Results 1 to 15 of 15

Thread: Cannot run my antispyware or antivirus program

  1. #1
    Cam
    Guest

    Cannot run my antispyware or antivirus program

    Hi everyone,

    I have a spyware since a couple of days that I can't get rid of. It
    pops up every once in a while in a bubble in the right hand corner,
    the system tray, saying that my computer is infected and that I need a
    spyware program to clean it... If I click on it, it will install an
    antyspyware program. The usual problem that I had with other spyware
    before.

    But the big problem with this one is that my antispyware and my
    antivirus programs will not run and the one that will run (Ad Aware),
    will not update anymore using the usual Internet connection made for
    that purpose in the program . Furthermore it redirects my Internet
    sites whenever I want to go to a antispyware or antivirus site!

    Could someone please help me?

    Thank you in advance
    Cam

  2. #2
    David H. Lipman
    Guest

    Re: Cannot run my antispyware or antivirus program

    From: "Cam" <cam1947@gmail.com>

    | Hi everyone,

    | I have a spyware since a couple of days that I can't get rid of. It
    | pops up every once in a while in a bubble in the right hand corner,
    | the system tray, saying that my computer is infected and that I need a
    | spyware program to clean it... If I click on it, it will install an
    | antyspyware program. The usual problem that I had with other spyware
    | before.

    | But the big problem with this one is that my antispyware and my
    | antivirus programs will not run and the one that will run (Ad Aware),
    | will not update anymore using the usual Internet connection made for
    | that purpose in the program . Furthermore it redirects my Internet
    | sites whenever I want to go to a antispyware or antivirus site!

    | Could someone please help me?

    | Thank you in advance
    | Cam

    Cam:

    Please don't MultiPost.
    Please learn to Cross-Post to pertinent, On Topic, NewsGroups instead.

    Additionally, you were replied to by a fake MS MVP, software plagiarizer and malicious
    actor by the 'nym of PCBUTTS1.
    Please stear clear of his web site and any offereings "he" has provided you.

    I suggest you use the following...
    Malwarebytes Anti-Malware
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    If that does not work (and I am sure it will)...



    Download and execute HiJack This! (HJT)
    http://www.trendsecure.com/portal/en...HJTInstall.exe

    Then post the contents of the HJT log in your post in one of the below expert forums...

    { Please - Do NOT post the HJT Log here ! }

    Forums where you can get expert advice for HiJack This! (HJT) Logs.

    NOTE: Registration is REQUIRED in any of the below before posting a log

    Suggested primary:
    http://www.thespykiller.co.uk/index.php?board=3.0

    Suggested secondary:
    http://www.bleepingcomputer.com/forums/forum22.html
    http://castlecops.com/forum67.html
    http://www.malwarebytes.org/forums/i...hp?showforum=7

    Suggested tertiary:
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/...splay.php?f=25
    http://www.atribune.org/forums/index.php?showforum=9
    http://www.geekstogo.com/forum/Malwa..._Here-f37.html
    http://gladiator-antivirus.com/forum...?showforum=170
    http://forum.networktechs.com/forumdisplay.php?f=130
    http://forums.maddoktor2.com/index.php?showforum=17
    http://www.spywarewarrior.com/viewforum.php?f=5
    http://forums.spywareinfo.com/index.php?showforum=18
    http://forums.techguy.org/f54-s.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://forums.subratam.org/index.php?showforum=7
    http://www.5starsupport.com/ipboard/...p?showforum=18
    http://aumha.net/viewforum.php?f=30
    http://makephpbb.com/phpbb/viewforum.php?f=2
    http://forums.techguy.org/54-security/
    http://forums.security-central.us/forumdisplay.php?f=13


