Sasser Virus!

[Sayonara]

Yeah, because the USER didn't keep updated and didn't have a correctly configured firewall. Those are attributes of users, not the software.

 

I have never had a trojan, virus or worm because I use simple techniques and reliable, proven software. I don't see how that makes me an idiot when there are people who lose their whole installation due to a lack of protection and don't learn from it.

 

I think fafalone is too proud of his skills

I doubt he's that proud of searching for files and replacing configurations tbh.

He has a point about stupid users getting things like sasser because of their own ignorance and expecting to be helped out by the people they probably laugh at for knowing about "that stuff", but lumping all AV users together is going too far.

[Radical Edward]

He has a point about stupid users getting things like sasser because of their own ignorance and expecting to be helped out by the people they probably laugh at for knowing about "that stuff"' date=' but lumping all AV users together is going too far.[/quote']

 

seems that most viruses lately are viruses of stupidity. sasser is a bit of a different case though as it spreads itself about, and the vast majority of computer users don't know a thing about the machines that they use, so don't know how to protect themselves.

[Sayonara]

There's nothing new about worms spreading themselves.

 

One would imagine that Nimda might have provoked some kind of learning response, seeing as it did pretty much the same thing and was all over the news.

[fafalone]

Ok we have a hardware firewall that essentially blocks everything. We also get free AV license, so definitions are up to date. Now granted the viruses got on their system because of things like Kazaa, but hte point is updated AV programs and a highly restrictive hardware firewall didn't stop them.

[Sayonara]

A firewall doesn't 'stop' things from getting on your system if they're downloaded through an allowed port, so I don't see how a user being able to use Kazaa to download something can be considered failure of a firewall to perform.

That's like saying a police officer on the beat isn't working properly because he didn't spot someone fiddling figures in a bank somewhere.

 

If the AV program was up-to-date and didn't spot viruses on the network, then there's either something wrong with the way the deployment was implemented, or it's a fundamentally flawed piece of software; so you're quite right to look down on it if the latter turns out to be true.

[fafalone]

Norton Antivirus isn't really a fundamentally flawed piece of software...

 

Alot of the problems arise from spyware (borderline virus)... AV programs do nothing about most of these.

[alext87]

Sort it just don't download stuff and go on the internet or open e-mails on your own computer!

[Dave]

Alot of the problems arise from spyware (borderline virus)... AV programs do nothing about most of these.

 

Then use Ad-aware.

[fafalone]

Adding yet another time consuming step.

 

It really works best for me to just do things by hand, considering I have to remove something once every 2-3 months at most.

[Sayonara]

Norton is terrible for LANs.

 

Spyware applications are not 'borderline viruses". The vast majority of any kind of spyware or adware is installed by users when they install other software, or visit dubious web sites. On a LAN it's up to the network administrator to prevent this, sure, but that has nothing at all to do with AV software.

 

AV software doesn't stop koala bears from pooing in your CD-ROM either, but nobody is going to claim that's a reason to not use them.

 

If it works best for you to do it by hand then that's great, but I don't see any justification for claiming your way is super and everyone else is just stupid.

 

 

At least we can agree most of the problems PCs face are due to user ignorance, or the unwillingness of some users to co-operate with network admins?

[fafalone]

Spyware applications often hijack the browser, prevent you from going to sites you want, redirect all your searches, and randomly display ads. How is this not a borderline virus?

[Sayonara]

Because it's a browser hijack, which is a different ball game altogether.

 

I don't know what sort of wacky viruses you get but I've never seen any that do those things.

[fafalone]

You're fortunate then. There's stuff even more bizarre than that I encounter on peoples computers around here, such as this one hijacking program that permanently modified IE, eventually rendering it completely useless, and AV programs rarely catch them.

[Sayonara]

I've encountered all sorts of IE hijackers, but they weren't viruses.

 

In fact, out of the 6 known hijackers on sophos's list (which is verified by message labs and others) two were removed from the detection scope specifically because they are not viruses. The others are not common.

http://www.sophos.com/search/index.cgi?scope=whole_site〈=english&terms=hijack&x=0&y=0

[fafalone]

IE hijacks that block msconfig and registry use and otherwise actively monitor for programs that try to remove that are "borderline viruses", especially when they try to spread themselves across the LAN.

 

6 on its known list? I've encountered more than that on a single PC before (yes, more than 6 *different* programs competing with eachother to hijack IE).

[Sayonara]

If it's not a virus, it's not up to anti-virus vendors to have their software tackle it. It's out of scope. You aren't going to make it look like AV software doesn't work by saying "some of program type X are a bit like viruses, therefore software that doesn't tackle any program of type X is not a good anti-virus tool".

 

It's strawman and special pleading.

[fafalone]

So whats your definition of a virus?

[Sayonara]

It doesn't matter what my definition is, this isn't some random semantic argument.

 

What matters are the programs and codelets the industry considers to be in-scope for their products.

[fafalone]

It matters quite a bit, because you have to make a dinstinction between what is and isn't a virus. Does the fact something hijacks a browser instantly disqualify it from being a virus no matter what else it does?

[Sayonara]

No, I don't have to make any such distinction.

 

We were discussing the virtues of using an AV against hand-removal; my opinion is not relevant to how an AV program functions.

 

Anything you claim an AV ought to do in your opinion, but no AV actually does, is immaterial to that discussion.

[fafalone]

You're claiming AV programs shouldn't remove anything thats not explicitly a virus, and we obviously have different definitions of what constitutes a virus. That difference should be resolved.

[Sayonara]

Why? It won't help the argument one iota.

 

I am not claiming that AV programs should only remove viruses (imo, they ought to remove other nasties too, however we have to appreciate that the software is generally going to be a product owned by a business with specific interests). I am simply stating that this is the case.

 

Not to devalue your knowledge or dismiss your opinions, but I think I'll stick with the industry's definitions rather than random internet guy's.

 

If there was an AV product that tackled spyware as well as the line-blurring hijackers et al, perhaps with a selection of different interfaces aimed at different user competencies, do you think you'd use it?

[fafalone]

No, because it would still be subject to definition update delays.

[Sayonara]

Out of curiosity, how are you expecting to be able to identify and remove the viruses that are described by those definitions?

 

[edit]

 

This would have made a good debate!

[fafalone]

It's pretty hard not to know when your computer has an active virus. Knowing what should be on your processes list helps too, as well as having a taskbar CPU/memory usage graph... once you see something fishy, identifying it is trivial for an experienced human.