Windows 10: Research shows antivirus products vulnerable to attack

One thing you both are forgetting about the Windows Defender app which replaced the old MS AntiSpyware remover seen for XP until Vista first saw the WD is that it's useless when automatically turned off by your average av installation! The other remover had been a separate download that had some but limited effectiveness as well as most av program that lack one thing in particular. Web filtering that as a rule helps prevent junk from getting on in the first place when you inadvertently hit a bad site sometimes the first ilnk at the top of a Bing search!

When Bing was first seen one of the first few searches lead me right into a malware site being the very first link at the top! Boom! Fortunately the removal wasn't any major task but with a web filtering process to block out bad sites as MS has also added some of that into IE 11 and Edge in the past few years you are far less likely to get stung in the first place by unknowns. The rest however still boils down to the use of "Freaking Common Sense"! It can't be made any more simple then that to understand!

The biggest problem is however is that the "green horn" pc, tablet, netbook, or smart phone user doesn't know which side is up or down when it comes to personal security and the social networks are more or less chatter boxes with all kinds of personal data being tossed onto the web! You don't think scams there haven't been perpetrated for any other reason then the ease of exploitation do you? You have everybody and their kids yapping away!

 

Hi there

If an AV program has to turn off Windows Defender then really that should be a warning that the AV program must be flawed -- why on earth would you want to turn off an important part of the Windows Kernel just to load some 3rd party junk.

Still it's YOUR machine --not mine !!!!.

Setting up a Proxy server isn't actually as difficult as the name suggests - OK for a "Mom and Pop" might be tricky but for a load of people on these Forums with kids etc - should be easily doable. Loads of FREE advice (and software) available.

Bypass Heavy-Handed Web Filters with Your Own Proxy Server

Setting up a proxy server on Windows : My Private Network

Cheers
jimbo

 

What you are missing about WD is that it is active only until you see a regular av program installed which when detected by Windows during the av program's install turns Defender off. But what most are unaware of is that av companies have been working with MS in order to have it where you won't run into BSODs or other problems if you turn WD at the same time you have a regular av software installed unlike the past where you would disable the av program temporarily to have WD clean up some unwanted programs before turning it off again and re-enabling the 3rd party ware.

 

the point where u get malware is mostly user fault, which is lots people do things in internet without concerning they have security risk
like clicking "interesting" ads in dodgy sites or opening dodgy emails links or random chat links

those cybercrime didnt make malware to point-attack you, but instead let its own spread on internet to "innocent" people

so what i mean personal user dont have to worry is about the "pointed attack" (except probably if u are celebrity or important person, they are going to after u for many reason)

Not the concern of personal-risk when using internet, which each user need to understand by using internet they imposed to security risk


anyway for me, use windows defender because its low-false-positives compared to most other AV
i also coupling with malwarebytes-pro
(i hate AV that keep pop-ing notice for every little things, both works really well for me )
and for online files scanner, i use VirusTotal ... its pretty useful for small-file, as it scan with most AV
for browser its pretty standard adblockplus and noscript (firefox)
and use dnscrypt for preventing DNS leak/hijacking ...
addition to it, i use custom rainmeter for CPU/memory + Network activity ... incase malware slipping to system i can catch any suspicious activity early
this seems enough for me, although i cant recommend same things to user that didnt know anything about security

 

The traps are laid out for people to fall into! That's when you see user interaction being the problem! With scam wares a nice little item will present itself on your system that you need to buy... Got Ya! Saw ya comin sucker! as the scam has been pulled when the novice suddenly not knowing about security pays out for a program to remove the fake bugs planted when actually the bug may only be a single file taking over the Task Manager so you are unable to end the process!

Had to clean off a laptop where the parent had asked if I could get things working again after a kid clicked on one of those bombs that were dropped! The gimic would entice you to buy a program that didn't even exist! The bug was dropped into a sub folder under the active user account which happened to be the owner's admin account of course and was removed manually once located and saw a rebooted into the Safe mode.

WD and Malwarebytes, Norton, Avast, Panda, Mc AFail, or any other av program would have still been totally useless since this was professionally written to bypass all av and other types of system protections showing nothing is ever 100%! A simple click on a bad link saw a trojan dropper as well as scam ware gui dropped like a bomb on the laptop which also had web filtering to block bad sites included in the firewall portion of the av program. In fact the tech at the av program's company was ticked when I had used a special removal tool they had for that type of malware but got rid of it manually by tracking it down!

