Malware Threat Reports Are "Apples and Oranges"

Ant writes "The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats."

Do any of them mention linux or OS-X?

[symbolset]

At all?

Re:Do any of them mention linux or OS-X?

[starbugs]

The article does mention Apples and Oranges

Re:Do any of them mention linux or OS-X?

They also didn't mention OpenBSD.

Re:Do any of them mention linux or OS-X?

"You appear to be projecting. Would you like to come out of the closet?"

This will answer your question, symbolset -

[Ethanol-fueled]

From TFA, but not in order:

"He argued that antivirus companies have tried to use common names for malware that they find..."

No they haven't.

"It's hard for users...Because anti-malware vendors are also competitors, they have little incentive to work together on normalizing names and detection techniques, he pointed out...Because of the way that the industry works, you can't work around them too well."

That's why.

"In short: is there a problem with the user confusion over threat tables like these? Most definitely..."

Most definitely not. Windows users have no idea about 'threat tables' or what the hell's going on, except that their antivirus program is blinking red and making noises and they have to keep clicking "yes" or "OK" to make it better.

"'Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges,' said Tom Kelchner, Sunbelt Research Center manager. 'What one company detects and identifies as a specific, named piece of malcode, another may detect generically.'"

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites.

Hence the inconsistent naming conventions and detection profiles across vendors. +5 informative.

Re:This will answer your question, symbolset -

It has every relation to the top-level first post:

Both are visibility whores.

Dumbass.

Re:This will answer your question, symbolset -

[symbolset]

I would mod you insightful, but I already posted (of course). +1 funny.

/recursive memes are funny

//Slashies are really for Fark, not /.

///Stop me before I slashie again

Re:This will answer your question, symbolset -

[NSN+A392-99-964-5927]

From TFA, but not in order:

"He argued that antivirus companies have tried to use common names for malware that they find..."

No they haven't.

"It's hard for users...Because anti-malware vendors are also competitors, they have little incentive to work together on normalizing names and detection techniques, he pointed out...Because of the way that the industry works, you can't work around them too well."

That's why.

"In short: is there a problem with the user confusion over threat tables like these? Most definitely..."

Most definitely not. Windows users have no idea about 'threat tables' or what the hell's going on, except that their antivirus program is blinking red and making noises and they have to keep clicking "yes" or "OK" to make it better.

"'Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges,' said Tom Kelchner, Sunbelt Research Center manager. 'What one company detects and identifies as a specific, named piece of malcode, another may detect generically.'"

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites. Hence the inconsistent naming conventions and detection profiles across vendors. +5 informative.

Top class response! Ehthanol-fueled, Well said!

Re:This will answer your question, symbolset -

But still, if kiddie porn winds up on your machine because of malware, YOU'RE the one headed to prison...

Re:This will answer your question, symbolset -

[Culture20]

"'Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges,' said Tom Kelchner, Sunbelt Research Center manager. 'What one company detects and identifies as a specific, named piece of malcode, another may detect generically.'"

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites.

Good to know. Now I know which AV vendor I'll be choosing in the future.

Re:This will answer your question, symbolset -

[babboo65]

WOW - talk about a completely mis-informed opinion about the virus research labs.

Having been in those shoes and visited some of the aforementioned "neckbeards" in situ I can say this is clearly not the case. Having met and spoken with the Jimmy Kuo's, Eugene Kaspersky's and Mikko Hypponen's of the community I can say this is a gross misrepresentation of the true facts. The names are based on a range of criteria, most notably the OS, the type of infector, the vector, and whether it's been seen before.

If Kaspersky has a different "top 10" than McAfee or Symantec it's because THEIR software is detecting a different top 10 than the other guys. Notice not one of them match the Wildlist 100% of the time - OOH! What about Virus Bulletin's list for each month? Perhaps you missed the boat when the AV community as a whole bandied this topic around over 10 years ago. Perhaps you've never looked at the online VGrep search engine that cross-references THOUSANDS of malware across several vendors and shows you which call it X and which call it Y (and which don't detect it at all).

Now - your one point that the typical user doesn't care about cross-reference tables is spot on. That most users click whatever they can to make the alert go away is also a fair assessment (god bless their pointy little heads and my job security!!).

But, yes, the vendors DID try to get a single naming convention going several years ago through CARO but have really hit a brick wall. In the end does it even matter? Who cares if it's called "monkey_butt" or "fuzzy_toes". It's a malware - you need a signature update - if you're an admin you get to chase your tail and impact your forehead on a wall getting it cleaned up.

We Win!

[LostCluster]

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites.

Windows users have gotten smart about updating, people know better than to take ActiveX downloads from free porn sites, and people have wised up about trusting what they get from P2P. All sources are now seeing lower virus rates and the statistical noise is becoming louder than actual results... so these top lists are becoming worthless, there ain't much to be worried about anymore.

Re:We Win!

[ozmanjusri]

Windows users have gotten smart about updating, people know better than to take ActiveX downloads from free porn sites, and people have wised up about trusting what they get from P2P. All sources are now seeing lower virus rates

September 29, 2009 11:51 AM PDT
Malware worldwide grows 15 percent in September

A rise in malware has caused the number of infected PCs worldwide to increase 15 percent just from August to September, says a report released Tuesday
http://news.cnet.com/8301-1009_3-10363373-83.html

Phew, I'm glad they're so much smarter - imagine how much more clickfraud and spam the botnets would be perpetrating if they hadn't wised up.

Close to 60% of all US Windows computers are hosting malware already, and that's not likely to change any time soon. The anti-malware industry is making a fortune from Windows flaws, but overwhelming evidence suggests it's not money well spent. If computer users DID wise up, they'd be moving away from expensive and fragile platforms, not adding to the coffers of modern day snake-oil merchants.

Re:We Win!

[boaworm]

Close to 60% of all US Windows computers are hosting malware already

I thought Windows had a market share that was higher than that! But as we know, 76 % of all statistics are made up on-the-fly.

Re:We Win!

[hairyfeet]

And how much of that is caused by the bad practices of places like Worst Buy? As a PC repairman I get a lot of Best Buy and Staples machines across my desk, and the default settings these bunches use is just terrible. They ALL have Automatic Updates for Windows turned off, most haven't had so much as a single patch since they came from the factory, the only "protection" they have is a shitty 30 day crapware AV install, and some even have the firewall DISABLED by default! WTF?

I have to wonder with so many setting up such obviously shitty fucked up default policies if they aren't sabotaging these machines on purpose to make more money on repairs and pushing extended warranties. There is no excuse in this age of zero day attacks to be selling horribly out of date unpatched machines, yet I see them come across my desk all the time. The average user doesn't know their machine has been set to screw them from the word go, to them it is new and should be ready for use, but its not even close. Joe and Sally average don't know about changing settings for Windows updates, or how to see if their firewall is running or not.

So while i'm sure the comments here at /. will be filled with insults at clueless Windows users, I say a lot of the blame needs to be leveled at places like Worst Buy. To use a /. car analogy, nobody expects to have to take their brand new car straight from the dealership to a mechanic so he can get the brakes to work and the doors to lock, do they? So why should the users need to be IT guys just to get a functional PC at retail?

Re:We Win!

Wow, they really do this? They should be named-and-shamed by the cybersecurity tzar, at the very least. Might as well preinstall botnet clients at the factory.

Re:We Win!

[ArsenneLupin]

Might as well preinstall botnet clients at the factory.

No, that would be HP.

Re:We Win!

[Erikderzweite]

This is why education is so important and the idea that a computer is simple is bad. People buy devices that are as powerful as supercomputers were 15 years ago and expect them to be as simple as a toaster. So they end up giving vast amounts of computing power and network bandwidth to criminals.

As for Best Buy -- just an example of how easy are a fool and his money parted. I recall reading an article about how many people just buy a new cheap PC after theirs is infected. Of course, current security practices of Best Buy are unacceptable, but it appears that they can get away with it (they provide a working configuration after all). So it is up to users to develop some intelligence...

Re:We Win!

[Yamata+no+Orochi]

I didn't work at Best Buy specifically, but if it's anything like most other electronics/office stores, it isn't a matter of practices at the store at all. I never touched a PC that was a sold to a customer, they come in boxes from the manufacturer. I'm guessing no one at Best Buy is "setting them up," or "sabotaging" anything in any sense of the word. If the Manufacturer's Windows image is somehow FUBAR and has defaults set differently that you don't like (I somehow doubt this), then wipe it with a clean install of Windows, using the license that almost all computers come with now.

That said, I'm pretty sure that installing and leaving Windows alone is all most PC manufacturer's do as well, before they pile on their crapware, anyway.

Re:We Win!

[hesaigo999ca]

It's to keep the big wheel turning and give you job security, without it, there would be no need for you, or the AV vendors. Didn't you know...

Re:We Win!

[ozmanjusri]

This is why education is so important and the idea that a computer is simple is bad.

No, this is why the current monopoly general-purpose OS is such a bad idea.

If formats, protocols, APIs etc are open, then simple computers can be used for simple tasks. The hardware industry is trending in that direction with products that are cheap, functional and simple, like the Freescale Tablet.

A device like that could be made safe, reliable and uncomplicated given the right software selection. People who don't want or need complexity should have that choice without sacrificing compatibility. Sadly, we'll never have that while Microsoft holds the reins of the software industry and demands 85% profit margins for its complex and demanding OS.

Re:We Win!

[Brewmeister_Z]

Well, when Worst Buy, as you call it, bought Geek Squad they took an service of flamboyant (VW bugs and nerdy uniforms) technicians and over time replaced educated technicians with sales monkeys shown how to run canned programs and charge about half the value of the computer to fix the simplest problems. They have a bunch of the sales monkey at the counter and possibly a real technician working in the background on machines not fixed (or made worse) by the sales monkeys.

We don't have a Best Buy in my town but I have visited a good computer shop in a town that does. Their rates are much more reasonable than Geek Squad and they shared a few stories of computers brought to them after being taken to Best Buy.

I provide home and small business computer support (mostly Windows, occasionally Mac, and experimenting with Linux for some customers). I find that most malware will disable most anti-virus programs (Norton and McAfee for sure). Why pay a yearly cost for software that slows down your computer worse than the malware and gives you less protection than a free competitor? I used to like AVG Free but have been using the MS Security Essentials instead since people get annoyed with AVG changing versions and requiring a manual upgrade.

My philosophy anymore is to have some type of firewall enabled (Windows Firewall or another free one), an active anti-virus (MS Security Essentials or another free one), and preferably Firefox with ABP instead of IE. Most malware not prevented by these is something obtained by a socially engineered attack (e-mail attachments, web browser ads, etc.) and usually lead to a fake anti-virus program that asks for money to fix the problem it created and will block most methods that can remove it. I find that most can usually be cleaned up with Malwarebytes Anti-Malware running in Safe Mode.

The vendors and the manufacturers are both guilty of selling products and services that are not secure but give the customers a false feeling of being safe from everything. This leads to reckless behavior that those who understand security would avoid doing even with a secure system.

Computer security software is no match for the behavior of ignorant users that will disable or circumvent security provide by others. Computer education related to security doesn't hit home until these people have to pay someone to clean up the malware mess.

Re:We Win!

[ozmanjusri]

Wow, they really do this?

No, they don't.

Hairyfeet is a Microsoft apologist. He's always on hand to invent excuses for Microsoft's failings.

As any shopper will tell you, your computer comes from the reseller in a box from the manufacturer, and generally has a standard pre-install image ready to run. I've never seen any modification of settings, just the usual crapware installed.

Nope, this isn't a reseller problem - that's just blameshifting.

Re:We Win!

[hairyfeet]

Oh give me a fucking break! Lord save us from paranoid Linux users!! For your info I have said on here about a bazillion times that Steve Ballmer is probably the shittiest fortune 500 company CEO ever, and have been more than happy to list their many failings (RRoD, Zune, no DX10/11 for XP, Vista) but quit trying to be paranoid and blame everything on 'teh evils M$!" okay?

And no shit they come with a default image, so do all the off lease office equipment I sell. You know what? I take a whole 2 minutes to run a script that sets autoupdates to true and run the latest autopatcher preconfigured off the network. And I'm just a little guy in a little shop. There is NO REASON why Best Buy can't run a little script or have a button set up on their little "geek squad CD" (you do know their "repairs" are nothing but a CD with a GUI, right?) that would set autoupdates to true and run a WSUS server to feed them the latest patches.

