OT: anti-malware progs ineffective

[Jim Thompson]

On Fri, 28 Jan 2005 23:29:18 +0000, Terry Pinnell
<terrypinDELETE@THESEdial.pipex.com> wrote:

Mark Jones <abuse@127.0.0.1> wrote:

I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html

WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.

I just fired it up. I'm impressed. I've tested my banks and
credit cards and everything seems AOK.

I guess I need to try Amazon, since I buy a lot of Stuff from them.

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.

 

[Jim Thompson]

On Sat, 29 Jan 2005 01:41:52 -0000, "john jardine"
<john@jjdesigns.fsnet.co.uk> wrote:

"Jim Thompson" <thegreatone@example.com> wrote in message
news:ivnlv0lf5mn07mdbpo7652t1lpscpje7vd@4ax.com...
On Fri, 28 Jan 2005 23:29:18 +0000, Terry Pinnell
terrypinDELETE@THESEdial.pipex.com> wrote:

Mark Jones <abuse@127.0.0.1> wrote:

I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html

WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.

I just fired it up. I'm impressed. I've tested my banks and
credit cards and everything seems AOK.

I guess I need to try Amazon, since I buy a lot of Stuff from them.

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.


Firefox. Same here!.
Loaded and running with no problem. Haven't had an intrusion in the past
hour.
I'll give it a couple of days and try the Thunderbird.
regards
john

For E-mail I'm going to stick to my venerable Eudora Pro v3.0.5

I don't get spam simply because I whitelist every site I do business
with.

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.

 

[keith]

On Fri, 28 Jan 2005 18:01:20 -0700, Jim Thompson wrote:

On Fri, 28 Jan 2005 23:29:18 +0000, Terry Pinnell
terrypinDELETE@THESEdial.pipex.com> wrote:

Mark Jones <abuse@127.0.0.1> wrote:

I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html

WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.

I just fired it up. I'm impressed. I've tested my banks and
credit cards and everything seems AOK.

I rather liked FireFOx .8 and I like the Windows 1.0 version. I
"upgraded" from .8 to .9something on this system and it's been a mess. If
I type a double-quote to search for a string it aborts. Sometimes it
simply hangs the UI for ten minutes. I gotta install 1.0, but so far it
hasn't gone well. ...just a warning abot V0.9.

I guess I need to try Amazon, since I buy a lot of Stuff from them.

I've had no problems with the Win version and I've beeeen using it for at
least six months.

--
Keith

 

[Don Taylor]

kensmith@green.rahul.net (Ken Smith) writes:

In article <2j5kv05pqvarkhnvn2nfu64248nl2ih6er@4ax.com>,
Terry Pinnell <terrypinDELETE@THESEdial.pipex.com> wrote:
I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly.
....
It is an indication of how hard it is to remove the malware programs
without removing applications or Windows its self. There are several
things working against the writers of such software:

(1) You can't simply remove any software that appears to send data over
the network without removing portions of Windows.

(2) You can't simply remove any "strange" software since different users
have different applications installed and there is a wide variation in
what portions of Windows are installed.

(3) There is no direct way to tell the difference between a newer DLL
that has some bugs removed and one that has malware added.

I think what may be the best way to solve the problem is to place Windows
on a disk as the C drive, install all the applications from the shrink
wrapped boxes and then disconnect the write wire of the C drive. From
that point on, all the data goes on the D drive or it goes nowhere at all.

How much of this could we fix using hardware? (since fixing it
using software doesn't seem to be doing a particularly great job)

We put an itty bitty board between the cable and the drive.

We have to use a bit of software to move things around on the disk.
And then we flip "the big red switch" and large segments of the
drive are write protected.

Any attempt to write over the top of most of the executables fails.

I realize this isn't a complete solution to the problem. But it
seems like it might fence in a smaller area for possible damage.
And I realize we would have to provide some controlled method to
allow updates to the executables.

The latest attempt by Microsoft tries to enforce rules against
executing what lies in the area marked as data. This tries to
enforce rules against writing in areas marked as read-only.

 

[Mark Jones]

Terry Pinnell wrote:

Mark Jones <abuse@127.0.0.1> wrote:


Terry Pinnell wrote:

Mark Jones <abuse@127.0.0.1> wrote:



I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html


WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.



