son of a bitch!

Security, malware, viri--you've got to keep your eyes open
bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 11/30/04, 3:31 am

Over the last few days I suddenly was getting virus notices from avg, one of which forced me to delete all my restore points to get rid of it, since it was in system volume information..... I kept wondering, why so many all of a sudden.....

Then I checked my email options..... Attachments were not prevented from opening.... Damn it! A few days ago I changed that setting, temporarily so I could receive an attachment from someone -- you know who you are! -- then I forgot to reset it.

A word to the wise.... NEVER CHANGE THAT SETTING!
WYSIWTF

Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia
Contact:

Post by Gerry » 12/01/04, 7:43 pm

Heh, don't blame me because you did something stupid. :-) I don't know why you need to enable that just to look at an attachment, just save the attachment and then open it externally. Either that or start using Gmail. =P~~~~

<font class=editedby>[ This Message was edited by: Gerry on 2004-12-02 03:44 ]</font>

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 12/01/04, 9:08 pm

You did not have the AVG OE Email plugin running then?
It is better to be here than there - SOD

bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 12/02/04, 5:18 am

AVG is supposed to be checking my email, but that OE 5 attachment thing doesn't seem to have been upgraded for 6
WYSIWTF

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 12/02/04, 9:04 am

huh It would be interesting to hear a response from AVG.

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 12/03/04, 2:14 am

I started using McAfee Enterprise. I have no idea how it got there (the virus, not McAfee), since it was found nowhere else, but it actually found and removed a trojan from my system restore folders, without disabling anything. I sure wouldn't try to use those restores, though. They'll probably fail. I was rather surprised. That's the first time I've seen any AV that was abe to do that. I'm sold.
Does anybody really know what time it is?
The Grey Area - Tweaking Obsession

bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 12/03/04, 2:21 am

Interesting -- but goes against virtually all the advice avaqilable on the web re "system restore" viruses, Sloppy. I winder if they get there when you're infected and make a restore point?
WYSIWTF

memo
Member ***
Posts: 17
Joined: 03/29/02, 12:00 am
Location: VDOWN@RG
Contact:

Post by memo » 12/03/04, 4:21 am

System "Destroy" is disabled on all my boxes. The last stats I read about SR gave a whooping 64% success ratio when users tried to restore their systems, so much for that. I rely on imaging my system weekly with Acronis instead of having that behemoth running and abusing space for a 6 in 10 chance of actually working.
C¬‰™©µ§

bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 12/03/04, 4:36 am

System Restore definitely has flaws, but it's saved my ass a number of times.

How much does Acronis cost, and anyone got a favorite software for imaging your hd as a backup?


_________________
Citizen of the City Without Borders

<font class=editedby>[ This Message was edited by: bob on 2004-12-03 12:40 ]</font>

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 12/03/04, 5:31 am

ghost
It is better to be here than there - SOD

memo
Member ***
Posts: 17
Joined: 03/29/02, 12:00 am
Location: VDOWN@RG
Contact:

Post by memo » 12/03/04, 7:27 am

Acronis True Image costs $49.99. But is too cool for words. When booting you just press F11 and ATI will load the linux drivers it uses to create an environment to image/restore your images. The incremental feature is also quite good, as you don't need to create a full image everytime, but simply input in an existing image whatever has changed. The recommended pattern (by Acronis) is to do incremental imaging weekly, and then to do a full image monthly, and then delete the previous one.

I've never liked Ghost, and certainly Ghost 9 is a tremendous piece of bloatware (as everything touched by Symantec winds up being), and I'm not sure if previous versions support controllers for S.A.T.A drives. I know that Drive Image 6 doesn't, because I had to do a fixmbr after trying to image my system with it (I got a new system about a month ago with a serial ATA drive, and a EIDE drive for storage).

Drive Image 7 is buggy and has proven to be a total fiasco. The thing that sold me on Acronis, is that once you install the app, and create a bootable CD, you have many ways to restore/create images (even in Windows, which I never do).

