don’t get infected with P2P
Many people use P2P networks nowadays.
As time goes on, it seems that P2P networks are increasingly being used to spread the latest malware.
I admit I recently got infected, despite having some good protection in place.
So, after thinking about it, I’ve decided to add a new technique to minimise the risk even further.
Any P2P downloads will now go through a self imposed quarantine.
eg: if I download something today, then I won’t open the file for a week or two.
Its not easy, as most of us have the “want it now” mentality, but given the increasing risk of infection, then this will help me.
Why?
It can take days, if not weeks before new malware gets incorporated into anti-virus/anti-spyware databases, so a weeks delay means my security software has a good chance of detecting a “previously undetectable” virus.
Of course this is not the best answer, since if everyone did this, then we would be no better off, given that AV companies rely (in part) on user feedback.
At the moment, its just shifting the risk of infection on to people that are impatient 🙂
If you use the right networks on the BitTorrent network you won’t have this trouble… mininova etc….
Well, at least we need to minimize our risk.
I agree with you taking patience approach. But simpler one would be to use quarantine and then to inspect for virus/malwares/Trojans/warms. Now a days most of the virus – malware – trojans – warm detectors use behavioral and predicative logic. Due to that these unknown bugs should be detectable or should be warned upfront.
But in all cases being careful and cautious plays good always. 😀
Thanks,
Hey L, speaking of infectious softies have you come across any Conficker.C or /D strains of the ware in your travels?
The conficker working group have done a pretty good analysis write up of it and have identified parts of its mutation is enabled by a built in (iirc I read it was obfuscated to try to make it harder to analyse) P2P protocol.
Would be interesting to read any files or signatures detected by the software you trust in your scanning toolkit if you do.
Regs, ToddS
Ah well, some networks are more prone to bad files, but “new” infected files will always be a problem.
Predictive logic only works if infections work in known ways… a new method of infecting a PC will not be detected, it can sometimes take up 2+ weeks before security software can detect the latest malware that was released “today”.
Quote “Predictive logic only works if infections work in known ways… a new method of infecting a PC will not be detected, it can sometimes take up 2+ weeks before security software can detect the latest malware that was released “today”.” ……Or until Microsoft patch their software, which can take months.
The difference between bad security software and good security software is that the good software will generally patch their product using an update, within 24 hours after the infection becomes known. This is called a 0 Day outbreak.
There is always the period of time between release and discovery tho.
I assume they are using Microsoft core OS then which is the target of this type of virus programming.
You could always use it as a talking point to try a Linux Livecd for a while to see if they miss anything much that isn’t otherwise available in another software package or method of workflow from a Windows environment.
SuSE are making developing and building a Linux image from their SuSE baseline very streamlined with their SuSE Studio product that’s in beta, from the login I was issued it’s very easy to spec what packages you want installed, set the default background for whatever X server and window manager you choose to bake into it, and build and download the image as either a CD Install, Live CD or VM Image. Ready to go, not a whole lot of fuss and enough polish to convince a casual Vista user who was sold by the Microsoft marketing machine on its ‘features’
Back to the main point of the post, have you looked forward to the Windows 7 core security changes to the os architecture that might somehow handle differently the current type of system vulnerabilities that are exploited in Vista / XP systems?
And with the Autoupdates (XP) that are being pushed (to double check patch level I would assume) I just had this one come up for approval.
A security issue has been identified in Microsoft XML Core Services (MSXML) that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.
More information for this update can be found at http://go.microsoft.com/fwlink/?LinkId=128803
It’s dated from November 2008, shouldn’t that one have been applied in the patch Tuesdays since then and now?
Hi CW,
Yep, I often manage to get customers who seem to fall into the release -> discovery gap. I’ve also fallen victim to “the gap”
Hi Todd,
I don’t think I’ve found any conficker sigs, but then I’m more focussed on fixing the problem at hand, rather than keeping logs of which nasties are most prevalent (but I do notice if something starts showing up a lot).
In this case, I was the one that got infected… But I sometimes put linux on peoples systems. My favorite is Mepis 8.x many people say its the best for average (or “below average”) computer users. Its also a good liveCD.
Windows 7: Not impressed so far. My biggest gripe is the Vista looks and feel, which I think was developed with minimal consumer market research and feedback.
Having said that, keep an eye out for a future post about Vista 64… I was pleasantly surprised. So I suspect win7-64 should be even nicer… You just need to throw heaps of “horsepower” at it.
And lastly:
windows updates – “A security issue has been identified in Microsoft XML Core Services (MSXML) that could allow …”
“Could” is the important word… if its not a critical update then MS *probably* don’t force the update because the conditions needed to execute remote code are highly unlikely to happen (eg only on the 29th of feb, when the moon is full).
L if you really believe that the grammar of the wording plays that important a role in implying a ‘she’ll be right mate’ of sorts, how could one explain why a product like Windows Defender, Live OneCare and embedded Firewall components came about?
I would say from watching how they roll it buys them time to patch criticals while they downplay serverity through vague wording in security bulletins.
Just like those recent criticals in Firefox 3.0.7 that were demonstrated at some hacker conf called Pwn2Own that ‘could’ have been exploited more successfully off the radar had it not been found and made known to development (cash money and good guy geeky fame probably played a helping role here) so they could patch it up.
Lolz… the trust people have in Microsoft, lolz.
Todd, it makes me laugh with what you are saying because it is so true.
Microsoft sell you a copy of windows, toting it as the greatest piece of software available.
They then tell you that you need to buy a slew of additional products from them because what they sold you is incomplete.
Hey there, well you could sure get that idea from watching Steve Balmer deliver those truely visionary keynote speaches that seem hell bent on impressing that possibly entire universe is definable inside the operating system framework at the Microsoft conventions like he does
Sure they are in the computing industry and so they push their financial weight around whenever they can, but it’s a lot of marketing and partner promotional deals going on there.
Conferences like the Symposium on Operating Systems Principles http://sosp.org/ would be interesting to sit in on or watch the video from, if they ever capture such a thing, like Google have a good culture of recording and making public on their AtGoogle YouTube channel.