Terry, you might want to try the PrefBar extension. It will allow
FireFox to easily control most of the nifty features, and allow you to
spoof your "user-agent" string (effectively making the website think
you are using another browser. Check it out: http://prefbar.mozdev.org/

Yes, there are a small number of heavily-tweaked websites which
FireFox doesn't like. But new extensions are being made daily and
FireFox is rapidly gaining popularity, so web designers are being
forced to provide compatible support. It's only a matter of time
before it surpasses IE in terms of usage. Sure everyone "has" to have
IE on their box, but nobody is going to be using it.


Thanks, Mark, duly installed. I started this thread as 'OT', so guess
it's now at least (OT)˛. So let's push it and try (OT)ł...or I suppose
strictly that should that be OłT? <g

Am I misusing PrefBar or expecting too much for it to handle
http://www.accuradio.com/# like MSIE6 did? I chose 'IE 6.0 WinXP' from
that UA drop-down, went to the page, but cannot get a station to play.

Hmmm, I can't get that page to work either. It is using some funky Flash
plugins though, that's probably where the issue lies. The site does have a
section they say is for "macintosh and netscape users" which is
http://www.accuradio.com/mp3/default.htm - this works for me. The "stations" are
simply playlist files, which redirect to IP addresses - Winamp
(http://www.winamp.com) will play these just fine. Alas, not a wide selection
there though.

For that matter, Winamp's built-in streaming selection is 500x larger than this
website, perhaps try that.

 

[Ken Smith]

In article <_OWdneZoW8wQoWbcRVn-hg@scnresearch.com>,
Don Taylor <dont@agora.rdrop.com> wrote:
[..me..]

I think what may be the best way to solve the problem is to place Windows
on a disk as the C drive, install all the applications from the shrink
wrapped boxes and then disconnect the write wire of the C drive. From
that point on, all the data goes on the D drive or it goes nowhere at all.

How much of this could we fix using hardware? (since fixing it
using software doesn't seem to be doing a particularly great job)

We put an itty bitty board between the cable and the drive.

We have to use a bit of software to move things around on the disk.
And then we flip "the big red switch" and large segments of the
drive are write protected.

yes,
With a modest sized CPLD, you could have a range of tracks protected.
That would do about as well as protecting a whole drive.

Any attempt to write over the top of most of the executables fails.

If you partition things right, you can protect the whole install and still
allow the rest of the disk to serve as a logical D drive to be written.

I realize this isn't a complete solution to the problem. But it
seems like it might fence in a smaller area for possible damage.
And I realize we would have to provide some controlled method to
allow updates to the executables.

Why would we have to allow updates at all? I've never updated the
software in my TV or toaster.

The latest attempt by Microsoft tries to enforce rules against
executing what lies in the area marked as data. This tries to
enforce rules against writing in areas marked as read-only.

Many years ago, I disassembled a large chunk of DOS in order to figure out
a bug. After that, I have never thought Microsoft would ever make bug
free software. It was obviously patches to the patches on the patches
placed over someones not too bad of code. The newer the stuff the worse
the coding.

BTW: I did figure out the bug and a way around it so that the 8259 didn't
get munged by them.


--
--
kensmith@rahul.net forging knowledge

 

[Kitchen Man]

On 28 Jan 2005 11:23:37 -0800, "JeffM" <jeffm_@email.com> wrote:

In 2005, there is no more place for dweebs who use this M$-centric junk
than there is a place for pages done in FrontPage.

The guy who does our local web design uses Front Page. I am pushing
hard to get him to try Adobe GoLive.

--
Al Brennan

 

[Ken Smith]

In article <pan.2005.01.29.04.19.21.358059@att.bizzzz>,
keith <krw@att.bizzzz> wrote:
[...me...]

That is sort of what I suggested, but I don't think you can trust the
downloaded version of a program for very long. The next time your
computer gets hit, the virus may modify the downloaded files too.

They normally infect the installed files, not the raw downloaded files.

If the download file is a selfextracting file you run, it can be infected.
Many viruses watch what you run and infect the files you exec. If you
save the file and don't exec the saved on the virus may not see it to
infect it.

Every time you create something you don't want to lose, write it onto a
CD.

...along with all the malware already installed.

The "it" I mean is specifically what you created ei: the file you
produced. If it gets infected before you save it to CD you lose it but
assuming that you detect the virus, all the stuff before that point is
safe.

But that backup will re-infect all else after you reinstall.

I still don't see your point or perhaps you don't see mine. I'll try an
example:

(1)
I make a documentment called Physics.html

(2)
I save Physics.html to the CD.

(3)
Months pass and lots of things happen

(4)
My computer gets infected

(5)
I clean off my system and re-install from safe media

(6)
I copy Physics.htlm from the CD

At this point my computer is not infected and I have Physics.html back.

