DownAdUp - Conficker Detection Software

Message boards : Number crunching : DownAdUp - Conficker Detection Software
Message board moderation

To post messages, you must log in.

Previous · 1 · 2 · 3

AuthorMessage
Profile -=SuperG=-
Avatar

Send message
Joined: 3 Apr 99
Posts: 63
Credit: 89,161,651
RAC: 23
Canada
Message 881471 - Posted: 2 Apr 2009, 0:04:53 UTC

So... has anybody seen any outbreaks yet?
Boinc Wiki




"Great spirits have always encountered violent opposition from mediocre minds." -Albert Einstein
ID: 881471 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 66134
Credit: 55,293,173
RAC: 49
United States
Message 881473 - Posted: 2 Apr 2009, 0:07:10 UTC - in response to Message 881471.  
Last modified: 2 Apr 2009, 0:07:48 UTC

So... has anybody seen any outbreaks yet?

Nope, All I've heard since 2:45pm PDT, Is about the Queen and President Obama, On April Fools Day WORM not a thing, Yet.
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 881473 · Report as offensive
Profile jason_gee
Volunteer developer
Volunteer tester
Avatar

Send message
Joined: 24 Nov 06
Posts: 7489
Credit: 91,093,184
RAC: 0
Australia
Message 881478 - Posted: 2 Apr 2009, 0:26:33 UTC - in response to Message 881370.  
Last modified: 2 Apr 2009, 0:56:35 UTC

@Jason_gee

Sorry you are having trouble with Symantec.

I personally use their products loyally and have had little or no issues with the 6 schools and dozen or so companies we have it deployed at. I would appreciate it if you would stop bashing by name and perhaps step back and look at the whole picture.

This is not a product bashing thread. I don't care what your experiences are with it.


That is not what I meant SuoerG, and if it came across that way I apologise. I have personally had no trouble with Symantec, but choose another vendor. Also I am sorry it was not clear that neither of the licenses dumped due to false detections at local campuses here were Symantec, but from other vendors. Heuristics & update quality were to blame at those installations, which rendered campus wide networks unusable. There is nothing wrong with expecting information and tools released to be reliable, especially when paid for, and if it proved to be fraudulent that the perpetrators are held accountable for any expense incurred (whoever they be).

False detections across most vendors are a problem from time to time, and in most cases are traceable to 'catchall' type heuristics designed on a principle of 'better to make a false detection than miss something'. In large installations that strategy often results in an expensive and unnecessary waste of time and resources, which usually has the worst impact on the very end-users the products are supposed to be protecting.

Jason
"Living by the wisdom of computer science doesn't sound so bad after all. And unlike most advice, it's backed up by proofs." -- Algorithms to live by: The computer science of human decisions.
ID: 881478 · Report as offensive
Profile -=SuperG=-
Avatar

Send message
Joined: 3 Apr 99
Posts: 63
Credit: 89,161,651
RAC: 23
Canada
Message 881507 - Posted: 2 Apr 2009, 2:31:19 UTC - in response to Message 881478.  

@Jason_gee

Sorry you are having trouble with Symantec.

I personally use their products loyally and have had little or no issues with the 6 schools and dozen or so companies we have it deployed at. I would appreciate it if you would stop bashing by name and perhaps step back and look at the whole picture.

This is not a product bashing thread. I don't care what your experiences are with it.


That is not what I meant SuoerG, and if it came across that way I apologise. I have personally had no trouble with Symantec, but choose another vendor. Also I am sorry it was not clear that neither of the licenses dumped due to false detections at local campuses here were Symantec, but from other vendors. Heuristics & update quality were to blame at those installations, which rendered campus wide networks unusable. There is nothing wrong with expecting information and tools released to be reliable, especially when paid for, and if it proved to be fraudulent that the perpetrators are held accountable for any expense incurred (whoever they be).

False detections across most vendors are a problem from time to time, and in most cases are traceable to 'catchall' type heuristics designed on a principle of 'better to make a false detection than miss something'. In large installations that strategy often results in an expensive and unnecessary waste of time and resources, which usually has the worst impact on the very end-users the products are supposed to be protecting.

Jason


No need to apologize, I overreacted plain and simple.

I have used Symantec software for a very long time and am simply tired of people telling me that Symantec isn't good because it slows computers down. Nothing to do with you.

IMHO Symantec slows computers down because the software is actually doing something. Most software claims to have better software but only because they base that on resources used or how long it takes to do a complete scan.

I base my experiences on Symantec Antivirus and Symantec Endpoint protection. The later is the recently released "new" version of SAV. These are corporate-centrally managed software packages for those of us who don't know. False positives and other non threatening software detection are easily remedied on a global basis using the Managers Console.

