drive-by installs are certainly a major part of spyware distribution, but unless I misread the article, it left other concerns out, such as bundled installers, spyware distributed by spam, spyware distributed by bittorrent/p2p. Also, their sampling size for the sites was impressive, but I'm wondering how effective their analysis program is. Doing it automatically isn't foolproof
did you read the linked article... they were just malicious scripts that got badly labeled as viruses. I got modded insightful, I was shooting for funny:-/
I dont even mind so much that it crashes. I remember back in the first month of play (I was on bleeding hollow), SturmGrenadiers put 3 full raid groups into stormwind and crashed the server. To me that was just kinda funny. What kills me is their attitude that there is absolutely NOTHING that can be done to fix it. To hear them tell it, Jesus Christ the server technician couldn't keep their infrastructure up and running, its simply outside of the normal laws of time and space to have a functioning server farm a reasonable amount of the time. If they'd just say "we know there are problems, X is what they are, Y is what we're doing to fix them" I think they'd get a much more positive response, but they keep trying to convince us that their servers exist in a temporal nexus wherein crashes mysteriously and inexplicably occur, with no possible solution
this is beautiful for AOL, now they can define spyware in a way that makes bundling viewpoint without notification or possibility of independant removal legal.
I once worked for a nefarious underground organization called Krispy Kreme. We didn't accept AMEX because it would have greatly cut into our clandestine plans of total world domination. But now you seem to have uncovered the secret! So many years of work down the drain!
it will most likely be a "stinger" style scan, only checking for major known threats. And since the threats Symantec knows about could fit onto a postage stamp, my guess is scan time wont be an issue
but shouldn't they put effort into making their anti-virus work locally before they try to put it on the web?
show of hands, how many of you have seen Norton stop being enabled at startup for no apparent reason? How many of you have found a virus norton either A. cant remove, or B. cant find. Ever noticed how much memory it takes up even when you're not running a scan? How many friends and family do you know who have just let their protection expire because their subscription renewal service was too laborious to slog through?
They've got the cart several miles ahead of the horse, and its sad because way back in the day, Norton was truly a great product. Unfortunately it has become a Frankenstein's monster of bloated ineffectiveness, and it shows no hint of reversing the trend. I'll stick with http://www.nod32.com/ for now.
This strikes me as a bunch of pomp and circumstance to no real effect. So big viruses have common names now? Great. What about Trojan-downloader-delf.xxx that's still going to have a different name everywhere? What about nail.exe which will still be called VX2 by some, ABI by others. Pardon me for witholding my applause but if they only allow numbers up to 999, this is hardly comprehensive, and since Blaster and Zotob and SDBot are pretty similarly named already by most major vendors, I'm not sure I see the point. Also, they're missing a significant number of anti-virus companies. What about Eset, Grisoft, and Panda (for starters). When you're missing half the people, you cant really call this a global standard. I've always griped about proprietary naming schemes, but this seems like paying lip service to a convention without any real oomph behind it
submit the files to http://virusscan.jotti.org/
they submit it to the competant anti-viruses (read: not symantec and mccaffee), and more than likely one of them will already detect it and tell you what you were dealing with
yep. Some of them will target each other. if you open them up, they write insults to each other in their binaries too (half the time it's in russian though so translations come out pretty comical)
you say you worked as a tech... did you ever do anti-virus work? Ever find a worm running out of a Kazaa downloads directory? I go to the folder to fix the problem and delete the file, and in the same directory is kiddie porn. What then?
I use cookies, but I'm very nazi-ish about which ones I let stay. I block all 3rd party cookies, and I use a local http proxy to make sure none sneak through with underhanded iframe html and other things of that nature. Also, any time I see an annoying banner ad, i grab the url from the source of the page and add it to my hosts file block list (made easy with Hoster: http://www.majorgeeks.com/Hoster_d4626.html). Would that it were easier to manage these things, but unfortunately the internet isn't a perfect place.
For those that dont understand 3rd party vs 1st party cookies... the difference is this:
the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage)
I keep 3rd party cookies blocked... that keeps everything nice and clean.
For the layman, the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage).
I'm very conflicted about this. On the one hand I firmly believe that an eye for an eye leaves the whole world blind (I embrace the cliche), but on the other hand, what's the alternative? Legitimate means have been laughably ineffective.