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



  3. #3
    Cam
    Guest

    Re: Cannot run my antispyware or antivirus program

    On Oct 20, 9:07*pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
    wrote:
    > From: "Cam" <cam1...@gmail.com>
    >
    > | Hi everyone,
    >
    > | I have a spyware since a couple of days that I can't get rid of. It
    > | pops up every once in a while in a bubble in the right hand corner,
    > | the system tray, saying that my computer is infected and that I need a
    > | spyware program to clean it... If I click on it, it will install an
    > | antyspyware program. The usual problem that I had with other spyware
    > | before.
    >
    > | But the big problem with this one is that my antispyware and my
    > | antivirus programs will not run and the one that will run (Ad Aware),
    > | will not update anymore using the usual Internet connection made for
    > | that purpose in the program . Furthermore it redirects my Internet
    > | sites whenever I want to go to a antispyware or antivirus site!
    >
    > | Could someone please help me?
    >
    > | Thank you in advance
    > | Cam
    >
    > Cam:
    >
    > Please don't MultiPost.
    > Please learn to Cross-Post to pertinent, On Topic, NewsGroups instead.
    >
    > Additionally, you were replied to by a fake MS MVP, software plagiarizer and malicious
    > actor by the 'nym of PCBUTTS1.
    > Please stear clear of his web site and any offereings "he" has provided you.
    >
    > I suggest you use the following...
    > Malwarebytes Anti-Malwarehttp://www.malwarebytes.org/mbam/program/mbam-setup.exe
    >
    > If that does not work (and I am sure it will)...
    >
    > Download and execute HiJack This! (HJT)http://www.trendsecure.com/portal/en...HJTInstall.exe
    >
    > Then post the contents of the HJT log in your post in one of the below expert forums...
    >
    > { Please - Do NOT post the HJT Log here ! }
    >
    > Forums where you can get expert advice for HiJack This! (HJT) Logs.
    >
    > NOTE: Registration is REQUIRED in any of the below before posting a log
    >
    > Suggested primary:http://www.thespykiller.co.uk/index.php?board=3.0
    >
    > Suggested secondary:http://www.bleepingcomputer.com/foru...hp?showforum=7
    >
    > Suggested tertiary:http://www.dslreports.com/forum/clea...splay.php?f=13
    >
    > --
    > Davehttp://www.claymania.com/removal-trojan-adware.html
    > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp


    Thanks for your info concerning multi posting, sorry I did not know.
    Also thanks for the info concerning the fake MS MVP, when I saw that I
    thought that it was indeed a fake.

    Now, concerning the sites you gave me, I tried to go on these site
    but, I guess, the malicious spyware that I have on my PC will not let
    me go there, I get a "page load error" whenever I try to open any of
    the sites you gave me. It seems to be that a cannot open any sites
    about spyware or viruses. Any other sites will open properly... I
    guess my PC is badly infected!

    Any other idea of what I could do? My spyware and antivirus programs
    will not work and/or update and cannot go on security sites, I either
    get an error message or I am redirected to other sites.

    Thaks again,
    Cam

  4. #4
    David H. Lipman
    Guest

    Re: Cannot run my antispyware or antivirus program

    From: "Cam" <cam1947@gmail.com>


    | Thanks for your info concerning multi posting, sorry I did not know.
    | Also thanks for the info concerning the fake MS MVP, when I saw that I
    | thought that it was indeed a fake.

    | Now, concerning the sites you gave me, I tried to go on these site
    | but, I guess, the malicious spyware that I have on my PC will not let
    | me go there, I get a "page load error" whenever I try to open any of
    | the sites you gave me. It seems to be that a cannot open any sites
    | about spyware or viruses. Any other sites will open properly... I
    | guess my PC is badly infected!

    | Any other idea of what I could do? My spyware and antivirus programs
    | will not work and/or update and cannot go on security sites, I either
    | get an error message or I am redirected to other sites.

    | Thaks again,
    | Cam

    Sorry to hear that.
    Then your *best* option would be to wipe the PC and resinstall the OS from scratch after
    backing up your data.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



  5. #5
    Junior Member
    Join Date
    Oct 2008
    Posts
    2
    I had this problem, with the AntiVirus2008 virus a week ago. What saved me was that I had another user account on start up and luckly I could still download Anti-Malware into that one. After a weekend of doing scan after scan I think its finally clear.

