I'm wondering if someone would kindly me with what appears to be a
virus on my computer.
I turned on my computer yesterday, and all my bookmarks in Firefox
disappeared. Other oddities: I am receiving the error message:
"Error: LiveCode is not defined line:19", certain (but not all)
graphics on a webpage will not load and sometimes when they do the
resolution will be bad, spacing on the page will be off, font size will
be strange, etc. Another oddity--when I will click on a link of any
sort, or click on an e-mail message, etc., the page that comes up will
simply be blank. Things are running very slow overall.
I run Symantec Anti-Virus at all times, and have a firewall through
ZoneAlarm. I ran Ad-Aware and Spybot, and updated all. When no
viruses were detected, I downloaded AVG Anti-Virus, and Microsoft
Baseline Security Analyzer. So luck with these either. I've
uninstalled Firefox, and re-downloaded it again. Nada.
> 1. Rebuild your Firefox profile. This should fix the issue.
Ok
> 2. Uninstall Symantec AV and ZoneAlarm, this will protect your computer.
Less AV and less firewall = More protected?
I'm aware they create a false sense of securty for 0days and bespoke code,
but I think you are full of shit if you think that their removal improve
security.
All code has flaws. However, a software firewall (even with possible
vulnerabilities) is certainly better than a core o.s with NO firewall and
AV.
Don't believe this fool - get multiple AV's installed, then be careful what
you browse and open.
> 3. Stop wasting your time with all kinds of scanners for a problem that
> could hardly be related to malware.
I may be related to malware. It may not. Searching for it, and not finding
any (since it may slip under the radar) is certainly not a futile excercise.
Malware is detected more times than not. That's not to say you have no
malware, just that you have a higher probabilty of finding it if you look
for it.
Not looking for it, is akin to sticking your head in the sand.
Search, but always remain a liittle sceptical that nothing found does not
always equal nothing present.
Do not take this fools advice of no protection and no looking to keep
protected.
>> Less AV and less firewall = More protected?
>
> Generally yes. More code = more complexity = insecurity.
What nonsense. You seem to be mixing quality and quantity. One line of
vulnerable code is an insecurity. A million lines of non-vulnerable code is
secure. More code does not equal more complexity hence more insecurity.
Poorly written code is insecure. Well written code is not.
Having a good quality AV and firewall product prevents more issues than they
cause. Of course, a badly written one can introudce ADDITIONAL exploit
paths, however, not having one at all guarantees vulnerabilty in a o/s with
many dozens of high severity vulnerabilities, and many more to be found
before next patch tuesday.
> Beside that
> ZoneAlarm is no firewall.
It is a firewall - although I never stated it was a very good one.
> Even further, Symantec AV and ZoneAlarm have known unpatched security
> vulnerabilities that make the computer vulnerable in first place, and
> they're totally broken.
No - they make it vulnerable to those attacks which attempt to exploit them.
The vast majority of exploit and virus code is written to target the largest
available footprint. Whilst custom code can be used to fuck over certain av
and firewall products, the vast majority of this code targets core o.s or
browser vulnerabilities. As such, a user should focus their efforts on using
apps which can sit on top of the o/s and filter, block, detect and remove
such malware to reduce their exposure.
As I stated, they are not going to work on 0day code, or the latest bespoke
code - however, they are certainly better than none at all, contrary to your
assertion.
>> All code has flaws. However, a software firewall (even with possible
>> vulnerabilities) is certainly better than a core o.s with NO firewall and
>> AV.
>
> Wrong. Take a secure computer, install such a software, and now you made
> it
> insecure.
Of course - except there is no 'secure computer' in this context. M$, Linux,
Mac - all have code flaws which are exploitable. Having protection on top of
the o/s makes sense. Of course a badly designed app adds to the holes, but
the type and # of holes it brings are only relevant if they are commonly
targeted.
>> Don't believe this fool - get multiple AV's installed, then be careful
>> what
>> you browse and open.
>
> Believe whatever you want. Reality doesn't care for you unjustified
> believe
> in virus scanners.