Vigilante justice often becomes just as much of a problem as a solution, as its a system that lacks checks and balances. If this is popularized, I can see their standards devolving, and legitimate sites becoming victims, and that is unacceptable.
on the other hand, 90% of email is spam. CAN-SPAM is useful only as a punchline, and there is no forseeable solution forthcoming. MS's grand posturing about their new registration system is likely to turn into just smoke and innefectual mirrors. If this system can win back the mailboxes of the average citizen, I cant say I wont welcome it. Saying the ends justify the means is always dangerous, but are some ends worth the risk?
sadly thats not true, or rather is becoming less true. If you follow anti-spyware drama, it was a pretty big deal a number of months back when Ad-Aware stopped detecting WhenU, and instead simply offered an "uninstaller" on their website for it. This behavior is becoming more and more prevalent as malware companies try to find legal footing, and bully out opponents who are less affluent, and less able to fight the good fight.
The frightening thing is that this is happening more and more over time. Recently, IDownload (you may remember them from the WMP trojan download exploit, thats how most people got their software) sent out a slew of cease and desist letters to a number of visible anti-spyware sites claiming they were unfairly rated as spyware. The claims held absolutely no water since a number of people had very convincing screenshots of the software being downloaded with no consent whatsoever, but the trend remains the same.
The spyware companies are increasingly wealthy, powerful, and unafraid to try to throw their weight around. Unfortunately, this means that rather than doing the right thing and fighting for the correct ratings, anti-spyware vendors will capitulate and downgrade the software rather than engage in time consuming and expensive litigation.
take a look:
http://www.benedelman.org/spyware/threats/
okay... these are shut down, now where the hell are the raids on the CoolWebSearch servers?! I mean, I know its never been a secret that lobbyists run the show, but could they be any more blatant? Maybe they could go after the people who are making a living screwing up the internet rather than nailing a few warez hackers who are keeping to themselves. I'm not saying piracy is right, but for gods sake, if they can coordinate 11 nations and spend untold amounts to take down software pirates, certainly they can spare a portion of it to fight the virus makers!
Slashdot Mirror
drive-by installs are certainly a major part of spyware distribution, but unless I misread the article, it left other concerns out, such as bundled installers, spyware distributed by spam, spyware distributed by bittorrent/p2p. Also, their sampling size for the sites was impressive, but I'm wondering how effective their analysis program is. Doing it automatically isn't foolproof
did you read the linked article... they were just malicious scripts that got badly labeled as viruses. I got modded insightful, I was shooting for funny :-/
about 4 months ago...
I dont even mind so much that it crashes. I remember back in the first month of play (I was on bleeding hollow), SturmGrenadiers put 3 full raid groups into stormwind and crashed the server. To me that was just kinda funny. What kills me is their attitude that there is absolutely NOTHING that can be done to fix it. To hear them tell it, Jesus Christ the server technician couldn't keep their infrastructure up and running, its simply outside of the normal laws of time and space to have a functioning server farm a reasonable amount of the time. If they'd just say "we know there are problems, X is what they are, Y is what we're doing to fix them" I think they'd get a much more positive response, but they keep trying to convince us that their servers exist in a temporal nexus wherein crashes mysteriously and inexplicably occur, with no possible solution
the ratio I'd be interesting in hearing about is the ratio of bugs caught in internal beta-testing vs the ones that are found after release
this is beautiful for AOL, now they can define spyware in a way that makes bundling viewpoint without notification or possibility of independant removal legal.
...His expertise is reliability and customer support ... thank you for praising Dell, please wait while your praise is rerouted to New Delhi...
I once worked for a nefarious underground organization called Krispy Kreme. We didn't accept AMEX because it would have greatly cut into our clandestine plans of total world domination. But now you seem to have uncovered the secret! So many years of work down the drain!
it will most likely be a "stinger" style scan, only checking for major known threats. And since the threats Symantec knows about could fit onto a postage stamp, my guess is scan time wont be an issue
show of hands, how many of you have seen Norton stop being enabled at startup for no apparent reason? How many of you have found a virus norton either A. cant remove, or B. cant find. Ever noticed how much memory it takes up even when you're not running a scan? How many friends and family do you know who have just let their protection expire because their subscription renewal service was too laborious to slog through?
They've got the cart several miles ahead of the horse, and its sad because way back in the day, Norton was truly a great product. Unfortunately it has become a Frankenstein's monster of bloated ineffectiveness, and it shows no hint of reversing the trend. I'll stick with http://www.nod32.com/ for now.