    Good luck!

  6. #6
    Todd H.
    Guest

    Re: Cannot run my antispyware or antivirus program

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

    > From: "Cam" <cam1947@gmail.com>
    >
    >
    > | Thanks for your info concerning multi posting, sorry I did not know.
    > | Also thanks for the info concerning the fake MS MVP, when I saw that I
    > | thought that it was indeed a fake.
    >
    > | Now, concerning the sites you gave me, I tried to go on these site
    > | but, I guess, the malicious spyware that I have on my PC will not let
    > | me go there, I get a "page load error" whenever I try to open any of
    > | the sites you gave me. It seems to be that a cannot open any sites
    > | about spyware or viruses. Any other sites will open properly... I
    > | guess my PC is badly infected!
    >
    > | Any other idea of what I could do? My spyware and antivirus programs
    > | will not work and/or update and cannot go on security sites, I either
    > | get an error message or I am redirected to other sites.
    >
    > | Thaks again,
    > | Cam
    >
    > Sorry to hear that.
    > Then your *best* option would be to wipe the PC and resinstall the OS from scratch after
    > backing up your data.


    Cam,

    I strongly second this advice from David.


    --
    Todd H.
    http://www.toddh.net/

  7. #7
    Ari
    Guest

    Re: Cannot run my antispyware or antivirus program

    On Tue, 4 Nov 2008 13:02:44 -0000, Trespasser wrote:

    > --
    > Regards
    > Trespasser
    > ----------------------------
    > I try to take one day at a time, but sometimes two or three gang up on me.
    >
    > I'm not paranoid, I know your watching me. (o-o)
    >
    > Show me a wireless network, I'll show you free broadband.
    >
    > So you think this sigantures bad ? You should see my handwriting
    > ----------------------------
    > "Ari" <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in message
    > news:6na09rFkk1n9U1@mid.individual.net...
    >> On Tue, 4 Nov 2008 01:20:08 -0000, Trespasser wrote:
    >>
    >>> I do find though that those people who's first action is to reach for the
    >>> windows cd to perform a format either have the attitude that they do not
    >>> have the ability to cleanse a system manually, they just dont have the
    >>> time,
    >>> or they are far too interested in making quick money. I myself have
    >>> taken
    >>> time to find a handfull of tools (all of them free) and there a very few
    >>> machines I see that actually need formatting, after spending an hour
    >>> running
    >>> a couple of programs.

    >>
    >> Heh, you're clueless.

    >
    > #############
    >
    > Yeah your right. Tell that to my boss who pays me 15 p/h


    Two idiots don't make either of you less clueless.

  8. #8
    Ari
    Guest

    Re: Cannot run my antispyware or antivirus program

    On Wed, 05 Nov 2008 13:48:06 -0600, Moe Trin wrote:

    >>Yes, I use other other ways to detect malware rather than rely on AV-
    >>type software. When rootkits are involved you need to compare things
    >>like the in-memory image of the system service despatch table against
    >>the original executable code.

    >
    > A problem there is that you are relying on the existing O/S to read
    > the O/S memory, and some kind of comparison mechanism. How do you know
    > that the memory you are examining is actually what is being used, and
    > isn't something that is patched around.


    The ***** is either clean or dirty, never in between.

  9. #9
    Moe Trin
    Guest

    Re: Cannot run my antispyware or antivirus program

    On Thu, 06 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
    <op.uj7pqmu66vfhnv@thecomputer.gha.chartermi.net>, chame1eon wrote:

    > I think your right that malware could be a lot more sophisticated,
    >but because a large number of users don't take countermeasures, it
    >doesn't need to be.


