Jump to content

Suggestion - Statement about this new Conficker virus


Recommended Posts

Just a suggestion, but any kind of statement or word from the team about MBAM's effectiveness versus the new Conficker or Downadup viruses would go a long way.

For one, the client I just sold 75 MBAM licenses have called to ask me if they are protected.

Thanks!

Dan Watson

Exodus Technologies

www.yourexodus.com

www.GetAShuttle.com

Link to post
Share on other sites

Well, Conficker exploits MS08-067, which was patched a few days after discovery, so if your clients are running the latest Service Pack with the latest patches, then they are safe.

Considering the fact that the discovery date of Conficker is in late November of 2008, then any anti-virus software should detect it. Your clients are running a good anti-virus like AntiVir from Avira, right?

Link to post
Share on other sites

avast! Free detects many sites that could infect my system with Conficker.

Windows Defender has been updated to detect and remove Conficker if it detects it:

http://www.microsoft.com/security/portal

Yea, it's funny how the worms that are such a low threat are always the ones that attack the most people. Microsoft patches the security flaw a few days after it's found, and yet a worm comes out a month later that lays waste to peoples' computers using that security flaw...

Link to post
Share on other sites

There is lots of information about it.

'Huge increase' in worm attacks plagues unpatched Windows PCs

http://www.computerworld.com/action/articl...p;source=NLT_PM

Win32/Conficker

http://www.microsoft.com/security/portal/E...Win32/Conficker

The paranoid Security Experts that think that Microsoft is spying on them that tell people to turn off Automatic Updates are to blame.

Link to post
Share on other sites

The paranoid Security Experts that think that Microsoft is spying on them that tell people to turn off Automatic Updates are to blame.

No expert recommends to turn off automatic updates for broadband users at least, and no expert tells a user to avoid a service pack unless they know one of the drivers/applications the user has has an issue with the service pack.

Link to post
Share on other sites

Just a suggestion, but any kind of statement or word from the team about MBAM's effectiveness versus the new Conficker or Downadup viruses would go a long way.

OK, here is the official word from the head of our research team. They are working on a detection algorithm right now that will not only detect all previous variants of Conficker, but all future variants as well.

Until then, make sure that you have the latest service pack installed for your version of Windows, as well as the latest updates from Microsoft.

Link to post
Share on other sites

OK, here is the official word from the head of our research team. They are working on a detection algorithm right now that will not only detect all previous variants of Conficker, but all future variants as well.

Until then, make sure that you have the latest service pack installed for your version of Windows, as well as the latest updates from Microsoft.

Wow. So after all that of "it was months ago" talk MBAM can't detect it? I almost don't believe that.

Anyway, my point was more along the lines of it will help market your product. Look at the attention and misguided advice around about this thing. Like: http://tech.yahoo.com/blogs/null/116396

Look, any of us here worth our salt know how to avoid this crap. I'm just trying to push MBAM to more and bigger clients. To do that you have to play the game. Like F-Secure is...they have a free cleanup tool available. F-Secure is crap, but that tool is getting them a lot of attention which will lead to sales.

YOU should be harnessing that. Put the attention on your product. It is a better product. Get the algorithm. Put a statement on the front page and push that statement through your partners/resellers and download.com. I agree that this worm/virus whatever is mostly hot air, but it is almost free publicity.

Thanks,

Dan

Link to post
Share on other sites

No expert recommends to turn off automatic updates for broadband users at least, and no expert tells a user to avoid a service pack unless they know one of the drivers/applications the user has has an issue with the service pack.

What I meant was that I have read in other forums and elsewhere that people are telling people to disable Automatic updates because Microsoft gathers information about the system that Windows is running on and to only do manual updates.

People have become accustomed to Microsoft releasing updates on Patch Tuesday that is the second Tuesday of the month so people with manual update probably would not check for an update until then and Microsoft released an update as soon as it realized Conficker sometimes known as Downadup was becoming prevalent leaving many people vulnerable for a couple of weeks.

I do not want to get into a debate about who's fault it was but the fact is that the infection is rampant.

I am amazed when I browse through forums and I see people asking for help with their systems and they are still running SP2 while SP3 has been available for 6 months or more.

Link to post
Share on other sites

Wow. So after all that of "it was months ago" talk MBAM can't detect it? I almost don't believe that.

Actually, Bruce never specifically told me that MBAM couldn't detect current variants of Conficker. All he told me was that they were working on heuristics that would catch all past and future variants. I won't put words in Bruce's mouth and say that we do or don't detect Conficker, and I won't pester him further and take his time away from writing those heuristics.

Anyway, my point was more along the lines of it will help market your product. Look at the attention and misguided advice around about this thing. Like: http://tech.yahoo.com/blogs/null/116396

Look, any of us here worth our salt know how to avoid this crap. I'm just trying to push MBAM to more and bigger clients. To do that you have to play the game. Like F-Secure is...they have a free cleanup tool available. F-Secure is crap, but that tool is getting them a lot of attention which will lead to sales.

YOU should be harnessing that. Put the attention on your product. It is a better product. Get the algorithm. Put a statement on the front page and push that statement through your partners/resellers and download.com. I agree that this worm/virus whatever is mostly hot air, but it is almost free publicity.

You're right that it's free publicity, but we get a lot of that because of what we do that anti-virus software cannot. All of those rogues, and the trojans that install and protect them, they are hard as hell to get rid of. We get a lot of publicity for being the best at removing them.

Once Bruce and his team finish their heuristics for Conficker, then we will once again be doing something that anti-virus software cannot.

Link to post
Share on other sites

I don't mean to be rude but have they finished the algorithm yet?

I doubt it. Bruce doesn't tell me when he makes new heuristics (he keeps himself far to busy to update everyone on the status of the definitions), so I really don't know for sure.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.