 

if someone fall into a trap that already suspicious enough, who the one stupid ?
considering, traps in internet not only been filtered out pretty much with many tools
if they still fall into the traps then it means user dont have good knowledge about internet/pc ... then probably they use internet for simple-task, cant say those people using pc for security risk stuff, like online-shopping/payment
cant say they wont, but again they dont know how the things works

and what was the malware name u removed manually that time ?
AFAIK ever since like windows7 malware no longer effective infecting the OS
probably ur parents using IE ? without script/ads filter ?
the things that can download+ auto-run, that even bypassing default windows UAC, and then not detected by WD or installed internet-security
i cant say those common malware that we find on net...

plus if user using malwarebytes... then it will be much harder for malware to infect, as its not easy to deactive it without user knowledge
not sure if user just only using FREE version

now even the more high risk, DNS leak because people not realizing
when they use the internet, all address altered by the fake DNS server ...
but it still wont work, if u combine with tools i mention on my last post
u will most of time end up with timeout connection, because the tools blocking/preventing the connection to bad ip/server

 

On the Vista then 8.1 laptops they own it would be IE as the browser and nothing else except one of the two sons will set Chrome up. Pay attention all Chrome users! Fortunately however the additional Unwanted MS account the oldest set up for live chat online being an annoyance as far as having effected the admin account lately had nothing to do with the scam ware seen on the older Vista laptop where VIPRE had been installed and Malwarebyes Pro still would have been totally useless since the trap is springed by the user who then allows the bug to be placed on the system simply clicking on a link that was made to pass as secure!

That was a very clever type of trap and required a bit of professional type programming! The UAC only comes when you have some type of action you are interacting with like a program installer since you the user are making a change. That's a mild permissions request type of function and not even a screener the Window or other firewall would be and yet none of that matters since the bug was designed to slip right past all of that totally unnoticed! That's why I say "Cleverly Written" to do just that!

The bomb didn't strike as soon as you might think but when the laptop was restarted the bogus Windows Process Doctor went to work jamming up the Task manager disabling any access to that until you rebooted into the Safe mode where the bug was easy to delete on the spot! The novice user would likely have paid out for the fake ware being the scam!

One thing to remember is you don't always see that type of trap as often as other bots and malwares while new ones are being developed at the same time. Once the word gets around about one type a new one is then written. Without that user interaction however it wouldn't have mattered if you were running without any av or other protections in place! The scam was to trap the unaware by enticement to click on the bombshell link. Surprise! is the end game there! Common sense lacking sprung the trap!

 

I have used Norton for years with good results. I do have to admit though, I'm also careful what I open and the web sites I go on.

 

Well that's the smart thing right there to be looking at! Common sense put to use!

In fact when people utter how much safer the other OS is and why you don't need anywhere near as much protection... Surprise! One Linux Mint site was just hacked to see the iso downloads laced with a new malware! Linux Mint while not as old as other distro grew popular faster being more Windows user orientated to draw the crowds and once something get popular it becomes a target as well!

The key thought for the day would be "Think before you leap"!

 

Fedora, Debian, etc., all had their ISOs laced with malware at one point or another in their history, this is nothing new. What's new with Linux Mint is that the site is still down, instead of resuming operation like others did after the security breach has been identified and remediation completed.

While Linux Mint is popular, it is generally very bad when it comes to security. Linux Mint does not issue security advisory for their distribution and security updates are disabled by the default. Yes, one can enable the security updates, but how many people coming from the world of Windows actually know and do this?

Interesting discussion about the Linux Mint ISO compromise here...

 

Well as I have said all along Linux isn't so safe and secure as many would believe! Bugs and viruses for Linux is actually old news at this time and date as well as bugs for the Fruit company having been seen over the years. What is interesting about UNIX by itself however is that even MS utilizes it was well as the other guy's OS. UNIX was developed primarily for the web. HTML: The UNIX Platform

As for the page you have there the news will move fast on the various Linux blogs for sure! That spread like wild fire when you consider PC World or ZD Net carrying news on anything Linux as well as MS you can be sure of that. You can see the ZD Net report on this at Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads | ZDNet

The report there goes on to explain how the forum itself had been breached and about 71, 000 accounts were loaded into it!

 

Being "careful" where you browse is not always a guarantee that you won't pick up a nasty bug.
A few years ago I clicked on a link on the CNN web site in relation to a high-tech product I was researching and instantly picked up a really nasty virus while at work even tho I was supposedly protected by Kaspersky on a corporate license. My computer had to be re-imaged. A 5 minute process but just goes to show that nothing is iron clad.

