Drew Community  

Go Back   Drew Community > General Forums > Technology Discussion
uLogin ID  
Password
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 08-01-2010, 10:16 AM
Rachel B. Posner's Avatar
Rachel B. Posner Rachel B. Posner is offline
Junior Drewid
 
Join Date: Apr 2007
Posts: 83
Default Nasty infection

My laptop got hit with "Security Tool," last night. This is a nasty bit of work disguised as an anti-virus program. It was a real mess and it took my Dad 2 hours to get rid of it.

The disappointment was F-PROT missed it entirely.
__________________
Rachel Posner
Reply With Quote
  #2  
Old 08-01-2010, 02:20 PM
Daniel J. Rohe Daniel J. Rohe is offline
Squirrel
 
Join Date: Jun 2005
Posts: 11
Default

hey rachel
Reply With Quote
  #3  
Old 08-02-2010, 10:47 PM
Hezekiah Michael Sudol's Avatar
Hezekiah Michael Sudol Hezekiah Michael Sudol is offline
Ranger Cub
 
Join Date: Apr 2007
Posts: 44
Default

I've had infections that F-Prot has missed too. I mostly use just Spybot and Avira Antivir now--Avira (which gives its full antivirus protection for free and doesn't come bundled with anything other than advertisements for its professional version that costs money) seems to find a lot of things that F-Prot doesn't.
__________________
Hezekiah Michael Sudol
Philosophy major
Physics minor
Webmaster, Drew Alliance
Reply With Quote
  #4  
Old 08-05-2010, 01:14 PM
Paul R. Coen's Avatar
Paul R. Coen Paul R. Coen is offline
Moderator
 
Join Date: Jun 2005
Location: Madison, NJ
Posts: 140
Default

Sorry to hear that. The antivirus industry (overall) is kind of a mess now, and the biggest issue is malicious software. Most recent evaluations show that the major and minor players are not doing a particularly good job in catching certain kinds of malicious applications. The "Zeus" trojan, for example, which is really aimed at stealing banking information, is really hard to detect.

There's also a recent trend to using the Windows IME functionality to infect machines. If we actually had people logging into their computers as standard users (requiring that you log in as an administrator to install software), there'd be less of a problem. I'm not sure how happy people would be if we did that across the board.

One thing to keep in mind - we use Zenworks to distribute F-prot updates. If something breaks ZCM breaks on a workstation, it's not going to get the updates.

F-Prot actually does reasonably well in tests. However, if something is delivered (for example) via a malicious PDF file, it starts getting very difficult to catch. Once something is running on a system and loads with the operating system, it can be impossible to detect without booting off of either a Linux or Windows PE boot environment and scanning the drive. Something that's loaded with the operating system can intercept attempts to detect it. And it can only detect things it knows about. So someone's got to see it and report it before it's detected.

Another point - the more comprehensive the security application is, the more of an impact it has on the computer. I've seen some security packages slow computers down well beyond what a lot of users would think was reasonable, especially slightly older machines.

The biggest up and coming issue over the past year or two have been third party applications like Adobe Flash and Acrobat and Apple Quicktime. They don't have the greatest update mechanisms (Adobe Flash used to only check on reboot - and you have two copies, one for IE and one for "other browsers", and Apple's standard installer defaults to installing additional applications which may have their own security issues). At the point that you can do things like tell a "data file" to execute code (for example, the PDF specification has a mechanism to do that), you've got a problem. The Sun (now Oracle) Java JVM has been problematic for similar reasons.

One place F-Prot doesn't do well in central monitoring (reporting infections back). That would require buying a package that costs considerably more, and that money isn't available in the current IT budget. It would be handy, though, since we could warn people about infections or potentially quarantine computers on our campus network until the machine is disinfected (if it's combined with Network Access Control).

Even "legit" web sites have become a problem - Samsung (for example) had a small web server hacked in the last year or so and it was serving up malicious content.

One thing that's helped somewhat is that I use a Firefox add-on called "NoScript". It can be annoying to set up, but it at least prevents javascript from executing by default if you land on a web site you don't mean to end up on. The biggest issue is that you often need to temporarily disable it just before completing an online purchase, since it can interfere with the redirection for the credit card authorization.
Reply With Quote
  #5  
Old 08-16-2010, 01:45 PM
Jennifer A. Heise Jennifer A. Heise is offline
Junior Drewid
 
Join Date: Aug 2005
Posts: 108
Default

Re: intensive A-V software slowing the machine down... Yes, I put F-Prot on my Vista laptop (Vista was what it came with) and it's bogged down quite a bit. I'm thinking of changing to a different A-V program at home, maybe finding one that works better for the kind of Internet use I do.

We had a rash of infections in our offices at the beginning of the year with fake security tool credit card capture software, and we never could figure out what the common factor was; nobody seemed to be going to specific websites or downloading specific PDFs or programs. Pain in the tuchus. Thank goodness we can get rid of this stuff just by re-imaging the machines!
__________________
--Jennifer Heise
"Comment is free, but facts are on expenses." - Tom Stoppard
Reply With Quote
  #6  
Old 08-16-2010, 04:01 PM
Rachel B. Posner's Avatar
Rachel B. Posner Rachel B. Posner is offline
Junior Drewid
 
Join Date: Apr 2007
Posts: 83
Default

Quote:
Originally Posted by Jennifer A. Heise
Re: intensive A-V software slowing the machine down... Yes, I put F-Prot on my Vista laptop (Vista was what it came with) and it's bogged down quite a bit. I'm thinking of changing to a different A-V program at home, maybe finding one that works better for the kind of Internet use I do.
My dad uses Symantec (Norton) 360 at home. It didn't slow things too much until he enabled auto backup.
__________________
Rachel Posner
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 09:29 AM.


Powered by vBulletin® Version 3.5.7
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.

Drew University is not responsible for the content of posts made on this site. All posts and comments reflect the opinion of the author.