Conficker virus rant (boring)
Printed From: Speakerplans.com
Category: Other Chat
Forum Name: Computer Talk
Forum Description: Help and discussion about your manly PC or girly Mac
URL: https://forum.speakerplans.com/forum_posts.asp?TID=23110
Printed Date: 24 April 2024 at 2:47am
Software Version: Web Wiz Forums 12.06 - https://www.webwizforums.com
Topic: Conficker virus rant (boring)
Posted By: chickenfizz
Subject: Conficker virus rant (boring)
Date Posted: 20 January 2009 at 9:56am
|
OK, I've been reading about this terrible worm that's been affecting millions of PCs etc... I'm having a rant, don't take what I say here as fact, it's mostly speculation and wonderings. There doesn't seem to be a lot of information about how the worm actually attacks, I understand it's through a security hole in the windows 'server' service. All the advice on the web says, "users should always install all the latest patches from microsoft and make sure your security software is up to date". Personally I suspect this is crap (although I don't know for sure). I've seen many PCs with automatic updates enabled and running the latest security magic and they all run like a bag of hammers and half the time you've got things popping up from the taskbar demanding attention, restarts, updates more resources etc etc. And often these PCs still have viruses anyway! After recently fixing a PC for someone I updated them to the latest version of AVG, this litterally halfed the performance of the machine. For years I've run windows XP with no anti-virus, with no automatic updates (although I do install service packs) and with windows friggin security center disabled. I am behind a hardware firewall and use a hosts file to block ads etc and have sensible surfing habits! I haven't had a virus in the last 4 or 5 years. Now I don't see why my firewall alone isn't enough to stop this virus from infecting me, as I understand it the worm is on the wan side and my computer would effectively have to ask to be infected before anything could get through to my network unless I was specifically forwarding ports to allow external access to the windows networking (foolish). Am I right? Is the real answer to the problem, "everyone use a firewall"? I don't see the point in preventing viruses etc by running software which uses half your memory, constantly scans files, flashes messages in your face, uses network bandwidth and cripples performace, is that not just like having a virus? |
Replies:
Posted By: The Garglebard
Date Posted: 20 January 2009 at 10:00am
Yes
 |
chickenfizz wrote:Posted By: toastyghost
Date Posted: 20 January 2009 at 10:02am
|
The latest AVG is awful, but it can be made reasonable if you disable the link scanner part of it before installing. |
Posted By: AlfieDring
Date Posted: 20 January 2009 at 10:06am
Same, but make that a software firewall 10 years (apart from one annoying little pesky thing, but that came off a USB key anyway...) Alf |
Posted By: djgorey
Date Posted: 20 January 2009 at 10:10am
|
A lot of these e-mails warning you of "big dangerous virus" or "big dangerous scam" are pure spam.
And has for viruses...I've got a Mac
|
Posted By: nickyburnell
Date Posted: 20 January 2009 at 10:13am
|
Depends on the firewall. NAT translation as I understand it wouldn't stop this. A hardware firewall configured correctly or something like ZA would I believe stop it. However, most people cannot deal with Windows updates never mind a firewall. People see PC's as TV's, something that sits in the corner when in fact they are like their cars, learn to maintain or pay.
So yes I believe a proper firewall will keep the latest bug out (or in
 ) but people don't have the knowlege/time.As a foot note, please don't encourage people with no knowlege to run without AV. It's OK for you because you understand, hundreds of Joe Public with no AV doesn't bear thinking about.
