Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malware and the Web - we need a NEW Approach

17 Nov 2009   #11
TheIgster

Windows 7 Home Premium 64-bit
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
I think we can all basically agree that the REAL problem these days is MALWARE.
Malware is just an all encompassing term for viruses and the like. Your post seems to claim there is a distinction between malware and viruses, there is not.

To prove my point, from Wikipedia:

Quote:
Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.
Malware - Wikipedia, the free encyclopedia


My System SpecsSystem Spec
.
17 Nov 2009   #12
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there

Technically you are probably correct but I think the meaning of the post is clear
1) A Virus or worm or trojan horse is resident on the infected machine and can be located and removed - even if it has done it's nasty business

2) My post is trying to point out those cases where code can be dynamically generated, loaded and executed on the victims machine - and then vanish so no trace can be found via detection software.

I think the point of the post is clear BTW.

Incidentally the BBC has just published this -- which shows that my post is on the right lines.


......

However, in recent months, hi-tech criminals have signalled a change in tactics away from e-mail borne viruses. Instead, many are infiltrating popular webpages in a bid to infect the machine of any and every visitor. Many seek to steal valuable information such as login names, passwords or game accounts instead of trying to install themselves on a machine.
................ (from the BBC)

BTW before Apple ( or I-phone) owners get smug have a look at this.

BBC NEWS | Technology | Worm attack bites at Apple iPhone

cheers
jimbo
My System SpecsSystem Spec
18 Nov 2009   #13
Crazy Buddhist

 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by neoasr View Post
I use Noscript & adblock plus with FF

Hi there

Won't work 100% of the time -- every time you access web sites with any sort of designs - there's some CSS stuff there -- what about even the W7 site

even this site uses some scripting

for example as a start - code extract just view "Source" in IE.

<!DOCTYPEhtmlPUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <htmlxmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"> <head> <metahttp-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <metaname="generator" content="vBulletin 3.8.4" /> <metaname="verify-v1" content="KYRdS+aaZmSme3ViQqFlpzri2XmKhjPBDxF9Y7X5IO0=" /> <metaname="keywords" content="windows, seven beta, Microsoft, windows 7, Windows 7 Forums, windows 7 tutorials" /> <metaname="description" content="Windows 7 Forums the biggest Windows 7 discussion forum, friendly help and many Windows 7 tutorials that will help you get the most out of Microsofts new Windows 7 Operating System." /> <styletype="text/css" id="vbulletin_css">

Style: 'SF Default'; Style ID: 33

@import url("clientscript/vbulletin_css/style-afbf1b94-00033.css");

</style> <linkrel="stylesheet" type="text/css" href="clientscript/vbulletin_important.css?v=384" /> <styletype="text/css" id="bbcode_css"> <!-- .............................. etc etc.

cheers
jimbo
I don't see how NoScript will be fooled by this. Would you be kind enough to elaborate. Thanks.

Also for those who are interested the following free AV's offer some form of real time protection. There is at least one excellent one in the list:

List of free antivirus programs with real-time protection



List of free antispyware programs with real-time protection

From Wikipedia.

Cheers,

Matthew
My System SpecsSystem Spec
.

18 Nov 2009   #14
Dinesh

Windows® 8 Pro (64-bit)
 
 

Also, add SpywareBlaster. It gives a solid passive protection by integrating into browsers.
My System SpecsSystem Spec
18 Nov 2009   #15
Crazy Buddhist

 
 

Quote   Quote: Originally Posted by Dinesh View Post
Also, add SpywareBlaster. It gives a solid passive protection by integrating into browsers.
Good call.
My System SpecsSystem Spec
18 Nov 2009   #16
Carbonyl

Windows 7 RTM
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Classical viruses whilst a nuisance are relatively easily dealt with and are treated in general via AV software that does a REACTIVE scan -- i.e your computer is scanned at some point in time AFTER a virus has entered your system.
I just had to pipe up to say, this is certainly not the case. Regardless of how the virus got there, 'classical' virus infections can still strike the weak point of your computer to deliver massive damage. Infections are great at disabling AV software. The Virut strain of infections will mutate your EXE and DLL files beyond cleaning (Seriously, the AV vendors tell you to reformat your computer if Virut is found during a reactive scan). Rootkits can't be assuredly removed without reformatting, either.

