what to do

gerrycollins

reading the first post about AVG been most popular amongst pollsters but my Mcafee is up for renewal at the end of the year,now im a bit thick, i have broadband allways live,why does the Mcafee "run out"?yes im that thick when it comes to it but i know how it works,as in scanning files using predefined "phrases" to highlight virsus,worms,trojans etc(am i right) and I know they want me to pay €30approx to renew it now since i got it last year its been brill no issues (but i do have to use a spyware remover beside it{ad-aware})and because my pc is always on updates are done without me even knowing and basically im real happy with it
question apart from a money making thing why should i pay to update it when its working fine today
question if im happy with it,which i am,should i seek another system or stay where i am?im a light user of the internet most to all sites i visit are secure,
am i making any sense?
sorry mod dont ban me if this comes under tech support i wasnt too sure advice really is all im after to save me time or money and what few brain cells i have

Karoma

You'd be paying to keep it up to date IIRC..
(Let's see how to put it..)
An Anti-Virus (AV) program has two parts essentially: 1) the AV scanner/enginer, 2) Definitions - sort of a catalog/library of what is a threat / what it looks like.
A quick glance at their site suggests that there are different subscription packages: that allow you,at least to update 2) the Def's. -and some allow to upgrade 1) the software..

The reason that upgrading 2) is essential: as new threats emerge, they are defined and made recognisable to the software in these "catalogs"/definitions. If they are not updated (i.e. You do not continue your subscription) - then your AV software will not detect and protect from new threats.

If McAfee is doing the job for you and you're willing to pay - then,so be it..
However, comparison tests (Available from a quick google) will show that AVG tends to be somewhat better at detecting and eliminating threats. Plus, (From my experience) it uses less system resources. And on top of this, it's free:)

I hope that answered what you were asking:D

gerrycollins

thanks

Martyr

gerrycollins

In future, if you would like to avoid malware for windows, here are some simple things you could do.

Setup a normal user account, disable the account from installing
software, having write access to certain files/directories, and registry.

Bit like on UNIX-variants.

If you need to install something, simply log on as administrator, and do it from there.

If you insist on using Internet Explorer, turn off Active-X, its really uneccessary to have enabled.

Make sure your system is up to date with all critical security patches.
But you should not simply rely on these updates for complete protection.

A firewall is a good move, but these can be bypassed by rootkits,
working at low level.

A good program i've seen working, is called ProcGuard.
Its a rootkit, but works to protect the system.

It wasn't that good in the past, but recent versions have been more
promising, try it out.

http://www.diamondcs.com.au/

One thing about it people mind get annoyed with is the persistant notification whenever something executes.

But, once you add it to a list of recognisable applications, like ZoneAlarm, it won't ask you again.

On the comment of "phrases"

Majority of virus scanners have a database of signatures.
In the begginning, this was simply a CRC32 sum of the whole virus, or code,
now they more than likely use a more sophisticated hash algorithm like SHA/MD5.

Its just a checksum, but its not difficult for malware to include an LDE (Length Disassembly Engine) to replace current opcodes with different ones, which will evaluate to the same result, rendering the anti-virus signature useless.

Look at all the variants..everytime a new one comes out, the scanner needs updating, its pretty useless.
Not completely, but i wouldn't rely on one to protect my computer.

Sometimes a little common sense is all thats needed.

Capt'n Midnight

Average Joe wrote:

A firewall is a good move, but these can be bypassed by rootkits,
working at low level.

A firewall is ESSENTIAL to plug some of the holes in windows especially if you don't have a hardware firewall or NAT router. It's your first line of defense.

Without a firewall a typical windows machine will get probably be infected within 15 minutes of connecting to broadband.

Martyr

A firewall is ESSENTIAL to plug some of the holes in windows especially if you don't have a hardware firewall or NAT router. It's your first line of defense.

I don't disagree.

However, firewalls have vulnerabilities too, mainly at the kernel level, which they operate, we've just not seen it well documented, YET.

Exploits do exist, just not that many programmers are willing to sell themselves on bugtraq anymore, for the benefit of symantec. ;P

Its always been mainly applications/operating system services under attack, and there is the misconception that if you have a firewall installed, you are safe.

Wrong.

Alot of information on windows internal operation has been published in the the last few years.
The number of people learning to program in windows assembly has also been more popular than ever.
Reverse engineering is even more popular, which is neccessary to analyse closed-source software.

Security column writers appear to have all the answers, they visit a hacker convention here and there and think they have the future laid out in black in white.hehe

With the release of books like 'Rootkits - Subverting the windows kernel' and 'Windows Internals - Fourth Edition' more sophisticated types of attack are going to emerge.

Look at Linux, loads of people constantly say it is more secure or better than windows..how is it better exactly? because of the user, or the configuration of the operating system?

Linux is no more secure than windows in the hands of a competent user.


I'm not saying "don't use a firewall" but that you shouldn't rely on these or anti-virus scanners completely for defense against an attack.

You or I don't know if vulnerabilities exist in software like ZoneAlarm or Kerio Firewalls..but chances are they probably do, just haven't been uncovered yet.

If they have been found, someone is keeping it to themselves, not everyone is as honest as we would like to think.

Without a firewall a typical windows machine will get probably be infected within 15 minutes of connecting to broadband.

I'm not sure about this..first of all, why do ISP's allow inbound connections on SMB ports, in this day & age. (i assume you mean the DCOM exploits)

In thinking about the DCOM exploits.

Did you know that ZoneAlarm runs an RPC server? which can be remotely controlled using a valid client.
I don't know of any client out there, but the possibility exists.

Lets just assume that ZoneAlarms driver, VSDATANT.SYS (which uses TDI (Transport Driver Interface) to filter TCP/IP connections in or out of the system.) has a type of "backdoor"

It receives a packet from the internet, but it recognises it as a command to open up a port to the system..sort of port knocking routine.

Bit far-fetched..but we don't know if it exists or not, unless we disassemble the VSDATANT driver and understand how it works, and thats not something everyone can do.

Additionally, we don't know how many vulnerabilities exist in its RPC implementation or other security applications, until we disassemble the code and explore its routines and structure.

Finding exploits today is not like years ago, where you just throw random data at a service and wait for it to crash, thats lame.

it should be about analysing the internal operations, understand the proper protocol.

Capt'n Midnight

Sorry the point I was making is that if you don't have some class of a firewall hardware or software then there isn't much point worrying about the other stuff since by the time you disinfected your PC it would just be taken over again.

As for windows, as someone a long time ago said - just send random junk to random ports, sooner or later it will keel over.

Defense in depth is the only way to go.

/me likes NoScript extension in FireFox - it's a constant reminder of how many web sites want their code to run on your PC.

gerrycollins

my system set up is
1 i have a wireless router which comes 32 bit encoded secuirity firewalled
2 my mcafee has a firewall which reacts even to windows help to the net
3 i have windows firewall activated even tho my router asks me not to and im happy with my speed etc

with my previous pc i had outdated anti viral software and when i connected to broadband everything went mental,fixed it but for personal business reason i needed a faster pc so bought a new one and started everything properly,im not a technophobe but im not into the stuff as much as ye guys and everything is going good to this date.

some questions bother me.....why does my adaware spyware(free)pick up stuff that my mcafee doesnt that i paid for??

as for the above dunno if im overreacting but im not having the same crap i had b4 pc been taken over and all