Rgards
Nick
This thread should be in the Computer section. ------------- It's everything, not everythink! |
Posted By: tb_mike
Date Posted: 22 January 2009 at 4:49am
|
FOOD MONOCULTURE = DANGEROUS. SOFTWARE MONOCULTURE = EQUALLY DANGEROUS btw "windows for warships" is being brought out by the MOD! "Monoculture and the Irish Potato Famine: cases of missing genetic variation" If you want to see how easy it is, just search 'metasploit' on youtube. Note that microsoft are a little wierd about it - suggesting users to use the existing windows firewall(which is rubbish). Yes our firewall is limited,but that makes things easier.Ive found that the average user isnt capable of deciding what traffic to let out. Yes they 'learn' and remember your settings. But what when thisisnotavirus.exe wants to make an outbound connection? According to my understanding,yes a proper firewall that will block the windows service -preventing it spreading via that manner. Ofcourse you may get it from your buddys USB stick, and then your firewall may ask if a wierd exe can setup an outbound to an odd URL. Ive been following this too. I had to look at several sites to collect decent info. It seems to spread also by malformed autorun.inf on usb sticks aswell - check for a crazy .vmx in notepad in it.Or disable autorun. You know its funny, Ive used XP for years with a 3rd party firewall , no AV for 99% of that time. Almost no problems,and the benefit of a very fast PC. I was on dialup until recently,so gave up updating. But im not your average user using outlook to send/receive funny .ppt,.doc,britneyspears.jpg.exe, or attempting to download LOST from warez etc. If you scroll through the long MS article, it tells you the work arounds -disable 'computer browser' and 'server' services. These are to do with SHARES and a person who has one pc wont even need. Prevention is better than the cure,as anyone who has treid removing nasty malware would know. I actually have a small XP partition,ready for quick formatting , install drivers from CD and then its fresh as... I do about 6times a year - heaps of spyware hides in windows\system32 or your documents and settings - where youl never find it.Especially if your rootkitted-youl never even seen the malicious files. I guess you might see them if you used a linux live cd and mounted your windows partition and had a look. I found an informative mcafee blog which explains interesting malwares. Il post the link when I find it again. |
Posted By: tb_mike
Date Posted: 22 January 2009 at 5:00am
I think the vast majority of people who have bought recent PCs infact run one OR MORE anti virus programs. But without a decent firewall, its like leaving the windows open with the alarms on. The scary thing is, the latest tvs are going online, so theyl be hackable. Hopefully they run a locked down BSD or embedded linux system. It looks like too many arent patching - http://www.theregister.co.uk/ Interestingly both our local ministry of health,and the british ministry of health got infected. |
Posted By: nickyburnell
Date Posted: 22 January 2009 at 9:40am
|
Just a pointer. I've seen the Conflicker on two memory sticks now. In both occasions the stick showed up in My Computer as a folder, not a drive. When cleaned back to normal. ------------- It's everything, not everythink! |
Posted By: Disco Stu
Date Posted: 22 January 2009 at 10:34am
Macs have viruses too, they just dont have a big enough market share yet for people to bother, as a huge amount of people own windows machines, and microsoft is particularly vulnerable. If they overtake microsoft and become the main computer market, you will see more viruses. Its just a computer, ALL systems can be hacked. Stu ------------- All you need to know is: Sensitivity + Power Handling - Power Compression = Max Output My acts: www.myspace.com/thebowiexperience www.myspace.com/scheisseelektronisches |
Posted By: djgorey
Date Posted: 22 January 2009 at 10:47am
Yes I totally agree! As soon as Apple get more popular than Microsoft (which is probably never going to happen), the viruses will be there. However, at the moment, I'll keep my smug face on! For the virus writers, it's all about having the biggest impact and they'll never get that from writing a virus for a computer only a small percentage have.
|
Posted By: darkmatter
Date Posted: 22 January 2009 at 12:29pm
|
I've had hardly any problems over the last few years by running a decent rule based firewall (Kerio 2.1.5). I agree, instead of running ten pieces of antivirus software you might as well have a virus |
Posted By: iand4403
Date Posted: 22 January 2009 at 1:08pm
|
Without decent protection your PC could be part of a botnet (network of compromised computers which is controlled by it's creators) and you wouldn't be able to tell. These networks are often used to hold a business at ransom, by overloading their servers with data from thousands of infected machines until they pay up. |
Posted By: chickenfizz
Date Posted: 22 January 2009 at 1:47pm
|
I have two answers to that... I WOULD be able to tell because I'd see network traffic that was unaccounted for or I'd see extra processes running or many other tell-tale signs. The other answer is if I REALLY wouldn't be able to tell then I don't really care. And still I'd say that no I couldn't be part of one unless my computer had requested to be part of one. I agree that without decent protect there could be problems, but "decent protection" in my opinion is running a dedicated firewall and well-informed PC usage. Not downloading and installing patches and running bloated scanning software etc. |