My wifes computer is less than 4 months from its last re-install and
already stuff doesn't work. Re-installing is a majop pain because it uis
an upgrade version so it wants to keep all the malware or refuses to
install. When it is installed, it is complete virus bait and has to be
patched, patched and patched again before the network is used.

It sounds like you have some bit-rot going on there. Have you totally
eliminated the possibility of a hardware fault? I haven't had much
problem, well, at least until I tried installing PDF Reader 7.0, whcih
pretty much trashed all other versions, and itself. Since, downloads
have been iffy.

It is hard to completely prove that there is not a hardware fault but I
don't think there is one. The computer always seems to work fine until it
is connected to the network. If I install Win98 on it, it works fine even
when connected to the Network. Neither of these tests have been long
enough to be sure.

The failures seem to follow a pattern. The first one observed is usually
that the machine will not shut down or that it runs very slow. When I
check it after that there is usually an extra *.VXD file.



--
--
kensmith@rahul.net forging knowledge

 

[keith]

On Sat, 29 Jan 2005 17:04:49 +0000, Ken Smith wrote:

In article <pan.2005.01.29.04.19.21.358059@att.bizzzz>,
keith <krw@att.bizzzz> wrote:
[...me...]
That is sort of what I suggested, but I don't think you can trust the
downloaded version of a program for very long. The next time your
computer gets hit, the virus may modify the downloaded files too.

They normally infect the installed files, not the raw downloaded files.

If the download file is a selfextracting file you run, it can be infected.
Many viruses watch what you run and infect the files you exec. If you
save the file and don't exec the saved on the virus may not see it to
infect it.



Every time you create something you don't want to lose, write it onto a
CD.

...along with all the malware already installed.

The "it" I mean is specifically what you created ei: the file you
produced. If it gets infected before you save it to CD you lose it but
assuming that you detect the virus, all the stuff before that point is
safe.

But that backup will re-infect all else after you reinstall.

I still don't see your point or perhaps you don't see mine. I'll try an
example:

Ok...

(1)
I make a documentment called Physics.html

(2)
I save Physics.html to the CD.

(3)
Months pass and lots of things happen

I edit Physics.html to add the proof of the existance of God.

(4)
My computer gets infected

I find more proof and in my research I've found the secret of cold
fusion.

(5)
I clean off my system and re-install from safe media

(6)
I copy Physics.htlm from the CD

At this point my computer is not infected and I have Physics.html back.

....and lost the proof of God *and* the secrets of cold fusion. If you
saved the proof of God to CD *after* editing Physics.html, at least you
have that. If you saved after you added the secrets of cold fusion, that
copy is infected and your system is now reinfected.

My wifes computer is less than 4 months from its last re-install and
already stuff doesn't work. Re-installing is a majop pain because it
uis an upgrade version so it wants to keep all the malware or refuses
to install. When it is installed, it is complete virus bait and has
to be patched, patched and patched again before the network is used.

It sounds like you have some bit-rot going on there. Have you totally
eliminated the possibility of a hardware fault? I haven't had much
problem, well, at least until I tried installing PDF Reader 7.0, whcih
pretty much trashed all other versions, and itself. Since, downloads
have been iffy.

It is hard to completely prove that there is not a hardware fault but I
don't think there is one. The computer always seems to work fine until
it is connected to the network. If I install Win98 on it, it works fine
even when connected to the Network. Neither of these tests have been
long enough to be sure.

The failures seem to follow a pattern. The first one observed is
usually that the machine will not shut down or that it runs very slow.
When I check it after that there is usually an extra *.VXD file.

Could be infected. Slow usually means it is.

You say you installed Win98. On a clean partition? Is the MBR intact?

--
Keith

--

 

[keith]

On Sat, 29 Jan 2005 14:40:06 -0600, Don Taylor wrote:

kensmith@green.rahul.net (Ken Smith) writes:
In article <_OWdneZoW8wQoWbcRVn-hg@scnresearch.com>,
Don Taylor <dont@agora.rdrop.com> wrote:

<snip>

Probably because the quality of toasters is orders of magnitude better
than what they call software today. I spent a decade of my life
working on what would be called 6-sigma software today. Roughly that
translates into you and two dozen of your friends using this all day
every day for fifty years and there still be better than a 90% chance
that not a one of you would have ever seen a bug, no matter how small.

Shuttle OBS?

