Jump to content

David H. Lipman

Experts
  • Posts

    17,529
  • Joined

  • Days Won

    22

Everything posted by David H. Lipman

  1. There was a time when China was THE LEADER in technology. We owe much of what we know Today to the Han, Song, Yuan, Chin and other dynasties. Paper, ships, weaponry, chemistry, the list is long. Spend a little time watching the Discovery sponsored series What the Ancients Knew - The Chinese and you'll begin to grasp the breadth of it all. I find information on Chinese Junks amazing with their associated ship building techniques that were copied all around the world. The Chinese most likely beat Columbus by some 70 years in discovering North America and remember Native American's DNA (haplogroup Q) share much in common with the Chinese. However that was the past and this is now. There is little or no inventive spirit since Mao Tse-Tung and other leaders in the last half millennium or so. In fact, the leadership has diminished the intelligentsia. In the past half century or so there has been a shift in the leadership's thoughts on pure communism and has started to lean in the direction of highly controlled economic reforms with stringent controls on religion (such as the Falun Gong) and free thought. In the present society the Chinese regime has sought world domination through intellectual and industrial espionage and theft. Why reinvent the wheel when you can steal the plans? Do NOT forget . Such a society is not going to leap-frog over more technological countries in electronics in just a few decades.Over the past several years I have read both public information and <censored> information on the subject matter and the conclusion is grim. I wish I could relate what the Chinese did to all the foreigners that visited China for the Olympics. However I can relay this because it is in the public domain Chinese Authorities Order Olympic Hotels To Install Spy Gear and that just scratches the surface. Basically a case of the Chinese data-mining foreign visitors. Some other information in the "public" domain. China’s Brazen Use of Cyber-Espionage For Olympic Travelers, Concerns Over Gadget Surveillance in China This one hits home (so to speak). How a networking immigrant became a Chinese spy
  2. It would not surprise me in the least if there was stolen technology used in its manufacture.
  3. Steve that's interesting. Right now I incorporate the following scanners in my Multi-AV Scanning Tool... * Avira * Emsisoft * Kaspersky * Sophos * Trend Micro Avira replaced McAfee and it is fully licensed to me to be used specifically in the Multi-AV Scanning Tool. The Kaspersky scanner is literally a DOS based scanner (with DOS extension) and I'm ready to replace it. G-DATA could be that replacement in what would be Multi-AV v9.0, that is IFF there is a Win32 scanner. Thanx for the heads-up Steve !
  4. Trust me when I say that McAfee WOULD NOT be on my short list of desktop anti virus solutions either. Their retail product is BLAOTED and is sh!t! Until recently, McAfee was included in my Multi-AV Scanning Tool that is until they stopped including the Command Line Scanner in their SuperDAT file.
  5. What people don't realize are recent game changers that really have little or nothing to do with regular signature and heuristic detection. There is more to malicious software prevention and mitigation than traditional signature and heuristic detection. This will come into play with TPM. With malware like Stuxnet targeting SCADA as well as Mebromi targeting the BIOS and the myriad of mobile devices. Those who only see McAfee in the light of their retail products don't see the trees through the forest.
  6. I beg to differ! If you had a true virus, you'll want McAfee AV software as it is well able to disinfect an infected file. Remember, MBAM and SAS can NOT. All you know is their retail product. You probably know nothing about Enterprise v8.70i and/or ePO and I'll bet you wouldn't know what HBSS is without a Google search and probably have to do real research into border gateway solutions. Intel's purchase of McAfee was a very strategic, well thought out venture in areas of INFOSEC and COMSEC. Yeah, McAfee has a sh!tty retail AV solution. HP makes sh!tty digital cameras but I wouldn't bad mouth the whole HP company over it. I mean no offense or disrespect but if you are going to bad mouth a company, you should know what that company does.
  7. It is/was bad netiquette to just post a URL without having text to explain, qualify and enumerate its reason for being posted. However the subject matter, McAfee Deep Defender, "popped" with me understanding how the acquisition of McAfee by Intel would impact the anti malware industry. Reflected by the statement of the 1st web page... "McAfee Deep Defender is reinventing the industry approach to security and is the first product built on the McAfee DeepSAFE Technology co-developed with Intel." Its "General Chat", its anti malware its On Topic. The post was just framed poorly. I'm sure han_solo will learn from this as han_solo in obviously in touch with its radical tangent in security provided solutions.
  8. I am sure this is a direct benefactor and result of the Intel acquisition.
  9. Win32/Ramnit is a virus and there should be logs with *numereous* hits of Win32/Ramnit infected files. You will have open a forum helper assisted removal post. There are trained and qualified personnel here may be able to help you. Good Luck !
