From: RayLopez99 on
On Mar 25, 2:25 am, Dustin Cook <bughunter.dus...(a)gmail.com> wrote:
>
> Believe it. I did a service call this afternoon, modern cable modem
> install. The customer declined (yep!) the free router included and opted
> to plug directly into the cable modem via USB instead of the NIC card.
> The customer contacted me due to a "virus" issue they sustained about 3
> hours after going online.
>
> It was a bootlegged windows XP pro system with no service pack; and this
> is the funniest part, actually using the original blacklisted key; which
> is why it had no service packs....Plugged directly into the cable modem,
> bypassing any benefits the router would have offered them (they're
> rebranded linksys routers), slower speed, and a nice antivirus2010XP
> infection.

Slower speed when you don't use a NIC card but use a USB makes sense.
Router would I think have a hardware firewall, but in theory a
software firewall should also do the trick, though I have both running
on my machines.

Good war story, and it shows it's not Windows at fault, but the user.

And the user is pretty dumb, though people like him keep you employed.

RL
From: RayLopez99 on
On Mar 25, 2:29 am, Leythos <spam999f...(a)rrohio.com> wrote:
> If I have serious reason to believe a computer is using pirated software
> I won't touch it - I provide a signed statement of the work we do,
> including anything we suggest, it would leave us liable in the case of
> an audit.

Well you're too cautious. My Vista machine is using what is probably
pirated software in the OS (Vista Ultimate), I would imagine, since it
cost $5 in Bangkok to buy. But it was shrinkwrapped and bought from
an indoor store, not from a vendor in the street (and that's my
defense). But insofar as I can tell, and I've had it several years,
no viruses were in it and nobody else has my personal information--if
they did they would have struck by now. Same goes for most of my
other software. Then these Linux advocates have the GALL to claim
that "Linux is cheaper". Balderdash!

RL
From: RayLopez99 on
On Mar 25, 2:58 am, "FromTheRafters" <erra...(a)nomail.afraid.org>
wrote:
> In short, as I code, I know that computers are very predictable.  If
> your AV program is configured to catch virus "X" then it will catch
> it--and you will not be infected.
>
> ***
> Not *always* the case. Sometimes the signature is in the virus body and
> the self-decryptor has to run in emulation for a time before revealing
> said virus body. If the self-dycryptor has emulation detection
> capability it may fail to reveal the body when it detects that it is
> being *watched*.
> ***

OK, I see.

But the bottom line is that AV vendors have an incentive to hype up
lack of security, and i've not seen it done, ergo,there's no problem
to hype.

Excerpt below verifies what I have said in this thread.

RL

http://threatpost.com/en_us/blogs/future-botnets-031510?utm_source=Threatpost+Spotlight+Email&utm_medium=Email+Marketing+-+CRM+List&utm_campaign=Threatpost+Spotlight&CID=

Considering the stakes in today's security game, gleaning intelligence
from professional attackers is an invaluable experience for
researchers on the other side of the ball. Robert Hansen, a security
researcher and CEO of SecTheory, has been doing just that in recent
months, having a series of off-the-record conversations with spammers
and malicious hackers in an effort to gain insight into their tactics,
mindset and motivation.

In a blog post describing one such conversation, Hansen says that the
attacker was lamenting the difficulty of executing targeted attacks
against machines in high-value networks. Security systems are doing a
fairly good job of making life difficult for him.

He’s not the type to hack randomly, he’s only interested in targeted
attacks with big payouts. Sure, if you really work at it for days or
weeks you’ll get in, almost always, but it’s not like it used to be
where you’d just run a handful of basic tests and you were guaranteed
to break in. The risk is that now when he sends his mules to go cash
out, there’s a chance they’ll get nailed. Well, the more I thought
about it the more I thought that this is a very solvable problem for
bad guys. There are already other types of bad guys who do things like
spam, steal credentials and DDoS. For that to work they need a botnet
with thousands or millions of machines. The chances of a million
machine botnet having compromised at least one machine within a target
of interest is relatively high.

Hansen's solution to the hacker's problem provides a glimpse into a
busines model we might see in the not-too-distant future. It's an
evolutionary version of the botnet-for-hire or malware-as-a-service
model that's taken off in recent years. In Hansen's model, an attacker
looking to infiltrate a specific network would not spend weeks
throwing resources against machines in that network, looking for a
weak spot and potentially raising the suspicion of the company's
security team.

Instead, he would contact a botmaster and give him a laundry list of
the machines or IP addresses he's interested in compromising. If the
botmaster already has his hooks into the network, the customer could
then buy access directly into the network rather than spending his own
time and resources trying to get in.
From: RayLopez99 on
On Mar 25, 7:53 am, Dustin Cook <bughunter.dus...(a)gmail.com> wrote:
> Like I said in my previous response to you, I've been in the PC field for
> a very long time. I was A+ certified when it was still a "cool" thing to
> waste money on.

Just curious, but what is your hourly rate or do you get paid by the
job?

And I'm sure you would be a perfect witness on the stand if I were
trying to prove that it's not Windows but the user who is at fault in
nearly any security breach. SAVE for Zero-Day attacks, which cannot
be prevented by definition (not even in Linux I would imagine), it
seems Windows machines get infected by users who don't have the proper
security on their machines, as documented by Belarc for example.

BTW, anybody follow all the Safe Hex recommendations of Belarc
Advisors? I think there are too many. I usually score 2 or 3 stars
out of five, but even so I've never had a virus problem.

RL
From: Sjouke Burry on
RayLopez99 wrote:
> On Mar 25, 7:53 am, Dustin Cook <bughunter.dus...(a)gmail.com> wrote:
>> Like I said in my previous response to you, I've been in the PC field for
>> a very long time. I was A+ certified when it was still a "cool" thing to
>> waste money on.
>
> Just curious, but what is your hourly rate or do you get paid by the
> job?
>
> And I'm sure you would be a perfect witness on the stand if I were
> trying to prove that it's not Windows but the user who is at fault in
> nearly any security breach. SAVE for Zero-Day attacks, which cannot
> be prevented by definition (not even in Linux I would imagine), it
> seems Windows machines get infected by users who don't have the proper
> security on their machines, as documented by Belarc for example.
>
> BTW, anybody follow all the Safe Hex recommendations of Belarc
> Advisors? I think there are too many. I usually score 2 or 3 stars
> out of five, but even so I've never had a virus problem.
>
> RL
The same here, Belarc is trying to sell something, or they try to
tell you that you should be behind a corporate net, with all permissions
denied and blocked......