--
Keith

 

[JeffM]

There's an Australian gal, a MS employee, who has a really
good website devoted to getting around the stupidity of MS Word:
http://www.shaunakelly.com/word/
Al Brennan (Kitchen Man)

Cool site. From http://www.shaunakelly.com/word/trivia/index.html:
**Minimum size for a Word document in Word 2002: 19.5KB.
In Word 95: about 10KB.**

For an RTF it's 148 bytes.

Reminds me of an Excel purchase order form I used to have to use.
Each one took 250kB of my HDD.

 

"john jardine" <john@jjdesigns.fsnet.co.uk> wrote in message
news:ctdnh1$rd3$1@newsg4.svr.pol.co.uk...

"Alex Parkinson" <ahparky@ufl.edu> wrote in message
news:ctdl17$rkg$1@spnode25.nerdc.ufl.edu...
john jardine wrote:
I've got some trash called "Cool web search" on my PC at the
moment.
*Nothing* can remove the core component.
"Spybot" will crash the PC on finding it. Others just acknowledge
that
this
POS is present.
Even the purpose written "CW Shredder" crashes on attempting to
remove
it.

John,

There is an extra program to remove the spyware that crashes
CWShredder.
You can
download it here:
http://www.spywareinfo.com/~merijn/downloads.html

Run this program, then run CWShredder and HijackThis.

Hope it helps,
Alex Parkinson

Thanks Alex.
I ran the prog and it reported No CoolWWW present. Anyway, then ran
Shredder. It found 2 CoolWWWs and removed them without crashing.
Whoopee!
must be on a winner here.

Sometimes CWShredder needs to be run from both Windows and Windows in
safe mode. Certain processes get stopped and it can do it's job.

 

[Pooh Bear]

john jardine wrote:

"Terry Pinnell" <terrypinDELETE@THESEdial.pipex.com> wrote in message
news:2j5kv05pqvarkhnvn2nfu64248nl2ih6er@4ax.com...
I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

Product Adware Fixed
---------------- ------------
Giant AntiSpyware 63%
Webroot Spy Sweeper 48%
Ad-Aware SE Personal 47%
Pest Patrol 41%
SpywareStormer 35%
Intermute SpySubtract Pro 34%
PC Tools Spyware Doctor 33%
Spybot Search & Destroy 33%
McAfee AntiSpyware 33%
Xblock X-Cleaner Deluxe 31%
XoftSpy 27%
NoAdware 24%
Aluria Spyware Eliminator 23%
OmniQuad AntiSpy 16%
Spyware COP 15%
SpyHunter 15%
SpyKiller 2005 15%

So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.
Unsettling.

--
Terry Pinnell
Hobbyist, West Sussex, UK


I've got some trash called "Cool web search" on my PC at the moment.
*Nothing* can remove the core component.
"Spybot" will crash the PC on finding it. Others just acknowledge that this
POS is present.
Even the purpose written "CW Shredder" crashes on attempting to remove it.
Where are all those oh-so-clever-hot-shot-windows-programmers, when they're
needed to do some real, socially useful work?.
By default I'm learning that windows is built on gibberish. It leaks like a
sieve. No amount of updating can ever improve it.

I reckon integrating the GUI environment with the disk operating system it
needs to run was the biggest disaster ever.


Graham

 

[Pooh Bear]

Terry Pinnell wrote:

I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

Product Adware Fixed
---------------- ------------
Giant AntiSpyware 63%

Now purchased by Microsoft !

So the best rated application is bound to go downhill from here on.

"On December 16, 2004, Microsoft announced its acquisition of GIANT
Company Software, Inc., a provider of top-rated anti-spyware and Internet
security products."

http://www.giantcompany.com/

Graham

Webroot Spy Sweeper 48%
Ad-Aware SE Personal 47%
Pest Patrol 41%
SpywareStormer 35%
Intermute SpySubtract Pro 34%
PC Tools Spyware Doctor 33%
Spybot Search & Destroy 33%
McAfee AntiSpyware 33%
Xblock X-Cleaner Deluxe 31%
XoftSpy 27%
NoAdware 24%
Aluria Spyware Eliminator 23%
OmniQuad AntiSpy 16%
Spyware COP 15%
SpyHunter 15%
SpyKiller 2005 15%

So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.
Unsettling.

--
Terry Pinnell
Hobbyist, West Sussex, UK

 

[Pooh Bear]

Terry Pinnell wrote:

I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

Product Adware Fixed
---------------- ------------
Giant AntiSpyware 63%

Follow-up.