I will be the first to tell anyone that the consumer versions of Antivirus, Internet Security and AIO (Norton 360) products will slow your computer down. Using only what you need is the key to controlling how it will affect performance and/or use resources. I personally don't recommend the Internet Security or Norton 360 suites. WAY too bloated. These suites along with Panda Titanium, Mcafee Internet Security and others will bring even a new PC to its knees.The Norton Antivirus software is all I sell to my individual end user clients. And yes the 2009 version is way better than even the 2008. I also have to agree with another comment made stating that Symantec had their hay day a few years back. Everything negative seemed to follow the mass migration to Windows XP and the software activation scheme.

Once again, this is all just my experience. Everyone here uses what they think is best.

And I have ranted on way to long about this…:P

By tomorrow all will be forgotten… Hopefully including this Conficker thingy they keep calling a Worm…

Best Regards,

Howard

Boinc Wiki




"Great spirits have always encountered violent opposition from mediocre minds." -Albert Einstein
ID: 881507 · Report as offensive
Profile KW2E
Avatar

Send message
Joined: 18 May 99
Posts: 346
Credit: 104,396,190
RAC: 34
United States
Message 881550 - Posted: 2 Apr 2009, 4:23:42 UTC - in response to Message 881507.  

Altiris + SEP = What I use at work.

:)

Rob
ID: 881550 · Report as offensive
Profile Dirk Sadowski
Volunteer tester

Send message
Joined: 6 Apr 07
Posts: 7105
Credit: 147,663,825
RAC: 5
Germany
Message 881552 - Posted: 2 Apr 2009, 4:27:37 UTC
Last modified: 2 Apr 2009, 4:28:27 UTC


http://www.free-av.de .. like the URL say.. anti virus for free! :-)

[free ONLY for home usage!]

ID: 881552 · Report as offensive
Profile champ
Volunteer tester
Avatar

Send message
Joined: 12 Mar 03
Posts: 3642
Credit: 1,489,147
RAC: 0
Germany
Message 881576 - Posted: 2 Apr 2009, 6:51:22 UTC
Last modified: 2 Apr 2009, 7:03:09 UTC

I have got my experience with Avira. The free version is not really good. Long virus update times. (Or it is difficult to reach the download server).

The free version is Beta and is not able to detect all new viruses. This is why i have changed to Kaspersky. Since i am using it, i am virus free.
ID: 881576 · Report as offensive
Profile -=SuperG=-
Avatar

Send message
Joined: 3 Apr 99
Posts: 63
Credit: 89,161,651
RAC: 23
Canada
Message 881579 - Posted: 2 Apr 2009, 6:58:56 UTC
Last modified: 2 Apr 2009, 7:03:32 UTC

I have heard good stuff about Kaspersky. Lots of public interest too.. :)
Boinc Wiki




"Great spirits have always encountered violent opposition from mediocre minds." -Albert Einstein
ID: 881579 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 881583 - Posted: 2 Apr 2009, 7:20:38 UTC - in response to Message 881576.  

I have got my experience with product A.

The free version is Beta and is not able to detect all new viruses

This is why i have changed to Product B. Since i am using it, i am virus free.

That's not a very good statement, is it?

It can mean you're not a very safe surfer, that you click on everything you see, that you open any attachments and that you're only as safe as your AV makes you feel you are.

Of course, on the other hand, it can mean you are a very safe surfer, you don't click everything you see, you don't open all attachments and you don't blindly trust the AV.

In my experience, no product out there is capable of detecting all new viruses. There was one, years ago which did. A Dutch product called Shark Antivirus, the first on the market with a completely new heuristic detection that was so good, all the big sharks wanted to have it. They've been bought by Norman and since that time no one ever heard from them again. Do you know Norman? See?

But the problem with all good AV software, as well as all good other malware software, is that it can only detect threats already out there. Remember that definition file you're downloading? That's your after the fact file. Someone needs to send in a new thing found on their computer and the AV bozos need to make it detectable and added to their def file first before you can download the def file and detect the new baddy.

For had you had one good product with a true heuristic detection that would catch all, you would never upgrade again and where would that leave the AV makers then? Moneyless, pitiless, forlorn.
ID: 881583 · Report as offensive
-ShEm-
Volunteer tester

Send message
Joined: 25 Feb 00
Posts: 139
Credit: 4,129,448
RAC: 0
Message 881604 - Posted: 2 Apr 2009, 9:02:53 UTC - in response to Message 881583.  

But there is ThreatFire, free for home use and made to run along with a 'normal' antivirus-program.
ID: 881604 · Report as offensive
Profile champ
Volunteer tester
Avatar

Send message
Joined: 12 Mar 03
Posts: 3642
Credit: 1,489,147
RAC: 0
Germany
Message 881613 - Posted: 2 Apr 2009, 10:04:28 UTC

Jord, you as an expert surfer must know, there are a couple of ways to get a Virus or Maleware on your computer. Not only by klicking on everything.