So scream "Microsoft apologist!" all you damned well please, but EVERY place gets pre-imaged machines but while the smaller places actually give a flying fuck about their customers and take a whole two minutes to add the right settings it is Worst buy and Staples that just don't give a fuck. And how is pointing out shitty retail service making MSFT look good?

Re:We Win!

[AK+Marc]

No, this is why the current monopoly general-purpose OS is such a bad idea.

Yeah, because Best Buy would harden Linux if they sold it in any numbers.

I don't know if you are the same guy, but I've seen the call for open OS a crapload in the comments on this article. Yet, I've seen nothing that indicates this wouldn't happen as bad (or worse) with Linux or some other currently existing OS that is "open". The only saving them now is the fact that the number one OS is such an easy target. Whether it's easy because of its large install base of uneducated users, or the OS in inherently weaker because it's closed is something we won't know until the year of Linux on the desktop comes.

Re:We Win!

[hairyfeet]

Oh believe me pal, I can share some Worst Buy horror stories. The last shop I worked for (Now I do mostly SOHO and SMBs and the only home users are brought to me by word of mouth) was the "go to" place for those poor souls that went to Worst Buy.

Here are just a few that I can remember off the top of my head: One guy went in with a nearly $500 graphics card, came out with a $50 one, which of course when I told him and he went screaming to Worst Buy said "You can't prove you had a decent card in there". Folks opening their "new" PC and finding other folks stuff (and often porn) in it (that one happened A LOT). Folks going in with X amount of RAM and coming back with Y (also popular, some even had the RAM ripped out breaking the retention clips right off the mobo), that one BTW also happened to my current GF when she took her PC to rent a ripoff before she met me, so apparently that is a common FU. Parts put in upside down or even backwards (one had the floppy drive installed vis hammer) hell I could go on all damned day.

As for a good AV/firewall combo, may I recommend Comodo Internet Security? It is feature rich, without the user having to know squat, low resource, doesn't slow the machine to a crawl, and so far I haven't had a single malware infection come across my desk from a box loaded with Comodo, which considering some of the business owners I deal with is saying a lot. Pretty much your users will have to ignore every warning and continue installing to get a bug around Comodo, and of course in that case there is really nothing that will stop an ID10T error.

And for computer problems I would suggest downloading a copy of this, the Computer-Repair-Utility-Kit-V2. It has more than 50 tools that fix the most common problems (great for field work), it is butt simple to add your own tools like Malwarebytes Antimal to it (which I also use), fits just fine on a cheapo 1Gb flash stick, and has just about everything you'd need to find and fix common problems. The ClamAV it comes with is out of date of course, but that is easy to fix. Slap it on a thumbstick, update it once a week, and you are good to go.

But I have to agree, you can only do so much before the problems become PEBKAC. But I have found like you that a few sane policies (FF over IE, autoupdates on, fully patched Windows, decent AV/firewall) goes a LONG way to cutting down rates of infection. I have customer's PCs that have been running for years without a single bug thanks to a little sane policy setting on my part.

Re:We Win!

[Brewmeister_Z]

I am glad that we don't have a Worst Buy in this town. The closest I have to get to their messes is extended service plans people buy for some of the devices like printers. Don't get me started on my experiences doing Dell hardware warranty work.

Most of my customers are referral so I keep busy now that I have been doing this business for 3 years. I have no problem with being honest with my customers since I can fix a problem and tell them how to prevent it instead of trying to drain them of their cash by fixing the same problem over and over again. There are always other upgrades and repairs that I would most likely be considered for later and happy customers give referrals. Operations like Worst Buy prey upon consumer ignorance and try to get as much as they can before the customer can get wise.

Thanks for software and tool suggestions. I am always on the lookout for other tools that make my job easier and more efficient.

Re:We Win!

[gmhowell]

With that many processing cycles available, why can't they be?

Re:We Win!

[hairyfeet]

Hey no problem, we PC repair guys need to stick together. Sadly we honest PC repair guys are a dying breed, with many places being taken over by Worst Buy, or as I call it "The Walmart of PC repair". Have you ever SEEN how they "repair" a PC? Look up "Best Buy repair CD". I swear to God they have a little GUI based CD handed down from corporate that is pretty much "and the monkey pushes the button" as far as repair goes. No basic knowledge on how to troubleshoot, no working through the steps of starting at the basics and working your way up, it is just "push the button" and if that don't work format and reinstall.

And the worst part, I had a buddy work there that let me in on the "inside dope" before he quit. You ever wonder why so many pervs get busted for child porn by geek squad calling the cops? Want to know HOW they find it? The office pervs have USB drives and scripts that run looking for *.avi, *.jpg, *.mpg, *.mp3, etc looking for free tunes, GF pics, porn, anything they can snatch. I wonder how many girls took their PC into Worst Buy and is now on some "see my GF" type website thanks to the geek pervs at Worst Buy. I always tell my clients "Don't tell me to back stuff up if you don't want me to see it" and go out of my way not to look in other folk's stuff. To me it is like a plumber going through someone's underwear drawers when he was asked to fix the sink. That kind of crap just makes me sick.

But since you are a fellow PC repair guy, I'll throw you a link to another tool you may not have heard of but that can really save your ass, especially when you run into those weird "programs dies for no reason or refuses to launch" problems. Say hello to my little friend Dependency Walker. It is only a couple of hundred Kb, no installation, works off a flash,works on 32 and 64bit, integrates easily with the repair toolkit, and most importantly you point it at any .exe and it will highlight and name any missing dependencies. You'd be surprised how many Windows problems can be traced back to a missing or mis-registered dll. This little baby will point out any missing .dlls, which you can easily replace and voila! The users think you're a god. So enjoy, and be glad you don't have a Worst Buy. They are...well the worst.

Re:Wow!

[HamSammy]

You can see each story 10-20 minutes before it goes "live." (Assuming we posted it that far in advance, which usually we do.)

Straight from the Subscription FAQ. Fail troll is fail.

Re:Wow!

[HamSammy]

Totally pressed the submit button on accident, now I am the failing one.

There can only be one way out.

SEPPUKU.

Re:Wow!

[symbolset]

Sure you can. How do you think I managed to get first post? But my comment was not visible for 10 minutes. It was visible for 8 seconds between the time I posted it and the time I read his reply. Not long enough. This fine article, as of the time I clicked reply, still doesn't have a second thread under it. He's a script.

I'm just bragging

[The+End+Of+Days]

28 years of computing on networks, zero instances of malware. I feel special.

Re:I'm just bragging

1 out of every 10 brags is hyperbolic.

Re:I'm just bragging

[TheThiefMaster]

You mean "zero detected instances".

Re:I'm just bragging

You never ran Windows, even once, in 28 years?

(rimshot)

Re:I'm just bragging

[apoc.famine]

Can you point me to some malware that does so little, that it can remain undetected by a fairly savvy computer user?
 
I'm serious here - there's always a troll in these threads that makes the comment you just made. However, in my experience, I've never run into malware which was "stealth". Its entire purpose is to send mail, pop up ads, and propagate. All of that is damn easy to spot if you're reasonably well versed in how your computer normally runs.
 
I tend to believe a competent person when they say "zero instances of malware". If you don't have spurious network activity, you don't have pop-up ads, a changed browser, new favorites, etc., is it even malware? What would it be doing?

Re:I'm just bragging

[TheThiefMaster]

Spurious network activity can be damn hard to spot. I'll admit that popup ads and so on are a bit of a give-away, but would you notice 1 kB/s of extra network traffic?

Most people who claim to have no malware don't even know what all the processes they currently have running are. They just don't have popup ads or other obvious symptoms.

Re:I'm just bragging

[Timosch]

is it even malware? What would it be doing?

The real risk does not come from pop-up ads, a changed browser or porn links on a desktop. Nor does it come from formatting harddisks or constantly rebooting. The dangerous thing would be rootkits that hide, remain unseen, log your keystrokes, log your internet traffic etc. and send them to a business rival. They could be buried deep in network traffic, for instance in DNS requests. In contrast to the usual "open some ad windows on the users screen" malware, in this case remaining unseen is crucial.

Re:I'm just bragging

[apoc.famine]

That's not malware. That's a targeted attack. We're talking about garden-variety, drive-by download, infected porn site malware here. We're talking about flies, you're talking about a unicorn.

Re:I'm just bragging

[apoc.famine]

Can you point me to malware that engages in only spurious network activity? All that I've seen are either mass mailers, which is pretty easy to spot, or ad-based, which by definition need to be visible. I've never seen malware that sent out an email an hour, only when the network was active.
 
(I've also never heard of one which modifies the blinkenlights on my router and modem. If I'm not using the internet, and they are flickering away, that'd be a problem.)

Re:I'm just bragging

[TheThiefMaster]

Keyloggers? Backdoors?

Both are malware, both will do nothing most of the time, and avoid detection as much as possible. Good luck finding out you have one.

Re:I'm just bragging

[pnice]

That's not malware. That's a targeted attack. We're talking about garden-variety, drive-by download, infected porn site malware here. We're talking about flies, you're talking about a unicorn.

Hidden software that logs keystrokes and sends the results off to a remote system has a lot of value. It doesn't need to only hit a targeted system. When they see results like:

mail.yahoo.com apoc@yahoo.com 123jass8

In the log file they know they have a new account to search through for any valuable personal data. Same with bank accounts, ordering online, etc, etc. They have the advantage of not needing to show pop-ups on the victim machine so it never appears to be infected. The website the victim visited is what handles the installation of the software so they don't need the infected machine to spread it around. The website can even have legitimate uses and an established community. Victims may even return to the website over and over to post comments on interesting stories and nothing ever appears to be malicious. The page they are visiting isn't dealing with illegal topics, porn, etc.

As a side note I suggest you check out a fan-page I run for Bennie Baby collectors: http://www.benniebabybrigade.com

Re:I'm just bragging

[pnice]

It doesn't come off as impressive when you throw all 28 years of your computing experience into your brag. I don't think malware was prevalent when people were coding with punch cards.

Example of competition gone wrong

[syousef]

Everyone's always touting the benefits of competition, but here's a clear example of competition serving to confuse the market. There are a number of problems:

1) Antivirus solutions do not co-exist - and not just the resident portion. I'd love to run a second or 3rd scanner like I can for spyware but Antivirus vendors have created a market that is use to the worst kind of lock in. Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable.

2) Antivirus vendors are now trying to police what you can and can't do. Look at the numerous reports of false positives for programs that are legally grey (or black) but aren't viruses. I've personally had network tools come up as false positives and it's a pain to unquarantine and exclude them so they don't quarantine themselves again.

3) The main form of collusion between vendors seems to be fitting into Microsoft frameworks so they show up as antivirus software in the appropriate control panel and so you don't get warnings about invalid or out of date antivirus. But this in itself makes them more vulnerable to attack

4) The products are often so badly written that they cause as many problems as they solve. A bad update here or there can (and has in the past) caused irrevocable system damage that has required a reinstall or restore from backup for users. What's the point of an antivirus that does this. Worse I've seen much subtler performance problems from minor antivirus updates - in one case it brought a company I worked for's client's machines to their knees and initially they blamed us. Turns out a change in the engine meant very big files were being opened and re-scanned for every write. Needless to say it wasn't out fault.

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

Isn't competition suppose to improve such things and open up the market? In this case it just hasn't happened. There has been implicit collusion but not of the right sort to improve or provide a diverse range of products. There's not one product that will protect you well.

Re:Example of competition gone wrong

[MichaelSmith]

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

A number or a hash?

Re:Example of competition gone wrong

[Korin43]

I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl. I don't even want to touch a computer with Norton + McAfee. Back when I used Windows my solution was to have adblock, spybot, AVG and Clamwin and then just scan any programs I downloaded (along with not downloading seedy looking programs). It worked pretty well. If I did have any viruses, none of them were noticable (and my monthly+ scans never picked anything up). I think the need for constantly running virus scanners is seriously overstated, at least for people who know not to run HorseSex.exe.

Re:Example of competition gone wrong

[ozmanjusri]

Everyone's always touting the benefits of competition, but here's a clear example of competition serving to confuse the market.

