!!! PREVENTION !!! of XP Antivirus 2009, XP Police Antivirus and thelike (Rogueware,Scareware)

I've been Googling for many hours now... In vain!!! This is a pain.

I usually install good commercial Anti-virus+Anti-spyware (Like Panda
or Nod32) to my customers and a week or a month later they call me
because they've been victims of Antivirus 2009 or XP Police Antivirus
or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
http://tinyurl.com/chwpxm).

Does someone knows how to prevent those scareware to install in the
first place?
Should I convert all my customers to use limited privileges user
accounts?
Computer resources-wise, it doesn't make sense to me to run a
commercial antivirus+antispyware AND another antispyware (like
Malwarebytes' Anti-Malware).

I know that user education is one of the best way to prevent those.
But sometimes it's difficult for new users or old fellows to remember
all this technicality.

Any ideas or suggestions?

In article <b8399ebd-87be-4fdc-aece-050262e8e590
@v39g2000pro.googlegroups.com>, RakperBanengen@yahoo.com says...
> Does someone knows how to prevent those scareware to install in the
> first place?
> Should I convert all my customers to use limited privileges user
> accounts?
>

No computer user that is not 100% aware of the threats should be
permitted to run as a anything other than a LIMITED account.

The best way to keep people from being infected, since the infection
happens by means that has been published for more than a decade, my
means that has been in ever major news outlet for 5+ years... is to let
them compromise their computers and then CHARGE them to clean it.

It appears, having worked on thousands of compromised machines, that
those who get infected don't care to learn UNTIL it costs them money.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

RakperBanengen@yahoo.com wrote:
> I've been Googling for many hours now... In vain!!! This is a pain.
>
> I usually install good commercial Anti-virus+Anti-spyware (Like Panda
> or Nod32) to my customers and a week or a month later they call me
> because they've been victims of Antivirus 2009 or XP Police Antivirus
> or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
> http://tinyurl.com/chwpxm).
>
> Does someone knows how to prevent those scareware to install in the
> first place?
> Should I convert all my customers to use limited privileges user
> accounts?
> Computer resources-wise, it doesn't make sense to me to run a
> commercial antivirus+antispyware AND another antispyware (like
> Malwarebytes' Anti-Malware).
>
> I know that user education is one of the best way to prevent those.
> But sometimes it's difficult for new users or old fellows to remember
> all this technicality.
>
> Any ideas or suggestions?

'Web of Trust' can be used to make your customers aware that they are a lot
of sites out there that want to infect their machines, all those innocent
looking screensavers, smileys and free games come with payloads etc. its
very similar to mcafee site advisor and works on ie and ff.

gaz

Hi Leythos,

Wednesday February 18 2009, Leythos writes to All:

> From: spam999free@rrohio.com
> It appears, having worked on thousands of compromised
> machines, that those who get infected don't care to learn
> UNTIL it costs them money.

Learn the hard way eh. :)

Gufus

--
K Klement

Enhance your marketing at http://www.gypsy-designs.com
mailto:info@gypsy-designs.com
Gypsy Designs Fax: (403) 242-3221

.... There are more ways of killing a cat than choking her with cream.

> The best way to keep people from being infected, since the infection
> happens by means that has been published for more than a decade, my
> means that has been in ever major news outlet for 5+ years... is to let
> them compromise their computers and then CHARGE them to clean it.
>
> It appears, having worked on thousands of compromised machines, that
> those who get infected don't care to learn UNTIL it costs them money.

Well, finally we agree on something. That's what I do, I charge them for it.
Over and over and over. Often on the same machine.

One of my client's finally got so pissed (broke, from my bills) that I sold
him an Internet Blocking tool/installation on his 20 machines in four
offices. It only allows access to three sites that are business
requirements. Nothing else. You oughta hear the employees screaming. But he
doesn't care. It isn't their money that has to pay for collecting viruses.
It's his.

-Frank

<RakperBanengen@yahoo.com> wrote in message
news:b8399ebd-87be-4fdc-aece-050262e8e590@v39g2000pro.googlegroups.com...
> I've been Googling for many hours now... In vain!!! This is a pain.
>
> I usually install good commercial Anti-virus+Anti-spyware (Like Panda
> or Nod32) to my customers and a week or a month later they call me
> because they've been victims of Antivirus 2009 or XP Police Antivirus
> or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
> http://tinyurl.com/chwpxm).
>
> Does someone knows how to prevent those scareware to install in the
> first place?
> Should I convert all my customers to use limited privileges user
> accounts?
> Computer resources-wise, it doesn't make sense to me to run a
> commercial antivirus+antispyware AND another antispyware (like
> Malwarebytes' Anti-Malware).
>
> I know that user education is one of the best way to prevent those.
> But sometimes it's difficult for new users or old fellows to remember
> all this technicality.
>
> Any ideas or suggestions?
>

NOD32 is OK.
Panda stinks.