But the problem with all good AV software, as well as all good other malware software, is that it can only detect threats already out there....(snip)


In this case you are right. On my computers is Kaspersky running all the time. But to clean up my Computers, i have scheduled another Anti-Virus Software. But sometimes both can fail. I remember, my kids was surfing in the Internet and infected the computer with a harmless Malware Programm. No Anti Virus/Malware/Trojan etc. Programm found it. The only way was to search and destroy it by single handed.
ID: 881613 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 881622 - Posted: 2 Apr 2009, 10:58:19 UTC - in response to Message 881613.  

Jord, you as an expert surfer must know, there are a couple of ways to get a Virus or Maleware on your computer. Not only by klicking on everything.

Sure... not having a firewall at all is a good way. I run a hardware and software firewall, Noscript and Adblock extensions, Spybot S&D and Spywareblaster updated every week, etc. etc. .. Oh and Avira. Not that I ever scan with it, too darn slow. :-D

The only way was to search and destroy it by single handed.

Some people don't even have the patience and just reformat & reinstall their OS. ;-)

Others at least use Hijack This, post their logs on forums, get help, post more logs, get more help, download all kinds of killers, post more logs, and eventually reformat and reinstall their OS. ;-)
ID: 881622 · Report as offensive
Profile Dirk Sadowski
Volunteer tester

Send message
Joined: 6 Apr 07
Posts: 7105
Credit: 147,663,825
RAC: 5
Germany
Message 881643 - Posted: 2 Apr 2009, 12:47:07 UTC - in response to Message 881576.  

I have got my experience with Avira. The free version is not really good. Long virus update times. (Or it is difficult to reach the download server).

The free version is Beta and is not able to detect all new viruses. This is why i have changed to Kaspersky. Since i am using it, i am virus free.


I can't confirm this.

I use the free AntiVir and to now no probs.

Update is everytime well.

It's recommended for slow rigs also. So very well for my old Athlon 600.. ;-)

The PC magazine c't recommend this free version also.

ID: 881643 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20813
Credit: 7,508,002
RAC: 20
United Kingdom
Message 881669 - Posted: 2 Apr 2009, 14:17:21 UTC - in response to Message 881643.  
Last modified: 2 Apr 2009, 14:21:38 UTC

I can't confirm this.

I use the free AntiVir and to now no probs.

Update is everytime well. ...

I can confirm...

No antivirus in use, none whatsoever.

No updates for whatever antivirus ('cos there ain't one running).

And it all works very well and very smoothly.


Out of paranoia, I do run "rootkit" checks. Then again, those checks are for malware and exploits that have been around for many many years and have been fundamentally fixed many many years ago. All very well publicised and known.

Similarly out of paranoia, I run a firewall on here although it is rather superfluous. It does give a useful second-check against misconfiguration albeit at the expense of being yet-another-thing to set up.


You all have a choice.

I'm still shocked at the ridiculous time and expense for chasing a confickering damp squib and yet, it is still a valid threat to many Windows users!


... All very silly,

and what of the malware that the antivirus will miss... (and the false positives misidentified)?


Aside: I've had my great experience of Norton/Symantec anti-virus. The latest software should be considered a virus in itself for the detritus it leaves behind that 'just happens' to nobble some of their competitors "anti-virus solutions". Horrible waste of time doing the registry and folders clean-up. Still a hideous continuing waste of time and money.

Keep searchin',
Martin


[Aside and mini-rant]

The story is nicely summarised:

Symantec uninstaller may not finish the job

How the $#@$# do I fully remove Norton from my PC?

Download and run the Norton Removal Tool

[Note that that STILL does NOT do a full cleanup!]

How To Get Norton Off Your System

CCleaner


My success story was to:

Make a backup, backup the registry, and then to save a system restore point;

Run regedit and do a search and delete of all keys on all references to
symantec;

Then run ccleaner to fix up the rest of the detritus in the registry;

(Somewhere in that lot, ensure that the registry startup keys that
secretly run the Symantec/NAV system tray applications are deleted.)

Reboot. Cancel any Symantec installer dialogues. Delete all the Symantec
folder trees (uncheck the 'read-only' property, and cancel any MSI
pop-ups!);

Run ccleaner again for good measure and also use it to delete the
Symantec entries in the add/remove programs list;

Reboot again and hopefully all is clean oncemore.


In the time to do that little lot, you could instead install your
favourite Linux distro sans-anti-virus ;-)

It does make you wonder just how much time is lost and the level of
frustration caused by the virus and anti-virus malarky on Windows...


All just a recent "user experience" and some personal observations of
mine! Not to be wished on others...

