I received a warning from Google ......
in [Anti-Virus]
|
From: ~BD~ on 11 Aug 2010 16:56 Wolf K wrote: > Someone wrote: >>>> I've always been led to believe that 'https' (padlocked) sites are safe >>>> to use, > > Not so. It just means that messages exchanged between it and your > computer are encrypted. This makes the mutual messaging "safe" in the > sense that an outsider who intercepts the messages will be unable to > read them without some effort (usually more than the likely payoff is > worth.) > > But the website itself may still be or contain evil. > > cheers, > wolf k. Thank you 'Wolf K' - your comment appreciated.
From: Ant on 11 Aug 2010 20:45 "~BD~" wrote: > Ant wrote: >> "You have requested an encrypted page that contains some unencrypted >> info...". >> >> That's true because the video link there is hosted on screencast.com >> which is fetched by http rather than https. > > Thank you for explaining that. My real concern was that, perhaps, > personal details, including credit card number, might be accessible by > third parties. Never mind 3rd parties, I wouldn't trust the site itself with details like that. > Btw, if you had physical access to a Windows machine, is there a simple > check you could carry out to quickly determine if the machine had, > indeed, been compromised? (other than scanning with anti-malware > programmes). No.
From: FromTheRafters on 11 Aug 2010 21:27 "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message news:RoCdnRN8Ae0B1P_RnZ2dnUVZ8vGdnZ2d(a)bt.com... [...] > Btw, if you had physical access to a Windows machine, is there a > simple check you could carry out to quickly determine if the machine > had, indeed, been compromised? (other than scanning with anti-malware > programmes). Yes, but not very simple really. The problem is that you could *not* determine that it had *not* been compromised. Most malware is going to want to "do stuff" with the computing power it is stealing from you, if it does that stuff - you know the machine has been compromised. IOW, if it spews out malicious packets when you sufficiently emulate a networking environment for it (or use a "test network"), that's a pretty good indicator. However, If it doesn't do any obvious stuff, it doesn't mean anything at all.
From: ~BD~ on 12 Aug 2010 13:30 FromTheRafters wrote: > "~BD~"<BoaterDave~no.spam~@hotmail.co.uk> wrote in message > news:RoCdnRN8Ae0B1P_RnZ2dnUVZ8vGdnZ2d(a)bt.com... > > [...] > >> Btw, if you had physical access to a Windows machine, is there a >> simple check you could carry out to quickly determine if the machine >> had, indeed, been compromised? (other than scanning with anti-malware >> programmes). > > Yes, but not very simple really. The problem is that you could *not* > determine that it had *not* been compromised. Most malware is going to > want to "do stuff" with the computing power it is stealing from you, if > it does that stuff - you know the machine has been compromised. > > IOW, if it spews out malicious packets when you sufficiently emulate a > networking environment for it (or use a "test network"), that's a pretty > good indicator. However, If it doesn't do any obvious stuff, it doesn't > mean anything at all. Hmmmmm! :) Thanks for that. 'Ant' said quite simply, "no"! I said - on another group:- > I wonder how many realise that installing an anti-virus programme > > *after* a machine has already been compromised might well give > > comfort to the user ...... but provide absolutely NO protection from > > malware! Dustin Cook said in reply:- "*That's not true, BD*. In fact, if the malware is known to the antivirus app, there's a very good chance it can be removed without harm to the system." ** I'd also said:- > > In other words, today's 'nasties' can (and do) protect themselves > > when subjected to what they consider an attack! Bad news! Dustin Cook responded:- "They don't do anything "new" today that they couldn't do back in the 80s and 90s. "rootkit" on windows is another word for stealth, it just sounds better in newsprint." ** /I/ think *Dustin* is wrong. I believe that installing an anti-virus programme on an already compromised machine is, in all probability, a futile exercise. I'd be interested to learn the views of others on this particular matter. -- Dave
From: FromTheRafters on 12 Aug 2010 15:39
"~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d(a)bt.com... > FromTheRafters wrote: >> "~BD~"<BoaterDave~no.spam~@hotmail.co.uk> wrote in message >> news:RoCdnRN8Ae0B1P_RnZ2dnUVZ8vGdnZ2d(a)bt.com... >> >> [...] >> >>> Btw, if you had physical access to a Windows machine, is there a >>> simple check you could carry out to quickly determine if the machine >>> had, indeed, been compromised? (other than scanning with >>> anti-malware >>> programmes). >> >> Yes, but not very simple really. The problem is that you could *not* >> determine that it had *not* been compromised. Most malware is going >> to >> want to "do stuff" with the computing power it is stealing from you, >> if >> it does that stuff - you know the machine has been compromised. >> >> IOW, if it spews out malicious packets when you sufficiently emulate >> a >> networking environment for it (or use a "test network"), that's a >> pretty >> good indicator. However, If it doesn't do any obvious stuff, it >> doesn't >> mean anything at all. > > Hmmmmm! :) Thanks for that. 'Ant' said quite simply, "no"! He answered the question I think that you *meant* to ask. "Is there a simple way to show a system is *not* compromised once you have physical access to the machine aside from using antimalware antivirus tools?" - and since absence of evidence is not evidence of absence the answer is indeed no - even with AM/AV. > I said - on another group:- > > > I wonder how many realise that installing an anti-virus programme > > > *after* a machine has already been compromised might well give > > > comfort to the user ...... but provide absolutely NO protection > > > from > > > malware! True, it could be installed and be kept from accessing certain areas by a rootkit. > Dustin Cook said in reply:- > > "*That's not true, BD*. In fact, if the malware is known to the > antivirus app, there's a very good chance it can be removed without > harm to the system." True, and the reason is that most of those apps will attempt to remove known installed malware before it actually installs itself on the machine. Many of them check for rootkits before allowing installation to proceed. So, what Dustin said was true, but your eyes might have glazed over when he wrote the word "known". The Virus Description Language used to create the definitions to detect and identify a malware item also includes clues as to how to go about removing the identified malware. > I'd also said:- > > > > In other words, today's 'nasties' can (and do) protect themselves > > > when subjected to what they consider an attack! Bad news! > > Dustin Cook responded:- > > "They don't do anything "new" today that they couldn't do back in the > 80s and 90s. "rootkit" on windows is another word for stealth, it just > sounds better in newsprint." True again, some actual viruses have in the past used some of the same tricks that are essential to rootkit technology. The term "rootkit" is just a renaming of these stealth methods that are used similarly to the unix style tool replacement kits. That is to say that in addition to stealing your computer power, they steal more in order to take measures to hide that fact from the user (or admin, or even the system itself). > /I/ think *Dustin* is wrong. I believe that installing an anti-virus > programme on an already compromised machine is, in all probability, a > futile exercise. They used to say that you shouldn't install an AV on a compromised machine. Dustin didn't actually say otherwise, but he *did* say that known malware would probably be removed without a problem when an attempt is made to install the AV. My guess is that he considers the scan to be part of the install process, and I believe it is these days. > I'd be interested to learn the views of others on this particular > matter. Are you asking if flatten and rebuild is actually the *only* way to be absolutely sure? Keep in mind that most people are content to be 'reasonably sure' after scanning their system and installing their AV program. If reasonably sure isn't good enough for someone, I recommend a robust back-up/restore method so that 'flatten and rebuild' does not seem so daunting as it *does* provide better confidence. Another thing, it would be important to know what you mean by "compromised". Some malware is pretty lame, would it constitute a compromise to you if it sent spam but had no command and control network activity? Hell, sometimes all you need to do is hit the delete button to send a malware to the bit bucket. |