On Tue, 24 Feb 2009 16:31:21 -0500, "John" <John@ihatespam.com> wrote:

>
><RakperBanengen@yahoo.com> wrote in message
>news:b8399ebd-87be-4fdc-aece-050262e8e590@v39g2000pro.googlegroups.com...
>> I've been Googling for many hours now... In vain!!! This is a pain.
>>
>> I usually install good commercial Anti-virus+Anti-spyware (Like Panda
>> or Nod32) to my customers and a week or a month later they call me
>> because they've been victims of Antivirus 2009 or XP Police Antivirus
>> or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
>> http://tinyurl.com/chwpxm).
>>
>> Does someone knows how to prevent those scareware to install in the
>> first place?
>> Should I convert all my customers to use limited privileges user
>> accounts?
>> Computer resources-wise, it doesn't make sense to me to run a
>> commercial antivirus+antispyware AND another antispyware (like
>> Malwarebytes' Anti-Malware).
>>
>> I know that user education is one of the best way to prevent those.
>> But sometimes it's difficult for new users or old fellows to remember
>> all this technicality.
>>
>> Any ideas or suggestions?

How about getting them to use Firefox with the Noscript and Adblocker
extensions?

>Panda stinks.

You better watch out - Xenu will get you now!
--
Michael Cecil
http://home.roadrunner.com/~macecil/
http://home.roadrunner.com/~safehex/
http://home.roadrunner.com/~macecil/hackingw7/

On Feb 25, 12:44*am, Michael Cecil <mace...@gmail.com> wrote:
> On Tue, 24 Feb 2009 16:31:21 -0500, "John" <J...@ihatespam.com> wrote:
>
> ><RakperBanen...@yahoo.com> wrote in message
> >news:b8399ebd-87be-4fdc-aece-050262e8e590@v39g2000pro.googlegroups.com....
> >> I've been Googling for many hours now... In vain!!! This is a pain.
>
> >> I usually install good commercial Anti-virus+Anti-spyware (Like Panda
> >> or Nod32) to my customers and a week or a month later they call me
> >> because they've been victims of Antivirus 2009 or XP Police Antivirus
> >> or XP AntiSpyware 2009 or TitanShield (The list goes on and on :
> >>http://tinyurl.com/chwpxm).
>
> >> Does someone knows how to prevent those scareware to install in the
> >> first place?
> >> Should I convert all my customers to use limited privileges user
> >> accounts?
> >> Computer resources-wise, it doesn't make sense to me to run a
> >> commercial antivirus+antispyware AND another antispyware (like
> >> Malwarebytes' Anti-Malware).
>
> >> I know that user education is one of the best way to prevent those.
> >> But sometimes it's difficult for new users or old fellows to remember
> >> all this technicality.
>
> >> Any ideas or suggestions?
>
> How about getting them to use Firefox with the Noscript and Adblocker
> extensions?
>
> >Panda stinks.
>
> You better watch out - Xenu will get you now!
> --
> Michael Cecilhttp://home.roadrunner.com/~macecil/http://home.roadrunner.com/~safehex/http://home.roadrunner.com/~macecil/hackingw7/

Thanks all for your input!

So, Is there a free/low cost solution to stop da XP AntiSpyware 2009
kind of thang? I mean, why can't the legit commercial antivirus
+antispyware able to detect those threats? They kind of all use the
same pattern to infiltrate the system... Will the limited user account
prevent this kind of infection?

RakperBanengen

On 02/28/2009 06:34 AM, RakperBanengen@yahoo.com sent:

Snip, snip...

> Thanks all for your input!
>
> So, Is there a free/low cost solution to stop da XP AntiSpyware 2009
> kind of thang?

If you're looking for one stop shopping, no! Your enemy is changing its
size, shape, speed and color with every new day. New variants
proliferate at an alarming rate. e.g. first we had Conficker. We now
ALSO have to deal with Conficker B++ and this while its next un-named
variant is probably being tested.

> I mean, why can't the legit commercial antivirus+antispyware able to detect those threats?

Inferior or out of date solutions.

> They kind of all use the same pattern to infiltrate the system...

No! The attack vectors are numerous.

> Will the limited user account prevent this kind of infection?

Helpful, but that is just one piece in the overall and ever changing
solution.

