Jump to content


Experienced Members
  • Posts

  • Joined

  • Last visited

Everything posted by LUSHER

  1. You just made my point. This isn't even remotely new. I say the reporter is clueless because of the way he is writing as if this is new. Also I can't tell from the report where he is talking about server-side polymorphism (e.g. your storm worm)or just classic well known polymorphic malware. It's just gives you the impression "omg, we got intelligent malware that can think and automatically change to avoid security software" lol...
  2. LOL, typical piece of crap written by a reporter who is clueless.
  3. I agree, Comodo is overkill for most people
  4. You actually have quite weak defenses imho. Spywareblaster doesn't really do much in this day and age really. Activex isn't as big a problem as it was in the past (default settings in IE more than handles this anyway), and while the restricted zone list that spywareblaster imports into IE is fine, it is often too slow. Spybot is another one that is over-rated and people are using it out of inertia. MBAM (assuming the free one) is a rising star and is getting good at *removal* but it provides only on demand and no-real time protection. Essentially your real time protection comes down to Avira and Arovax shield. I have nothing really bad to say about Avira personal except that there is no spyware protection. Arovax shield is probably the weakest hips you can find... And no firewall?
  5. When some people say behavior blocker they mean something more specific than just hips. Something liike CPF and online armor prompt on pretty much everything, they have no/little "intelligence"... Basically behavior blockers are smart enough not just to notice that a registry autostartup entry is being changed by a suspect process X, but also take into account other factors such as the other actions taken by the process, the characteristics of the process etc. Under this more restrictive definition, the only other free behavior blocker than might qualify is prevx. The others are payware (mamtu, nortion anti/bot/PRSC).
  6. What's your definition of a behavior blocker? Is it the same as a HIPS?
  7. Interesting, I never had such a problem. Do you just send blank referrers? "Smarter" strategies seem to be to always send back the same refererer (or the root site url), or to be even more safe to forge referrers only when moving from one domain to another (google.com to piriforum.com etc). Personally i think it is pointless to forge or block referrers when moving withing the same domain/site...
  8. Quite right. To add on, the latest TF free adds the following though "On-demand antivirus scanner now available in ThreatFire free edition An on-demand antivirus scanner is now available in both ThreatFire Free as well as ThreatFire Pro."
  9. A couple more tools here http://wiki.castlecops.com/Lists_of_freewa...al_AV_companies Bitdefender, Mcafee, Sophos , AVAST, Spybot all also provide standalone antirootkits ...
  10. It's not free... Please read http://forum.kaspersky.com/index.php?showtopic=58034 In essence, kaspersky SOS is for business user, the website is misleading , it actually expires after 30 days! There is however a free version coming for home users and it's called Kaspersky Virus Removal Tool. I've blogged about it before. But it is not like cureit, in that it requires installation and will even install a service. It even self-protects itself so it can't be shut down! You actually have to disable selfprotection before the uninstaller will work, something that threw a lot of users when they tried to uninstall but couldn't!
  11. Security tools for usb I've put together a list of freeware/liteware security tools from a larger list, including the best ones that can be put into your flashdrive and used for cleaning, diagnosis on infected systems. Almost all do not require installation, and are free. I have selected antivirus, antispyware, antitrojan and antirootkits tools that are top notch, system tools, and as a bonus there is a list of links to the best online scanner sites, both multi-engine (virustotal etc) and full disk (Bitdefender online etc) as well as sandboxing type (Threatexpert etc). You can find them at Security tools for usb Any comments are welcome, particularly omissions.
  12. I would add that in today's world you should be using not just antivirus and firewalls but the following as well 1) Smart behavior blocker e.g threatfire, norton antibot 2) dumb behavior blocker e.g System safety monitor, ProSecurity, eqsecure 3) Sandbox + optional application virtualization e.g sandboxie, safespace, geswall, defensewall 4) System virtualization and/or hardware virtualization. Returnril, Shadowdefender, shadowuser pro, vmware, virtualpc 5) specialized anti-x tools to counter specific threats (keyloggers, buffer-overflow etc) - comodo anti-bufferoverflow, keysrambler, FireLion] Anti Keyloggers This doesn't mean you need 5 or more extra apps, since many standard antivirus and firewalls have began adding extra features that go beyond basic traditional antivirus features. For example, KAV, FSecure, Panda (none-suite versions), have (1) already. Many firewalls like Comodo firewall pro, Online Armor have (2) already etc. Also (5) can be covered by both (2) and (3) in many cases, since many in (2) have genetic methods of blocking ALL keylogging and screen capture methods.. But personally i would have a seperate anti-buffer overflow just in case... Personally I'm not in favour of having anti-spyware, anti-trojans etc (at least in real time, on demand is fine), since when it comes down to it they are using the same techniques as a broad-spectrum anti-virus (or rather anti-malware, since antiviruses today have finally recognized it is their duty to capture malware, anyhow antivirus in it's classic definition is seldom seen today anyway, it's all worms and trojans today!)
