Tag Archives: antivirus

0 bytes free = an obnoxious infection

Last week I ran into an ingenious Windows XP infection.

"Claustrophobia" by NinaValetova
“Claustrophobia” by NinaValetova
The victim’s hard drive rapidly runs out of free disk space. I never did identify the exact culprit. The virus continually appends to a hidden file named “avenger.txt” in the root of drive C:. When I found it, c:\avenger.txt was over 500 gigabytes in size!

My cure was to reformat the disk and install a fresh copy of Windows XP.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Advertisements

Experts

Early this year I attended a telecom trade show and listened to “an industry expert” present a plea for wider broadband deployment. Boy, what a disappointment. The speech was littered with jargon and errors. The words bit and byte were used interchangeably (an error by a factor of ten) when describing data transmission speeds. Vendors’ raw bandwidth claims were misinterpreted as net (an error by a factor of two to ten). Vendors’ dishonest 4G claims were accepted at face value (the UMTS and HSDPA wireless protocols are not 4G — an error by a factor of at least ten), etc.. I left before “the Expert” ended this comedy of errors, or the dreaded word “methodology” was repeated more than a dozen times.

expert-definitionSo much for “industry experts”. How about experts at the retail level?

It gets worse. At least the audience within the industry should be clued-in enough to smell a phony. Pity the poor shlub in a retail store.

Last week I removed three botnet droppers and one nasty rootkit from a client’s sick Windows 7 PC. It was “protected” (if you can call it that) by McAfee Total Internet Protection. When I bluntly told him that McAfee antivirus programs are junque, he protested, “But I paid $100 for it!”. Why had he bought it? “The store salesman said that it’s the best antivirus program on the market.”

It’s no surprise that a salesman is not an expert. Some “industry experts” are just as clueless.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Another reason that I don’t recommend Norton 360

Norton 360 screenshot
Malware infects a PC despite protection by Norton 360.

 

A couple of years ago, I discovered that Symantec’s Norton 360 prevented Windows’ critical System Restore function from working [Norton 360 has (at least one) fatal flaw]. This flaw placed it on my “Not recommended” list.

For the past few months, suspicious pop-up ads had been appearing on a client’s Windows XP laptop that was protected by a current copy of Norton 360. Recently, it nagged her to purchase disinfection “from Microsoft” for an annual fee. The offer’s many misspellings raised her suspicion that maybe the offer wasn’t actually from Microsoft. A full scan by Norton 360 found no infections, yet the obnoxious pop-ups clearly indicated that the computer was infected..

When I scanned the laptop with SuperAntiSpyware and Malwarebytes’ Antimalware, they discovered 4 malware infections. Since Norton 360 had failed to do its job, I removed it (using Symantec’s software removal tool) and replaced it with Microsoft Security Essentials. Then Security Essentials found another malware infection.

I’m surprised that Norton 360 failed to defend against these infections. Symantec is a serious company and Norton 360 has an impressive user interface with many user-configurable parameters, but in this instance it didn’t work. Microsoft Security Essentials has a less impressive user interface, but it works pretty well.

Nobody (or computer program) is perfect.

I’m fond of saying, “There is no perfect anti-virus program”. All occasionally produce a false negative or a false positive, and relative performance varies from week to week. Av-comparatives.org publishes quarterly results of anti-virus program tests.

I’ve seen other big-name anti-virus programs fail before:

 

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Another big name anti-virus program fails

CA Antivirus
Two strikes is enough to replace this player.

I learned again recently that no anti-virus program is perfect . . . in fact, a reputable commercial anti-virus program failed to prevent infection twice on the same computer. I wrote about how Trend Micro Titanium failed to protect a computer — now CA Antivirus has failed as well.

CA (Computer Associates) is a reputable company, though I’ve never been fond of it. It’s more like a holding company: they buy financially vulnerable companies who have good software products, then re-brand the software. In the 1990s, they did this to Cheyenne Software, who had developed excellent server-based enterprise software (ARCserve and FaxServe). Once Cheyenne’s products were acquired by CA and marketed by them, product support declined. So I’m prejudiced.

I disinfected the user’s (Windows Vista) computer about a month ago. At that time, I left CA Antivirus installed. About 3 weeks later, I received the computer again, this time with another infection. This time, Windows Vista would not boot at all. After reinstalling Windows Vista and updating it, I installed Microsoft Security Essentials (which is free for personal use) rather than CA Antivirus. Two infections within 3 weeks is enough!

I don’t know who originally developed the CA ANtivirus product, but my guess is that it wasn’t CA.

Visit my website: http://russbellew.com

© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Even the best anti-virus / anti-malware strategy isn’t perfect

Proof (again) that no anti-virus program is perfect.

trend micro titanium

97df3d01e18b70e058e6d16a7432d454

I had read and heard plenty of good things about Trend Micro’s latest anti-virus program, which they call Titanium, so when a new customer presented me with a sick laptop computer with it installed, I wasn’t expecting to find it infected with viruses. This Windows Vista laptop, which also had Spy Sweeper installed, was barely usable: applications would crawl, some windows, such as Network Connections, would remain empty, and it would often just freeze until it was restarted. It was one sick puppy.

I tried system recovery, but found no restore points. I tried to look at Windows Update, but it wouldn’t connect to the Microsoft update site. I tried to examine the ip configuration, but the ipconfig command wouldn’t execute. My only recourse was to remove the hard drive, and attach it to a known clean (Windows XP Pro) computer. I used the host computer’s Microsoft Security Essentials to scan the laptop’s disk and found the usual assortment of tracking cookies . . . as well as CouponBar. Security Essentials removed it from the laptop’s disk (but it remained in the laptop’s registry). Then I scanned the disk with some anti-spyware/anti-malware programs, and they found a few trojan horses. Again, I removed them from the laptop’s disk (but didn’t touch the laptop’s registry).

Moral: There is no perfect anti-virus, anti-malware, or anti-spyware program!

I replaced the now disinfected hard drive in the laptop, rebooted, and was finally able to use it. Although the laptop user had spent hard cash (at Best Buy, I think) for his Trend Micro Titanium and Spy Sweeper, I reasoned that they had failed to protect him, and that Microsoft Security Essentials together with occasional scans by SuperAntiSpyware or MalwareBytes Antimalware would probably have done a better job of protecting him. I replaced Trend Micro Titanium with Microsoft Security Essentials and removed Spy Sweeper. I also installed the free version of SuperAntiVirus for occasional scans. I cleaned up the registry, removing lost pointers to the now missing bad files. A clean-up with Ccleaner finished that, followed with Windows updates. When finished, the laptop, even with Windows Vista, felt reasonably fast and the user was very pleased.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695