Posted By: rezsbc
Date Posted: 22 January 2009 at 2:09pm
|
In response to the original post: Leaving known security vulnerabilities in your installed software unpatched is just stupid. Hardware firewalls are good definitely, but a software firewall should always be used as well to control application-specific access to the network. Running without anti-virus is also just plain stupid in my book. I use all of these and my machine zips along. Windows in particular is really easy to mash up and end up with it running real slow.... probably 80% of the pc's I've ever seen crawl along through bad set up but patching your system/running antivirus/software firewalls should and do not cause a system to slow down massively. |
Posted By: odc04r
Date Posted: 22 January 2009 at 2:37pm
Application specific firewall and careful monitoring of active processes will actually tell you quite quickly. Back in the day the MSblaster worm got nothing from me as I simply denied it outbound access. Oh how I laughed as all my friends PCs constantly rebooted. |
Posted By: darkmatter
Date Posted: 22 January 2009 at 4:17pm
Haha I bet they loved you for that Problem is, when people realize you know about these things, instead of taking your advice they just ask you to sort it out for them. I'd rather let them all get worms than spend ages trying to set people's computers up properly. |
Posted By: iand4403
Date Posted: 22 January 2009 at 4:56pm
Apparently it's quite simple to spoof the windows process list/netstat etc but I have no experience. As long as I can browse SP and play Moh:AA I'm not bothered either |
Posted By: nineleaves
Date Posted: 23 January 2009 at 12:30am
|
the solutions dead simple... for internet use - JUST RUN LINUX ! ..preferably ubuntu. |
Posted By: tb_mike
Date Posted: 23 January 2009 at 8:06am
Yep if you have a rootkit your system will basically lie to you. Did you see what happened to our local botnet creator in the Coromandel? He has dyslexia or similar, so he doesnt go to jail,and has many job offers. Isnt that discrimination against those of us without conditions? Also he didnt modify an existing botnet program,he made his own :P And as for patching, yes some people DO have an excuse - for every 10 bugs that are fixed, 3 more are created. But your everyday joe blogs, I dont think they have a problem with auto updates aslong as they have a decent ADSL pipe. |
Posted By: Tony Wilkes
Date Posted: 23 January 2009 at 9:25am
For newbies try Linux Mint its a Ubuntu fork with a lot of the set up misery taken care of. Tony |
Posted By: odc04r
Date Posted: 23 January 2009 at 9:27am
Just tell them it's £25 per hour after the first favour (unless they are good friends or family). That dissuades lazy people pretty quickly. After the first time you have sorted them out they don't get a second if good advice has been disregarded too! |
Posted By: nineleaves
Date Posted: 23 January 2009 at 9:32am
For newbies try Linux Mint its a Ubuntu fork with a lot of the set up misery taken care of. Tony [/QUOTE] ill have to look that one up sometime :) i currently reccomend and use ubuntu as it is also very windows user friendly; it works like it in many ways; is overall very easy to use & well supported. it was founded by some african billionaire who wanted to bring a free, useable, well funded & maintained opensource operating system to the masses who are familiar with windows. installs just as easily too; and the partitioning proceedure is easy & non buggy into the bargain :) |
Posted By: Tony Wilkes
Date Posted: 23 January 2009 at 10:21am
|
Basically Mint is Ubuntu with all the multimedia codecs already included plus they have modded a few apps. to make them much easier to use. Only available in 32bit at the moment but 64 bit is at RC1. Tony |
Posted By: tb_mike
Date Posted: 23 January 2009 at 8:30pm
|
mandriva is similar to mint. The reason their so silly about mp3 and dvd CSS, are all the definitions of what free software is vs restricted stuff. Infact I have a wierd laptop that doesnt have a HDD(due to an odd proprietary connector I refuse to pay for)- so I run puppylinux live on CD on it. |
Posted By: chickenfizz
Date Posted: 24 January 2009 at 8:02pm
|
Yeah I run ubuntu on one of my laptops (using it at this very moment) and it is by far the best Linux distro I've tried, it's not faster than windows (xp) and not more stable but it is free, a lot less bloated and doubtless more secure (and/or less targeted). Also there is a lot of readily available good quality free software available. I do wish bass box pro, winISD, sound forge, audiocore, race and dcx-remote ran on it though, then I think I would never have to run windows. |
Posted By: tb_mike
Date Posted: 24 January 2009 at 9:33pm
Xubuntu I found faster than XP. It uses XFCE rather than gnome or kde. Theres a few wierd distros, one called arch linux which apparently can boot in ~20sec, while some one got an asus EEE to boot in 5sec. Have you treid wine? If your using linux online ,and XP otherwise thats a hell of a lot safer. |
Posted By: cravings
Date Posted: 25 January 2009 at 10:38am
| i run arch linux... my everyday pc is 8 years old though.. so it doesn't boot in 20 seconds.. but sure.. i hardly ever reboot it (see other thread). i'm really happy with arch. in the 2 years i've used arch.. i've learned almost nothing about it. it just works for me. really simple configuration, simple package management. it's a rolling release, which is definitely the thing i like most about it. i'm done with major distro upgrades. |