Since acquisition by Microsoft - the above ( as Microsoft antispyware )
no longer supports W98SE, ME, 2k or NT !

http://www.microsoft.com/athome/security/spyware/software/currentcustomers.mspx

Read as more income for Microsoft as OS upgrades.


Graham

 

[Don Taylor]

kensmith@green.rahul.net (Ken Smith) writes:

In article <frydnTo5KPs7aWbcRVn-rA@scnresearch.com>,
Don Taylor <dont@agora.rdrop.com> wrote:
kensmith@green.rahul.net (Ken Smith) writes:
Don Taylor <dont@agora.rdrop.com> wrote:
[..me..]
yes,
With a modest sized CPLD, you could have a range of tracks protected.
That would do about as well as protecting a whole drive.

Trying to poke holes in my own idea now, if we can't assume, or get
Microsoft to support, directories not needing to be updated as well
as the files in the directories then we could easily protect xyz.dll
and have the net vandals change the pointer in the directory to the
new infected xyz.dll.

If we simply don't let Microsoft change the registry etc, there is no way
it can change what directories it will use on the next boot. The only
remaining problem would be that the PC could be infected and will remain
so until the next re-boot. Since we don't know the purpose for which a
file is read, we don't know if it is to be execed.

Building a little hardware gadget that would fool Windows into
believing that disk writes had been done and keep Windows running
seems substantially harder than building a little gadget that just
simulates a write failure when some little bit of net scum tries
to scribble on a file that we have decided should be read-only.

This imposes a limit on the benifit we can get from this method but still
it is better than the current situation.

True.

Are there any other ideas for cute small hardware defense or
monitoring projects?

My cable supplier used to watch the constant hammering of his
machines by the net vandals. We discussed the idea of wiring up a
little sound effects machine to the log file of something like Zone
Alarm. The idea was that every time it recorded an intrusion the
horn would go off. When a customer would jump and ask what in the
world that was he would explain it was just another net attack,
"just like is happening to your computers all the time, didn't you
know that?" We thought he might start selling hardware firewalls
if nothing else. (I bought a cheap little plastic imitation of an
English postal box, called the Email Informer. It runs off a usb
port and pops up a flag every time an email message arrives, using
some hook inside of Outlook I imagine. I thought we could reverse
engineer the thing to accomplish a similar goal)

Probably because the quality of toasters is orders of magnitude better
than what they call software today. I spent a decade of my life
working on what would be called 6-sigma software today. Roughly that
translates into you and two dozen of your friends using this all day
every day for fifty years and there still be better than a 90% chance
that not a one of you would have ever seen a bug, no matter how small.

I just had a distressing situation with much the same sort of code. A bug
showed up in code that we fielded about 10 years ago. It caused a little
wringing of hands and a bunch of fast work. I think all of the customers
will have the free upgrades by the end of Feb.

You are fortunate. I found less and less interest in providing the
updates, few seem to care whether something is correct anymore.

But, we still have other issues. We need to allow "updates" on a
second by second basis as Windows runs.

I really don't see why. The updates aren't any better.

"The Registry" inside Windows
now controls most of the behavior of the machine. It has to be
modified on almost literally a keystroke by keystroke basis.

Actually it doesn't have to be modified at all but is often. It remembers
stuff like the last program you ran and the last document you edited. I
can live without my PC remembering any of that. The next time I want to
open a file, I'll tell it the name of the file even if it is the same one.
In exchange for that it can always work.

But finding a way for a cheap hobby project to accomplish this
seems challenging.

90% of that which we don't need to change, and Windows would lay there
on its back with its little legs wiggling in the air if we made the
entire registry read-only.

Cute image but I think thats a bit unrealistic. Windows doesn't write and
then re-read the info in the registry. So long as it doesn't notice that
all writes are futile, I think it could work nicely.

If you can think of a way to accomplish that without using software
I'd certainly consider trying it.

However, there actually are products, Hard Drive Sheriff is one brand,
built for places like the schools, where we are training armies of
little net vandals, that attempt to provide some protection like this.
I believe they keep a hot backup and when one little vandal leaves
the seat and the next one takes over it restores the system from the
hot backup.

Good idea! Not quite full protection though if the hot backup is
writable.

I don't know the low level details of how they did that. But I
thought of buying one just to protect me from myself.

So, what hardware can we feasibly build?
thanks

 

[john jardine]

"Joe" <nuisancewildlife@nospamearthlink.net> wrote in message
news:82wKd.339$Ix.122@newsread3.news.atl.earthlink.net...

