bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 10th May 2010, 10:32   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
New research unveils anti-virus bypass

http://www.bit-tech.net/news/bits/20...virus-bypass/1
__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 10th May 2010, 10:51   #2
rickysio
N900 | HJE900
 
Join Date: Jun 2009
Posts: 964
rickysio has yet to learn the way of the Dremel
Now my PC is ever safe.

Like it ever was.

To be 100% safe, you should unplug your internet connection and throw your hard drive out of the window.
rickysio is offline   Reply With Quote
Old 10th May 2010, 10:57   #3
ZeDestructor
Multimodder
 
ZeDestructor's Avatar
 
Join Date: Feb 2010
Posts: 161
ZeDestructor has yet to learn the way of the Dremel
Well, at least we should expect the AV makers to patch themselves up eventually
ZeDestructor is offline   Reply With Quote
Old 10th May 2010, 11:01   #4
GFC
Multimodder
 
Join Date: Nov 2008
Posts: 118
GFC has yet to learn the way of the Dremel
Biggest anti virus and firewall is yourself. If you go to azi0npr0nx0x all day long - well... Then you might need a bit more than a strong anti virus.
GFC is offline   Reply With Quote
Old 10th May 2010, 12:41   #5
ripmax
Supermodder
 
ripmax's Avatar
 
Join Date: Apr 2010
Location: UK
Posts: 308
ripmax can run Crysisripmax can run Crysisripmax can run Crysisripmax can run Crysisripmax can run Crysisripmax can run Crysisripmax can run Crysisripmax can run Crysisripmax can run Crysisripmax can run Crysisripmax can run Crysis
Just be carfull when browsing, use firefox with no script and don't download anything you don't trust.
ripmax is offline   Reply With Quote
Old 10th May 2010, 13:23   #6
B1GBUD
A Paragon of Virtue.... Apparently
 
B1GBUD's Avatar
 
Join Date: May 2008
Location: Guildford
Posts: 2,213
B1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming SaiyanB1GBUD is a Super Spamming Saiyan
Yay for MS Security Essentials!
__________________
Teh unofficial Bit-Tech proof reader
Quote:
Originally Posted by Teelzebub View Post
( Kid you dont want either only bud is any good lol )
B1GBUD is offline   Reply With Quote
Old 10th May 2010, 13:48   #7
EvilRusk
Multimodder
 
Join Date: Jan 2006
Location: Arrg Yarrg
Posts: 105
EvilRusk has yet to learn the way of the Dremel
Quote:
Originally Posted by rickysio
To be 100% safe, you should unplug your internet connection and throw your hard drive out of the window.
But then anyone could just pick up your hard drive and walk off with it!

Anyway, since the biggest danger to any pc is the user, good practice should still help with this one.

Also, how does the "bad" code get onto the system with the "good" code in the first place? Wouldn't it be caught in a file scan?
EvilRusk is offline   Reply With Quote
Old 10th May 2010, 13:53   #8
Psytek
Multimodder
 
Join Date: Dec 2008
Posts: 159
Psytek has yet to learn the way of the Dremel
Anyone who thought their anti virus was protecting them was just deluding themselves.

For this software to get on your computer, you'd have to download and run it, just like 99% of other malware, and anti-virus software does nothing to stop that.

UAC is a step in the right direction, but let's be honest, people are too narcissistic to ever stop and think "maybe I've just downloaded a bad program, I should double check where I got it from is legitimate" ... everyone just turns UAC off and installs every exe they receive in an e-mail that says 'click me to speed up your computer'.
Psytek is offline   Reply With Quote
Old 10th May 2010, 14:03   #9
aussiebear
Minimodder
 
Join Date: Nov 2008
Location: Sydney, Australia
Posts: 36
aussiebear has yet to learn the way of the Dremel
Quote:
Originally Posted by rickysio View Post
Now my PC is ever safe.

Like it ever was.