The last time I checked, my PC was protected against several thousands of
viruses esp. those which use vulnerabilities to attain prividge escalation
or known holes to run. Any one of these viruses that attempts to run on my
PC will fail due to AV protection. Any PC without AV will not be stopped -
ACL's or no ACL's.
> Real protection against viruses is provided by ACLs, implementing a global
> no-exec policy and by not allowing automatic code execution.
Nonsense. I could login as run as guest and have o/s policies and setting in
place to limit the possibility of running certain code. This does NOTHING to
protect me against malicious code injected into a vulnerable app or via port
which fails to trap such code, and allows exploit as system. What the hell I
am logged in as, and ACLs and "a global no-exec policy" will do the square
root of fuck all to prevent a DCOM exploit, if I've got no AV, no vendor
patch and no firewall.
>>> 3. Stop wasting your time with all kinds of scanners for a problem that
>>> could hardly be related to malware.
>>
>> I may be related to malware. It may not.
>
> Default assumption: It is not related.
Wrong. Default assumption is to assume nothing, investigate everything.
>> Do not take this fools advice of no protection and no looking to keep
>> protected.
>
> Installing pseudo security stuff has nothing to do with protection.
For fear of banging my head against a brick wall - yes it does. Calling it
"pseudo security stuff" does not your case a valid one.
herbdove came up with this when s/he headbutted the keyboard a moment ago in
alt.computer.security:
> Hello all,
>
> I'm wondering if someone would kindly me with what appears to be a
> virus on my computer.
>
> I turned on my computer yesterday, and all my bookmarks in Firefox
> disappeared.
That's a bug I've seen before. And reported it.
> Other oddities: I am receiving the error message:
> "Error: LiveCode is not defined line:19",
Not sure what this is: possibly something you're missing in your system
configuration (.NET?)
> certain (but not all)
> graphics on a webpage will not load and sometimes when they do the
> resolution will be bad, spacing on the page will be off, font size will
> be strange, etc.
Misconfigured browser. I have mine set with small fonts (large fonts have a
tendency to mung the spacing not only between characters but between rows
as well - depends on how the page is coded), and images from the
originating site only. Stops a lot of the ads.
> Another oddity--when I will click on a link of any
> sort, or click on an e-mail message, etc., the page that comes up will
> simply be blank. Things are running very slow overall.
>
Very possibly a busted Firefox. Try another browser to see if the behaviour
is repeatable on that.
> I run Symantec Anti-Virus at all times,
My experience and observation: Symantec AV is most often at the top of the
list for malware to disable in any way it can before it delivers its
payload. A nineteen month old buffer overflow exploit (which still hasn't
been patched by Symantec) is a favourite vector. Once the exploit is
triggered, NIS/NAV simply stops working. Apart from that, NAV/NIS is a hog
anyway; you would be much better off using AVG and something like Panda AV,
along with Spybot S&D and Ad-Aware.Even those four programs have less of a
footprint than Symantec's offering, and you will notice a /dramatic/
difference in the responsiveness of your system. As for a softwall, use the
one provided with XP. It (surprisingly) does what it says on the tin. You
don't need Zonealarm or anything like that (which will most likely clash
horribly with XP's own firewall anyway). Remember, this is experience. Not
BS.
> and have a firewall through
> ZoneAlarm. I ran Ad-Aware and Spybot, and updated all. When no
> viruses were detected, I downloaded AVG Anti-Virus, and Microsoft
> Baseline Security Analyzer. So luck with these either. I've
> uninstalled Firefox, and re-downloaded it again. Nada.
>
> Any suggestions on how I should proceed?
>
> Thanks a million...
> matt
--
-*- Linux Desktops & Clustering Solutions -*- http://dotware.co.uk
-*- Registered Linux user #426308 -*- http://counter.li.org
-*- Linux is like a wigwam: no Windows, no Gates, and Apache inside.
-*- <discl mode="Boilerplate" />
Sebastian Gottschalk wrote:
[snip]
> Real protection against viruses is provided by ACLs, implementing a global
> no-exec policy and by not allowing automatic code execution.
by acls i imagine you're making a reference to least privilege... fred
cohen's early experiments with viruses demonstrate fairly unequivocally
that least privilege does not stop viruses... it is a speed bump, not a
road block - it will interfere with those viruses that were made with
the assumption of having admin access and that's about all...
as for trying to control execution, determining executable data from
non-executable data is undecidable in the general case...
they can be valuable additions to a defense in depth approach, but they
are not, by themselves, a solution to the virus problem...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
Sebastian Gottschalk wrote:
> kurt wismer wrote:
>
>> Sebastian Gottschalk wrote:
>> [snip]
>>> Real protection against viruses is provided by ACLs, implementing a global
>>> no-exec policy and by not allowing automatic code execution.
>> by acls i imagine you're making a reference to least privilege... fred
>> cohen's early experiments with viruses demonstrate fairly unequivocally
>> that least privilege does not stop viruses... it is a speed bump, not a
>> road block - it will interfere with those viruses that were made with
>> the assumption of having admin access and that's about all...
>
> ACLs that are set such all write access to binaries is denied will stop
> viruses totally: they can't spread.
you must have an interesting definition of 'binaries'...
>> as for trying to control execution, determining executable data from
>> non-executable data is undecidable in the general case...
>
> That's why such policies also have to be enforced by programs. If you allow
> the users to execute perl.exe, well, then you have a problem.
i'm sorry, i obviously wasn't clear... i meant undecidable in the
computational complexity sense of the word... the computer can't figure
such things out (which, by the way, is part of the reason why we 'tend'
to mark executable content with special file extensions in dos/windows
or execute flags under *nix)...
perl is not the only complicating factor, many tools are scriptable in
some sense these days... ms word or alternatively open office are
susceptible to viruses - are you going to disallow opening documents too?
>> they can be valuable additions to a defense in depth approach, but they
>> are not, by themselves, a solution to the virus problem...
>
> They are. Trivially.
it's interesting that you think a problem widely known to be unsolvable
has such a strait-forward solution...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
> Hello all,
>
> I'm wondering if someone would kindly me with what appears to be a
> virus on my computer.
>
> I turned on my computer yesterday, and all my bookmarks in Firefox
> disappeared. Other oddities: I am receiving the error message:
> "Error: LiveCode is not defined line:19", certain (but not all)
> graphics on a webpage will not load and sometimes when they do the
> resolution will be bad, spacing on the page will be off, font size will
> be strange, etc. Another oddity--when I will click on a link of any
> sort, or click on an e-mail message, etc., the page that comes up will
> simply be blank. Things are running very slow overall.
>
> I run Symantec Anti-Virus at all times, and have a firewall through
> ZoneAlarm. I ran Ad-Aware and Spybot, and updated all. When no
> viruses were detected, I downloaded AVG Anti-Virus, and Microsoft
> Baseline Security Analyzer. So luck with these either. I've
> uninstalled Firefox, and re-downloaded it again. Nada.
>
> Any suggestions on how I should proceed?
ZoneAlarm isn't the best choice in firewall, everyone has an opinion about
which one's the best but I've always preferred Kerio. It's never leaked
and doesn't slow down your computer. They charge for it now, but I have
the free one still available in our software section. You can set up rules
for it at shields up www.grc.com just say no when you establish rules for
the probes it will do towards your computer after you start the test.
Your problem may be malware and it may not. Try another scanner, there are
3 free ones up in our software section that have been given a high rating
by PC magazine. If you have the time, download and install a trial version
of a product called "the cleaner". It's from Moosoft and is specific to
trojans and worms, it's the best one on the market, but it's not free
Regards,
>
> Thanks a million...
> matt
--
Admin
* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels
> Indeed, it has. That's why you should wonder why so many people suggest
> totally incompetent, slow and dangerous solutions.
Ok - genius.
Take XP out of the box.
Detail the steps YOU claim you need to follow to secure this OS (and default
installed apps) from all vulnerabilities (known, and unknown), without using
a third party products....
I'm genuinely interested.
I suspect if you can script the steps or drop them all into single .msi then
the whole AV, firewall and malware industry will be instantly obsolete.
"Sunbelt Kerio Personal Firewall 4 can run in a free mode vs. a full
(paid) mode. Install it now, and for the first 30 days it will run in
'full' mode. After that, it shuts down selected features[1], but will
continue to run in 'free' mode"."
[1. ad blocking, web page filtering, cookie filtering; minor things that
modern browsers already do. <g>]
On Thu, 16 Nov 2006 19:32:47 GMT, Beauregard T. Shagnasty wrote:
> Admins wrote:
>
>> (Kerio) They charge for it now, but I have the free one still
>> available in our software section.
>
> Kerio works the same now as it did before Kerio sold it to Sunbelt.
> http://www.sunbelt-software.com/Kerio-Download.cfm
>
> "Sunbelt Kerio Personal Firewall 4 can run in a free mode vs. a full
> (paid) mode. Install it now, and for the first 30 days it will run in
> 'full' mode. After that, it shuts down selected features[1], but will
> continue to run in 'free' mode"."
>
> [1. ad blocking, web page filtering, cookie filtering; minor things that
> modern browsers already do. <g>]
Thanks for the information, at one point they had gone to a paid version
with a free trial that expired out, it's good to see the free product
version available again. They only charged $15 for the paid version when
they originally went that direction, but not everyone needs the extra
features
--
Admin
* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels
Sebastian Gottschalk wrote:
> kurt wismer wrote:
>
>> perl is not the only complicating factor, many tools are scriptable in
>> some sense these days... ms word or alternatively open office are
>> susceptible to viruses - are you going to disallow opening documents too?
>
> Let's see. Not just that you can disable macros based on certain
> conditions, these macro languages are not powerful enough to load arbitrary
> code. VBA for example uses Shell32::LoadLibraryEx() to load additional
> modules, which is already covered by Software Restriction Policies.
a) vba only applies to ms word, not to open office...
b) those were just the most mainstream examples of apps that can be
turned into operating environments for viruses - some more obscure
examples include amipro, matlab, and ida pro... again, those are just a
few more examples - i'll not post an exhaustive list because the apps
that fall into this category are legion...
c) even if it were actually possible to block execution of all
executable content in user writable areas (which i specify because you
would obviously need to still allow execution from system areas which
the user would presumably not have write access to) that would
necessarily impede with any ability the user might have otherwise had to
automate his/her tasks....
>>>> they can be valuable additions to a defense in depth approach, but they
>>>> are not, by themselves, a solution to the virus problem...
>>> They are. Trivially.
>> it's interesting that you think a problem widely known to be unsolvable
>
> Huh? It's a problem that is known to be trivially solvable.
according to which recognized expert in the field?
fred cohen's seminal work in the field revealed that the ability to
support viral programs is inherent to the general purpose computing
platform - meaning that there is no way to manipulate a general purpose
computer (or the os or policies enforced by it), short of making it not
a general purpose computer anymore, that will stop all possible viruses
from operating - ergo the problem is not solvable...
>> has such a strait-forward solution...
>
> Indeed, it has. That's why you should wonder why so many people suggest
> totally incompetent, slow and dangerous solutions.
the only thing i'm wondering is where you come up with some of the stuff
you post... i'm getting a strong sense that false authority syndrome is
at play here...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
> the only thing i'm wondering is where you come up with some of the stuff
> you post... i'm getting a strong sense that false authority syndrome is at
> play here...
>> Indeed, it has. That's why you should wonder why so many people suggest
>> totally incompetent, slow and dangerous solutions.
>
> Ok - genius.
>
> Take XP out of the box.
>
> Detail the steps YOU claim you need to follow to secure this OS (and
> default installed apps) from all vulnerabilities (known, and unknown),
> without using a third party products....
>
> I'm genuinely interested.
>
> I suspect if you can script the steps or drop them all into single .msi
> then the whole AV, firewall and malware industry will be instantly
> obsolete.
>
> I await your response....
Comptuer Virus Help 
Linear Mode