No, this is a clear example of a monopoly creating a market repairing broken Windows. That's why it seems confusing.

Consumers shouldn't be facing a choice of ineffective bandaids to patch over their computers' inability to keep malware out. They should be able to choose a computer/OS that is inherently resistant.

For computer users, this is a Red Queen's race, and Windows users have to keep paying and stay vigilant just to retain a semblance of control of their own machines. The real solution is to mandate open formats, APIs, and protocols, then let any OS vendor compete on level terms. When consumers can select an OS that suits them, including the level of security they wish to pay for, we will have competition. Only then will OS vendors have to improve their products to retain customers.

Re:Example of competition gone wrong

[symbolset]

Hashes really aren't useful for metamporphic code and a short signifier for heuristics is fairly meta.

Re:Example of competition gone wrong

[Revenger75]

1) Antivirus solutions do not co-exist - and not just the resident portion. I'd love to run a second or 3rd scanner like I can for spyware but Antivirus vendors have created a market that is use to the worst kind of lock in. Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable.

I decided on one paranoid night to try to do just that. I found that for the most popular free solutions (AVG, Avast, Avira) you can install them side-by-side and narrowed it down to just one resident scanner running. You either have to find the hidden option in the menus, disable the start-up entries, or just opt not to install them during setup. I was able to safely ignore the warnings about having other AV products installed during the various setups.

An easy solution for individual files is VirusTotal. You can upload the file (less than 20MB) and have it scan it with ~39 different antivirus programs.

The most important thing to remember is that security is a process, and not a product. (If I remember that saying right... and I don't mean explorer.exe)

Re:Example of competition gone wrong

[El_Muerte_TDS]

6) Vendors appear to put more effort into making their user interface "pop" rather trying to minimize resource usage and system impact. For example, Microsoft antivirus creates a system restore point every time the signatures are updated (once a day). Every time a system restore point is created my system become barely unusable for a couple of minutes. You can't control when it updates the signatures (currently for me it's around 23:20). Which brings me to:

7) Vendors want to use their own resistant scheduler service rather than using the standard service that has been in MS Windows since Windows 95. More resource waste.

Re:Example of competition gone wrong

[mwvdlee]

a computer/OS that is inherently resistant

There is; it's called "a computer that is powered off". Nothing else is "inherently resistant". And now somebody else will probably proof that even a powered down computer can be vulnerable.

Re:Example of competition gone wrong

[timmarhy]

consumers CAN select the OS that suits them, it just happens that windows is that OS. linux advocates always claim linux can do everything that windows does, so why aren't people leaving windows for linux in droves??

Re:Example of competition gone wrong

[Carl.E.Pierre]

No, there certainly is such a thing. I hate to be one to preach how great mac and Linux are, but they are 'Inherently resistant'(Combination of obscurity and the lack of the porosity leading weak points to be mainly the user, and even then defending him/her from his/herself). There is a huge difference between that and immunity though.

Re:Example of competition gone wrong

[mwvdlee]

"Inherently"
You use that word a lot, but I don't think it means what you think it means.

Re:Example of competition gone wrong

[ozmanjusri]

There is; it's called "a computer that is powered off"

Please tell me how a virus can infect a Live CD?

Re:Example of competition gone wrong

[ozmanjusri]

why aren't people leaving windows for linux in droves?

Because, as I stated, we don't have open formats, APIs, and protocols.

That makes it difficult for computer users to move freely between OSs and prevents competition on real merits.

Re:Example of competition gone wrong

[Korin43]

Photoshop, Illustrator, certain games..

It's not that they can't run on Linux, it's that they don't.

Re:Example of competition gone wrong

[SensiMillia]

Purely theoretical:

- User boots live-cd
- Some malware gets executed and stays in RAM (by user interaction or not)
- Malware reflashes the EEPROM holding the BIOS with some malicious code
- On next boot BIOS will store some malicious code in memory and does something very clever that makes the OS on the liveCD execute that code

It would be a very targeted attack, but not entirely impossible

Re:Example of competition gone wrong

[ozmanjusri]

If you were an OS developer, how would you prevent such an attack?

Re:Example of competition gone wrong

to patch over their inability to not install malware

Fixed that for you. Yeah, no-body will admit that they installed loads of what turned out to be malware while trying to watch porn, it must have gotten in by itself due to Windows security flaws.

Re:Example of competition gone wrong

[syousef]

I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl.

I wrote: and not just the resident portion

I think the need for constantly running virus scanners is seriously overstated, at least for people who know not to run HorseSex.exe.

I got drive by downloaded 2 days ago. My antivirus didn't pick it up, but fortunately my firewall did (which prevented further virus downloads). I was looking for books on photography (reguarly non-sexual photography) and wasn't running horseanything.exe

Re:Example of competition gone wrong

[jimicus]

No, there certainly is such a thing. I hate to be one to preach how great mac and Linux are, but they are 'Inherently resistant'(Combination of obscurity and the lack of the porosity leading weak points to be mainly the user, and even then defending him/her from his/herself). There is a huge difference between that and immunity though.

You are aware that the great majority of Windows malware in the last 5 or 10 years has been taking advantage of either the weak point between the keyboard and the chair or unpatched client software to install and spread?

Neither of which are exactly unknown on other platforms.

Re:Example of competition gone wrong

[Bert64]

The vast majority of said windows malware actually takes advantage of the user combined with the fact that user typically runs all his code as an admin.. Unix/Mac don't give you elevated privileges by default, and provide a well understood mechanism by which you can elevate your privileges which *should* make you think...

There is also worm type malware which attacks open network services, windows ships with several services on by default, even on a workstation install, which cannot easily be turned off and are usually just hidden behind a software firewall... Linux/Mac ships with virtually nothing listening by default, anything that is listening can be turned off and a software firewall (if you choose to enable one) provides an extra level of security on top of that, not the last line of defence.

The issue with unpatched software, while a concern for all platforms, is simply worse on windows platforms... While Linux distros typically have a centralised package manager which will update all of your software through a single consistent interface and all at the same time, windows has a mechanism for updating the core os, and then each application you install may or may not have its own separate update mechanism which might run in the background (wasting resources), might run when you try to use the program, might require you to explicitly run the update program, or it might not have any update mechanism whatsoever and thus require you to manually check the website for updates.

As an extension to the above, the windows mentality of downloading and executing binary installers from websites lends itself to malware... Users are not encouraged to verify the legitimacy of the site they download from, nor are they encouraged to compare checksums of downloaded files.

And let's not get started in the inherent flaws of the windows security model, sure NT (the kernel) had a very good security model when originally designed, but since then a lot of dos/win9x compatibility cruft has been forced on top. Think of the multiple versions of various apis retained for backwards compatibility, the authentication model designed so you dont need to send the password in the clear over the network, flawed because you can just send the hash instead, doubly flawed because they are now locked in to weak password hashing mechanisms.

Re:Example of competition gone wrong

[Bert64]

I agree, security is a process not a product..
Unfortunately, our voices are nowhere near as loud as those of the vendors telling people that security is a product.

Re:Example of competition gone wrong

It was PonyLove.jpg.vbs

Re:Example of competition gone wrong

[Erikderzweite]

It's a self-sustaining monopoly out there. How can you tell about some abstract choice if for a majority of people PC=Windows? And you can't really blame people here: all they see is Windows, on every shell in every computer store. Exclusive per-CPU deals led to a situation where OEM's pay the same to Microsoft no matter how many OS's they offer, so they usually offer one because it's cheaper that way.
What choice do consumers really have if they don't know about Linux? Windows vs. overpriced Apple computers? Even so, Mac OS share grew up somewhat sharply last few years.

You have a hard time finding a PC that comes with Linux so you end up installing the OS yourself. Then there's this proprietary formats and protocols issue artificially created to ensure Microsoft's lock-in. Then you have some hardware vendors who decide to support Windows only and who don't use standard implementations.

None of those issues speak about the quality of operating systems, but you have to clear those monopoly-made hurdles in order to enjoy vastly improved security, better software management and more comfortable interface of Linux.

Re:Example of competition gone wrong

[couchslug]

"Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable."

Tried running different products using Thinapp thin installs? That would be one way to experiment.

Re:Example of competition gone wrong

[couchslug]

Some live CDs have extra writable area to save files, but it's stretching it to say a virus would be at all likely to make use of that.

Re:Example of competition gone wrong

[tepples]

If you were an OS developer, how would you prevent such an attack?

The game console makers prevent the attack just by requiring all executables to have been signed by the console maker and putting a policy in place that software from a one-man outfit won't get signed.

Re:Example of competition gone wrong

But hashes is really good smoked.

Re:Example of competition gone wrong

[mwvdlee]

You mean before or after the image is burned?

Re:Example of competition gone wrong

[Rockoon]

windows ships with several services on by default ... [snip] ... Linux/Mac ships with virtually nothing listening by default

So they are the same then, right? You would have have not qualified "nothing" with "virtually" if you knew that you could get away with it (like if it was true) .. so we have you using liberal language on one side and conservative language on the other, to say the exact same thing. Why is that?

Moving on:

... which cannot easily be turned off and are usually just hidden behind a software firewall... [snip] ... anything that is listening can be turned off and a software firewall (if you choose to enable one) provides an extra level of security on top of that

Oh look, you did it again.

Why are you so disingenuous?

The fact of the matter is that it is Windows users who are the big problem and if 2010 was the year of Linux, you can damn welkl expect 2011 to be the year of big-time Linux malware.

Re:Example of competition gone wrong

run HorseSex.exe.

Next time make sure that your links work.

Re:Example of competition gone wrong

[takowl]

The vast majority of said windows malware actually takes advantage of the user combined with the fact that user typically runs all his code as an admin.. Unix/Mac don't give you elevated privileges by default, and provide a well understood mechanism by which you can elevate your privileges which *should* make you think...

As has been pointed out elsewhere in such discussions, admin access is not essential for malware: it can download files, send out spam, set itself to start on login, and mess with your personal files even running as a local user.

Secondly, you've highlighted *should*, which is important. If people are used to clicking "Yes" (or entering their password) to do things, they'll do it for malware without a second thought. "DancingBunnies.exe needs you to become an admin to install. Continue?" Or, if Linux hits the mainstream, "To install DancingBunnies.deb, you need to...".

Secure != convenient. That's why most people in offices think their IT guy's a jerk, and why Windows remains popular.

Re:Example of competition gone wrong

[rHBa]

I agree 100% although I think the biggest factors were that you are an 'educated' internet users and (presumably, as you were using Adblock) you didn't use IE (Same applies to Outlook of course).

Re:Example of competition gone wrong

I got drive by downloaded 2 days ago.

Which browser allows "drive-by downloads"?

Re:Example of competition gone wrong

That does very little to prevent targeted attacks ( the case in point). All software has bugs. If you have control of the memory all you have to do is exploit a bug and corrupt the stack causing your code to run.

Re:Example of competition gone wrong

[Bert64]

I say "virtually" because i did not have any straight default installs at my disposal to verify..

Also there are too many different linux distributions to say with absolute certainty... A default install of Gentoo (having followed the standard installguide) has nothing listening on the network by default for instance...
Also the Ubuntu machine i have here, only seems to have sshd and cupsd listening on the network, and i explicitly enabled those services.
A tailored linux distro designed to perform a specific service will have more listening by default.

Having looked at a default install of ubuntu netbook:
CUPSD is listening, but only bound to 127.0.0.1
avahi-daemon is listening on udp, but is not running as root

While not a perfect situation, a single non root udp service which is relatively simple is a far better than the default state of a windows machine which will have extremely complex services such as msrpc and smb filesharing listening and running as SYSTEM by default, i believe there are other services too such as upnp...

The differences are:
The quantity of code which is exposed to the network, msrpc has FAR more functionality than avahi... plenty of scope for people to find exploitable holes.
The privilege level - exploit a service running as a privileged user and its game over, exploit one running as a normal user and you still have work to do.
Ease of removal - its easy to remove or disable avahi from ubuntu, how do you remove rpc and smb from a windows box? it's possible, but beyond the scope of typical users, which is why most users end up with the half assed crutch of hiding the service behind a firewall.

And note, this is just ubuntu, i don't have default installs of other distributions at my disposal to verify.

My point however, was that windows includes network listening services by default (msrpc, netbios etc) which are not only entirely unnecessary on a client system, but also not obvious how to remove. Why does a single user desktop sitting on the end of a consumer dsl line (or dialup) need to offer services to the outside world?

A workstation aimed at clueless users should NOT have network listening services running by default, and should have them not listening rather than hidden behind a firewall. A firewall should be an extra line of defence, not the sole one.

Older linux distros used to come with lots of listening services, and in all those cases it was trivially easy to disable them, it was not necessary to keep the services running but hidden behind a firewall.

Re:Example of competition gone wrong

[mpe]

2) Antivirus vendors are now trying to police what you can and can't do. Look at the numerous reports of false positives for programs that are legally grey (or black) but aren't viruses.

They don't even have to be questionable. VNC manages to generate plenty of false positives, IME.

4) The products are often so badly written that they cause as many problems as they solve. A bad update here or there can (and has in the past) caused irrevocable system damage that has required a reinstall or restore from backup for users. What's the point of an antivirus that does this.

Not helped if these programs are over complex and fragile. The ultimate apparently being Norton which now has it's own special uninstall utility.

Re:Example of competition gone wrong

[mpe]

The game console makers prevent the attack just by requiring all executables to have been signed by the console maker and putting a policy in place that software from a one-man outfit won't get signed.

Which can still be defeated by exploitings bugs in approved software. The effect is more to restrict who can write for the platform. Even to attempt to control what the owner can do with their machine.

Re:Example of competition gone wrong

[mpe]

The vast majority of said windows malware actually takes advantage of the user combined with the fact that user typically runs all his code as an admin.. Unix/Mac don't give you elevated privileges by default, and provide a well understood mechanism by which you can elevate your privileges which *should* make you think...

Such elevation can also be applied on a per program basis. If there is an equivalent of setuid/sudo/etc in Windows it dosn't appear to be that well understood. To the point where "give the user admin privs" is considered an acceptable way to deal with poorly written programs. (Even though changing the permissions on a few files and/or registry keys is probably all that is actually needed.).

There is also worm type malware which attacks open network services, windows ships with several services on by default, even on a workstation install, which cannot easily be turned off and are usually just hidden behind a software firewall...

There are also quite a few which are on by default, but rarely needed. As well as some very odd service dependences, e.g. an MS Office update which requires the task schedular service to be running.

The issue with unpatched software, while a concern for all platforms, is simply worse on windows platforms... While Linux distros typically have a centralised package manager which will update all of your software through a single consistent interface and all at the same time, windows has a mechanism for updating the core os, and then each application you install may or may not have its own separate update mechanism which might run in the background (wasting resources), might run when you try to use the program, might require you to explicitly run the update program, or it might not have any update mechanism whatsoever and thus require you to manually check the website for updates.

There's also the situation of a program not being upgradable. You explicitally need to first uninstall the older version. As well as version checkers which can't cope with the concept of a newer version being present.

Re:Example of competition gone wrong

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

You mean like some sort of common malware enumeration?

Re:Example of competition gone wrong

[AdmV0rl0n]

Lets be clear. I am going to take a liberty here and presume you are thinking worms. Open ports, and your chatter.

You got off base, most malware his windows users because of some poor user choices, and some poor system defaults. Not generally by an open port (although I don't dispute a threat vector on open ports of any system). I don't doubt that we will see more worms at some stage, but its not what this was about..

Now, seeing as you chose to raise it, computer systems in use, in the way they were designed, include open ports, and if you take this in a general sense, its not the computer or the OS that may be at fault, but rather an application, daemon or similar (which might or might not be from the OS vendor involved). The raw truth if you accept this premise comes down to a basic issue of wether good security exists on such an app, and wether its updated and patched by the vendor, how quickly its patched, and wether the user updates any released patches.

Today, the platform is less relevant - because its not wether its windows or linux, its wether an exploit exists on your port/app/deamon, and have you patched this up.

And in terms of shutting all the ports and blocking them, yes, thats all fine and good until you need to do some work, or use a computer for what it was designed for.

I'm probably being bold here, but what we need less of, is the premise that we should all run round and close everything off, but rather than the apps, and daemons and systems should be rather more well designed and secure to begin with. In this regard, we are still at the infant level of design and build and ideas like C# and other efforts are paving stones on a very long road we will have to travel.

Re:Example of competition gone wrong

[AdmV0rl0n]

In answer to your first comment, yes, any user could download malware. Fine, you got your dig in. However, the download will be restricted to the user area, its going to have limited ability to change system files, and its going to struggle to take out, remove, damage AV programs. Further, its going to be more easily fixed, removed by a toolset, and its going to be very much more limited in scope.

Hence, your comment in no way justifies running as admin.

The second part, that of user error, or stupidity can't be helped, and social engineering will always make a serious effort to effect that aspect.

Re:Example of competition gone wrong

[takowl]

I'm not trying to claim that running as admin all the time is a good plan. I just don't think it's the panacea it's sometimes held up as. In particular, people suggesting that such 'intrinsic security' in Windows would make AV software and removal toolkits unnecessary.

2: I think we're actually in agreement on this. ;-). What I was trying to say was pretty much that it can't be helped. Which means that 'intrinsic security' will never be enough for the mainstream, because people will override it.

Re:Example of competition gone wrong

[AK+Marc]

No, this is a clear example of a monopoly creating a market repairing broken Windows. That's why it seems confusing.

Irrelevant. That there's a monopoly on the OS doesn't have anything to do with the software that runs on it. We had a monopoly of petrol cars in the US for the longest time. Sure, that meant that the diesel Mercedes didn't sell here, but the competition between the petrol car makers was real. And that competition worked the way it was supposed to.

But antivirus makers not naming things the same would be the same issue if the viruses were written for Linux or any other OS. Their requirement to lock in to the OS at the kernel level in order to protect at that same level (assumes viruses have root, which is a separate debate) would be the same, and so that means that updates would have the same capacity for killing the OS. If you don't set them at a high priority, your computer will be sluggish because every scan before you do something will take longer. But if you set them at high priority, any errors in the program will be elevated above everything else, making the computer slower.

These problems don't go away on other platforms. And other platforms are vulnerable to viruses, even if only if systems are unpatched and users run as root (which if you think won't happen would be a separate debate, but it's obviously the norm today).

So you blame a monopoly for the results of bad software when the problem looks to me to be the same even if it were run on non-monopoly software. I just don't see how Windows caused AV software to be bad.

Re:Example of competition gone wrong

[AK+Marc]

If there is an equivalent of setuid/sudo/etc in Windows it dosn't appear to be that well understood.

My understanding is that it is automatic. That is, if the program is written right, you are logged in as user, and when something needs root, it pops up and states it's needed and asks for that permission. And for things that aren't smart enough to ask (older programs), you can right-click and run-as admin. I'm not set up right now to test this, but hopefully someone out there can check this on Vista or 7.

One of the real problems is that all programs seem to want to be admin. They not only require admin to install, but even to just run. When people get more than [insert unknown arbitrary number I'll call 10 for now] pop-ups per day doing "normal" things, they think it "normal" to click yes on all of them, eventually letting in the bad ones.

Re:Example of competition gone wrong

[Korin43]

I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl.
I wrote: and not just the resident portion

And I wrote that I used AVG and Clamwin at the same time. I bet I could've run scans with others, I just didn't see the need.

Re:Example of competition gone wrong

Note: posting Anonymously because I work on the scanner for an anti-virus product.

Because of the way they work, running more than one real-time scanner at the same time is also a bad idea because they will each interfere with what the other scanner is doing. Both are going to be running a fairly low-level process which is touching lots of files, potentially moving things around, denying access to processes etc. If they both scan something and decide it's malware they can fight over who gets to quarantine or modify it. Heuristic scanners can also sometimes be tricked into thinking that another scanner is malware simply because of what it is doing. The way that a lot of AV scanners store their detections can mean that there are 'bad' strings or byte sequences in their data, and a resident memory scanner can actually potentially detect this too.

Unfortunately there are a lot of ways that a machine can be infected without you running anything at all. Flash, for example, is notorious for having a lot of exploits which can compromise your machine and allow malware to run without you doing anything. Additionally there is a lot of malware that can spread over a network. Last year's Conficker outbreak is a good example. It could spread over a windows network, brute-forcing weak passwords or simply exploiting an unpatched vulerability and stealthily installing itself. Your only real way of knowing it was there was that you would suddenly lose access to certain websites, eg Windows Update. While you may be smart enough not to run HorseSex.exe, it doesn't mean that a family member or co-worker with access to your home/work network is also that smart.

A light-weight realtime scanner is a good idea. I wouldn't personally use one of the bigger ones because they tend to be resource hogs, but there are pretty reasonable products out there that don't consume your whole machine. If you don't run a realtime scanner, you're flirting with fate unless you are extremely diligent (eg Firefox instead of IE, flashblock, use noscript and only whitelist what you know is safe, strong windows password, run windows update every tuesday, keep all your software patched, and make sure anyone accessing your network is just as diligent).

Re:Example of competition gone wrong

[Handover+Phist]

If it can get into Ram, it can do all sorts of nasty before you know what's going on. Not saying it's happened, just sayin there's a BIOS it can touch and possibly a whole lot of subnet attached to that one liveCD run box.

Re:Example of competition gone wrong

[Bert64]

The important fact, is that windows includes service ports listening by default, which expose a LOT of functionality, and which do not provide any function which is useful to the average desktop user.

If a user makes a conscious decision to install something that listens on the network then that's one thing, the user knows it's there and has made a decision to use it.
The average windows user is probably completely unaware that their system is offering SMB and MSRPC services (among others) to the world.

Services should NOT be present by default, especially on workstation systems. The user should make a conscious decision to enable a service *IF* they want to be running that service.

And in terms of shutting all the ports and blocking them, yes, thats all fine and good until you need to do some work, or use a computer for what it was designed for.

I'm specifically not advocating blocking ports, i'm advocating not having anything open by default, so that anything the user turns on they have done intentionally (ie when they need to do some work as you put it).

This has the other side benefit of creating a diverse culture, since not everyone will run the same things.

Re:Example of competition gone wrong

[Deefburger]

The problem isn't the competition or the free-market. The problem is Intellectual Property. IP is what is getting in the way.

Running multiple products

[DodgeRules]

Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats.

This is why I have to run 6 different scanners: because there isn't one that detects all the threats. I currently run 2 antivirus programs along with SpyBot, SuperAntiSpyware, Windows Defender, and Malwarebyte's Anti-Malware.

Re:Running multiple products

[Kleen13]

That's too much shit running for me, though I agree with you - no one scanner is God's answer... I gave up and just do good backups and run MSE. I've implemented a Don't Click That policy with my wife and 2 kids, so far I've dodged the bullet.

Re:Running multiple products

... and then you complain Windows runs like a snail.

Re:Running multiple products

[Kleen13]

I know, I know... Should have bought a Mac. shhhhh

Re:Running multiple products

[RAMMS+EIN]

``This is why I have to run 6 different scanners: because there isn't one that detects all the threats. I currently run 2 antivirus programs along with SpyBot, SuperAntiSpyware, Windows Defender, and Malwarebyte's Anti-Malware.''

And yet, people insist that Windows is user friendly. More so than other operating systems, even.

Re:Running multiple products

[drinkypoo]

If you don't engage in risky behavior you don't have to worry so much. For example, paying for all your software should be enough to get you down to one virus scanner and two anti-malware programs :)

Re:Running multiple products

[ozmanjusri]

If you don't engage in risky behavior you don't have to worry so much.

Really?

Researchers Hijack a Drive-By Botnet.
They found more than 6,500 websites hosting malicious code that redirected nearly 340,000 visitors to malicious sites. Drive-by downloading involves hacking into a legitimate site to covertly install malicious software on visitors' machines

"Once upon a time, you thought that if you did not browse porn, you would be safe," says Giovanni Vigna, a UCSB professor of computer science and one of the paper's authors. "But staying away from the seedy places on the Internet is no longer an assurance of staying safe."

Re:Running multiple products

[Jeppe+Salvesen]

Get an iPhone. Seriously. Requiring signed and approved applications along with a mechanism to withdraw applications is the only feasible way I can see to somewhat secure a computer. Plus, http and smtp must die, instead requiring https and some better mail protocol with encryption and signatures.