    Depends on the target. Most of the malware targets one version or
    another of windoze. The reasons are a rather poor coding standard,
    user demand for eleventy-zillion "features" to make things more
    useful, and the absolute refusal of users to learn anything about
    the computer (never mind the operating system or applications) which
    means everything is enabled, but in the default settings. The result
    is that it's a very easy target to crack, and because it's widely
    used, the main problem for the bad guys is figuring out which
    system to take over.

    None the less, it is relatively easy to harden windoze so that it
    becomes much more difficult to crack. The result is that the bad guy
    moves on, and picks one of the jillion other easier targets.

    >So when it comes to things I think I'm likely to encounter on
    >my home pc convienience can take precidence.


    Convenience doesn't have to take precedence over security.

    > I'm trying to get a degree for something computer related, so
    >depending on what I end up doing, knowledge about tighter security
    >could become an issue.


    Knowledge of security comes from knowledge of the protocols, and what
    the application is doing. An example is "sharing". Do you really
    want to share everything with everyone? An exaggeration, but do you
    think it's a good idea to share your printer with the world? How do
    they pick up the hard copies? Do they stop by the house, or do you
    mail them out?

    >I still want to see what aide does though, so thank you.


    Results 1 - 10 of about 316,000,000 for aide [definition]. (0.18
    seconds)

    AIDE - Advanced Intrusion Detection Environment
    AIDE is a file integrity checker that supports regular expressions.
    Licensed with GPL.
    www.cs.tut.fi/~rammer/aide.html - 6k - Cached - Similar pages

    Aide - Wikipedia, the free encyclopedia
    AIDE (software), (Advanced Intrusion Detection Environment). An open
    source host -based intrusion ... Retrieved from
    "http://en.wikipedia.org/wiki/Aide" ...
    en.wikipedia.org/wiki/Aide - 18k - Cached - Similar pages

    First two hits. Tripwire was the gold standard for a long time,
    created by two of the better security programmers (Spafford and Kim at
    Purdue University). It's been made into a commercial product, which
    was part of the incentive for aide (the GPL means it's free, AND you
    get the source).

    >I would switch out disks, but I don't even have a good way to back up
    >the stuff I have untill I get more money :( Most people who's pcs
    >I've cleaned don't have spares either.


    No backups is an invitation for disaster. Disk drives are _relatively_
    inexpensive, assuming a "modern" computer. It's a gamble, and you
    need to figure the costs both ways.

    Old guy

  10. #10
    Ant
    Guest

    Re: Cannot run my antispyware or antivirus program

    "Moe Trin" wrote:

    > Ant wrote:
    >>When rootkits are involved you need to compare things
    >>like the in-memory image of the system service despatch table against
    >>the original executable code.

    >
    > A problem there is that you are relying on the existing O/S to read
    > the O/S memory, and some kind of comparison mechanism. How do you know
    > that the memory you are examining is actually what is being used, and
    > isn't something that is patched around.


    In most cases those patches or hooks can be found, even when the
    malware is running as a kernel driver. I've not yet seen something
    that could totally subvert raw device access or be undetectable in
    some way.

    >>There are different ways of examining internal structures and you have
    >>to know what you're looking for. Malware can't hide all the methods
    >>from you.

    >
    > It doesn't have to. Most users are totally incapable of making ANY
    > type of technical decision, because they have no idea, or any desire
    > to know that the computer (or any hardware more complicated that a
    > hammer) is doing.


    Of course, but I'm looking at it from the perspective of a techie who
    is supposed to understand something about how the system works.

    The average user these days isn't interested in computing as such.
    What they want is an internet/multimedia appliance, an advanced
    typewriter, a virtual canvass, a recreational platform. To them, a
    computer is something that assists them with their work, hobbies or
    other interests.