 

I ran right smack into a scam site while searching for a micro atx board finding the link right on a regular shopping site. Anyone can pay for a link to be listed on these types of sites. Later I ran into a thread on the consumercomplaint.com site about the same site only have been up a few months..

The site even had the "https:" in the address "S" being secure and finding no one ever got anything they ordered! It goes to show you never know just what you are going to run into out on the web! While your av program won't be able to tell you about fraud sites having web filtering protections can however steer you away from malicious coding or suspect sites if something doesn't seem right.

This is why paying that little bit more for an internet security suite over just the typical av only software will be a much greater preventative measure. If you can't get to a bad site due to it being blocked you can't get infected with anything.

 

well rather than saying things, why not show some real prove, tell us those scam sites u found
or else what true from your saying ?

anyway google have been filtering out web (not sure since when, but i think already few years), its not perfect but it works okay
and either chrome and firefox (other browser might too, but as i only use firefox so i am not sure) integrating the database ... so when u visit a "filtered" sites u will get unsafe notice
it even prevent/block any download by default (even if the downloaded files are clear), so u cant download anything from "flagged" sites...
now if the sites is real scam and lots people visit it, then it should be already "flagged" out by google
u instead run a thread on consumercomplaint.com ? lol
report on these next time :
Google Safe Browsing: Report a Malware Page
Report a Phishing Page
PhishTank | Join the fight against phishing
Incident Reporting System | US-CERT
Internet Crime Complaint Center (IC3) | Home

there are lots more i believe

also u seems fail to understand about windows UAC
yes, windows UAC does not prevent a program run
but unelevated program run on limited policy
for malware to infect the PC, they need access to many things for their doing
so without UAC, the malware cant do any damage to the PC + easy removed
indeed they are couple UAC bypass stuff in past, but microsoft been patching those up

anyway paying internet security wont help people that dont know much about internet
at some point they will complaining why they cant browse sites they want that they dont have problem before using internet security and such
i know many people giving up on "strict" AV because intrusive and because they dont know how to set things up
they will just uninstall instead

but again ever since windows7
i personally havent get any malware landed on my pc... but i know about internet stuff so yeah i cant be example for many people
last time malware infect me was on vista, back then when i still using AVG (AVG was quite popular AV back then)
now even nasty web script that saved into temporary internet folder by browser got removed by malwarebytes by default

 

You wouldn't know the half of it! And as far as a few scam sites I ran into as well as know of they ended up on consumercomplaints and psssdconsumers with a slight misspelling there! With the first one I got stung by that site closed up right after I placed the order and contacted the same to make an inquiry as to why I didn't receive any type of order confirmation and got a reply back stating the owner(a laugh of course) would make sure to step it up a bit to move it forward faster. Never happened!

The second instance wasn't even pc related or a bogus US site but one that turned out to be in Honk Kong! I lost track of that one since the exchange of emails didn't have that site in the heading but more of a private letter head first stating I would need to pay an additional $35 for shipping and then when stating I would take the refund instead I was told that would be seen to? Alarm bells went off but too late. I was able to get the owner's name but not for the site itself since I was unable to relocate it suggesting another fast hit and run site!

Back in the 90s when I was helping an NY state official bring down another type of scam artist it resulted in that one vacating the East coast entirely. Back in December 2010 when a friend had passed suddenly from a faulty heart valve he refused to corrective surgery for hit him when a plow truck blocked him and his wife in during a snow storm he collapsed when getting to shovel the blocked end of the driveway. His wife was able to push a life alert button since she was almost a vegetable herself and passed away 2yrs. after. When speaking to one of the sons he reported the same scam artist was setting up bogus sites taking Western Union instant cash for him payments for what he had on display with numerous photos. consumercomplaint.com as well as the other site had threads there indicating his product line had changed after burning people with the first site still claiming to be representing a non profit group! The second to follow however was followed again with a 3rd site only this time it was expansive pets he had photos for which that was all he had and never sent anyone a pet they paid for! Rippoff specialist!

Those types of sites won't be blocked by anything! Not noscripts, adware scans, malware detectors, nada! The scammer first gets advised on how to set up such a site from someone else first! And I know the particular scammer wouldn't be able to otherwise! The sites are made so they won't draw attention appearing as any other normal vendor site. These people know the loopholes!