[/Aside and mini-rant]
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 881669 · Report as offensive
Profile Dirk Sadowski
Volunteer tester

Send message
Joined: 6 Apr 07
Posts: 7105
Credit: 147,663,825
RAC: 5
Germany
Message 881675 - Posted: 2 Apr 2009, 14:34:54 UTC
Last modified: 2 Apr 2009, 14:43:18 UTC


I had chance to test Windows vs. Linux.

Windows is more userfriendly for 'unknown' PC user.

If you are a person which like to learn about PCs [and you have time for this], then Linux is maybe your favorite.

For the most people out there Windows is the easiest way..

ID: 881675 · Report as offensive
Cosmic_Ocean
Avatar

Send message
Joined: 23 Dec 00
Posts: 3027
Credit: 13,516,867
RAC: 13
United States
Message 881677 - Posted: 2 Apr 2009, 14:54:25 UTC

There was a while where I did not have AV because there were three websites I went to, and I don't blindly click on everything I see.

Then I got into the world of torrents, and that's the only reason I have AV. I still only go to trusted sites that I know will never be infected with something bad, and I still don't blindly click links.

However, if I need to go somewhere questionable, I pull up Ubuntu in VMware and check it out. :D Safest thing you can do is Linux..in a virtual machine..behind two layers of NAT.

Regarding Windows v. Linux... I do like Linux, but until more major software devs start thinking about giving Linux a chance, Windows will continue to be easier to use for everyday tasks. I know there is firefox and thunderbird, and openoffice, but most people need more than that, and they don't want to have to pull up some obscure CLI program to "find" software (referring to aptitude).

For ease of simplicity (regarding installing new software), I have found that SuSE and YaST are very user friendly. However, you can still end up getting into what my colleagues have called "RPM hell", where dependencies start piling up and multiplying, and you get to a point where it turns out you need to upgrade the kernel to resolve it all.

However, once some of the major game developers begin using OpenGL again, I think there will be a large movement over to Linux/Mac and away from Windows. I think for the most part, that's just about the only thing holding a large portion of the Windows market from going over to Linux, is that their games won't work in Linux.
Linux laptop:
record uptime: 1511d 20h 19m (ended due to the power brick giving-up)
ID: 881677 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 66134
Credit: 55,293,173
RAC: 49
United States
Message 881694 - Posted: 2 Apr 2009, 15:26:36 UTC - in response to Message 881622.  
Last modified: 2 Apr 2009, 15:29:32 UTC

Jord, you as an expert surfer must know, there are a couple of ways to get a Virus or Malware on your computer. Not only by clicking on everything.

Sure... not having a firewall at all is a good way. I run a hardware and software firewall, Noscript and Adblock extensions, Spybot S&D and Spywareblaster updated every week, etc. etc. .. Oh and Avira. Not that I ever scan with it, too darn slow. :-D

The only way was to search and destroy it by single handed.

Some people don't even have the patience and just reformat & reinstall their OS. ;-)

Others at least use Hijack This, post their logs on forums, get help, post more logs, get more help, download all kinds of killers, post more logs, and eventually reformat and reinstall their OS. ;-)

I do the same ageless and I run AVG 8.5 too, Noscript is really a good malware blocker.

Good: Noscript can block the malwares address on the web.

Bad: You have to find the website hosting the malware.
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 881694 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20813
Credit: 7,508,002
RAC: 20
United Kingdom
Message 881700 - Posted: 2 Apr 2009, 16:03:01 UTC - in response to Message 881675.  
Last modified: 2 Apr 2009, 16:03:31 UTC

For the most people out there Windows is the easiest way..

Indeed so for those whom do not wish to look and instead just blindly take whatever is already there or is magically pre-installed for them.

Easier that is until it becomes all too easily infested and choked down to a snail's pace. Then there is all the fun of "DIY" fixes or an expensive trip down to the computer repair shop. Or... There is the hassle of doing the three-Rs (Reformat, Reinstall, Reboot...)

Then, for slightly more expensive but very much more reliable, there is Apple. However, my opinion is that they perpetrate greater market lock-in than even does Microsoft.

For Linux, you can have obscure and hard with such as Linux-From-Scratch. I certainly wouldn't advise anyone unfamiliar with computers to try that as a first taste! Much better for just simply using something, try looking at such as Kubuntu, Ubuntu, Mandriva, or the other main desktop distros.

What of the command line? Well, you don't even need to know it exists. They all have graphical or automatic config and graphical installers if you want extras.

Should be well worth a look for anyone interested.

Good luck,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 881700 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 66134
Credit: 55,293,173
RAC: 49
United States
Message 883705 - Posted: 9 Apr 2009, 14:58:04 UTC

CNN has a story up about Conficker and It seems to have finally activated.

Conficker wakes up, updates via P2P, drops payload

CNN wrote:

(CNET) -- The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.


The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 883705 · Report as offensive
Previous · 1 · 2 · 3

Message boards : Number crunching : DownAdUp - Conficker Detection Software


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.