    Perhaps there's an argument to be made for a read-only OS where new
    software can't be installed. One thing's certain; users are no more
    likely to become technicians than most car drivers are going to become
    mechanics. If a safe platform can't be found then ISPs will have to do
    more about limiting malicious network traffic -- or not, and we carry
    on as usual.


    > (25 years ago) there were not a lot of malevolent things you could do
    > with a teletype apart from ring the bell, or form feed it out of paper.


    Our system was set to read from the card-reader, so when it had
    finished the current task would clatter loudly and ring the bell every
    few seconds saying "feed me!". This annoyance would normally get us
    off our arses in the operators rest room and give it another job. When
    Texas Instruments introduced the Silent 700 it only emitted a soft
    beep. Consequently, when we eventually checked the computer room, half
    a roll of expensive heat-sensitive paper would be piled up on the
    floor.



  11. #11
    Ari
    Guest

    Re: Cannot run my antispyware or antivirus program

    On Fri, 7 Nov 2008 12:47:20 -0000, Ant wrote:

    > In most cases those patches or hooks can be found, even when the
    > malware is running as a kernel driver. I've not yet seen something
    > that could totally subvert raw device access or be undetectable in
    > some way.


    I'm sure you haven't. I'm also sure that if something is not detectable
    by an amateur you won't find it.

    See how that works?

  12. #12
    Moe Trin
    Guest

    Re: Cannot run my antispyware or antivirus program

    On Fri, 7 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
    <_9mdnZNCt-SZpInUnZ2dnUVZ8srinZ2d@brightview.co.uk>, Ant wrote:

    >In most cases those patches or hooks can be found, even when the
    >malware is running as a kernel driver. I've not yet seen something
    >that could totally subvert raw device access or be undetectable in
    >some way.


    Perhaps - but how much time to you spend reading Bugtraq?

    >> Most users are totally incapable of making ANY type of technical
    >> decision, because they have no idea, or any desire to know that the
    >> computer (or any hardware more complicated that a hammer) is doing.

    >
    >Of course, but I'm looking at it from the perspective of a techie who
    >is supposed to understand something about how the system works.


    For every techie, there is a huge number of non-techies, and that's
    the ones the mal-ware targets. Those users don't want to know what
    the computer might be doing, but at the same time want it to do
    everything without bothering them with pop-up messages.

    >The average user these days isn't interested in computing as such.


    and don't have any idea what is happening,

    >What they want is an internet/multimedia appliance, an advanced
    >typewriter, a virtual canvass, a recreational platform. To them, a
    >computer is something that assists them with their work, hobbies or
    >other interests.


    And when it screws up, crashes, or otherwise does something that they
    might eventually recognize probably wasn't the best idea, it's the
    computer's fault. Could it be because they directed the computer to do
    something st00pid? Silly question - why would they do that?

    >Perhaps there's an argument to be made for a read-only OS where new
    >software can't be installed.


    Trivial - remove the hard disk, and run everything from the CD or DVD.
    Log data goes over the network to a log server, or to a line printer.
    We've been running our public facing systems that way for decades. The
    problem for our clueless user is how to update the software to fix the
    latest fiasco. "Change the CD??? That's to complicated!!! Whine,
    whine, whine". And you're back to square one. You may have forgotten
    about _hard_drives_ that had a 'Read Only' jumper setting (also called
    'Write Protect') - jumper off, and you could load new stuff, but when
    you put the jumper back on, the drive was safe from changes. This
    wouldn't work for our clueless user as they'd merely leave the jumper
    off for convenience (or loose the darn thing).

    >One thing's certain; users are no more likely to become technicians
    >than most car drivers are going to become mechanics.


    If you look at the standards of car drivers, those have also been going
    down-hill. What's the percentage that even know how to check the oil
    level, never mind how many actually check it at all.

    >If a safe platform can't be found then ISPs will have to do more about
    >limiting malicious network traffic -- or not, and we carry on as usual.