To be 100% safe, you should unplug your internet connection and throw your hard drive out of the window.
The problem with Windows users is that they have not been told what good security practice is. The "install AV; set and forget" is downright sloppy.

You don't need AV when you change the default approach from:
"Default Allow"; (Allow ANYTHING to run.)
to
"Default Deny". (Only allow what you need and nothing more.)

* Get the edition of Windows with Software Restriction Policy (SRP) or AppLocker. Set it to deny everything except for the apps you need to work with. (So your Limited/Restricted account can read and write in its assigned folders; but not allowed to execute any random code in those areas. Only Program Files or Windows folders are allowed to have executables running by default.)

* Use Limited/Restricted User for day-to-day usage.
(The reason is because you don't have write access to Program Files or Windows folders. Only Read and Execute.)

* Only use Administrator account for maintenance, troubleshooting, etc.
(This is from the Linux/Unix way. Using root for day-to-day computer use is considered bad practice and looked down upon.)

* Be strict in where you get your software from. If you don't know where it came from (untrusted or unverified source). Don't run it; just delete it.

...I have tested this approach against real drive-by downloads and such with various folks from business and home. It works. Malware doesn't infect if it can't run. (Malware is just software written for a purpose. You're just preventing execution of it with SRP.)

Breaking bad computing habits and replacing them with effective practices is the key.

The AV approach is the dumbest, most insecure way to computer security. It has never been an effective method of prevention against real world attacks.
aussiebear is offline   Reply With Quote
Old 10th May 2010, 14:44   #10
Redbeaver
The Other Red Meat
 
Redbeaver's Avatar
 
Join Date: Feb 2006
Location: Ottawa, Canada
Posts: 1,777
Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!Redbeaver - it's over 9000!!!!!!!!1!1!1!!!
Quote:
Originally Posted by aussiebear
[The AV approach is the dumbest, most insecure way to computer security. It has never been an effective method of prevention against real world attacks.
but it's a good first step.
__________________
Ophelia
ASUS P5Q Pro Turbo - Q6600 - 4GB DDR2 - NVIDIA 8800GTS 640 - WD Black 2x320Gb RAID-0 - Silverstone TJ-06 [Modded]
Perseus
ASUS Z97i-Plus - 4670K - 8GB DDR3 - Zotac GTX 970 - Crucial MX100 256GB - Corsair 250D [Modded]
www.pecelayam.com
Redbeaver is offline   Reply With Quote
Old 10th May 2010, 14:56   #11
paisa666
I WILL END YOU!!!
 
paisa666's Avatar
 
Join Date: Mar 2009
Location: Medellin, Colombia
Posts: 805
paisa666 can run Crysispaisa666 can run Crysispaisa666 can run Crysispaisa666 can run Crysispaisa666 can run Crysispaisa666 can run Crysispaisa666 can run Crysispaisa666 can run Crysispaisa666 can run Crysispaisa666 can run Crysis
like i always have said.

The best way to be protected againts virus its common sense.. that's all you need

(just dont click on that "you won money" or "hey look my pics at www.face-book/virus.exe") DAMN IT DONT DO IT
__________________
Thermaltake 650W | AMD Phenom X4 9850 | XFX HD 5870 | (BFG 9800GTX ready for PhysX) | 4GB 800 RAM | 2 TB Samsung HDD & 500 GB MAXTOR HDD | MSI K9A2 Platinum | 5.1 Logitech Sound System |
paisa666 is offline   Reply With Quote
Old 10th May 2010, 15:02   #12
Shagbag
All glory to the Hypnotoad!
 
Join Date: Nov 2006
Location: /dev/null
Posts: 320
Shagbag has yet to learn the way of the Dremel
Security is a process, not a product.
__________________
Worth thinking about: do Firefox exploits affect non-Windows users?
Shagbag is offline   Reply With Quote
Old 10th May 2010, 15:52   #13
rickysio
N900 | HJE900
 
Join Date: Jun 2009
Posts: 964
rickysio has yet to learn the way of the Dremel
Best security?

