|
Posted by Alfred Molon on February 5, 2007, 3:37 am
If you were Registered and logged in, you could reply and use other advanced thread options
I read that spyware and trojans exist which can't be detected by the
virus scanning software, which are not blocked or detected by firewalls
and which go into hiding when you activate the task manager, so that you
can't identify the related process(es).
Is there any secure way to identify such malware? Which firewall (or
virus scanner) for XP would you recommend?
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
|
|
Posted by Mr. Arnold on February 5, 2007, 8:31 am
If you were Registered and logged in, you could reply and use other advanced thread options
Alfred Molon wrote:
> I read that spyware and trojans exist which can't be detected by the
> virus scanning software, which are not blocked or detected by firewalls
> and which go into hiding when you activate the task manager, so that you
> can't identify the related process(es).
>
> Is there any secure way to identify such malware? Which firewall (or
> virus scanner) for XP would you recommend?
Long
http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html
Short
http://tinyurl.com/klw1
You use the tools in the link and you look for yourself from time to
time. You can even make Process Explorer the default Task Manager.
|
|
Posted by warf on February 5, 2007, 8:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I read that spyware and trojans exist which can't be detected by the
> virus scanning software, which are not blocked or detected by firewalls
> and which go into hiding when you activate the task manager, so that you
> can't identify the related process(es).
>
> Is there any secure way to identify such malware? Which firewall (or
> virus scanner) for XP would you recommend?
I am by no means as competent in this field as the gurus but I am coming
to understand the difficulty of making sure your computer is not
compromised. When I read PHRAK online I realized that true internet
security and privacy was an illusion in flux.
There are many layers of processes between your display/keyboard and the
engine that makes it happen. I think the kernal [machine launguage]is
the lowest level and when malware and 'security'-ware interact at the
same level some clever-er person will always be able to obfuscate their
actions. EG; code melts away after assembling bits of seemingly begnine
code from multiple locations on your HD, code interacts with the
security software rendering it ineffectual.....
I think M$-Vista tries to get around that by making the kernal level
code 'offlimits' to ALL developers. This means the 'goodguys' are
subject to rules the badguys aren't...Hmmm, much like police work.
FWIW, I am at the point where utility vs the game of
hacking/counterhacking is beyond most online persons and suggest perhaps:
1/ never connect a computer with valuable or sensitive information to
the wall. Think of it like leaving a locked safe on your front lawn
...eventually someone will get in if for no other reason that 'becasue'.
I could never understand why the Pentagon had to have critical Nuclear
weapon information on internet connected computers??? Nor why our
sensitive Credit Card info is similarly exposed by collection points and
financial institutes. Recent news attests to the inherent vulnerability
of purchase documents to nepharious users.
2/ For internet access, use a simply configured, software firewalled,
hardware firewalled [eg, Linksys router] and keep the install disks
close at hand.
3/ Even having 'no valuable information' on your computer doesn't
prevent you from being targeted... people need open boxes to hide their
identity and you can easily and unwittingly assist that task if
connected 'insecurely'
4/ RE 3...you are always connected insecurely relative to somebodies
skill or persistence.
5/ the mind can't devise a means of revealing everything
'knowable'...the very process of examination changes the state of being.
The corollary to that is "if you can imagine a lock, you can imagine a
key or hack"
Warf...take me now, I confess- my dirty pics of Paris Hilton should have
been better concealed![g]
|
|
Posted by Alfred Molon on February 5, 2007, 1:53 pm
If you were Registered and logged in, you could reply and use other advanced thread options
window always show if there is some data flow (in both directions) or is
there malware capable of sending/receiving data so that it does not show
in the counts of the connection status window? A few years ago I
detected a trojan by observing that data was flowing even if it should
not (that was before I installed the firewall).
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
|
|
Posted by Mr. Arnold on February 5, 2007, 8:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Thanks for the reply. Another question: does the 'connection status'
> window always show if there is some data flow (in both directions) or is
> there malware capable of sending/receiving data so that it does not show
> in the counts of the connection status window? A few years ago I
> detected a trojan by observing that data was flowing even if it should
> not (that was before I installed the firewall).
If that's what you're looking at, then you have serious problems in
determining if malware is running on your machine.
And if you're depended upon some kind of snake-oil in personal FW's,
AV's or other forms of snake-oil malware detection solutions running on
the machine to tell you what's happening, then you have problems as
every last bit of it can be circumvented and defeated.
Again, the tools in the link I provided will help you in the
determination and detection of malware that has circumvented the
snake-oil solutions you want to depend upon.
|
| Similar Threads | Posted | | is there a software port scanner that says open or closed or stealth? | June 22, 2007, 1:50 pm |
| Sophisticated phishing malicious malware software now uses DNS to direct users to fraudulent sites | January 31, 2008, 8:50 am |
| How to detect and remove Erazer Lite trojan | October 12, 2008, 9:28 am |
| Cannot Stealth port 113 | December 22, 2005, 4:18 pm |
| How to stealth Port 113 in my NAT Router | July 26, 2004, 12:44 pm |
| D-Link 624 - Cannot Stealth Port 445 | February 9, 2005, 1:32 pm |
| Firewall Stealth Mode? | March 11, 2006, 8:32 am |
| Tiny Firewall Pro 6.0: How do I stealth RPC Port 135 ? | August 8, 2004, 10:30 am |
| No firewall, no router, but all ports are "stealth"? | April 29, 2005, 11:22 am |
| OSX Leopard: Firewall in stealth mode | February 24, 2008, 10:57 pm |
|
XML site map