IS your anti-virus software working? Are you sure?

[netman4ttm]

Saw this article in CNET review.

Just pulled a PC inside the firewall that was totally wasted.


Security Watch : Don't get burned by viruses and hackers.
Is your antivirus app still working? Are you sure?
E-mail to a friend
Send us feedback


By Robert Vamosi
Senior associate editor, CNET Reviews
June 14, 2004

A friend of mine works for a university-based medical research facility, and she recently wondered why their network was experiencing a dramatic increase in virus traffic. Their Internet-facing servers, she told me, were all protected with the latest release of a major antivirus software product. The product, like its popular home version, features automatic live updates of the latest signature files, yet they were getting hit with several variations of the Bagle virus, plus some other new viruses.

Many new viruses have been shutting down antivirus and firewall apps, or, in other cases, disabling the software's automatic update feature

This may sound familiar. You have a desktop antivirus app installed now, and you know the signature file subscription is current with the vendor, but still you're seeing viruslike symptoms or perhaps you actually know that you have a virus. Since the first of this year, many new viruses have been shutting down antivirus and firewall apps, or, in other cases, disabling the software's automatic update feature, leaving your system vulnerable to future attack.

It's actually an old trick. The virus MTX, for example, released in 2000, blocks access to antivirus software Web sites. But these recent antivirus-disabling attacks are more effective because of their sheer volume: with some 30-odd variations of Bagle appearing within a 10-week period, each one better than the last, you might have been hit and not even realized it.

Time to check your protection
At one time, you needed to manually update your antivirus app monthly, weekly, then every couple of days. Problem was, with a big e-mail outbreak such as I Love You, you were often infected before you got around to updating your signature files. So the software vendors opted for automatic downloads of signature file updates. This method has its pros and cons.

First, the pros. I like the set-it-and-forget-it antivirus protection available on most products today. I think it's made protecting your PC much easier for casual Internet users.

I expect to see some major changes coming later this year.

But, unfortunately, convenience breeds a false sense of security. I once knew someone who felt all cars should have standard transmissions so that the driver would at all times remain in touch with the road's conditions and be better able react to danger. In the same way, it might be good for us to have to pay more attention to our antivirus and firewall software. I'm not suggesting we give up the ease-of-use features we now enjoy, but rather these products should now integrate with each other more than they currently do and provide some kind of checks and balances for each other.

Help on the way
I expect to see some major changes coming later this year. Currently, the new ZoneAlarm Security Suite works with your existing third-party antivirus apps and reports whether the signature files are out-of-date or if the app is even working. And the new Microsoft Security Center, one component of Windows XP SP2 (to be released late summer or early fall 2004), will also warn if your antivirus protection is compromised. Whenever the antivirus app becomes disabled, a dialog box informs you of the change. Also, whenever you check the ZoneAlarm Security Suite or Microsoft Security Center main screen, you'll see a warning that your antivirus protection is not enabled.

Until these products become widely available, you will still need to check your antivirus apps from time to time to see that they are still working.

A happy ending
My friend has taken to doing just that, and in the process, found the antivirus software update feature on one of the servers had been disabled in early April. By reactivating that server's protection, her research facility has significantly reduced their latent virus problem. I suspect some of you may experience the same result with your home computers.

[wenwilder]

That is a great article netman4ttm.

You can never be to safe, but you can always be to sorry.

[Ne0]

That's a great article...

I am NOT A H4x0r... but I do have several friends that are in various organizations online... some of them political... For the most part you have to question anyone that you trade files with P2P is notorious for letting key logga's or worms into your system... which of course usually hits atleast 5 of your friends... cause it's communal once you get it... I look at anti-virus protection and security like this... We teach our children about sex education so that they can protect themselves from disease! And since this isn't something that they teach in school we have to educate ourselves and keep up to date with what's going on...

I use 2 diffrent firewalls for various reasons... 1 is very commercial 1 homemade and I scan once a week! Here's a link for one of the best Free online scans... I also scan with this once a week Free Scan and heres where you can get a free Atguard firewall (has alot of nice features) Icefortress This is The Best site for any info about Hackin... and to get that firewall you have to do ie a mock hack to get into the download section....once inside the download section its under PROTECTION *hint* you have to view source! all of you should be able to get in.. and remember that not all hackers are bad!

Main Entry: hack·er
Pronunciation: 'ha-k&r
Function: noun
1 : one that hacks
2 : a person who is inexperienced or unskilled at a particular activity <a tennis hacker>
3 : an expert at programming and solving problems with a computer
4 : a person who illegally gains access to and sometimes tampers with information in a computer system

Some of you might be considered "hackers" LOL...
L8 M8's
NeO~1

[mikmik]

Very interesting, Mr. Bond!

To bad I can't write any software...yet

[Ne0]

Quote:

mikmik

Very interesting, Mr. Bond!

Hahahaha... I do consider myself very well informed in this area... however... anyone can get hacked... theres always someone out there that's better than you! Thats why I try to help and make friends rather than the childish hacking pranks that alot of kids do that are destructive and a waste of time and money for many buisness'... It's even getting to be big buisness... There's a Hacker college in Florida that is booked up for the next 3 yrs! Corps are sending their tech guys through the course...:))
L8 mikmik
NeO~1