"john jardine" <john@jjdesigns.fsnet.co.uk> wrote in message
news:ctdka9$r0u$1@newsg2.svr.pol.co.uk...

"Terry Pinnell" <terrypinDELETE@THESEdial.pipex.com> wrote in message
news:2j5kv05pqvarkhnvn2nfu64248nl2ih6er@4ax.com...
I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

Product Adware Fixed
---------------- ------------
Giant AntiSpyware 63%
Webroot Spy Sweeper 48%
Ad-Aware SE Personal 47%
Pest Patrol 41%
SpywareStormer 35%
Intermute SpySubtract Pro 34%
PC Tools Spyware Doctor 33%
Spybot Search & Destroy 33%
McAfee AntiSpyware 33%
Xblock X-Cleaner Deluxe 31%
XoftSpy 27%
NoAdware 24%
Aluria Spyware Eliminator 23%
OmniQuad AntiSpy 16%
Spyware COP 15%
SpyHunter 15%
SpyKiller 2005 15%

So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.
Unsettling.

--
Terry Pinnell
Hobbyist, West Sussex, UK


I've got some trash called "Cool web search" on my PC at the moment.
*Nothing* can remove the core component.
"Spybot" will crash the PC on finding it. Others just acknowledge that
this
POS is present.
Even the purpose written "CW Shredder" crashes on attempting to remove
it.
Where are all those oh-so-clever-hot-shot-windows-programmers, when
they're
needed to do some real, socially useful work?.
By default I'm learning that windows is built on gibberish. It leaks
like
a
sieve. No amount of updating can ever improve it.
regard.
john



John,

My webroot spysweeper removed a real stubborn version of the coolweb
search
and homepage hijacker. I had to update the original version on the
spysweeper website, but it worked. You may want to try it.

Joe

Thanks Joe, I'll give it a try.
Just as a note ... I was making a comparison of windows system files on my
normal C: hard drive and my reference D: hard drive, which holds an
unsullied copy of everything. (win98)
I found extra files in C:\, to whit ...

C:\windows\VCM\ MSTASK.DLL (size 245,824)
C:\windows\VCM\ MSTASK.EXE (size 118,368)
C:\windows\system\ MSTASK.001 (size 118,784)

(plus a MSTASK.DAT and MSTASK.INI in the internet explorer\uninstall
directory and a extra windows 'help' file MSTASK.GID)

These DLL and EXE files are also (correctly) in C:\windows\system\ as ...
MSTASK.DLL (size 245,760)
MSTASK.EXE (size 118,748)
The odd files in the \VCM\ directory have been tampered with.

I've made suitable changes but expect CoolWWW to remain. There's something
else in there that's not identified. Hope your prog can find it

A few months ago I was on dial-up and easily noticed any unwanted programmes
coming in hence pull the plug. Now with broadband, download speeds are about
150kBytes/sec and any old rubbish can pass through in an instant :-[
regards
john

 

[Fred Abse]

On Sat, 29 Jan 2005 20:00:41 -0700, learner wrote:

Actually, an OS with an integrated GUI has a better chance of being
secure.
..........................<snip>.........................

you would be hard pressed to write a virus that could extract
the address book from an OS/2, Linux, or Mac system and then take over the
OS and propogate itself across a network like the internet. No such thing
as "can't be done" but its pretty close to impossible.

But, in Linux (or any other 'nix), the GUI is totally separate from the
kernel ...

--
Then there's duct tape ...
(Garrison Keillor)

 

[Terry Pinnell]

"Tom Del Rosso" <ng01@att.net.invalid> wrote:

"Terry Pinnell" <terrypinDELETE@THESEdial.pipex.com> wrote in message
news:2j5kv05pqvarkhnvn2nfu64248nl2ih6er@4ax.com...

So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.

Didn't you run Linux? I see you're using Agent now.

No, for better or worse I've a Windows user since its inception.
Changing my default browser was a major act of faith, but no way I'd
contemplate swapping to Linux at this stage!

--
Terry Pinnell
Hobbyist, West Sussex, UK

 

[Kitchen Man]

On Fri, 28 Jan 2005 10:39:41 +0000, Terry Pinnell
<terrypinDELETE@THESEdial.pipex.com> wrote:

I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

Interesting discussion so far. I just went to the Zone Alarm web site
to check out their products. One option is to "scan your computer for
[malware] before downloading...." I pursued that option and got the
message:

"You're using Netscape(Mozilla)! Sorry. This is an ActiveX control, it
will only run in MS Internet Explorer!"

I likes Firefox, yes I do.

--
Al Brennan