    Are you willing to pay more to have this happen? Some people have
    suggested confiscating computers that get 0wned. This would be somewhat
    similar to your automobile insurance rates going up after you caused
    an accident. (I've also heard proposals to require computer users to
    have insurance too.) Eventually, the costs might convince the idiots to
    not have or use an Internet connected computer, or learn something
    about using one safely by learning how they got screwed the last time.

    >> (25 years ago) there were not a lot of malevolent things you could
    >> do with a teletype apart from ring the bell, or form feed it out of
    >> paper.

    >
    >Our system was set to read from the card-reader, so when it had
    >finished the current task would clatter loudly and ring the bell every
    >few seconds saying "feed me!". This annoyance would normally get us
    >off our arses in the operators rest room and give it another job.


    You didn't have a dedicated slave whose duty station was in the
    dinosaur pit?

    >When Texas Instruments introduced the Silent 700 it only emitted a
    >soft beep. Consequently, when we eventually checked the computer room,
    >half a roll of expensive heat-sensitive paper would be piled up on the
    >floor.


    Yeah - our managers used to scream about that. The 733s didn't last
    very long at our place - we found them less than reliable. There was
    a fix for the soft beep, although it voided the warranty. Replace the
    noisemaker with a Mallory SC307N. You could hear it fifty feet away.

    Old guy

  13. #13
    Ant
    Guest

    Re: Cannot run my antispyware or antivirus program

    "Moe Trin" wrote:

    > Ant wrote:
    >>In most cases those patches or hooks can be found, even when the
    >>malware is running as a kernel driver. I've not yet seen something
    >>that could totally subvert raw device access or be undetectable in
    >>some way.

    >
    > Perhaps - but how much time to you spend reading Bugtraq?


    I keep an eye on it for the latest Windows related problems. Then I
    acquire malware samples to examine.


    >>Perhaps there's an argument to be made for a read-only OS where new
    >>software can't be installed.

    >
    > Trivial - remove the hard disk, and run everything from the CD or DVD.
    > Log data goes over the network to a log server, or to a line printer.
    > We've been running our public facing systems that way for decades.


    That's ok for that type of system but the home user needs writeable
    media for their gigabytes of pr0n and music downloads.

    > The
    > problem for our clueless user is how to update the software to fix the
    > latest fiasco. "Change the CD??? That's to complicated!!! Whine,
    > whine, whine". And you're back to square one.


    So there really is no hope!

    > You may have forgotten
    > about _hard_drives_ that had a 'Read Only' jumper setting (also called
    > 'Write Protect') - jumper off, and you could load new stuff, but when
    > you put the jumper back on, the drive was safe from changes. This
    > wouldn't work for our clueless user as they'd merely leave the jumper
    > off for convenience (or loose the darn thing).


    There could be some mileage in that if the jumper was a prominent
    switch built in to the front of a PC, and a second writeable disk for
    data only. There would have to be standard OS support for this kind of
    setup -- something that 'nix systems can do now but popular consumer
    OS's not so easily.

    >>If a safe platform can't be found then ISPs will have to do more about
    >>limiting malicious network traffic -- or not, and we carry on as usual.

    >
    > Are you willing to pay more to have this happen?


    That's the trouble. However, some ISPs are already better (arguably)
    than others; e.g. disallowing port 25 SMTP traffic except to the ISP's
    mail server. That could be a nuisance for some people and I don't like
    the idea of a restricted internet access (for me). I reckon many could
    do a better job at stopping botnet traffic from their own network at
    not too much extra cost.

    > Some people have suggested confiscating computers that get 0wned.


    A less severe option would be to block network access apart from HTTP
    requests which would return a page informing them of the problem and
    the actions required to get back online.

    >>[tty] annoyance would normally get us off our arses in the operators
    >>rest room and give it another job.

    >
    > You didn't have a dedicated slave whose duty station was in the
    > dinosaur pit?


