[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: why all are thinking in that way only?

Les wrote:
On Mon, 2008-06-30 at 12:03 -0400, max wrote:
Parshwa Murdia wrote:
when i asked for the keylogger in my system, why people thought of illegal
activities only? it is MINE system and for use only in my system, i am
asking and further more, like one must have knowledge of viruses and then
only he can create an antivirus, similarly it is for the knowledge of
keylogger to prevent the thefts

If you want to know how to find keyloggers then you might want to look at how programs like chkrootkit and rkhunter function. As for installing one, well you'd go about that just like you would any other program. There is nothing special about a virus or keylogger, they are programs just like open office or vi. That is why anti-virus programs rely heavily on updates, it is very difficult to tell one program from another, if there was some magic flag that went up when a program was malicious there wouldn't be a virus problem. They use heuristics as well to try and determine if a program is malicious but programs flagged by heuristics are just as likely to be benign as malicious. The best solution is to strictly control what is allowed to execute on the system. How many programs do you really use on a regular basis?

Fortune favors the BOLD

I wouldn't say that programs marked by heuristics are just as likely to
be good.  The quality of the heuristics continually improve, and are
much better than that.  Typically heuristics are applied to programs and
program errors that remain after other methods have considerably
narrowed the list.  I suspect that their accuracy greatly exceeds 95%
these days due to the order of application, and that is improved even
more by some background software applied after the heuristic ID.

Please don't overstate the case.  It is hard enough to get people to run
antivirus now.

Les H

If heuristics were 95% accurate we wouldn't have a virus problem at all and they wouldn't need constant updates. Antivirus is certainly a useful part of any comprehensive defense strategy but, its been my experience, too many people rely on antivirus and firewall software alone. The majority of users are under the impression that running antivirus and firewall software means they are safe. I can assure you that is not the case. They think if they avoid porn sites they are safe. Sorry just not true. Surf <favorite social networking site> long enough, download some "free" music , visit a web page with ads on it, download some more "free" screen savers your going to catch something sooner or later. I've spent plenty of time cleaning viruses and their ilk from infected computers, even when you run all the different scanners you can find, sometimes the computer keeps getting reinfected on reboot. There are small scripts that run and check for a files existence, if they find it , done , if not then they fetch a fresh copy or even better some "viruses" disable the antivirus program altogether. These programs are often broken up so as to avoid detection and work in tandem, executing and then calling/downloading the next script in line. The number one recommendation is wipe and reinstall. Most security software is a scam that keeps you hooked, 20 bucks or more a year, for updates. If this security software is so good then how come the number of viruses, spyware, trojans, etc keeps growing? Where are those 95% accurate heuristics? You'd think with security software that good the virus writers would have given up by now. No, anti-virus is a useful but severely limited tool. Of course then there is the notion that if you run Linux you are safe, harder to infect?sure but 100% safe? think you don't have to worry? Google around for "weakness of DAC". The sooner people learn that strict control of running programs is the only way to go the better off we will all be. One program to keep track of literally hundreds of thousands of malicious bits of code, brilliant strategy I gotta say, its a wonder its not working better. Since civilized discussions about security are beyond this list I will drop it right here. Email me off list if you want to continue this conversation, I am perfectly willing to be corrected and or educated on any point.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]