Re: Cerner hopefully is using Zotob to show why hospitals should run VMS! VMS! VMS!

From: Alan Greig (greigaln_at_netscape.net)
Date: 08/21/05 

Date: Sun, 21 Aug 2005 11:50:41 GMT

Main, Kerry wrote:

>
> And you reminded me that Spybot anti-spyware utility has the capability
> to write protect the host/lmhost file on a windows box and protct
> against crap like this worm making chgs.

Kerry,

So does, for example MS-Anti-Spyware. The big flaw here is that any
anti-spyware/anti-virus can only protect if it spots the infection
first. Typically one of the first things a virus will do is try to
detect and disable any protection software. A brand new virus will
almost always get through any defences. I have seen many cases where
people think they are protected but the machine is littered with
infections because the virus entered their machine before a pattern
engine update took place. Even worse attempting to manually remove the
virus is sometimes the trigger to cause the virus to switch to
destructive mode.

By the way one particular virus variant didn't search peoples address
books for users to email to. It used a fixed file which it stored on
various webservers around the world. My virgin.net account was in that
fairly small list and I received hundreds of mesages per hour at one
point. To add insult to injury Symantec reported that infection as
"Number of Infections Worldwide less than 10". The initial batch of
these incoming got through Virgin's virus scanner and a half-awake me
almost opened what claimed to be an attachment containing RFC822 SMTP
transaction error details. My own virus scanner went off with a generic
warning that a text file inside the zip archive was actually a disguised
executable (it's name was such that the trailing .COM was outside the
display column width). I immediately initiated a manual update of the
pattern engine and only then did it identify the virus as a particular
nasty backdoor engine. What I'm am still curious about is why it was
listed as first identified about a month previously but "not known in
wild".

So you should never assume that just because you are "protected" you can
leave eveything on auto-pilot. 

-- 
Alan Greig

Relevant Pages

  • Re: How can I turn off Norton AV?
    ... >protect is OFF and I can't enable it. ... Email scanning is enabled and I ... What is the date of your virus definitions for NAV2004? ... be separate entries for Live Update and for Live Reg in the Add/Remove ...
    (microsoft.public.windowsxp.general)
  • Re: Virus check of incoming e-mail
    ... fear that their computer is infected with a virus. ... Even the most well-known anti-virus programs have ... scan is necessary to protect your computer. ... from the message and saves it to the Temporary Internet Files folder on your ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: HELP! KLEZ & PE_ELKERN.A Virus
    ... > I have Windows XP Microsoft Outlook Express. ... > recently contaminated KLEZ & PE_ELKERN viruses which I ... The problem, I think, lies with the virus ... Almost any virus protection software would protect you from something ...
    (microsoft.public.windowsxp.security_admin)
  • Re: WinXP SP2 firewall
    ... >>> That doesn't explain why I've been virus free for so long. ... Both will help you to avoid an infection. ... > "no firewall protects you from virii. ... That's why personal firewalls can't protect ...
    (comp.security.firewalls)
  • Re: WinXP SP2 firewall
    ... >>> That doesn't explain why I've been virus free for so long. ... Both will help you to avoid an infection. ... > "no firewall protects you from virii. ... It may thus protect a host from worms. ...
    (comp.security.firewalls)
Loading