    Officially, someone was supposed to be there at all times. In practice
    it didn't always work like that. During the day, when many short jobs
    were scheduled, it was difficult to get away from the machine. The
    long jobs were usually left for the night shift and some would run for
    several hours without needing attention. This gave us the chance to
    catch up on other tasks like maintaining the tape library. When I say
    "us", sometimes there was only one operator on the shift and at the
    main site there was more than one computer room. The problem arose
    when a long job had been underestimated or aborted itself a short way
    in.



  14. #14
    Ant
    Guest

    Re: Cannot run my antispyware or antivirus program

    > Ant wrote:
    > The problem arose when a long job had been underestimated


    Duh. I mean the run time had been *over*estimated.



  15. #15
    Moe Trin
    Guest

    Re: Cannot run my antispyware or antivirus program

    On Mon, 10 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
    <4aOdnfJ3wuH5CIrUnZ2dnUVZ8s7inZ2d@brightview.co.uk>, Ant wrote:

    >"Moe Trin" wrote:


    >> Ant wrote:


    >>> Perhaps there's an argument to be made for a read-only OS where new
    >>> software can't be installed.

    >>
    >> Trivial - remove the hard disk, and run everything from the CD or DVD.
    >> Log data goes over the network to a log server, or to a line printer.
    >> We've been running our public facing systems that way for decades.

    >
    >That's ok for that type of system but the home user needs writeable
    >media for their gigabytes of pr0n and music downloads.


    CDs and DVDs. Many UNIX have a 'no-execute' flag in mount(8) which
    helps, as does file ownership - but the DeLoader worm of 2003
    demonstrated the fallacy of the permissions/ownership concept in windoze
    as everyone and his dog runs as Administrator - so that they don't get
    those warnings when they try to install that n33t malware helper they
    found at that wonderful download server that has _everything_ for free.

    >> The problem for our clueless user is how to update the software to
    >> fix the latest fiasco. "Change the CD??? That's to complicated!!!
    >> Whine, whine, whine". And you're back to square one.

    >
    >So there really is no hope!


    Users don't want to do anything except click on an icon - anything else
    is to hard, or complicated, and may make their brane explode. ;-)

    >> You may have forgotten about _hard_drives_ that had a 'Read Only'
    >> jumper setting (also called 'Write Protect') - jumper off, and you
    >> could load new stuff, but when you put the jumper back on, the
    >> drive was safe from changes. This wouldn't work for our clueless
    >> user as they'd merely leave the jumper off for convenience (or
    >> loose the darn thing).

    >
    >There could be some mileage in that if the jumper was a prominent
    >switch built in to the front of a PC,


    That used to be the case on the old washing machines - and you may
    remember the plastic ring on the hubs of 9 track tapes, or the
    write-protect notch/hole on floppies. Problem is, everyone would
    leave the protection in the disabled position (allowing writing to
    the media) because it's to much work to do otherwise.

    >and a second writeable disk for data only. There would have to be
    >standard OS support for this kind of setup -- something that 'nix
    >systems can do now but popular consumer OS's not so easily.


    Windoze already has the separate disk capability. But the drive that
    contains the O/S has to be writable in order to install O/S updates
    (or put the O/S on read-only media like a CD/DVD and run into the
    grief noted above). Making the 'data' drive 'no-execute' is a major
    complication for the users. Our users have their home directory
    mounted 'exec' because many of them create useful (to them) scripts
    that are stored in ~/bin/ because they are unique to the individual
    (and thus not easily stored in /bin/ , /use/bin/ or even
    /usr/local/bin/). Yes, windoze being a single user (in practice)
    operating system could just require all executables to be stored on a
    system partition, but how does that user then add/modify/replace the
    extra (non-O/S supplied) tools - like the latest anti-mal-ware? If
    updates are supplied as authenticated read-only CDs or DVDs, the user
    will loose them between the post-box and computer room, or they'll be
    damaged (the dog ate it) or they'll be screaming about the extra costs
    (postal delivery charges as well as the cost of producing the media),
    never mind screaming at the hell-desks because they can't figure out
    how to install/upgrade.