> RakperBanengen

We need to use the best of everything available. Even if that means
overlapping antimalware applications plus hardware solutions.
Fortunately for us, many currently good solutions are free.

But try to keep in mind that today's antimalware practices are just
barely good enough to defend against yesterday's malware. We have no
room to be smug for more then a moment because people with the
intelligence of the Conficker authors are coding the next threat as you
read this.

Then, the first time we make poor Internet involved choices, all that
good work goes out the window.

Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

In article <goc82a$nhs$1@news.motzarella.org>, barcrnahgjuvfgyr@nby.pbz
says...

<snip>

> We need to use the best of everything available. Even if that means
> overlapping antimalware applications plus hardware solutions.
> Fortunately for us, many currently good solutions are free.
>
> But try to keep in mind that today's antimalware practices are just
> barely good enough to defend against yesterday's malware. We have no
> room to be smug for more then a moment because people with the
> intelligence of the Conficker authors are coding the next threat as you
> read this.
>
>
<snip>

While I am not a professional in this field, everything I have read on
this aspect of computer security would suggest that you are right. Our
best efforts are barely keeping up with the threat posed out there.
Staying safe gets harder and more difficult for the user all the time.
Good sense and good security software are our only weapons against the
threats. We're on a treadmill that is going faster and faster. And
that only applies to those of us who are paying attention.

Security software developers are struggling to keep up on their end.
The bad guys are not a bunch of armatures anymore. They are in it for
the money and they mean business.

--
James E. Morrow
Email to: jamesemorrow@email.com

"James Morrow" <jamesemorrow@email.com> wrote in message
news:MPG.2416595dbe99648298971a@extreme.x-privat.org...
> In article <goc82a$nhs$1@news.motzarella.org>, barcrnahgjuvfgyr@nby.pbz
> says...
>
> <snip>
>
>> We need to use the best of everything available. Even if that means
>> overlapping antimalware applications plus hardware solutions.
>> Fortunately for us, many currently good solutions are free.
>>
>> But try to keep in mind that today's antimalware practices are just
>> barely good enough to defend against yesterday's malware. We have no
>> room to be smug for more then a moment because people with the
>> intelligence of the Conficker authors are coding the next threat as you
>> read this.
>>
>>
> <snip>
>
> While I am not a professional in this field, everything I have read on
> this aspect of computer security would suggest that you are right. Our
> best efforts are barely keeping up with the threat posed out there.
> Staying safe gets harder and more difficult for the user all the time.
> Good sense and good security software are our only weapons against the
> threats. We're on a treadmill that is going faster and faster. And
> that only applies to those of us who are paying attention.
>
> Security software developers are struggling to keep up on their end.
> The bad guys are not a bunch of armatures anymore.

If you move them inside a magnetic field do they generate an electric
current or not though?
--
Dave Baker

"Dave Baker" <Null@null.com> wrote in message
news:gois05$e85$1@news.datemas.de...
>
> "James Morrow" <jamesemorrow@email.com> wrote in message
> news:MPG.2416595dbe99648298971a@extreme.x-privat.org...
>> In article <goc82a$nhs$1@news.motzarella.org>,
>> barcrnahgjuvfgyr@nby.pbz
>> says...
>>
>> <snip>
>>
>>> We need to use the best of everything available. Even if that means
>>> overlapping antimalware applications plus hardware solutions.
>>> Fortunately for us, many currently good solutions are free.
>>>
>>> But try to keep in mind that today's antimalware practices are just
>>> barely good enough to defend against yesterday's malware. We have
>>> no
>>> room to be smug for more then a moment because people with the
>>> intelligence of the Conficker authors are coding the next threat as
>>> you
>>> read this.
>>>
>>>
>> <snip>
>>
>> While I am not a professional in this field, everything I have read
>> on
>> this aspect of computer security would suggest that you are right.
>> Our
>> best efforts are barely keeping up with the threat posed out there.
>> Staying safe gets harder and more difficult for the user all the
>> time.
>> Good sense and good security software are our only weapons against
>> the
>> threats. We're on a treadmill that is going faster and faster. And
>> that only applies to those of us who are paying attention.
>>
>> Security software developers are struggling to keep up on their end.
>> The bad guys are not a bunch of armatures anymore.
>
> If you move them inside a magnetic field do they generate an electric
> current or not though?

For stators you should always make sure you lock down your wireless
rotor. :o)

On Mar 3, 8:02*am, "FromTheRafters" <erra...@nomail.afraid.org> wrote:
> "Dave Baker" <N...@null.com> wrote in message
>
> news:gois05$e85$1@news.datemas.de...
>
>
>
>
>
> > "James Morrow" <jamesemor...@email.com> wrote in message
> >news:MPG.2416595dbe99648298971a@extreme.x-privat.org...
> >> In article <goc82a$nh...@news.motzarella.org>,
> >> barcrnahgjuvf...@nby.pbz
> >> says...
>
> >> <snip>
>
> >>> We need to use the best of everything available. *Even if that means
> >>> overlapping antimalware applications plus hardware solutions.
> >>> Fortunately for us, many currently good solutions are free.
>
> >>> But try to keep in mind that today's antimalware practices are just
> >>> barely good enough to defend against yesterday's malware. *We have
> >>> no
> >>> room to be smug for more then a moment because people with the
> >>> intelligence of the Conficker authors are coding the next threat as
> >>> you
> >>> read this.
>
> >> <snip>
>
> >> While I am not a professional in this field, everything I have read
> >> on
> >> this aspect of computer security would suggest that you are right.
> >> Our
> >> best efforts are barely keeping up with the threat posed out there.
> >> Staying safe gets harder and more difficult for the user all the
> >> time.
> >> Good sense and good security software are our only weapons against
> >> the
> >> threats. *We're on a treadmill that is going faster and faster. And
> >> that only applies to those of us who are paying attention.
>
> >> Security software developers are struggling to keep up on their end.
> >> The bad guys are not a bunch of armatures anymore.
>
> > If you move them inside a magnetic field do they generate an electric
> > current or not though?
>
> For stators you should always make sure you lock down your wireless
> rotor. :o)

Would Malwarebytes' Anti-Malware OR SuperAntispyware be a good
addition to the PC security, working in parallel with the antivirus?

<RakperBanengen@yahoo.com> wrote in message
news:096e3fd0-1d88-4091-8bb7-2fb3a96d22d7@d36g2000prf.googlegroups.com...
On Mar 3, 8:02 am, "FromTheRafters" <erra...@nomail.afraid.org> wrote:
> "Dave Baker" <N...@null.com> wrote in message
>
> news:gois05$e85$1@news.datemas.de...
>
>
>
>
>
> > "James Morrow" <jamesemor...@email.com> wrote in message
> >news:MPG.2416595dbe99648298971a@extreme.x-privat.org...
> >> In article <goc82a$nh...@news.motzarella.org>,
> >> barcrnahgjuvf...@nby.pbz
> >> says...
>
> >> <snip>
>
> >>> We need to use the best of everything available. Even if that
> >>> means
> >>> overlapping antimalware applications plus hardware solutions.
> >>> Fortunately for us, many currently good solutions are free.
>
> >>> But try to keep in mind that today's antimalware practices are
> >>> just
> >>> barely good enough to defend against yesterday's malware. We have
> >>> no
> >>> room to be smug for more then a moment because people with the
> >>> intelligence of the Conficker authors are coding the next threat
> >>> as
> >>> you
> >>> read this.
>
> >> <snip>
>
> >> While I am not a professional in this field, everything I have read
> >> on
> >> this aspect of computer security would suggest that you are right.
> >> Our
> >> best efforts are barely keeping up with the threat posed out there.
> >> Staying safe gets harder and more difficult for the user all the
> >> time.
> >> Good sense and good security software are our only weapons against
> >> the
> >> threats. We're on a treadmill that is going faster and faster. And
> >> that only applies to those of us who are paying attention.
>
> >> Security software developers are struggling to keep up on their
> >> end.
> >> The bad guys are not a bunch of armatures anymore.
>
> > If you move them inside a magnetic field do they generate an
> > electric
> > current or not though?
>
> For stators you should always make sure you lock down your wireless
> rotor. :o)

Would Malwarebytes' Anti-Malware OR SuperAntispyware be a good
addition to the PC security, working in parallel with the antivirus?

Yes!

....and you should change the OR to AND.

Hi,

I've had this happen a million times at customers I support and the
only sure way to prevent it is to stop them being administrator on the
PC and block new activeX from being installed. But this still does not
block downloads and if they manually execute the file :(

I've had a lot of bad experiences with programs like this so I wrote a
small and powerful application that sits in the task bar and monitors
all system changes. It can then be set to quarantine changes to core
system areas such as the windows directory and system 32. It also has
the added benefit of quarantining auto runs from usb disks and can log
serious changes to the firewall and registry. I've found so far that
this has saved me a couple of times either by blocking the install or
by giving me the exact details of what changed.

If your interested the software can be downloaded from:
http://www.lightningware.co.uk/softw...?code=LWS-VMON

Cheers,

Gazza