Slashdot Mirror
Fake Antivirus Peddlers Outpacing Real AV Firms
An anonymous reader tips a writeup at KrebsOnSecurity.com detailing how purveyors of fake antivirus or 'scareware' programs have aggressively stepped up their game to evade detection. The posting is based on a report from Google's malware detection team (PDF). "Beginning in June 2009, Google charted a massive increase in the number of unique fake antivirus installer programs, a spike that Google security experts posit was a bid to overwhelm the ability of legitimate antivirus programs to detect the programs. Indeed, the company discovered that during that time frame, the number of unique installer programs increased from an average of 300 to 1,462 per day, causing the detection rate to plummet to below 20 percent. ... In addition, Google determined that the average lifetime of sites that redirect users to Web pages that try to install scareware decreased over time, with the median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010."
There are a number of well known AV software providers out there that have been around since the dawn of time (relatively speaking). F-Prot, Command, etc are all very good products and cost a few sandwiches a year.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Step 1: Create a better scareware vector with a higher infection rate.
Step 2: ?????
Step 3: Profit!!!!
Seriously. There are incredibly lucrative incentives inherent in this kind of scam. No surprise they're spreading and getting smarter.
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
nt
I envision it as a desk with a computer and an infinite stack of virus infected floppies. :)
If I were God, wouldn't I protect my churches from acts of me?
We've had a couple of these at work - not fake AVs, but some weird thing that seems to change the Active Desktop so that it looks like there's an antivirus window.
The funny thing is that they look a lot more like an anti-virus program than our actual antivirus. They have this really slick fake "scanning" window that looks like something Apple would come up with if they had to design an AV scanner, while our real AV software looks like a piece of junk some poor Russian hacker cobbled together. It's sad really; the fake AVs have Symantec beat in everything from total resource usage to looks.
So it's like fake dope dealers are outpacing true dope dealers.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
and no lube...
I still cannot find the droids I am looking for...
I discovered Krusnikov's Virus No-Having 2007 over three years ago and it's been running in my system tray ever since, without issue.
Does this include McAfee? It seems to be a fake anti-virus, holding critical system files hostage.
And all the floppies have their write-protect switch set the wrong way and you just clipped your fingernails so you can't get your nail to catch on that stupidly annoying little slider.
We keep ignoring the lessons the past by using discretionary access controls instead of capability based security at our own peril. The users have no way of telling what the side effects of a program are going to be, nor do we have any way of limiting them. This is a spiral downward that will eventually force everyone to learn about capabilities and cabsec.
xkcd #694 or #350.
The "scan" window pops up and tells them that they've been infected BUT IT IS OKAY because all they have to do is click here and the nice software from the friendly company will remove the nasty viruses for them.
Yay!!!
This is just a side effect of the "real" anti-virus/security businesses having no interest in reducing/mitigating the "virus" threat. It makes too much money for them.
I work at a fairly small university, and at least once a week we have a faculty member's PC get infected by a fake AV. The most recent the professor had paid for the "full" version, then a week later e-mailed the "company" because he was unsatisfied with the AV and couldn't uninstall it. The company then e-mailed him with a link for a program to uninstall the fake AV, which of course didn't work, and then he decided to call us; still not realizing that the AV was fake.
Pardon me, sir, but I would be remiss if I didn't inform you that you have clearly contracted a rare disease that will kill you painfully in short order UNLESS you pay me to inject this substance into you. You can trust me, I'm a doctor.
....
Why is it that virtually nobody would fall for that in meatspace, but innumerable people fall for it online? It's just like the 419 scams. What is it about THE INTARWEBS that makes people exponentially more gullible than they would be to a random person on the street?
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
I have informed everyone I do family and friends tech support for... they must either switch to linux or a Mac with OSX. the new internet security 2010 is an evil bastard that even kills the safe mode so you have to use a Bart PE to run combifix first and then reinstall AV and run a clean.
Screw it, I'm done. Mac mini's are as cheap as a dirt cheap dell PC. and I'll install linux for them. I am done with windows support.
Do not look at laser with remaining good eye.
My wife's machine got hit last week.
No idea where it came from.
Been running for years with no problem.
(NetGear router seems to keep the baddies out.)
All of a sudden there's a dozen dialogs flashing dire warnings about viruses and trojans and keyloggers and malware and insisting that we "register" our copy of XP security.
Pulled the network cable and started googling (from a linux box). .exe registry keys so that it gets control each time any program is run, and takes the opportunity to spawn a new copy of itself, with new dialog boxes and systray icons.
The thing is pretty nasty.
It scatters pieces of itself around the file system with random names.
Then it hooks the
After you delete the program files, nothing runs at all, because the .exe keys are still trying to redirect through the files you just deleted. .exe (and related) keys by hand.
(Hint: right click -> run as).
Then I fixed all the
There's quite a lot of them, because it is really important for each user on a windows box to have their own semantics for running a program.
(Removal instructions on the web don't generally find them all.)
Finally (should have done this long ago) created an admin account and knocked all the user accounts down to user privilege level.
and they're on fire.
This ain't rocket surgery.
I always find it funny when I get a popup from my browser on Linux asking if I would like a anti-virus scan. Sometimes it will show me how my C: drive is corrupted and would I like to pay for a version of their anti virus software. One of these even offered to replace my system32.dll . This just shows how fake these scans really are
Research a little bit on software security
If i had one dollar for every brain you dont have, i would have $1.
I'm sorry to tell you this, but you've been duped. Mr. Jahoni has already agreed to transfer that money to my account.
This ain't rocket surgery.
They have a free scanner now. It's not the best AV, but it's good and no cost. I also recommend it because it is something users will trust. I mean after all, you pretty much have to trust your OS company, they could own your computer through any number of ways, they wouldn't need to use an AV program.
Doctors, celebrities, what's the difference in the consumer's mind? Case 1: Dr. Dre. Case 2: "Of course Hugh Laurie is a doctor. He plays one on House M.D." Case 3: People with a doctorate in something other than medicine or osteopathy.
I still think there should be a course given for a Internet License. This way if you dont base your not aloud to go on the internet. Well atleast in large corperations/government facilitys. cough cough (where i am). These people just can't stop clicking on stuff. They never read just click
Such poor spelling, punctuation and grammar skills and you're working in a government facility? Man, I can only hope it's not my government you're working for.
This ain't rocket surgery.
its not fair and i think you re really mean!
Concerning #3, most of these exploits use Javascript to open a phony "scanning" window. I got one of these while reading the New York Times on my Linux machine using Firefox.
Give this place a shot man: http://www.onguardonline.gov/
We use http://iase.disa.mil/eta/index.html#onlinetraining and have to maintain the certs yearly.
http://soylentnews.org/~tibman
They simply exploit a vulnerability in your browser or plugins. I've encountered one that tries to install something using Java, presumably just requiring a user to click OK to infect them. That's something that seems like it could be done accidentally. I wouldn't be surprised if it were trying to exploit some vulnerability that would auto-install the malware on older versions of Java. They probably use exploits in Flash as well. The plugins have the advantage of not being run in the IE sandbox that's used by default on Vista/7.
I still think there should be a course given for an Internet License. This way if you don't base(pass?), you're not allowed to go on the internet. Well, at least in large corporations/government facilities.
What really scares me is that this might really reflect the "upper crust" of today's government employee.
Great civilizations have lived and died on false theories. Don't mess up mine with a few facts.
And a desk with an old Packard Bell Pentium II and a copy of Windows ME.
Faster! Faster! Faster would be better!
my mom's pc got one of these over the holidays while a teen cousin was surfing flash game sites. the pop-ups would not go away. at boot up pages wouldn't load because the warning box insisted on a click before progressing further. anti-malware had no effect, neither system restore nor anything else i could think of was successful.
even the computer shop was at a loss. after ten days the os required re-installation with a resultant loss of all data.
don't make the mistake of thinking this is merely an issue of rubes accepting come-ons from scareware vendors. it's beyond that now. these apps are injected instantly via poisoned sites and your pc is compromised well before you "accept" any blackmail terms. we found to our dismay nothing for sophisticated users nor technicians to fix.
thanksgiving was a real eye opener for me.
i surf exclusively with adblock and noscript now. no ads. no scripts. period.
until site owners deal with this i won't do otherwise.
-js.
On several occasions, I have also encountered those fake anti-virus scanners while using Linux. In each case, a pop-up or webpage claimed that they had detected that my computer was infested with viruses and spyware.
.exe extension, so it clearly was a Windows only program. I rejected the attempt to download their program. Needless to say, I did not want to see if their Windows only anti-virus program could be made to run under WINE.
In each case, the advertisement offered to do a free scan on my hard drive. Despite trying to say no or close the tab, it started to pretend to scan my drive C with a progress bar showing the progress. About a minute later, it had finished and announced that it had found several viruses and also spyware in my registry and on my drive C.
Linux does not have a registry and does not label partitions by drive letters, so what it was saying way clearly bogus. Their fake anti-virus program had not even noticed that I was not using a Windows computer. I later looked up the names of the viruses they mentioned elsewhere on the Internet and discovered that those were Windows only viruses.
It then recommended that I purchase their anti-virus problem to fix the problems. They did not mention having a Linux version of their program.
When I decided not to purchase their product, it tried to download a Windows type executable file to my computer anyway. Firefox then asked me which program should be used to open the file or where I wanted to save the file. It was a file that ended with the
After that last encounter with the fake anti-virus program, I started using the NoScript Add-on for Firefox. I now do that on both my Linux computer and my Windows computer. I now only enable scripting when it seems to be necessary for using websites that I trust. For most other websites, I keep scripting off by default.
Who, exactly, is "they"?
Architecturally, whitelisting is a great solution. In closed environments with fairly static requirements(eg. corporate) you can do it Right Now, if you want. And, while it won't save you from truly subtle attacks on the kernel or services, it blocks a fair percentage of common stuff good and hard.
The trouble begins when you try to implement it in the real world. Being the "they" who gets to bless all good programs is both a gigantic pain in the ass(requiring a massive staff of analysts and sophisticated techniques to keep up with the stream of software being produced, not to mention the problem of in-house and bespoke/private stuff) and a truly ghastly temptation, with which no entity can easily be trusted. He who gets to bless "good" software is the gatekeeper, a position of incredible market power, from which most any agenda(financial, political, aesthetic, or moral) may easily be advanced.
Software whitelisting is to computer security what dictatorship is to governance. In principle, if you could find a benevolent and wise dictator, it'd beat the hell out of the chaos and inefficiency of other institutions. Obtaining such, though, is a bit of a trick.
I'm not convinced that licensing will help. Some people are just ripe for manipulation by marketing and scams.
Take some of my fellow amateur radio operators, for instance. These are supposed to be a bunch of hard-core techies who have to pass a test and be licensed before they can go on the air, yet a whole lot of them will pay out good bucks for fancy-looking antennas that are advertised to have a flat 1:1 SWR across the entirety of the amateur radio bands in a unit the size of a breadbox with "no lossy traps." Yeah, right, ain't gonna happen, the laws of physics prevents it and the small amount of antenna knowledge required to refute these ridiculous claims is on the test the ham had to pass to get his ticket. Still, a lot of them still fall prey to magical thinking.
This ain't rocket surgery.
Something like clamwin is sufficient for the periodic scan (infact ClamAV it's based on is rather good). Not clicking on dancing bunnies eliminates the need for on-access scanning.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
I'm a keyboard monkey at a three-man retail computer / repair shop. In the last week, literally every PC that's came in to get cleaned up has had a copy of "Security Tool" installed. The fix is quite easy - download process explorer, rename it to iexplore.exe, run it, kill 08732030.exe (Or whatever random number it's used this time), then install & Scan with Malwarebytes Anti-Malware, and a couple others. But it's obscure enough that nobody can do it, so we can charge our standard 1 hour to clean it up. I wish I could meet the guys who wrote this and buy them a drink. They've been paying my cheque for about 6 months now.
Why spend 10 years trying to identify all the "bad" code when it should be far easier to identify the apps that you want to allow to run on your machine?
http://www.mcafee.com/us/about/corporate/mcafee_Solidcore.html
Story about malware links to PDF? Nothx.jpg!
-]Phreak Out[-
Perhaps you should try "Anti-Executable" by the same company that makes Deep-freeze and other security software, Faronics. Here's a link to it: http://www.faronics.com/en/Products/AntiExecutable/AntiExecutableCorporate.aspx It's not automatic though, I think you have to actually set up the list of programs that are allowed to run. Also note that a lot of stuff uses one .exe to spawn other .exe files, so you can't just whitelist the .exes linked to in your application shortcuts.
They must want money at some point right? How are they expecting to get paid and why can't the cops at
least freeze their visa account?
The same with the online pharmacies.
I use Linux - the family never listens to me.
Well, then stop using Linux!
I am the richest astronaut ever to win the superbowl.
I got hit by that myself. To date, the only virus I've ever gotten.
I went to change window focus by clicking on what I had thought was some white space in an article that I was reading, but realized it would normally be an ad spot. Another browser window opened (with the annoying OnClose warning) and I closed it. I noticed that Java loaded, and then a few minutes later Security Center lets me know my AV is turned off and all hell starts breaking loose.
Process Explorer and a few hours later I was back to normal (protip: malware "watcher" processes usually aren't smart enough to realize when they've been suspended. Comes in handy.)
The app must have exploited some Java vulnerability, but at this point I'm not really sure what one. It used the AT command to get what it wanted in terms of privileges and so on, and went to town on my local security policy.
In the end, I was a little pissed at myself, as I try to keep software updated to avoid vulnerabilities like that, but alas I finally got hit by one. Made me feel a little more capable of believing the [usually bullshit] story of "I was just using it when all of a sudden these things started popping up!"
Fun fact: I was browsing with Chrome.
Boot Windows, Linux, and ESX over the network for free.
99%+ of scareware is from the same exact kit, and installs the same core exe program, (AV.EXE) in one of three fixed locations. (as super-hidden) This article itself is scareware. The av companies can detect every one of these every time they pop up, there's no "trying to keep up" with this. That's what happens when malware goes commercial as this has. Anyone happen to know offhand who's the source of this malware kit? (url?) I'd be curious to know how much such a kit sells for. Must be cheap if there's 1400 new customers a day.
Give us the meaningful number of unique, new scareware products a day. Or a week or a month. Betting somewhere under 10/month. And if they can't keep up with that, waaaaaah.
I work for the Department of Redundancy Department.
I previously worked in a company that ran mostly on ad revenue. Ads are a lot more complicated than "show user a picture and/or text, wait for him to click and buy."
Most of them do things like:
a) Track impressions: How many times a given ad is shown. Advertisors pay for a given number in a given period of time
b) Tracks clicks (of course), and track which impressions lead to clicks which lead to sales
c) Note the general location of the user. Some ads only target users of a certain region. It doesn't make much sense to advertise a product only available in the US to some dude in Australia. Advertisers also want to know what areas are more or less interested in their product
d) Lots, lots more
Now if a company is dealing with third-party adservers, many issues come up when you run into certain unsavory types. Where I previously worked, we were quick to track them down and cut off that advertiser. Often enough it was an advertiser who in turn carried ads for another network (and so on) until somewhere along the line somebody slipped a bad one in. Just as often ads were blamed when it was actually a user with an infected computer (and the virus was showing ITS ads) or somebody had slipped in a naughty link somewhere with some script that got past validation.
And how would NYT track the content of a third-party. The third-party is being used specifically because they know more about handling ads than NYT, and they control what goes out?
Take off and nuke it from orbit... It's the only way to be sure.
If I were God, wouldn't I protect my churches from acts of me?
...if you're a Windows user who never has the intention of being a Linux user, at least take some good advice from we Linux users:
1. Don't use any Internet applications that embed themselves too deeply within the OS - this means *DEFINITELY* avoiding Internet Explorer and getting rid of Outlook where possible.
2. Stop using your PC with full admin rights - create a restricted user account for normal day-to-day stuff like surfing the Internet. If you don't have the permission to make big changes to Windows then just about anything you run shouldn't be able to either.
3. Use Firefox and install the "NoScript" addon - fairly self-explanatory but at least you can limit Javascript to only the sites you trust.
Gentoo Linux - another day, another USE flag.
I've found that the majority of fake AV programs I've run across are fairly easy to remove -- boot the system in safe mode and login as a different user and you can generally run something like Sysinternals Autoruns and delete all the startup hooks and the programs they point to. Afterwards I've found that a scan by Malwarebytes and a quick check of the infected user's personal "Startup" folder in their profile is enough to ensure the stuff is deleted.
A couple will bluescreen the machine if it is booted in safe mode, and these I just wipe and start over. But that's been a very small number.
What drives me batshit is like you, I've seen this end up on many machines not running admin, fully patched (at least MS-wise) and running good AV (different versions, too).
The users in question are also not the kind to visit BS sites or the kind to click on anything to get to porn or social networking bullshit.
I suspect banner ads exploiting third-party apps personally, but its been kind of a mystery.
People lose all common sense when they're dealing with something they think they're incapable of understanding.
It's not true, by and large, that people would be incapable of understanding if they sat down to take the time to figure it out, but in the cases of such an unequal informational playing field (you and your doctor, you and your mechanic, grandma and her computer tech) people are paying not just for service but for expertise, and that makes them vulnerable to this kind of exploitation.
a few months ago. Did some googling but nothing really seemed to kill it. Fortunately it only infected her profile, so I just backed up her data and created a new account for her, and congratulated myself for not giving her admin rights.
Never let a lack of data get in the way of a good rant.
... And you were probably running Chrome with an user that had ADMIN privileges.
This is the main problem we see under Windows: the users like to run with ADMIN privileges all the time. Unix users (which obviously include Linux users) are educated enough to run as ROOT only when needed, and that counts a lot to the overall security. People need to help the system to be secure, not running as ADMIN to browse the internet. And... stop downloading everything they find "for free".
I deal with this stuff on a daily basis. I had a customer just the other day go home with a clean machine, with the latest version of Avira, AntiMalwarebytes, and SuperAntiSpyware installed and updated. All windows patches and updates installed. He was back two hours later. Surfing the web looking for UFC videos. Google served up a paid ad at the top of his search with his search terms. Of course he clicked it, and a with a bit of Adobe Flash magic, he had the Security Tools infection installed and his Avira broken.
The problem with anti-virus programs is that they're still "negative file" systems, using blacklists. We now need systems where nothing executable gets downloaded until some respectable services have checked it and determined that it's not hostile.
Anti-virus programs ought to work that way. If you try to download something, it goes into quarantine until the remote checking system has run it in a virtual machine for a while to see what it does, or its hash exactly matches previously approved software.
The New York Times and Boston.com websites have been infected before. It's just a matter of time before these things become more like ransomware.
"I've saved a lot of systems from having to be formatted/reinstalled and reconfigured."
I don't save shit, just nuke-and-pave. Those who back up their stuff will have stuff, those who don't will learn.
Anything less is coddling. I'll do that too, but it's expensive.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
A useful trick when task manager will not work, copy the task manager .exe from a nother machine and rename it any other name.
It will then run and allow you in to start cleaning up the crap.
Awww gee, poor widdle AC who spams is getting upset!
Oh no he even added Doche to part of my nick, my oh my how will I cope? (:
Fun fun fun on a rainy Adelaide day!
1. The Advertising Industry is greedily accepting money to push browser attacks on unsuspecting people.
2. They are out of control. When was the last time a website banned an ad service because of malware? Why are the suits in this product-propaganda chain so unresponsive?
3. Browsers and operating systems lack methods to reliably provide visual context cues for network objects (like web pages). Yes, the browser window is there with its untouchable bits (address bar etc), but a web page can contain an element that looks like another window.
3a. Even with that window-like appearance, they are limited to using either drive-by or trojan techniques and the user probably is already familiar with what download and run-program warning dialogs look like in the case of trojans. So we are probably not dealing so much with user naivete as with system shortcomings. For the record, most Windows techs I know periodically get malware on their own systems.
4. Cybercrime has become incredibly entrenched and resourceful.
If you are still using floppies, you could always use your AARP card to move the slider....http://www.aarp.org/
Just a trollin the troll.
If you dont know how to do it
I will show you how to troll the troll!
(To the tune of walking the dog)
Not a blow landed yet kindy boy, but you get more frustrated each slighjtly changed copy/pasta you post.
"Process Explorer and a few hours later I was back to normal (protip: malware "watcher" processes usually aren't smart enough to realize when they've been suspended. Comes in handy.)" - by RulerOf (975607)
on Tuesday April 27, @05:03PM (#32004704)
This bloke obviously only read what was written in this guide for securing Windows, and its virus removal section in post point #20 http://www.tcmagazine.com/forums/index.php?s=610624dd0ca744a1833203a79296f8ee&showtopic=2662&st=0 or in the other forums where it's posted. The bloke who posted it did it all over the bloody web and though that's rather gauche, it's good he did. I say that because others are starting to realize the value of its points, such as the usage of Process Explorer for hunting and killing off malware. Use that guide, and Bob's your Uncle.
(This is not new news on that guide though, it is many years old now, and others are learning by it in how to use Process Explorer for malware removals. Nothing interesting whatsoever in what RulerOf did or used, because the information's been out there on it for years now).
Bloody hell, the way RulerOf's using Process Explorer could be done with taskmgr.exe instead (killing first level executables).
The true value of Process Explorer in these cases is to use it to find processes that hide themselves under other running processes (such as libs/dlls loaded in other apps like Explorer.exe, which taskmgr.exe will not show) or underneath services (like svchost.exe, which does not expose what its running beneath itself in taskmgr.exe in Windows 2000, XP, Server 2003 at least).
"It used the AT command to get what it wanted in terms of privileges and so on, and went to town on my local security policy." - by RulerOf (975607)
on Tuesday April 27, @05:03PM (#32004704)
Bloody hell, perhaps you did not read that guide in that url above for how to secure windows after all. It covers securing the AT command, by its usage of the CIS Tool (this damn tool's incredible in that capacity and many more). Then again, once a bloke knows what CIS Tool covers, it's cake to put it into your regedit.exe favorites or to make custom MMC.exe for policy settings and again, Bob's your Uncle.
the post I was replying to was blaming it on out of date, poorly maintained PCs. I'm telling you that a completely up to date and well protected machine can get hit just as easily! And it was a google sponsored advert that infected him!
There's plenty of popups in Windows, people are annoyed and dont
bother reading anything, they click just to get rid of it.
They assume they're safe bacause they have AntiVirus and Firewall.
In fairness, last week i accidently infected my test-machine
by running a setup.exe. Avira scan didnt find anything. But a second
after i ran the exe it found virus and promptly deleted the setup.exe.
But obviously i was already infected. And moments later it Disabled
Avira.
I later scanned another copy of the same setup.exe on virustotal.com
and none(!) of the scanners found anything.
(This will be a fond memory to look back on. After i've switched to Linux)
... And you were probably running Chrome with an user that had ADMIN privileges.
Duh. I run as admin on my local desktop because I do way too many admin-level procedures to bother with RunAs every other minute. Further, I'd use UAC but quite frankly I think that for true administration it doesn't work right. For example, UAC demands elevation just to run MMC or RegEdit, irrespective of whether or not you want to perform tasks that don't need admin privileges. I shouldn't be prompted to elevate if all I want to do is edit HKCU.
As for security, being smart absent software vulnerabilities is generally enough in a home setting, which this was. I'm not getting paid to admin and harden my home machine; I just want to use the fuckin' thing.
Boot Windows, Linux, and ESX over the network for free.
The true value of Process Explorer in these cases is to use it to find processes that hide themselves under other running processes (such as libs/dlls loaded in other apps like Explorer.exe, which taskmgr.exe will not show) or underneath services (like svchost.exe, which does not expose what its running beneath itself in taskmgr.exe in Windows 2000, XP, Server 2003 at least).
Indeed, and I used it in such fashion.
I find that Process Explorer's best feature in these situations is it's signature verification. Suspending processes that don't pass signature verification, irrespective of whether or not they're malicious, is a great place to start when rooting out malware.
Bloody hell, perhaps you did not read that guide in that url above for how to secure windows after all. It covers securing the AT command
I know that the AT command grants SYSTEM by default. Funny thing is that the task scheduler in Vista and later has a little link "control usage of the AT command" or some such. It prompts for an account to use and when I first saw that I said, "Oh, that's convenient" and of course, never did anything with it. Oh well.
Thanks for the links, though, I've never read any of those guides, just had a lot of experience dealing with this kind of bullshit on behalf of others. Though I have read plenty of articles by the great Russinovich himself. Now those are some good reads.
Boot Windows, Linux, and ESX over the network for free.
Dude, he's working for a RUSSIAN government facility
Okay, that's what was saying--I hope he wasn't working for my government. Slashdot is an American-oriented site, after all.
So how many languages do YOU speak, besides 'merican?
English, Spanish and a bit of Italian. You?
Do you even know of many foreign countries? Say isn't Korea near France?
Don't be silly. Korea is one of those islands out in the ocean somewhere, isn't it? ;-)
This ain't rocket surgery.
it'll come 2 me...some kinda fruit store...
(protip: malware "watcher" processes usually aren't smart enough to realize when they've been suspended. Comes in handy.)
But who watches the watchers?
coffee | nose > keyboard
Very neat stuff.
;-).
Reading stuff like this (and understanding it so well) has often made me consider learning more and specializing in security administration, because it's just so damned intriguing. Alas, though, I find implementation to be my strongest suit (a-la infrastructure admin/management) and what I prefer to deal with that it's where I'm pointing my career. Nonetheless, I still like to have a healthy knowledge of security principles, in spite of the fact that I'm waaaay too lazy to implement them at home
For what it's worth though, my own desktop has been running on the same Vista install for over two years now. No slowdown there without this guide either. I am going to bookmark it though, and, time permitting, likely implement it.
I'm not a fan of hosts file blocking though, I prefer to do things on my local DNS server.
Again, great links! Also, you seem to know a lot of blokes.
Boot Windows, Linux, and ESX over the network for free.