    >> Are you willing to pay more to have this happen?

    >
    >That's the trouble. However, some ISPs are already better (arguably)
    >than others; e.g. disallowing port 25 SMTP traffic except to the ISP's
    >mail server. That could be a nuisance for some people and I don't like
    >the idea of a restricted internet access (for me). I reckon many could
    >do a better job at stopping botnet traffic from their own network at
    >not too much extra cost.


    Disallowing port 25 is one or two rules on the perimeter router, and
    takes seconds to implement. Blocking bots is a lot more complicated
    as now you are talking about analyzing traffic. Sure, I can throttle
    traffic from individual IP addresses, but differentiating legitimate
    traffic (someone downloading the latest CD - or worse, a DVD load - of
    their perversion of choice, verses someone clicking on a URL that loads
    graphics and other crap from a dozen or so content providers, verses
    someone operating a Bit-Torrent/eDonkey/Napster or equal server) is
    more complicated and subject to mis-interpretation (false alarms).

    >> Some people have suggested confiscating computers that get 0wned.

    >
    >A less severe option would be to block network access apart from HTTP
    >requests which would return a page informing them of the problem and
    >the actions required to get back online.


    It's been tried. Unsuccessfully. Your support costs skyrocket
    because you have all the users who are blocked calling the hell-desk to
    have _you_ fix the problem - after all, it's YOUR fault, because YOU
    are the one blocking them. To make it work, there has to be a
    monetary incentive for the users to avoid getting infected/0wn3d. If
    that incentive is that they _don't_ have to pay 2-3 man-hours to have
    their computer cleaned up, plus fees/fines for repeats, so be it. But
    this concept has to apply to all connection providers equally. It makes
    no sense to drive the clueless from responsible providers (who incur
    added costs to admin the program, and income loss from customers moving
    away) to the irresponsible providers unless those providers are
    themselves shunned by a more responsible Internet community.

    >>> [tty] annoyance would normally get us off our arses in the
    >>> operators rest room and give it another job.

    >
    >> You didn't have a dedicated slave whose duty station was in the
    >> dinosaur pit?

    >
    >Officially, someone was supposed to be there at all times. In practice
    >it didn't always work like that. During the day, when many short jobs
    >were scheduled, it was difficult to get away from the machine. The
    >long jobs were usually left for the night shift and some would run for
    >several hours without needing attention.


    The usual solution was to have adequate bods scheduled during the day
    when things were jumping, less numbers on the night shift.

    >This gave us the chance to catch up on other tasks like maintaining
    >the tape library.


    One full time librarian, and grunt hours supplied by student interns.

    >When I say "us", sometimes there was only one operator on the shift
    >and at the main site there was more than one computer room. The
    >problem arose when a long job had been underestimated or aborted
    >itself a short way in.


    I don't think we ever had just one operator on duty, other than when
    someone called in sick. As for overestimation or aborts - that's a
    common problem even today. Experience soon trims the waste to something
    tolerable, and the operators always seem to _look_ busy. ;-)

    Old guy

Similar Threads

  1. Replies: 2
    Last Post: 07-22-08, 09:06 AM
  2. Cable internet is slow on the mainline computer??
    By smalltapes in forum Broadband Tweaks Help
    Replies: 2
    Last Post: 02-06-08, 12:56 AM
  3. PWS.LDPinchIE and 1und1_Haxdoor
    By durfgooden in forum Network Security
    Replies: 2
    Last Post: 06-17-07, 09:46 AM
  4. Another hijackthis report
    By Tyron in forum Network Security
    Replies: 12
    Last Post: 06-15-07, 05:15 AM
  5. Please new to dsl and already having problem
    By weedancer in forum General Broadband Forum
    Replies: 46
    Last Post: 03-09-07, 05:23 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •