wouldnt a good firewall stop this?

    comodo blocks everything from running (i admit it wouldnt work for noobs becasue they would be worse off)
    but it treats everything as a virus unless you sepcify otherwise and it asks you everytime it tries to accses anything like system settings unless you allow that program to do it
     
  18. LordPyrinc

    LordPyrinc Legomaniac

    Joined:
    7 Mar 2008
    Posts:
    599
    Likes Received:
    6
    For the bulk of the 'buy and use computer' users out there, they need a robust AV software. Even still that does not make them safe. Educating these users helps, but many don't have the time or the basic awareness to care about security notifications. The threats will continue to evolve and even us that are somewhat savy may find themselves vulnerable to attack.

    Running as a non-admin account is probably the best defense with or without AV software.
     
  19. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,698
    Likes Received:
    172
    if i read the article correctly, this particular exploit would work wether you are an admin user or a limited user, so in this case running as a limited account wouldnt matter, it would infect you
     
Tags: Add Tags

Share This Page