David H. Lipman

Experts
  • Content count

    11,799
  • Joined

  • Last visited

  • Days Won

    1

About David H. Lipman

  • Rank
    Dave

Contact Methods

  • Website URL
    http://multi-av.thespykiller.co.uk

Profile Information

  • Location
    Jersey Shore USA
  • Interests
    Malware Research, dSLR Photography, Numismatics & Surf Fishing

Recent Profile Visitors

96,730 profile views
  1. Nothing about better spam protection ?
  2. Please remove that ludicrous addition of Invision's privacy policy from this Forum forthwith. They are a contractor and they fall within, and are bound by, Malwarebytes' set of policies.
  3. What Chrome downloads is dependent upon what site is pushing the content. That content needs context as well as other associated details like what was actually in the file as well as where the file was downloaded to. There is just not enough information to draw conclusions. Browsers download files all the time. They can download graphic files such as PNG and GIF and scripts such as JavaScript and HTML. The Browser needs those files to render the material to be viewed. Only a small percentage of this material will request authorization. Most will be downloaded simply because that's needed by the Browser to function. However that material will be downloaded to the Browser's cache.
  4. I can't state 'cause "...something like this..." isn't well defined. I can only state that a prima facie review of the Virus Total Reports, indicates the files were of no concern.
  5. From the VT Report URLS " Magic literal ASCII text" From what I see a non-incident.
  6. There are a few HP printers that may do this. However it is stored on the printer like firmware. To update the drivers stored on the printer you have to update that firmware. That software can then be downloaded to the computer and be installed. The vast majority do not have that capability or facility. Due to the limited scope of these printers, and the proprietary nature of HP's software, it isn't something that has been known to be compromised. The majority use plain old Plug n' Play. There are multiple types of Printer Drivers but most will fit in three categories; Stock, Extended Stock and Vendor Supplied. Stock - These are the Printer Drivers that are included with the MS Windows OS Extended Stock - These are the Printer Drivers that are not included with the MS Windows OS but are in a Hardware Device Library at Microsoft and may be downloaded to extend the number of available stock OS Printer Drivers. Vendor Supplied - As the name implies, you have to obtain these Printer Drivers form the manufacturer and/or vendor because they are not provided with the the Windows OS nor are they available at the MS Windows Printer Driver's Library supplied by Microsoft to extend the stock Printer Drivers. So when you install a Printer, it will Plug n' Play the port that connects a printer to the OS ( Examples: USB, Parallel, Serial and Network ) and then the OS will attempt to install Printer Drivers by first looking at the MS Windows Stock Printer Drivers. If it isn't available, depending on how the OS was setup and if its connected to the Internet, the OS will attempt to download the drivers via Windows Update device driver sub-service. If it still isn't available you have to provide them by inserting a CDROM or by running some installation utility. The article was about Signed Drivers and not using a Signed Driver can be exploited. That is a Printer Driver that has been published with a Public Key certificate from the vendor and the reliance on the OS to either "trust" unsigned drivers or adhere to a Security Policy to only allow digitally signed drivers that can be verified through a Certificate Authority via the OCSP Protocol. The article is showing that there is a vulnerability, that has existed in the Windows OS since Windows 95, where untrusted and unsigned drivers can be used to compromise the system. Specifically because of the way the Windows OS "doesn't properly authenticate print drivers when installing them". RE: https://arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-printers-install-malware-patch-now/
  7. Yes pondus but it is not the Printer, it is the OS Print Spooler and Service and associated Printer Drivers. The physical printer does not infect the computer.
  8. Small Office Home Office ( SOHO ) Printers, no. However they can be affected by malware such as those that can spool large print jobs that deliberately waste ink and paper. Those that that have Compact Flash or other memory card readers or those that have a USB port and support USB Mass Storage Devices may have malware stored on the media and may be accessible as shared data on the printer. But in that sense any malware on the storage media will not infect the printer and the printer can't infect computers. If you attach media that contains malware to a printer and attach to that printer's storage device as a NT Share or Server Message Block ( SMB ) Share it is possible that the client account that accesses the storage device sharing data can cause a client to be infected. This would not be automatic. It would be a manual process such as the client account manually launching the malware housed on that media. Enterprise printers often use internal hard disks to queue received print jobs. These Enterprise level printers run much more sophisticated software such as an embedded version of Linux. Therefore it is conceivable that that these kinds of printers can have some role in the spreading of malware. But, I do not know of any such events. In that case it is more of a theoretical possibility than a present day reality.
  9. I have waited for this moment... I do NOT come here for Invision. I am here for Malwarebytes and the anti malware mission. I find Invision's hubris absurd and I do not and I will not agree to abide by their policies nor do I or will I accept any of their separate provisions. Once again I state that as a contractor to Malwarebytes, Invision falls under Malwarebytes set of policies and they do not have the right to have their own policies "here". Please remove that ludicrous addition of Invision's policy to this Forum forthwith. Thank you for taking time to properly respect the members of this Forum and hold that respect above that of Malwarebytes' contractor, Invision.
  10. The point is that only vetted, trusted, software should be installed on one's computer. PERIOD. A company that stoops to intellectual property theft to further their software can't be trusted to have their software housed on any computer. If they can stoop to plagiarism, who know what else they may have in store in their application That fact is outside of the fact that IObit software fits Malwarebytes' criteria to be classed as a PUP whether they plagiarized the MBAM signature base or not. Vetting software and making sure that a software is safe to use in all respects is part of practicing Safe Hex. You don't install software because it is sexy or it has a pretty GUI. One installs software that is specifically meant to fill a need or specific niche. It is only after one looks at the software that is available to meet that need or fill that niche that one then looks at the company that produces it, their reputation, their country of origin and other factors to decide if that software "deserves" to run on one's computer. I remember the event when IObit plagiarized the MBAM signature base. I know how that did it and I know the outcome and we all know the subsequent fallout. This is the last statement I'll make in this thread as I will un-follow it and no longer reply
  11. AH ? Always Humourous ?
  12. It is obviously another form of a riveting tail.
  13. My neighbour has a dog without a tale. Maybe I should suggest he rivet a new tail on his dog.
  14. Really ? >15 years Yes, It is sad when someone uses the software from a company that uses intellectual property theft to further their products.
  15. Lockheed Martin -- Ooooooooooooooooorah !!