Certificates should be issued by government, by the way. Preferably at a cost that will cover a reasonable identification procedure for the certificate holder. And I realize this raises a lot of issues with regards to authoritarian regimes. Sorry, but that's the only way we'll get this beast under control. We'll have to accept these limitations, and do our best to put checks and balances to increase transparency in the processes. This is our infrastructure. And anarchy has failed, like it always has: The bad guys get the edge when there are not enough restrictions/not enough enforcement of the restrictions.

Re:Running multiple products

[Zontar+The+Mindless]

Let me get this straight -- you're saying that the way to avoid to losing any control over our computers is... to give up all control over our computers?

Re:Running multiple products

[hyades1]

Is the problem that bad, or is this just the latest version of Chicken Little? I use Avast! Antivirus, Malwarebytes, Spybot and Comodo's firewall. They update and scan each night when I'm not at the computer (which is on 24-7, by the way, and has been for more than five years). I've never had a virus or any serious malware infestation. Never. A few tracking cookies, the occasional inactive trojan and the like are invariably sacrificed at the nightly slaughter.

And yet you believe I should give up what freedom I have to governments with a track record that would make any intelligent person cringe in a futile quest for perfect security. They're more dangerous than the malware, and much, much harder to keep under control. I really hope your fear doesn't spread, and stampede people to give up freedom they'll never get back.

Re:Running multiple products

[Bert64]

Warez doesn't typically come with malware, if anything pirate copies of various things often have malicious (defined as doing something detrimental to the user or his machine) code such as drm schemes removed.

I have done many incident response jobs, where one or more machines inside a company becomes infected with something that the av they subscribe to fails to detect, and it falls upon me to investigate the infection. Very few of these machines have any warez on them, or evidence of trying to view things like porn (most of these companies use a filtering proxy which would detect that anyway). The vast majority of these users were infected through visiting legitimate websites that had been hacked.

Re:Running multiple products

[Erikderzweite]

Six scanners?! You can't be serious...

If that's true you either REALLY need Windows or are plain masochistic. I don't use Windows for years now, but I still remember how a scanner trashes the hard disk and slow the whole system beyond acceptable for some hours. With six scanners it would take a whole day to run them through your disk once.

Thanks but no, thanks.

Re:Running multiple products

That is a totalitarian level of control that would have many other unintended consequences...

What i would advocate instead, is that users be required to pass a test before they are allowed to connect a general purpose computer to the internet, like a driving test.

Without passing such a test, you should only be permitted to connect a "managed" device to the internet, that is a machine where someone else controls it and you only have extremely limited access to it.

Re:Running multiple products

Yeah, that's basically the Apple logic. Their users love being dominated, and paying big bucks for it.

Perhaps it reminds these trendy Apple users of their favorite sexual encounters, which often involve a wealthy older man shitting all over them for a modest fee.

Re:Running multiple products

SpyBot and Malwarebytes aren't active scanners though.

Re:Running multiple products

Then what is the point in Malwarebytes setting itself to autorun at startup?

Re:Running multiple products

If you don't engage in risky behavior you don't have to worry so much. For example, paying for all your software should be enough to get you down to one virus scanner and two anti-malware programs :)

The "three perilous P''s" as I call them account for 98% of the malware I see on my user's machines. Porn, Peer to Peer and Popups. If they stay away from those three things they rarely have virus/spyware/malware issues. If not, no software protection known to man is worth a damn. I see machines every day with every UPDATED name brand anti... suite there is positively blitzed with viruses.

Re:Running multiple products

Malware programmers are users too.

Re:I gave up on viruses a long time ago

[The+Mighty+Buzzard]

Yeah but wouldn't it be nice if we could bomb/shoot/waterboard virus writers?

Should know better

[findoutmoretoday]

News agencies know better,  for years now they offer us the 1000 reporters, one main story approach.  As they know that customers discredit uncertainty.

Re:Wow!

[MichaelSmith]

He's a script.

Or he is you.

Re:Wow!

[Ethanol-fueled]

Or he is you.

Re:I gave up on viruses a long time ago

[delta98]

How many possible combinations of code makes viri? I hear over 30,000 or so a year since 1993 so it would suggest that most possible combinations plus mutations should play out by now. New names makes no difference. The thing that gets my attention is the fact that of all viri threats only a few every year make it to the "scary" level. So I wonder how do these writers know what to write. Sql and other attacts aside there is only enough room. That is what makes a computer eloquent in it's on little way.You can only hose a system for so long. Time is running out for once to our benefit.

Re:I gave up on viruses a long time ago

+1 meandering stream of consciousness that exposes that while the topic is about viruses, the writer is only thinking about airport security stories.

Re:I gave up on viruses a long time ago

[MBaldelli]

I use Linux. Its true that there are some viruses for Linux, its just that I haven't ever had one.

That's because it has what? 1% or 2% of the worldwide desktop machines? It really doesn't qualify to warrant the attention of serious hacking... There's no need because 1. it's free, 2. the community that it supports cherishes it, and 3. it's users are generally savvy enough to know what to click on and what not to click on when they're out on the net.

If Linux ever does gain more popularity in the desktop market, rest assured it'll suffer the same fate as Apple/Mac did when it grew in popularity. This will definitely happen when 1. it is no longer free, 2. the community becomes snobbier than it already is, and 3. it becomes easy enough for Windows users to migrate without being afraid of seeing a terminal window.

Impossible I know, but I thought the same when Mac became more popular.

Re:Wow!

[MichaelSmith]

Either you have been drinking too much Ethanol or I have not been taking enough Tegretol.

Re:I gave up on viruses a long time ago

[delta98]

I wouldn't go to that extreme. Do not throw the baby out with the bath water. I see the anger I have to deal with it on a day to day basis with some of these turds but I would also like to see the holes they punched in. Hate to say it ,but freedom has a price. I am pissed off sometimes but as a professional I do give props where they are due.Keeps on on their toes.

Only six products?

[symbolset]

That's not nearly enough. I get good results with twelve usually, but for porn surfing 16 is not near enough! So I use a Mac or Linux instead. They've got some magical anti-malware internals - probably thirty or forty heuristic engines in there I suspect, but man are they fast! They don't slow the machine down at all.

Apples and Oranges - A Comparison

[scapermoya]

one of my favorite papers ever: Apples and Oranges: A Comparison

Re:Wow!

[thoughtfulbloke]

The writer could conceivably seen the story in the firehose, thought this one will make the front page, copied and pasted story into a text editor and composed their message, then had it ready to post. When the article with your reply came live, they posted within 8 seconds, with a more cogent response than your initial first post as they had time to work on a first reply. This is also suggested by the post referencing the story but not your post.

Alternatively they might have actually read the article, and thought This will make slashdot one day, then followed a similar plan, but Mr. Ocham might want a word over an explanation that involves that much forward planning and OCD monitoring of the front page.

I think we can kiss this meme good night now.

[symbolset]

There are now at least 20 million linux users. That's a large enough market that if somebody could do it he would have - if just to prove he could.

Re:I think we can kiss this meme good night now.

[drinkypoo]

Linux is too fragmented. Get 20 million Ubuntu Karmic users (or whatever) and you'll see some malware. Of course, if you see much Linux malware crop up, then you'll see some userspace tools for SElinux... or such is my hope.

Re:I think we can kiss this meme good night now.

[JoshDD]

I've been using linux without the dual boot to windows since 2001 when I decided windows wasn't for me. (I run way to many distos to be happy with one windows) But when I did use windows I never once got a virus that I didn't put there myself. (Strictly for testing purposes...hhmmm I wonder what this does?) most virus/malware is not really a problem for someone even remotely competent with a computer. Most leave clues and its kind of a challenge to figure it out. (Kind of like Kings Quest...oh no save/find my files...) And really most windows problems can be avoided by checking the file extension of what your executing.
Now I used to run a second windows (dual boot) to test stuff I wasn't sure about. Kind of a little bomb proof room.

Re:I think we can kiss this meme good night now.

[flyingfsck]

You are super pessimistic. There are more than 2 billion Linux machines out there and pretty much every Windows home user has a dinky little Linux based modem and firewall thingy for his desktop to hide behind. Linux devices are much more prevalent than Windows devices. Windows is only dominant if you define the market segment so narrow that it is the only thing that fits...

Re:I think we can kiss this meme good night now.

[mogness]

Again it's Linux vs Windows. I like linux, and I like that it's free. I used it for about two months straight and now still occasionally use it to do some specialty tasks. The problem is, I have to continually switch back to windows to do certain things (primarily, use my USB phone which is only compatible with windows, and play any newer games). It just becomes more convenient for a potential convert like myself to stay with windows because software vendors don't support Linux. It's not the users that need to wisen up- we're ready. I think the problem is that software vendors aren't ready to make the change. BTW, I think in a discussion of malware it's not really relevant to bring up things like routers or drive by downloads on reputable pages. Sure there are edge scenarios that someone might have a vulnerable router, or maybe a New York Times advertisement is actually a drive by trojan, but these cases are few and far between. The main issue with malware is the uninformed user. People clicking the wrong things, they let it run as an higher privileged user, and then... "OMG, Windows is so vulnerable!" If you run some junk software on Linux, it can just as easily own your box as on windows. I think the low occurrence of Linux malware has to do with the fact that anyone who installs Linux on their PC has to be somewhat computer literate, as opposed to just buying a computer at the store which has Windows. I just don't understand how people can be so biased. Microsoft makes good software. I mean, it's certainly not any more buggy than my Ubuntu installation.

Re:I think we can kiss this meme good night now.

[Gadget_Guy]

That's a pretty unfair comparison for this discussion. If you run Windows with just a service like a firewall then it too is pretty secure. It is only when you start installing more complicated programs to read emails, browse the web and load office documents that it starts to become vulnerable to viruses.

Re:I think we can kiss this meme good night now.

You are super pessimistic. There are more than 2 billion Linux machines out there and pretty much every Windows home user has a dinky little Linux based modem and firewall thingy for his desktop to hide behind. Linux devices are much more prevalent than Windows devices.

Windows is only dominant if you define the market segment so narrow that it is the only thing that fits...

Yes, there might be 2 billion Linux machines out there, but how many of them have a clueless interactive user at the console day in and day out?

Re:I think we can kiss this meme good night now.

[sapphire+wyvern]

Out of that 2 billion Linux machines, how many are used as interactive user workstations (ie desktop & notebook clients)?

It matters.

Servers are usually administered by someone who knows something about what they're doing. Consumer appliances are often not administered at all - but that's fine, because their software loadout comes with everything they will ever need and any updates come as a "whole system software replacement" from the manufacturer. An appliance's small functional set compared to a general purpose PC means that they have extremely small attack surfaces, which also reduces their vulnerability.

Neither of them are in a situation where their owners are going to easily expose the system to the two primary infection vectors for malware: hostile sites on the internet that exploit browser vulnerabilities, and trojans that are executed at the request of the ill-informed user because they thought they were going to get something they wanted or needed. Linux and OS-X have no special protection against these vectors compared to Windows, as the pwn-to-own contest regularly demonstrates.

When was the last time there was a major Windows worm that can replicate over an internet connection unaided? A quick google for "new Windows worm" all seem to be about Conficker, and mostly date back to late 2008/early 2009. Even at the time of these reports, it was known that Conficker required a vulnerability to be present for which patches were already available and had been distributed to any competently-run machine. Conficker's been pretty successful, but according to Wikipedia it has three infection vectors: the now long-since-closed vulnerability that was patched in October 2008, dictionary attacks against weak admin passwords (hard to blame _that_ on the software vendor) and user-assisted installs via USB drives which Conficker sets up with misleading autorun dialogs. (Aside: autorun has got to be one of the worst security ideas ever. Thanks, Microsoft). It's not like Linux hasn't had _any_ exploitable remote security flaws in the same time frame. Debian version of OpenSSL, for instance?