Quote   Quote: Originally Posted by jimbo45
The major threat is in the so called DRIVE BY infections -- this is where you visit a site - could be a quite legal site which has been hijacked without the site owners knowing.

...

So we need some way of controlling what scripts actually run in a browser and if necessary AV software should be able to check these functions online without slowing the machine down to debug levels.
Very much agreed. Legitimate websites can unknowingly host malicious scripts. And if the website is a trusted place (i.e. National Geographic, New York Times, ect.), then you're going to be hit because there's no reason to block them.

But! Scripts are NOT the only vector of drive-by attacks. Look at the new malformed font attacks. These don't use scripts at all. They're undoubtedly the nastiest thing I've seen in a while.
My System SpecsSystem Spec
18 Nov 2009   #17
jav

Windows 7 Ultimate x86 SP1
 
 

What do you guys think about Sandbox type based protection?
Like Sandboxie or DefenseWall HIPS or any other software implementing this type of method?
In theory it seems to be very basic and in a way effective?

Can this kind of protection to be new Approach?
My System SpecsSystem Spec
18 Nov 2009   #18
Carbonyl

Windows 7 RTM
 
 

Quote   Quote: Originally Posted by jav View Post
What do you guys think about Sandbox type based protection?
Like Sandboxie or DefenseWall HIPS or any other software implementing this type of method?
In theory it seems to be very basic and in a way effective?

Can this kind of protection to be new Approach?
Yes, but only for 32-bit systems.
My System SpecsSystem Spec
18 Nov 2009   #19
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi carbonyl

The whole point is that IF your computer IS infected by one of these Viruses then it's already TOO LATE as I said in the post.


The problem also in "analytical" processing AFTER the fact is a bit like as they say in the USA doing "Monday Morning Quarterbacking".

The Virus can be removed of course - even if you have to restore a 100% known clean image from a previous backup set -- but there's NO WAY of knowing what the virus actually did -- for example stuff from your machine might at this moment be travelling all over the Internet.

Even if AV software detects a virus as VIRUS-A how does it actually know that it isn't VIRUS-B masquerading as VIRUS-A and so forth.

Better and more secure routers would certainly help but "industrial" strength routers don't come cheap.

Cheers
jimbo
My System SpecsSystem Spec
18 Nov 2009   #20
Crazy Buddhist

 
 

Quote   Quote: Originally Posted by jav View Post
What do you guys think about Sandbox type based protection?
Like Sandboxie or DefenseWall HIPS or any other software implementing this type of method?
In theory it seems to be very basic and in a way effective?

Can this kind of protection to be new Approach?

If you are talking about something like Defensewall then though very good that one for one is not totally invulnerable. I believe in a multi pronged approach so personally I use an IPCOP firewall with ClamAV that rules my network, a multi scanner integrated suite on my windows machines + 2 additional malware scanners - and that's enough, as I don't spend a lot of time on the world wild web ... mainly stick to a few sites that need my attention or where I enjoy the community.

If the driveby's become more common and if they start getting injected into trusted sites then I'll probably add HIPS/Defensewall but wouldn't replace anything else with it. If you torrent peerguardian is a must have too.

Matthew

PS The issue with Defensewall is that it is implemented at the Windows driver level and can be beat by some rootkits and installers, as I understand it.
My System SpecsSystem Spec
Reply

 Malware and the Web - we need a NEW Approach




Thread Tools




Similar help and support threads
Thread Forum
Approach for going from XP 32 to Win7 64?
I have a home-built PC that I'm aiming to do some hardware upgrades on during the holidays. I'll be putting in a new MB, processor, memory, and video card, which will change the architecture from 32 bit to 64 bit. The drives and power supply are all less than a year old, so I'm keeping...
Installation & Setup
New approach to pirates?
Right now I'm very sick... It's horrible and my thinking process is very hazy, I was playing a few games on my PSP and it was hard to know what was going on. Anyway, I just read a few articles about piracy from "TorrentFreak" and have thought of a more moral and simple solution to piracy. If a...
Chillout Room
My Approach to Windows Updates
Over the years dealing with updates for various Windows OS's, I have adopted the following approach. My question to the experts here is this approach still valid. I learned from bitter experience that Windows updates can sometimes cause more trouble that what they are trying to fix. My...
Windows Updates & Activation


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 00:07.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App