  10. A lot of misunderstanding stems from not knowing what comprises the many flavours of malware. It is a common misperception that all malware are viruses. The overarching concept is called malware, not viruses. Viruses are but one subset of malware. A decade or so ago there were a lot more viruses. Today the preponderance of malware are in the form of trojans. There is a major distinction between what comprises a computer virus. That distinction is self replication. That is the ability of the malware to spread to other files and or systems by its own means. Trojans on the other hand can not self replicate and need external assistance for them to spread. Another misperception is that cookies are malware. Not, not really. Sometimes they might have a malicious intent but they are not malware but "some" anti malware applications identify and remove cookies. There may be numerous cookies and thus a high detection count. As daledoc1 indicated, MBAM is a complementary anti malware solution to a fully installed anti virus application. MBAM doesn't target self replicating malware viruses (albeit on occasion it may remove a dropper known to initiate a viral infection). MBAM doesn't target malicious scripts like HTML, .JS (JavaScript), .VBS, etc. This is what a traditional anti virus application targets. However, traditional anti virus applications don't handle modifications Today's malware makes to the OS' Registry very well. MBAM targets computer executable types of files such as .EXE, .DLL, .CPL and .SYS types as well as modifications Today's malware makes to the OS' Registry and to the OS itself and in that arena, MBAM outshines its sister applications in the anti malware industry. So when you reported "...it reported 261 files infected with a variety of viruses..." I know that those 261 files weren't viruses as you stated "variety". If it was truly a virus then chances would be the 261 infected files of the SAME virus. This also bodes true for your submissions to Kaspersky. To really KNOW what's going on we have to know what those 261 files were and what the other anti malware vendors called the malware. Each vendor will assign a name to to a given piece of malware or malware family and its variants. Each company has its own naming convention. This naming convention has extremely loose adoption throughout the anti malware industry so a malware detected by multiple anti malware vendors will often have a different malware name assigned to it. For example; "Trojan.Win32.Heur.Gen" We can break down that name into sub-classifications for what this malware was identified as. "Trojan" - the file is a trojan, not a virus. "Win32" - It generally affects 32bit operating systems (albeit it may affect 64bit operating systems as well) "Heur" - This file was identified using Heuristics. Which kind of is like the saying "If it walks like a duck, squacks like a duck, then it must be a duck". "Gen" - This a a general or generalized detection meaning a non-specific malware family association Now contrast that with the following example of a name from a different vendor... "Win64/Sirefef.A" "Win64" - this malware affects a 64bit OS but not a 32bit OS "Sirefef" - This malware is found using specific signatures and is in the family called "Sirefef" "A" - This is the "A" variation of the "Sirefef" in contrast to what other variants may be like "Sirefef.B" and "Sirefef.C". What does this all boil down to ? Of those 261 files... were any script files like .JS, .VBS and HTML ? were any cookies ? were any REALLY viruses ? Hopefully I have enlightened you at least a little and not confused you even more with my information. It is intended to show you that MBAM has a niche and it its niche it it performs it intended function very well and for you to not lose confidence in MBAM until all the facts are carefully examined.
  11. LOL Then you will not be able to use the Secunia Java Applet that scans your computer for software that needs to be updated/patched nor any other Java Applet.
  12. Not a download per se. (Its a Java Applet) Run Secunia's Online Software Inspector (OSI) periodically http://secunia.com/vulnerability_scanning/online/ It is a personal Information Assurance scanner to find and relate vulnerabilities that need to be addressed by patches/updates.
  13. Just by looking at the subject of this post I know that you have been hit by what is known as a CyberGate Remote Access Trojan (RAT). It is a trojan and not a virus and a forum helper should be able to assist you.
  14. { If I may be so bold as to respond... } The MBAM Enterprise offering isn't a replacement for an anti virus solution, it is a supplement for non-viral malware such as; adware, spyware, keyloggers, browser helper objects, etc. One would still need a fully installed anti virus application performing "On Access" and "On Demand" scanning to deal with true viruses such as; Virut, Ramnet, Parite, etc. The MBAM Enterprise offering is a managed non-viral anti malware solution.
  15. Marcin: Does it have a management a console that alerts SAs via SNMP, broadcasts, email, SMS or other methodologies ? Does it work with AD GPO ?
  16. Trojan.Agent -- reported from "...the standard install for the Brazilian Government's income tax program, 2002-2007" DARF32CBX.zip
  17. And it works too :-) I just posted a sample caught by "Heuristics.Shuriken" Hooooah !
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.