|
Posted by Morgan Ohlson on December 20, 2005, 4:08 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Morgan Ohlson wrote:
>> The last year I have seen many free scanners and free firewalls put out of
>> function by malware. Some of these have been private versions of full-pay
>> software. In most cases it is noticable that something is wrong, but in some
>> cases most things have looked right, but double checks has shown that there
>> have been problem.
>>
>> Now I wonder, do any of the software give the user a true, easy way to know
>> if...
>> ....a scan is ran with all scanner components?
>> .... if scanner is "ordered" by other components to jump some parts?
>> ....a firewall really is active ...or just "showing-off".
>>
>> A guess says that some of you reding this have applications seem to work,
>> but actually do not do their job because of different malware.
>>
>>
>> Morgan O.
>
> What do you mean by "in some cases most things have looked right"?
Ex. Symantec firewall seemed to work. It was several months ago now so I'm
not all up to detail. But everything looked right, but it didn't do anything
at all... port scan showed lot's of problems.
Also Antivir had problems. For a while all programs found viruses, but not
antivir. I can't explain why and how. Antivir was simply a lame duck.
Just a thought. Lets say some malware changes the virus-definition in a
scanner. Instead of 100.000 def's there is 1 in a list 100.000 times. I have
no knowledge of this, but if there is no integrity control in a scanner...
It could "count sheep" just to let the proper scan time pass.
Do
> you have an example? From what I understood, these kinds of malware
> compromises were done by either killing services or blocking them from
> loading. Perhaps that isn't correct.
Reasently I had this problem where SpyBoot froze and reported some file
missing. Almost identical problem also with Avast. I have uninstalled and
reinstalled and the fault came back in both cases. Since a week or so both
runs well again.
Naturally it can be "normal" technicalities... but anyhow a good scanner in
some way should test it's integrity and inform the user.
> But, if it is, I'd try using
> something like Process Explorer to make sure that what you expect to be
> running is.
If a prog called Antivir.exe is running, how could you tell if it is
scanning or just counting fantasy files!?
...I couldn't... and probably most users couldn't.
To this day I have seen strange malfunction in almost all scanners, also
some online ones.
Morgan O.
| 
XML site map