Jump to content

Sasser Virus!


YT2095

Recommended Posts

Yeah, because the USER didn't keep updated and didn't have a correctly configured firewall. Those are attributes of users, not the software.

 

I have never had a trojan, virus or worm because I use simple techniques and reliable, proven software. I don't see how that makes me an idiot when there are people who lose their whole installation due to a lack of protection and don't learn from it.

 

I think fafalone is too proud of his skills

I doubt he's that proud of searching for files and replacing configurations tbh.

He has a point about stupid users getting things like sasser because of their own ignorance and expecting to be helped out by the people they probably laugh at for knowing about "that stuff", but lumping all AV users together is going too far.

Link to comment
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

He has a point about stupid users getting things like sasser because of their own ignorance and expecting to be helped out by the people they probably laugh at for knowing about "that stuff"' date=' but lumping all AV users together is going too far.[/quote']

 

seems that most viruses lately are viruses of stupidity. sasser is a bit of a different case though as it spreads itself about, and the vast majority of computer users don't know a thing about the machines that they use, so don't know how to protect themselves.

Link to comment
Share on other sites

There's nothing new about worms spreading themselves.

 

One would imagine that Nimda might have provoked some kind of learning response, seeing as it did pretty much the same thing and was all over the news.

Link to comment
Share on other sites

Ok we have a hardware firewall that essentially blocks everything. We also get free AV license, so definitions are up to date. Now granted the viruses got on their system because of things like Kazaa, but hte point is updated AV programs and a highly restrictive hardware firewall didn't stop them.

Link to comment
Share on other sites

A firewall doesn't 'stop' things from getting on your system if they're downloaded through an allowed port, so I don't see how a user being able to use Kazaa to download something can be considered failure of a firewall to perform.

That's like saying a police officer on the beat isn't working properly because he didn't spot someone fiddling figures in a bank somewhere.

 

If the AV program was up-to-date and didn't spot viruses on the network, then there's either something wrong with the way the deployment was implemented, or it's a fundamentally flawed piece of software; so you're quite right to look down on it if the latter turns out to be true.

Link to comment
Share on other sites

Norton is terrible for LANs.

 

Spyware applications are not 'borderline viruses". The vast majority of any kind of spyware or adware is installed by users when they install other software, or visit dubious web sites. On a LAN it's up to the network administrator to prevent this, sure, but that has nothing at all to do with AV software.

 

AV software doesn't stop koala bears from pooing in your CD-ROM either, but nobody is going to claim that's a reason to not use them.

 

If it works best for you to do it by hand then that's great, but I don't see any justification for claiming your way is super and everyone else is just stupid.

 

 

At least we can agree most of the problems PCs face are due to user ignorance, or the unwillingness of some users to co-operate with network admins?

Link to comment
Share on other sites

You're fortunate then. There's stuff even more bizarre than that I encounter on peoples computers around here, such as this one hijacking program that permanently modified IE, eventually rendering it completely useless, and AV programs rarely catch them.

Link to comment
Share on other sites

I've encountered all sorts of IE hijackers, but they weren't viruses.

 

In fact, out of the 6 known hijackers on sophos's list (which is verified by message labs and others) two were removed from the detection scope specifically because they are not viruses. The others are not common.

http://www.sophos.com/search/index.cgi?scope=whole_site〈=english&terms=hijack&x=0&y=0

Link to comment
Share on other sites

IE hijacks that block msconfig and registry use and otherwise actively monitor for programs that try to remove that are "borderline viruses", especially when they try to spread themselves across the LAN.

 

6 on its known list? I've encountered more than that on a single PC before (yes, more than 6 *different* programs competing with eachother to hijack IE).

Link to comment
Share on other sites

If it's not a virus, it's not up to anti-virus vendors to have their software tackle it. It's out of scope. You aren't going to make it look like AV software doesn't work by saying "some of program type X are a bit like viruses, therefore software that doesn't tackle any program of type X is not a good anti-virus tool".

 

It's strawman and special pleading.

Link to comment
Share on other sites

It matters quite a bit, because you have to make a dinstinction between what is and isn't a virus. Does the fact something hijacks a browser instantly disqualify it from being a virus no matter what else it does?

Link to comment
Share on other sites

No, I don't have to make any such distinction.

 

We were discussing the virtues of using an AV against hand-removal; my opinion is not relevant to how an AV program functions.

 

Anything you claim an AV ought to do in your opinion, but no AV actually does, is immaterial to that discussion.

Link to comment
Share on other sites

You're claiming AV programs shouldn't remove anything thats not explicitly a virus, and we obviously have different definitions of what constitutes a virus. That difference should be resolved.

Link to comment
Share on other sites

Why? It won't help the argument one iota.

 

I am not claiming that AV programs should only remove viruses (imo, they ought to remove other nasties too, however we have to appreciate that the software is generally going to be a product owned by a business with specific interests). I am simply stating that this is the case.

 

Not to devalue your knowledge or dismiss your opinions, but I think I'll stick with the industry's definitions rather than random internet guy's.

 

If there was an AV product that tackled spyware as well as the line-blurring hijackers et al, perhaps with a selection of different interfaces aimed at different user competencies, do you think you'd use it?

Link to comment
Share on other sites

It's pretty hard not to know when your computer has an active virus. Knowing what should be on your processes list helps too, as well as having a taskbar CPU/memory usage graph... once you see something fishy, identifying it is trivial for an experienced human.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.