The simple fact is: desktop systems are profitable to pwn, Windows machines are the largest juiciest bunch of grapes on the vine, and systems that interact with the clueless on a regular basis are the lowest hanging fruit of all. Economically, Linux (and to a lesser degree Mac) malware is impossible to justify the return on investment, and believe me, malware these days is all about the ROI. The bad guys do love a nice pwnable Linux webserver though, thanks to their valuable clean IPs and good internet connections, so they scoop them up when they can - but there aren't enough of those around to justify the kind of R&D that goes into their Windows client pwnership tools. But despite their rarity, vulnerable Linux webservers can, and *do*, get pwned on a regular basis because they're valuable. It just doesn't usually make it to the mainstream press when it happens like the latest variant of Windows Herpes - because the set of people who care about the impact of a security flaw on badly-administered Linux servers is negligible compared to the boundless masses of people who use Windows computers every day at work and at home.

Re:I think we can kiss this meme good night now.

If you define the market segment so large, that means Windows is no longer a monopoly on 'computer-like devices'. Which means they are free of any and all anti-trust obligations. Wanna play that game? I bet all you lemmings will rush to want to have narrow market segment definitions again.

Funny how Linux only works when either you have specially trained users (admins) taking care of the installation (servers) or you lock down the device into a appliance role (routers, phones,etc ). Linux Desktop Environments are a fail for the general population. Desktop Linux is a fantasy.

Re:I think we can kiss this meme good night now.

[BitZtream]

Me thinks your estimates are far more than a little inaccurate.

I know of no one outside of a Google employee that runs Linux on any device they own.

None of the non-tech savvy have a Linux based router, and the tech-savvy people I know that use something custom use a BSD.

I've yet to come across a Linux based WAP or router in the real world.

Sure all your linux friends may use one, but that isn't exactly an unbiased comparison.

Re:I think we can kiss this meme good night now.

[nxtw]

There are more than 2 billion Linux machines out there and pretty much every Windows home user has a dinky little Linux based modem and firewall thingy for his desktop to hide behind.

Many might run Linux, but many use closed source embedded operating systems. The vendors would easily switch to something else. For example, I believe Linksys switched from Linux to VxWorks in one model because they could get away with including use less memory.

To most end users, the fact that the device uses Linux simply doesn't matter. They wouldn't notice if the device used some other operating system that had the same functionality.

Re:I think we can kiss this meme good night now.

[nxtw]

I know of no one outside of a Google employee that runs Linux on any device they own.

None of the non-tech savvy have a Linux based router, and the tech-savvy people I know that use something custom use a BSD.

I've yet to come across a Linux based WAP or router in the real world.

Many consumer network appliances do run Linux, but don't advertise it. What operating system a device uses is meaningless to most end users, and many devices don't have a published method of changing the software running on the device and don't expose any Linux-specific functionality. Some effort is required to find out if the device even runs Linux.

To the creators of these devices, Linux is often just the best choice given current open source and proprietary software: it ends up being cheaper than licensing a proprietary operating system and cheaper than developing a custom one. Some treat GPL compliance as an annoyance, and do little more than uploading the GPL code used in the device to a web server. They might not provide any meaningful way of modifying and using that code on the device.

The first few years of production of the popular Linksys WRT45G used Linux, but later revisions switched to VxWorks. This was a very popular router.

Open-source code (possibly including Linux) is used in other consumer electronic devices too. Open-source licenses are sometimes printed in the manuals of TVs, digital cameras/camcorders, etc.

Falsies (I've been a victim of this & others t

"2) Antivirus vendors are now trying to police what you can and can't do. Look at the numerous reports of false positives for programs that are legally grey (or black) but aren't viruses. I've personally had network tools come up as false positives and it's a pain to unquarantine and exclude them so they don't quarantine themselves again." - by syousef (465911) on Monday January 11, @02:11AM (#30720570)

This I totally agree with you on, & I myself have been a victim of it as a freeware developer!

E.G.-> I wrote an application back in 1999 that is "flagged" by CA as a threat, albeit with "ZERO THREAT LEVELS", listing it claiming it can be used by malware authors to do damage to others... wtf?

So, upon the advisement of an attorney, I took their 21 point test (via vendorappeals@ca.com & writing greg.jensen@ca.com also in regards to this), & my application did not violate a SINGLE CONSTRAINT, & yet? They STILL list it on their website... - this was prior to ANY RULING that antivirus/antispyware companies can now do so (funny that, eh?)!!!

(Boy - it's rather 'funny' how the "rules change" for big money, eh? Especially when you catch their "so called software engineers" constradicting their own rules for removal from their lists).

I am not alone in this either, by the by:

----

E.G. #1 - Dr. Mark Russinovich has had this happen with his utilities as well

E.G. #2 - Nir Sofer of Nirsoft has also...

----

In fact, I had a large discussion with Nir about this in fact, via email, & he does a blog on it...

(Does it change anything? Nope!)

NOW, my app, ALL it does? Is allow a user to launch ANY APP HE WANTS, invisibly. I designed it @ the request of a user on a forums to help him out, back when Apache for Windows did not have a resident background service running (like most webservers do on Windows), or @ least that was his problem he told me.

So, since it was VERY EASY TO CREATE, & at the request of a fellow forums member, to help he out, I did so.

(I.E.-> It is a simple app, & it uses 1 line of code to do so (i.e.-> most shell/spawn commands in various compilers have parameters to do this in many compilers), so I "whipped it up" for him, as he requested needing such a tool - just to help out a fellow forums poster whom I had known for years no less online @ NTCompatible.com... )).

Next thing I know? My app is listed by CA + this fool named Thor Schrock as a malware!

(& others also, but, they removed it once I requested it and showed them that I am ANYTHING BUT a 'malware author', per guides I have been doing for decades like this one -> http://www.tcmagazine.com/forums/index.php?s=9dacda674c6b55f869c4db3d5b0cc0df&showtopic=2662 that owns the top spot on GOOGLE when you search "HOW TO SECURE WINDOWS 2000/XP" and the top 50 or so after that. It has gone WELL over 250,000 views online in 2 yrs. time across 15 forums and also has been rated "5/5 stars", or is in their top 5 most viewed on tech forums sections, or was made a "sticky/pinned thread" or "essential guide" no less! My guide helps Windows uses secure their systems in fact!)

I have YET to have my single app (APKApp2BackGroundDaemonProcessEngine.exe) be removed from CA's or this fool "Thor Schrock's" listings, even though I did not violate a SINGLE constraint of CA's removal request document's constraints...

These people victimize smaller developers who are NOT "malware authors" because they know what it costs with attorneys to attack them... so, they get away with it.

I was told in fact, by an attorney out of Rochester N.Y. who handles such things I had a winning case, but he told me it was not worth it ($150,000 award roughly possible), because he said these companies would drag him through the courts for 10++ yrs.,

How about latin names

[starbugs]

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

How about a (latin/greek) Biological-like naming system. After all, it works for biology and many (computer)viruses are derived from earlier versions of those viruses, so we could have actual hierarchies.

So you could have a name such as: "userus.dumbus.clicktus.pornolinkus.diabolicus"

Of course after the latin name we could come up with a "common" name - based on the name of the unfortunate tech who had the displeasure to remove it first.

Re:How about latin names

[jez9999]

The trouble is, everything would be under userus.dumbus.clicktus.pornolinkus so it would just be a common namespace and wasted characters.

Re:How about latin names

The trouble is, everything would be under userus.dumbus.clicktus.pornolinkus so it would just be a common namespace and wasted characters.

No, there's also: "wantus.seeus.cumlingus.gotbotnetus.spamus" or "gotbotnetus.deeoesus"

Who reads them anyway?

[Phurge]

They're all the same anyway: "Big Scary Virus, so buy my overpriced antivirus software"

I use Antivirus 2009

It stops attacks all the time. It's very good.

Re: Live CD

[Errol+backfiring]

It can't, usually. But it can infect a machine running from a live CD. No problem.

rainaki

[rainaki]

Malware is a very effective and dangerous virus for computer security .Whenever you scan your computer every time you get directed malware ..Its very powerful virus . Ultra Rezv 1000

Re:Falsies (I've been a victim of this & other

Dude, the regular perl script has fewer funky symbols than your post. You may or may not have a good point, it's hard to tell with all that noise in your posts. Hint: Stop using & all the time, there is a regular word you can use instead. 'and'. See? Wasn't that hard to type.

Missing threath

[gmuslera]

Believing all that say those reports, and doing quick and wrong choices.

Re:I gave up on viruses a long time ago

[AdmV0rl0n]

I'm going to reply to your comments in "".

"I use Linux. Its true that there are some viruses for Linux, its just that I haven't ever had one."

Do you understand the difference between a Virus, and Spyware, Malware, Worms, and Root Kits? This idea you have is a mirage. Linux boxes have multiple serious security flaws, as all our systems do today, The idea peddled by some is that one side is immune, while the other is an open door way. I'd really rather people talked sensibly with a realisation that our current systems and how they are built remains fundamentally flawed.

"When I was in college, the monkey virus (long ago) was the baddie. When I was unfortunate enough to manage windows systems, code red, nimda, I love you and a few others were all the rage. I got real disappointed when they started listing viruses in the ten thousands, then fifty thousands."

Windows has fundamental flaws, and since win95, its architechture and design had some serious problems. In XP, users by default are created as Admins, and the bulk of the Windows world, developers, suppliers and ISVs continued with a lot of flawed security. This 'ease' of use operation, leaves security mired in a serious hole. And its one that Anti Virus companies and Anti Spyware and Malware companies and organisations are still chasing down today, as well as Microsoft. However, for a very very long time now, Microsoft, and others have stated quite clearly one of the steps that should be taken, and often, even today, is still not taken, and that is _do_not_run_as _admin.

"For Linux, its been in the teens. Mostly root exploits, proof-of-concept stuff, and virii that you have to allow in and set to execute yourself (change permissions, etc)."
http://www.pcworld.com/article/113636/linux_groups_servers_hacked.html

The arrogance of your point is noted. However, its badly placed. Linux systems that are actually placed in the real world, live, facing data ports. One of the large advantages this does exist, is the majority of users are created as users, not as the admin account. This alone is a primary basis for its better record. The point however, is that its not immune, and people should be very careful in assuming that it is.

"Its possible, but not probable to kill your system with these viruses. Perhaps it is good fortune, but I've never been infected (under linux). I'm not trying to troll, its just that the virus writers don't ever get tired trying to be destructive (mind you, kids come and kids go), and the anti-virus folk always seem to have some kind of real specific remedy, which keeps people buying. Its a bit like homeland security. In order to have a budget, there has to be a threat level. In order to sell anti-virus software, there have to be viruses. Shutting an airport for 6 hours because a man kissed his wife sounds like an over reaction. Its stupid. Its non-sensical. Its someone sounding the klaxon too loud so that the danger-danger-danger mentality and the budget both are accepted. No terror, no budget (or sales). Its a game. I refuse to play. If there are viruses on some system, I use the other. Terrorists always target planes, I use car, or bus or something else. The virus researchers never seem to offer anything all encompassing. Its always piecemeal, just like the homeland security rules. The terrorists always always target at the last hour, so we worry about just the last hour (very piecemeal). A stupid approach if you are trying to solve a problem like terror or security, but a real boon if you are trying to sell software or get a budget passed. Milk it baby! Milk it hard. But please, count me out. It just looks like a pile of crap to me (both). Thanks."

When I last spent time with a team from Mcafee, they spoke about how their labs a few years ago, were getting 60,000 unique samples of virii and malware code, and how only a couple of years later they were being bombarded with 255,000 a month. No security co

Please: Enough already w/ the offtopic stuff! apk

Sorry, & is a valid abbreviation for the word 'and' & I will continue to post thus... so, please: Deal with it.

Now, your use of the word "Dude"? Sure, a lot of folks use it (especially after the old film with Sean Penn (great actor, director, & INTELLIGENT guy) "Fast Times at Ridgemont High" but, it is still "slangish")...

So, that said & aside? Well, as you can see?? ANYONE can criticize another's writings... I can, and just did, do the same to you, to prove a point is all. It's very easy to do, and is needless though.

Sincerely,

APK

P.S.=> By the by, you're off topic on this subject too... apk

Sunbelt is an AV vendor now ?

The antivirus of this $cientology (*1), (*2), (*3) company is not included in the AV-comparatives tests. And considering $cientology activities on the Usenet, I wouldn't trust this company on anything security-related (*4).

*1 http://www.skeptictank.org/hs/wiselist.htm
*2 http://myreligion.scientologist.net/stusjouwerman/myself.htm
*3 http://www.sunbeltsoftware.com/About/Management/
*4 http://it.slashdot.org/comments.pl?sid=158250&cid=13259081

Re:Please: Enough already w/ the offtopic stuff! a

Please create an account and use it so we can downmod you into the oblivion you so richly deserve.

Re:Falsies (I've been a victim of this & other

Hello APK...

I'm sure you are aware, big vendors don't like small independent developers... They threaten to upset the applecart, offering superior software for a better price (often free)...

Big vendors want to rest on their laurels and give their shovelware a new coat of paint every year and sell more overpriced copies. They like the status quo, being able to make minor changes and infinite copies to sell for ridiculous prices.

Naturally, the software market should have extremely low barriers for entry, resulting in a huge amount of competition forcing prices down and quality up. In reality, you have a few big companies and cartels keeping the market artificially immature so they can continue to rip people off.

The software market as it stands now looks like it's still in the early adopters phase, with prices kept unrealistically high and no dominant standards.

I not English write much good

[codeButcher]

Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats.

Doesn't make sense to me. I mean, if Schemester Antivirus wants to identify a threat that is "not the same" as the one Flybynight Computer Security wants to identify, wouldn't one expect them to use different names?

That's like saying Ford calls its car Fiesta, while Toyota calls its car Tazz, but they are not the same car. (To include the obligatory car analogy.)

Re:I gave up on viruses a long time ago

[Bert64]

Linux has a significantly higher proportion of the server market however, and is dominant in the supercomputer market... The areas where Linux is strong are generally more useful to a hacker, as the systems are more likely to be running 24/7 and have access to far more bandwidth. So yes, Linux is very much a target and has plenty of people working to find ways onto Linux machines.

Software sources

[tepples]

As an extension to the above, the windows mentality of downloading and executing binary installers from websites lends itself to malware

It's not just the Windows mentality. Mac OS X has the same mentality of downloading a disk image from a site and dragging the .app bundle to the Applications folder. Likewise, if Linux ever gets widespread, it will likely have the mentality of adding a software publisher's repository to a machine's software sources and installing software that way.

Re:Software sources

It's not just the Windows mentality. Mac OS X has the same mentality of downloading a disk image from a site and dragging the .app bundle to the Applications folder. Likewise, if Linux ever gets widespread, it will likely have the mentality of adding a software publisher's repository to a machine's software sources and installing software that way.

Adobe (and others) already provide such repositories. The point is that they are at least crptographically signed. And even if Linux was very popular, most people's everyday requirements would be preinstalled as part of the distro defaults or met from the distro's repos, or the signed trusted repos of large companies like Adobe.
In the case of most of the little bitty utilities that you have to be really careful with in Windows in case of Malware (called things like SuperDVDburner or Megafilerename or whatever from company-you've-never-heard-of), their Linux equivalents would still usually come from the trusted repos in Linux, so malware problems would still be much less frequent than Windows even if Linux was very popular.

Re:Software sources

[tepples]

The point is that [well-known companies' software repositories] are at least crptographically signed.

If a malware publisher can buy an Authenticode certificate for $200 per year, what makes you think these repos won't get signed in a way that the less-trained user is likely to trust?

And even if Linux was very popular, most people's everyday requirements would be preinstalled as part of the distro defaults or met from the distro's repos, or the signed trusted repos of large companies like Adobe.

So in other words, developers have to get their software published by either a distro (if free) or a large company (if non-free). But independent video games, for instance, can't go in the distro's repos because making the program and its data free or freely distributable, as required by the distro, would compromise the business model of any video game that isn't massively multiplayer. Developers have to eat, and unlike coders, game artists haven't adopted free cultural works practices in droves. Nor can they go in the large company's repos because large companies compete with self-publishing indie developers.

Drive-by downloads of fake antivirus software

[tepples]

If you don't engage in risky behavior you don't have to worry so much. For example, paying for all your software should be enough

Whom should I pay for Firefox and GNU Image Manipulation Program? But seriously, my aunt got drive-by-downloaded twice, both times by fake antivirus software, and she spends most of her time in Facebook. I didn't know Facebook had mandatory fees. The first time it happened ("System Security"), I was able to boot into safe mode and run MalwareBytes Anti-Malware, but this time ("Advanced Virus Remover", apparently a newer version of the same threat), safe mode just causes the computer to restart during boot. She's using an Ubuntu live CD until she saves up the money to have the (anti)virus taken off by experts. I'd switch her to Ubuntu permanently, but she needs Windows to get pictures off her Pantech phone running Windows Mobile, and if anything, she needs a working copy of Windows to fix her unclean-shut-down NTFS so that she can even install Ubuntu without blowing away all her files.

Re:Drive-by downloads of fake antivirus software

[ComputerGeek01]

Hey kid, this one (Advanced Virus Remover) is a joke I've removed several times by hand. Here's a link to one of the most helpful websites out there: http://www.bleepingcomputer.com/virus-removal/remove-advanced-virus-remover

Assuming you gave us the right name that is. Good Luck.

Re:Drive-by downloads of fake antivirus software

[RobertLTux]

a suggestion for you

1 grab a USB >PATA|SATA cable and a good screwdriver
2 pop the case on her computer and pull out the hard drive
3 use the cable to mount her hard drive on your computer
4 scan her drive on "NSA Paranoid" level (you may of course want to do a scandisk on it first)
5 backup her hard drive after it has been cleaned
6 replace her harddrive boot it and pray

Re:Drive-by downloads of fake antivirus software

[tepples]

From the instructions you linked:

Double-click on the icon on your desktop named mbam-setup.exe.

I tried that, but the AVR-infected Windows Explorer said mbam-setup.exe was infected and refused to run it.

Re:Drive-by downloads of fake antivirus software

but she needs Windows to get pictures off her Pantech phone running Windows Mobile

If the phone's not recognized by Linux even as a Mass storage device, copy all the pics to the phone's MicroSD card (etc.) if they're not already on it, and read the card directly via a suitable adapter in Linux.

she needs a working copy of Windows to fix her unclean-shut-down NTFS so that she can even install Ubuntu without blowing away all her files.

Run ntfsfix from a Live Linux CD.

Re:I gave up on viruses a long time ago

[Rockoon]

The people with the most computing power on the planet right now are Russian hackers (some of the botnets are estimated to total 4+ million machines)

Supercomputers are yesterdays news. These botnets put them to shame on nearly every metric. The idea that you mentioned them as an important target in laughable, because even if hackers got in.. they would get noticed rather quickly even if nobody is watching for it when that 7 hour job instead takes 14.

The key to the success of botnets is that very few ever do anything about it even when they know something is wrong. The masses are the target, not supercomputers.. this isnt the movie Hackers.. that ficticious gibson, even if it existed, wouldn't be worth an organized effort on the level that we see today.

Re:I gave up on viruses a long time ago

[takowl]

The areas where Linux is strong are generally more useful to a hacker

Yes, but also more likely to be controlled by someone competent, who won't open unexpected attachments, download cursors, or fall for the "Your computer has N threats, click here to remove them" scams, and knows about updating software. There are plenty of Windows servers out there too, and I doubt they're infected very often. Malware writers target desktops because there's a decent chance of getting onto them.

Point of interest

[GF678]

Just wanted to make a comment regarding anti-virus/malware vendors and how they co-operate with each other. Recently I took on some Sophos training for work - Sophos makes security software which includes (among other things) anti-virus.

From what I was told, they DO work with other AV vendors in one particular situation: samples. If a new virus/trojan/nasty is detected by any vendor in a partnership of vendors, they will provide a sample to others, but won't tell them their detection algorithms. That way the separate vendors are free to determine what to do with it, while at the same time ensuring one vendor doesn't hog all the info.

Apparently it's a mutually beneficial arrangement for everyone, possibly because there's no point hogging the samples because actual infected binaries will appear anyway. At least that's how I remember it. If anyone can add or correct this, feel free.

Re:Others tend to disagree w/ you (see inside) 100

Hi there, APK, I'm the same AC who apparently managed to stick a burr under your saddle a little while ago. (Not the "Dude..." dude -- the other one.)

I have a 4-digit /. user ID -- which I came by in the regulation manner back in 1990-something. I have excellent karma.

Over the last 12 years, I've authored or co-authored over a dozen technical books (14, the last time I counted) from major publishers like Apress and A-W, edited 4 more, and for the last 5+ years I have worked as a technical writer and editor for an IT company that gets mentioned on this site at least once a week. I've also rewritten several books originally authored by non-native English speakers.

And no, I don't have a PhD, but I do know spelling, grammar, and usage much better than you do, apparently.

So, yes, I *am* an experienced professional in the field, thank you very much. And yes, the "Dude" dude is essentially correct to complain about your use of the ampersand. But don't take my word or that of "Dude" dude for it. By all means, go buy yourself a copy of the The Chicago Manual of Style and check it for yourself.

Re:I gave up on viruses a long time ago

[The+Mighty+Buzzard]

Yet again, the Internet proves itself to be humor's kryptonite.

Cleaning Windows with Ubuntu laptop?

[tepples]

grab a USB >PATA|SATA cable

For personal reasons that I would prefer not to disclose on Slashdot, she wants to pinch every penny from this fix; otherwise, she would have already taken the computer into a local repair shop. At this minute, without access to ask her, I'll assume that she'll tell me that she can't afford to buy a USB enclosure for this fix.

4 scan her drive on "NSA Paranoid" level (you may of course want to do a scandisk on it first)

My primary computer is a laptop that runs Ubuntu 9.10; her computer runs Windows XP Professional. Ubuntu won't mount an uncleanly unmounted NTFS without a special flag; even then, I haven't been able to get it to mount an uncleanly unmounted NTFS with write privileges. So how can I scan a Windows hard drive on NSA Paranoid level using Ubuntu?

Re:Cleaning Windows with Ubuntu laptop?

[HiThere]

OK. But you can mount and read her files. So get some USB sticks and copy her files over to them. Then reformat the disk.

Yeah, it's a pain, and a lot of work. But it's a way forwards. Then, if the computer has enough power, install ubuntu and INSIDE it a virtual machine into which you install MSWind and any applications that she needs. Don't allow the virtual machine access to the internet.

I'm sure there are other ways forwards, and I don't know all the details, but this should work, though it would be a lot of work to implement.

Re:Cleaning Windows with Ubuntu laptop?

[tepples]

Then, if the computer has enough power, install ubuntu and INSIDE it a virtual machine into which you install MSWind and any applications that she needs.

What virtual machine software do you recommend for letting the emulated Windows OS connect to a Windows phone or a printer over USB?

Re:Cleaning Windows with Ubuntu laptop?

[HiThere]

???
The USB sticks were to hold copies of the files. When you have the disks reformatted, you copy them back to the computer's hard disk. At that point, the USB sticks are just backups.

As to what virtual machine to use, I generally use qemu (which I get at through qemu launcher. OTOH, the system I'm installing in the virtual machine is Linux. (I can't agree to the MSWind EULA.)

In the past I've also had success with VMWare. (But I have trouble even figuring out ANY sensible meaning for what you're asking to do.)

Also, if the requirement is to use hardware that won't work with Linux, then it's probable that any solution that doesn't involve installing MSWind on the bare metal won't work. So you'll just end up in the same situation again in a month or so. In that case you might want to re-think the hardware. (I'm not certain of this. If it doesn't need initialization at boot time, then possibly a driver running in a virtual machine could access it. *I* wouldn't try, and I'm not the person to ask for advice on how to make that work. I'd rather just avoid the garbage. [You may not think of that hardware as garbage, but that's how I think of it.])

They all identified the same top virus

[lwriemen]

Windows. The sample of reports listed had W32, Win32, or a virus targeting Windows (e.g., Conficker).

I think the results and the solution is pretty clear, and it's the same that it has been for more than 25 years.

Me too.

[zippthorne]

I pay $24.95 a month in antivirus updates for my $449.98 netbook. I do a deep scan one day a month just to be on the safe side and I manage to keep infections down in the double digits. But what else can I do? Macs are too expensive and Linux just requires too much time.

speaking of worms...

anyone know what hits port 24477 ?? i get whacked on that port on a daily basis (tcp/udp) and have no clue what worm would use it.