Lock the user out of the room where the PC is housed.
rickysio is offline   Reply With Quote
Old 10th May 2010, 17:18   #14
Fordy
Multimodder
 
Join Date: Feb 2010
Location: Dorset, England
Posts: 161
Fordy has yet to learn the way of the DremelFordy has yet to learn the way of the DremelFordy has yet to learn the way of the Dremel
Ha, I love how there's just a subtle picture of some of the code

(Could be code for anything, but y'know.. The effects priceless )
__________________
Fordy
HTPC Project Log
Fordy is offline   Reply With Quote
Old 10th May 2010, 18:06   #15
Arj12
Multimodder
 
Join Date: May 2010
Location: Leicester, England
Posts: 106
Arj12 has yet to learn the way of the Dremel
hmmm, what exactly am I doing reading all these articles on bit-tech when I could be picking up a virus at any time ! :P
How to stop your pc from getting infected : use antibacterial wipes!!
Arj12 is offline   Reply With Quote
Old 10th May 2010, 19:47   #16
mjm25
Supermodder
 
mjm25's Avatar
 
Join Date: Jan 2009
Location: Kent, England
Posts: 507
mjm25 has yet to learn the way of the Dremelmjm25 has yet to learn the way of the Dremelmjm25 has yet to learn the way of the Dremelmjm25 has yet to learn the way of the Dremelmjm25 has yet to learn the way of the Dremel
The old switcheroo!
__________________
EP45-UD3R, QX6800, 8GB Ballistix 6400 4-4-4-12, Radeon 6990, All in an Arc!
mjm25 is offline   Reply With Quote
Old 10th May 2010, 20:41   #17
shanky887614
Multimodder
 
Join Date: May 2009
Posts: 203
shanky887614 has yet to learn the way of the Dremel
wouldnt a good firewall stop this?

comodo blocks everything from running (i admit it wouldnt work for noobs becasue they would be worse off)
but it treats everything as a virus unless you sepcify otherwise and it asks you everytime it tries to accses anything like system settings unless you allow that program to do it
shanky887614 is offline   Reply With Quote
Old 10th May 2010, 23:48   #18
LordPyrinc
Legomaniac
 
LordPyrinc's Avatar
 
Join Date: Mar 2008
Location: USA
Posts: 567
LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.LordPyrinc is the Cheesecake. Relix smiles down upon them.
For the bulk of the 'buy and use computer' users out there, they need a robust AV software. Even still that does not make them safe. Educating these users helps, but many don't have the time or the basic awareness to care about security notifications. The threats will continue to evolve and even us that are somewhat savy may find themselves vulnerable to attack.

Running as a non-admin account is probably the best defense with or without AV software.
__________________

Intel i7-920 @ 2.66GHz - Corsair Vengeance 16GB DDR3 @ 1600MHz - Windows7 64bit
2 x 150GB WD VelociRaptor HDs (RAID 0) - 1TB WD 7200 rpm HD - 60GB OCZ SSD - 1TB WD External USB HD
2 x EVGA GeForce GTX 660Ti 2GB Superclocked (Dual SLI) - Razer BlackWidow Ultimate KB
Cooler Master HAF 922 - Antec 850W TruePower Quattro - 27" Samsung S27B550 LED Display
LordPyrinc is offline   Reply With Quote
Old 11th May 2010, 23:19   #19
RichCreedy
Hey What Who
 
RichCreedy's Avatar
 
Join Date: Apr 2009
Location: lost in the middle of lincolnshire
Posts: 4,340
RichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming Saiyan
if i read the article correctly, this particular exploit would work wether you are an admin user or a limited user, so in this case running as a limited account wouldnt matter, it would infect you
__________________
if there are errors in my messages, its because my brain is to far ahead of my hands
RichCreedy is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 23:59.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.