  13. Hmm maybe i follow this kind of news too closely, but the first thing i thought when i read this was "You might as well report that water is wet..." ... but i guess not everyone is as paranoid as i am..
  14. Relatively minor update 1.6.1 Changelog: Bug fixed: Bitmap image is not valid. (corrupt embedded icon) Bug fixed: malware analysis after import not working in expert mode Bug fixed: Lookup at Runscanner when no MD5 available popupmenu Sub run folders are now only scanned on windows 2000
  15. I don't believe in using HOSTs file that way.
  16. Hmm how often do you install a service pack?
  17. What kind of question is that? Even spyware blaster's protection doesn't come free.
  18. Well spywareblaster might use zero resources, but the (limited) protection it offers is not exactly zero resource. It is carried by the browser due to the increased size of the restricted zone , the system - due to thousands of extra entries in the registry that is held in memory etc..
  19. "We are proud to announce the release of our brand new security product System Protect. Information about the product can be found at here Have you ever been infected by viruses or malware and had to go through an arduous process of restoring critical system files? Have you ever used an antispyware program which has falsely identified and deleted Internet Explorer favorites or important programs? Have you ever used hard drive cleaning applications only to find that important documents, pictures or other desired files have been deleted? Do you share a computer with children and worry that they will delete important documents or system files? Do you worry that you might do the same? If you have ever asked any of these questions, then System Protect is for you. Right out of the box, System Protect will actively protect the integrity of critical system files. With a few extra settings, you can also use it to protect important documents, pictures, music, favorites, and any other file you never want to lose! It provides the protection which no other security program can provide, for FREE! Currently System Protect is in beta stages and we'd appreciate it if you could test it and give us your feedback. We hope to release a finalized version of System Protect in Q1 2008. We would like to ask you to install the application, check its functions and send us any bugs, comments or suggestions by posting in the new forum created for System Protect here: http://forum.spywareterminator.com/Default...topics&f=60 The application can be downloaded at http://www.system-protect.com/ From http://forum.spywareterminator.com/Default...osts&t=3601 Basically a file/folder guard from the guys at spyware terminator? Description seems similar to drivesentry? I have not tried this yet nor am i recommending it. It is also BETA. Lusher
  20. Depends. if your pc has only standard stuff, maybe you can get away with training mode, and even then you will have to answer quite a few prompts. If you run a lot of stuff, you will need the clean PC mode... Hopefully your PC is really clean.... Of course if you constantly try new things and install new programs particularly the not so well known ones, you might have a big problems with prompts... Also it depends on how willing you are to answer prompts, most people on forums don't really state objectively what "a few", "a lot" of prompts mean, I suspect different people have different ideas of what counts as "a few", "a lot"..... Some guys I know think answering 3-5 prompts everytime they start something new isn't a lot of prompts, others shudder to try to answer even one...
  21. Of course I am. despite the fact that some people are trying to brand me a troll, i'm usually right. Sometimes it even takes a while before "conventional wisdom" comes to see the wisdom of what i'm saying...
  22. New launch/hijack items 1.6 Restrictions for internet explorer: 080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders) 081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders) Startup/Shutdown/logon/logoff scripts 090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon 091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon 092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup 093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown 094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff Various 110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath 174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet 200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute 201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute Shell hijacking (removed from general policies) 162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell 163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell Terminal server related 190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup 191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run 192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce 193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx 194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp Debugger hijacking 176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger (thanks to Tony Klein) Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah) 177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes Hijacking of standard windows tools 210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath 211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath 212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath 213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier 214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator 215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.