This strikes me as a bunch of pomp and circumstance to no real effect. So big viruses have common names now? Great. What about Trojan-downloader-delf.xxx that's still going to have a different name everywhere? What about nail.exe which will still be called VX2 by some, ABI by others. Pardon me for witholding my applause but if they only allow numbers up to 999, this is hardly comprehensive, and since Blaster and Zotob and SDBot are pretty similarly named already by most major vendors, I'm not sure I see the point. Also, they're missing a significant number of anti-virus companies. What about Eset, Grisoft, and Panda (for starters). When you're missing half the people, you cant really call this a global standard. I've always griped about proprietary naming schemes, but this seems like paying lip service to a convention without any real oomph behind it
submit the files to http://virusscan.jotti.org/ they submit it to the competant anti-viruses (read: not symantec and mccaffee), and more than likely one of them will already detect it and tell you what you were dealing with
Are you sure it wasn't just hidden by the buffer issue thats known to exist in regedit.exe?
zipzappromos does this, as well as a number of others. No rootkit, just an exploit in an OS flaw
yep. Some of them will target each other. if you open them up, they write insults to each other in their binaries too (half the time it's in russian though so translations come out pretty comical)
you say you worked as a tech... did you ever do anti-virus work? Ever find a worm running out of a Kazaa downloads directory? I go to the folder to fix the problem and delete the file, and in the same directory is kiddie porn. What then?
is it waterproof?
I use cookies, but I'm very nazi-ish about which ones I let stay. I block all 3rd party cookies, and I use a local http proxy to make sure none sneak through with underhanded iframe html and other things of that nature. Also, any time I see an annoying banner ad, i grab the url from the source of the page and add it to my hosts file block list (made easy with Hoster: http://www.majorgeeks.com/Hoster_d4626.html). Would that it were easier to manage these things, but unfortunately the internet isn't a perfect place.
For those that dont understand 3rd party vs 1st party cookies... the difference is this:
the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage)
Kind of old news. Theres an entire section devoted to linux carputing hobbyists at http://www.mp3car.com/vbulletin/
unnecessary, just block the sites they originate from. I reccomend the mvps hosts file http://www.mvps.org/winhelp2002/hosts.txt
I keep 3rd party cookies blocked... that keeps everything nice and clean.
For the layman, the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage).
Mike Healan from Spywareinfo.com has a good article about cookies and their spyware-esque function here: http://www.spywareinfo.net/july20,2005#cookies
Vigilante justice often becomes just as much of a problem as a solution, as its a system that lacks checks and balances. If this is popularized, I can see their standards devolving, and legitimate sites becoming victims, and that is unacceptable.
on the other hand, 90% of email is spam. CAN-SPAM is useful only as a punchline, and there is no forseeable solution forthcoming. MS's grand posturing about their new registration system is likely to turn into just smoke and innefectual mirrors. If this system can win back the mailboxes of the average citizen, I cant say I wont welcome it. Saying the ends justify the means is always dangerous, but are some ends worth the risk?
but if I take your wallet, and you then hunt me down and steal my wallet for the next year, then you're just as much of a thief.
The frightening thing is that this is happening more and more over time. Recently, IDownload (you may remember them from the WMP trojan download exploit, thats how most people got their software) sent out a slew of cease and desist letters to a number of visible anti-spyware sites claiming they were unfairly rated as spyware. The claims held absolutely no water since a number of people had very convincing screenshots of the software being downloaded with no consent whatsoever, but the trend remains the same. The spyware companies are increasingly wealthy, powerful, and unafraid to try to throw their weight around. Unfortunately, this means that rather than doing the right thing and fighting for the correct ratings, anti-spyware vendors will capitulate and downgrade the software rather than engage in time consuming and expensive litigation. take a look: http://www.benedelman.org/spyware/threats/
can they read the data through a nice set of nail polish?
okay... these are shut down, now where the hell are the raids on the CoolWebSearch servers?! I mean, I know its never been a secret that lobbyists run the show, but could they be any more blatant? Maybe they could go after the people who are making a living screwing up the internet rather than nailing a few warez hackers who are keeping to themselves. I'm not saying piracy is right, but for gods sake, if they can coordinate 11 nations and spend untold amounts to take down software pirates, certainly they can spare a portion of it to fight the virus makers!