_________________
C¬‰™©µ§



<font class=editedby>[ This Message was edited by: memo on 2004-12-03 15:31 ]</font>

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 12/03/04, 7:29 am

I use Acronis, also. I have it scheduled to make a weekly backup at 3am every Wed. Between that and System Restore, I'm covered. If I ever try restore and it fails, I just go to my Acronis backup.
<!-- BBCode Quote Start --><TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font class=postbody>Quote:</font><HR width=100% color=#333333 SIZE=1></TD></TR><TR><TD><FONT class=quote><BLOCKQUOTE>
On 2004-12-03 10:21, bob wrote:
Interesting -- but goes against virtually all the advice avaqilable on the web re "system restore" viruses, Sloppy. I winder if they get there when you're infected and make a restore point?</BLOCKQUOTE></FONT></TD></TR><TR><TD><HR width=100% color=#333333 SIZE=1></TD></TR></TABLE><!-- BBCode Quote End -->
It's weird, Bob. As far as I know, I never was infected. It was only one file, which was obviously never executed. It appeared in 2 of the four backups I had in system restore. All I can guess is that something in my temp files was considered a trojan, and it was backed up before it was deleted, somehow.
But I like McAfee Ent. 7.10 so much, I even let it background scan now. (I tried version 8, but it didn't do as well, for some reason. When I rebooted, my entire desktop disappeared! 7.10 has less garbage anyway. It's stripped down...nothing but a scanner and update scheduler.) I notice absolutely no performance hit, even playing games or using my most intensive applications.

_________________
<!-- BBCode u2 Start --><A class="postbody" HREF="http://tga.dynu.com" TARGET="_blank">The Grey Area - Tweaking Obsession</A><!-- BBCode u2 End -->

<font class=editedby>[ This Message was edited by: SloppyGoat on 2004-12-03 15:39 ]</font>

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 12/03/04, 8:36 am

While I'm NOT the crabby one here my daughter would like to say thats BS about ghost. She uses it in a large institutional setting and says Ghost runs fine notices no problems from day to day use and she adds that she uses it everyday. The latest version requires .net she uses a earlier version which does not. You say Arconis loads linux drivers so its driven by Linux heh interesting.<br>
I'm going to avoid getting crabby but Ghost is reliable
and is used by countless coutomers. Don't geek about software it is pointless. Because you prefer one thing over another does not make it a bad piece of software. It is just preference.

memo
Member ***
Posts: 17
Joined: 03/29/02, 12:00 am
Location: VDOWN@RG
Contact:

Post by memo » 12/03/04, 9:54 am

Well, if your daughter is using Ghost 8, she is not using the Symantec infected product, as Ghost 8 was not developed by them, but rather purchased from another company whose name escapes me ATM.

The problem with older products is their lack of support for newer HW. I don't know whether Ghost 8 or Ghost 2003 support SATA controllers, they might. I don't know.

My criticism of Norton/Symantec products comes from the amount of people that have experienced incredibly bothersome problems with them. Uninstalling the gizmo doesn't by any means nuke the literally 100's of entries in the registry, and this has at times prevented the installation of other A/V products, for example. There is a reason why there is an app called Norton Uninstaller, don't you think? The unwise routine coded by Symantec is quite ineffective, hence the need for an app to rid the system of the debris left by their uninstaller.

Furthermore, Norton ranks way below when it comes to virus/trojan detection and removal, and it's bloated indeed. Whereas in independent testing products developed by Kaspersky and F-Secure rate @ a 99+%, Norton has consistently been stuck @ 80%. This means that out of 10 virus/trojan hitting your system Norton will let 2 go ahead and infect your box. SAV rates a bit better, in the mid 80% range, but still a long way from the really good ones. Avast! free edition ranks better than Norton A/V 2005 so it is quite clear that they are surviving on name recognition and exploiting the n00b market.
C¬‰™©µ§

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 12/03/04, 10:51 am

As for a hundred registry entries that is BS. OK memo whatever you say...BTW did you realize that big companies farm out soft production all the time?
Bob, I have learned restraint after 46 years.
The enviroment she works in has used ghost for 5 years with no issue. I'm sure the product you recommended works fine however, there is always more than one approach. This is what works for them
they are not noobs as you say they admin an entire school system.
It is better to be here than there - SOD

Post Reply