Re:Others tend to disagree w/ you (see inside) 100

"Hi there, APK," - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

Hello, troll!

----

"I'm the same AC who apparently managed to stick a burr under your saddle a little while ago." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

So you try to "stalk me", WoW... "huge accomplishment" and under AC credentials, no less... we're all so impressed (not). Well, you surely DO put the "coward" in AC now, don't you? LOL!

"Good job" (again -> NOT)

And "a burr in my side?", boy, do YOU have it wrong - More like a feather that's making me laugh hugely is all.

----

"(Not the "Dude..." dude -- the other one.)" - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

What 'other one'? See, to me, as far as You trolls?? You're all the same to me... as you ALL act like adolescent juveniles and you seem to "get off" on trolling others... "big accomplishment" that, lol (not).

----

"I have a 4-digit /. user ID -- which I came by in the regulation manner back in 1990-something. I have excellent karma." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

Sure, sure... SURE YOU DO (sarcasm). So, apparently, acting like a cowardly troll is "good karma"? WoW... the world certainly has changed (and not for the better, apparently).

----

"Over the last 12 years, I've authored or co-authored over a dozen technical books (14, the last time I counted) from major publishers like Apress and A-W, edited 4 more, and for the last 5+ years I have worked as a technical writer and editor for an IT company that gets mentioned on this site at least once a week. I've also rewritten several books originally authored by non-native English speakers." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

Sure sure... & per my subject-line above? I'm Bill Gates too... lol! And? Well - What books are those and who are you??

I guess in that case, since you don't put out any real evidence, then I am Bill Gates and I am telling you that you are full of it and nothing more than another lying troll.

Your COMPANY may get noted, but you surely don't apparently (and that doesn't impress me one bit to be blunt about it).

----

"And no, I don't have a PhD, but I do know spelling, grammar, and usage much better than you do, apparently." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

And this is what sort of accomplishment? My 7 year old niece knows grammar and spelling too... big deal. Are we supposed to be impressed??

By the way: That's one HELL of a "run on sentence" I am quoting from you above - so much for your "english grammar expertise" & sentence structure!

----

"So, yes, I *am* an experienced professional in the field, thank you very much." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

LOL - "experienced professional"? In writing?? BIG DEAL... I can write too, & again, so can my 7 yr. old niece.

APK

P.S.=> Above all else though, do you REALLY think anyone believes your b.s., especially posting as a "TOTALLY ANONYMOUS COWARD"? I put out real verifiable evidences as an AC @ least that anyone can check up on... you? You're full of HOT AIR as far as I am concerned... give us a break, please (I can't keep laughing this hard or I will bust a rib or something)... apk

Learn to write please and quit lying also

Your prose is that of a 5 year old. I have difficulty with your so called writing (it's more like caveman pictographs). However, from what little I could decipher of your "hieroglyphics", I can only say a lot of talk means zero if you do not supply evidences that others can check up on. I can say I am Steve Jobs too, for example. It's very easy to do. So if you think anyone believes you, provided they want to take the time to decipher your primitive scrawlings, then you are sadly deluded.

QUESTION: ARE YOU ON TOPIC HERE?

See subject-line above, & answer that question please...

Thanks!

APK

P.S.=> So much for that alleged "excellent karma" (LOL, that's surely get you a nobel peace prize now, won't it? NOT), & so much for all else you stated.

(Because you are NOT "on topic" here whatsoever, and that only makes you an off topic troll... or, are you "on topic" here? "Inquiring minds want to know"...)

By the way - is there an "english grammar" section on /.?

No.

Face it - You are an off topic troll who "talks a lot of talk" but isn't able to 'back up his bluster' with real evidenceable material - so again, I can say I am Bill Gates too you know... apk

Face facts

[Archfeld]

They all want you to be afraid of the maleware THEY sponsored the develpoment of so they KNOW they can cure your ills easily.

Correct sentence structure doesn't begin with and

"And no, I don't have a PhD, but I do know spelling, grammar, and usage much better than you do, apparently." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

You shouldn't begin a sentence or paragraph with the word "And". After that, do you think anybody here believes you are some expert writer?

LMAO - the "pro writer troll" downmod screwup

See here -> http://tech.slashdot.org/comments.pl?sid=1505462&cid=30726518

(HILARIOUS!)

So much for the "alleged professional writer", who cannot write correctly himself... NOW? Now, all he HAS is his "excellent karma" and mod points to mod me down with...

However, per the links in the URL above, from english grammar sites?

It proves he does not write correctly, despite his stating all his b.s. (with no name no less to back it up, or what he has supposedly written).

APK

P.S.=> That's when you KNOW you've gotten the better of a troll - all they have are their unjustified "mod downs" but no substance or comments backing them up either (keep burning your mod points boys, especially on myself (as an AC here always): I can take it, but others may not be able to, & I am saving them the same b.s. from you lying trolling morons is all)... akp

Re:I gave up on viruses a long time ago

swooosh... and im gone..

"Judge not, lest YE be judged" & you have... a

"And no, I don't have a PhD, but I do know spelling, grammar, and usage much better than you do, apparently." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

"The rule against starting sentences with and, but or because is a hypercorrection teachers insist on in elementary school so that kids don't stay in the habit of writing fragments" - http://www.english-test.net/forum/ftopic7888.html [english-test.net]

"I remember learning in grade school that this was absolutely out of the question" - http://www.english-test.net/forum/ftopic7888.html [english-test.net]

"Novice writers should be especially careful not to begin sentence fragments with conjunctions." - http://www.cliffsnotes.com/WileyCDA/Section/Is-it-okay-to-begin-a-sentence-with-and-.id-305408,articleId-27216.html [cliffsnotes.com]

"Formal alternatives to 'and', include words such as 'furthermore', 'moreover' and 'additionally" - http://languagestyle.suite101.com/article.cfm/grammar_starting_a_sentence_with_or_and_or_but [suite101.com]

Want more, Mr. "Truly Anonymous Coward", who claimed to be a professional writer above?

(No way you are a professional writer...)

APK

P.S.=> "Judge not, lest YE be judged"... apk

Professional writers do NOT start sentences w/ AND

"And no, I don't have a PhD, but I do know spelling, grammar, and usage much better than you do, apparently." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

"The rule against starting sentences with and, but or because is a hypercorrection teachers insist on in elementary school so that kids don't stay in the habit of writing fragments" - http://www.english-test.net/forum/ftopic7888.html

"I remember learning in grade school that this was absolutely out of the question" - http://www.english-test.net/forum/ftopic7888.html

"Novice writers should be especially careful not to begin sentence fragments with conjunctions." - http://www.cliffsnotes.com/WileyCDA/Section/Is-it-okay-to-begin-a-sentence-with-and-.id-305408,articleId-27216.html

"Formal alternatives to 'and', include words such as 'furthermore', 'moreover' and 'additionally" - http://languagestyle.suite101.com/article.cfm/grammar_starting_a_sentence_with_or_and_or_but

Want more, Mr. "Truly Anonymous Coward", who claimed to be a professional writer above?

(No way you are a professional writer... but you certainly ARE an OFF TOPIC TROLL, & most likely a liar about your alleged "professional writer" status, because when I asked your name or books of note you have written? YOU RAN, lmao...)

APK

P.S.=> "Judge not, lest YE be judged"... & of course? My usual "too, Too, TOO EASY!"... lol! apk

Starting a sentence w/ AND, a conjunction? LOL!

"And no, I don't have a PhD, but I do know spelling, grammar, and usage much better than you do, apparently." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

"The rule against starting sentences with and, but or because is a hypercorrection teachers insist on in elementary school so that kids don't stay in the habit of writing fragments" - http://www.english-test.net/forum/ftopic7888.html

"I remember learning in grade school that this was absolutely out of the question" - http://www.english-test.net/forum/ftopic7888.html

"Novice writers should be especially careful not to begin sentence fragments with conjunctions." - http://www.cliffsnotes.com/WileyCDA/Section/Is-it-okay-to-begin-a-sentence-with-and-.id-305408,articleId-27216.html

"Formal alternatives to 'and', include words such as 'furthermore', 'moreover' and 'additionally" - http://languagestyle.suite101.com/article.cfm/grammar_starting_a_sentence_with_or_and_or_but

Want more, Mr. "Truly Anonymous Coward", who claimed to be a professional writer above?

(No way you are a professional writer... but you certainly ARE an OFF TOPIC TROLL, & most likely a liar about your alleged "professional writer" status, because when I asked your name or books of note you have written? YOU RAN, lmao... Utterly hilarious!)

Heh, I "took you out" on YOUR alleged ballcourt too, WITH EASE...

APK

P.S.=> "Judge not, lest YE be judged"... & of course? My usual "too, Too, TOO EASY!"... lol! apk

Good writers do NOT start sentences w/ AND, lol

"And no, I don't have a PhD, but I do know spelling, grammar, and usage much better than you do, apparently." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

"Novice writers should be especially careful not to begin sentence fragments with conjunctions." - http://www.cliffsnotes.com/WileyCDA/Section/Is-it-okay-to-begin-a-sentence-with-and-.id-305408,articleId-27216.html

"Formal alternatives to 'and', include words such as 'furthermore', 'moreover' and 'additionally" - http://languagestyle.suite101.com/article.cfm/grammar_starting_a_sentence_with_or_and_or_but

"The rule against starting sentences with and, but or because is a hypercorrection teachers insist on in elementary school so that kids don't stay in the habit of writing fragments" - http://www.english-test.net/forum/ftopic7888.html

"I remember learning in grade school that this was absolutely out of the question" - http://www.english-test.net/forum/ftopic7888.html

Want more, Mr. "Truly Anonymous Coward", who claimed to be a professional writer above?

(No way you are a professional writer... but you certainly ARE an OFF TOPIC TROLL, & most likely a liar about your alleged "professional writer" status, because when I asked your name or books of note you have written? YOU RAN, lmao... Utterly hilarious!)

Heh, I "took you out" on YOUR alleged ballcourt too, WITH EASE... too easy.

APK

P.S.=> "Judge not, lest YE be judged"... & of course? My usual "too, Too, TOO EASY!"... lol! apk

Curious WHY this was "modded down"? Inside

http://tech.slashdot.org/comments.pl?sid=1505462&cid=30726518

Straight from that URL above, lol, is where this "allegedly professional writer" troll was critiquing me on 'writing style' & what did that outright screwup troll do? LOL: He got "taken down", right on his ballcourt (supposedly, but after what's below, we all know it was a line of b.s., including his running when I asked he his real name &/or books he supposedly wrote etc. et al):

----

"And no, I don't have a PhD, but I do know spelling, grammar, and usage much better than you do, apparently." - by Anonymous Coward on Monday January 11, @08:42AM (#30722214)

"The rule against starting sentences with and, but or because is a hypercorrection teachers insist on in elementary school so that kids don't stay in the habit of writing fragments" - http://www.english-test.net/forum/ftopic7888.html [english-test.net]

"I remember learning in grade school that this was absolutely out of the question" - http://www.english-test.net/forum/ftopic7888.html [english-test.net]

"Novice writers should be especially careful not to begin sentence fragments with conjunctions." - http://www.cliffsnotes.com/WileyCDA/Section/Is-it-okay-to-begin-a-sentence-with-and-.id-305408,articleId-27216.html [cliffsnotes.com]

"Formal alternatives to 'and', include words such as 'furthermore', 'moreover' and 'additionally" - http://languagestyle.suite101.com/article.cfm/grammar_starting_a_sentence_with_or_and_or_but [suite101.com]

Want more, Mr. "Truly Anonymous Coward", who claimed to be a professional writer above?

(No way you are a professional writer...)

APK

P.S.=> "Judge not, lest YE be judged"... apk

----

Now, the REAL beauty of his f-up here? Well, the next time (and there will be one, these nothing to lose (because they haven't done anything notable whatsoever) trolls always come back for more) this 'professional writer (not) troll' tries to "critique my writing" again?

LMAO, I'll just toss this one RIGHT INTO THAT SAME ANONYMOUS TROLL'S FACE... and trust me, it WILL be a pleasure!

APK

P.S.=> Me? I LOVE IT... lol! Thanks troll, for being the PERFECT SCREWUP you always are... more ammo for me, provided by you! apk