My wife just turned on her computer and up popped a window stating "You need
to download XXX to clean up your computer. You have visited adult sites."
Of course we did not download.
Now a) I don't use my wifes computer, and b) I don't visit A sites.
My wife is PO'd
We run Norton AV (always up to date), Trend Micro anti spyware and
Ad-Subtract plus firewall, so I am curious, what got through and how?
Sebastian Gottschalk wrote:
> Quercus Robur wrote:
>
>> My wife just turned on her computer and up popped a window stating "You need
>> to download XXX to clean up your computer. You have visited adult sites."
>> Of course we did not download.
>
>> Now a) I don't use my wifes computer, and b) I don't visit A sites.
>
> Why do you think this would be related anyway?
>
>> We run Norton AV (always up to date), Trend Micro anti spyware and
>> Ad-Subtract plus firewall, so I am curious, what got through and how?
>
> Why do you think this software could have changed anything?
>
>> What do I need to do, am running a full AV scan?
>
> You need to do what everyone would have to do: restore from the last
> uncompromised backup. Or flatten and rebuild.
>
> Why do you think an AV scan could reliably clean the system?
On Fri, 23 Mar 2007 09:41:09 +0100, Sebastian Gottschalk
<seppi@seppig.de> wrote:
>>> Why do you think an AV scan could reliably clean the system?
>>
>> Spyware S&D might be an easier solution.
>
>Or might not, since it's trivially no solution at all.
You're sure a big ball of encouragement, aren't you. I rarely see you
offer much in the form of a solution, but you are sure good at
criticizing others for their attempts at solutions.
From what I gather, you would only be happy if one installed only new,
shrink wrapped software on a brand new, freshly built system; never
connected to the Internet or any network; never loaded anyone else's
files to your system; and never left your system unattended for any
reason... ever! Then, you might reasonably expect to remain virus and
spyware free. Where's the fun in that? LOL.
Looking on the bright side of that solution. You'd never need to get
security updates, use an anti virus/spyware program or firewall.... :)
On Fri, 23 Mar 2007 12:33:06 +0100, Sebastian Gottschalk
<seppi@seppig.de> wrote:
>There is no fun in you drawing totally wrong conclusions.
>
>> Looking on the bright side of that solution. You'd never need to get
>> security updates, use an anti virus/spyware program or firewall.... :)
>
>And even that's wrong.
You've explained it so well! I stand corrected... I guess. :/ Anyway,
it's been fun here. :)
On Fri, 23 Mar 2007, in the Usenet newsgroup alt.computer.security, in article
<7aHMh.2050$f56.628@bgtnsc05-news.ops.worldnet.att.net>, Quercus Robur wrote:
>My wife just turned on her computer and up popped a window stating "You need
>to download XXX to clean up your computer. You have visited adult sites."
>Of course we did not download.
What rock have you been hiding under? This problem has only been around
for at least 6 years.
>Now a) I don't use my wifes computer, and b) I don't visit A sites.
c. Neither one of you have a clue about computers
>My wife is PO'd
Glad to hear it. Maybe it will give you some incentive to learn how to
configure your computer and disable unwanted services.
>We run Norton AV (always up to date), Trend Micro anti spyware and
>Ad-Subtract plus firewall, so I am curious, what got through and how?
You are running windoze, and microsoft thought this service might be
useful (in spite of the fact that the original service that has been
available on UNIX for several decades earlier - and was routinely
disabled just for this reason). They realize it's to hard for a dumb
user to figure out how to enable this crap if needed, so they enabled
it for you. Aren't you lucky.
>What do I need to do, am running a full AV scan?
Google for "messenger spam" and how to disable the service. It's some
item on a pull-down menu somewhere - you don't need third party software
to disable it.
| My wife just turned on her computer and up popped a window stating "You need
| to download XXX to clean up your computer. You have visited adult sites."
| Of course we did not download.
|
| Now a) I don't use my wifes computer, and b) I don't visit A sites.
|
| My wife is PO'd
|
| We run Norton AV (always up to date), Trend Micro anti spyware and
| Ad-Subtract plus firewall, so I am curious, what got through and how?
|
| What do I need to do, am running a full AV scan?
|
| Martin
|
Martin:
What is the EXACT message. Please include what "download XXX" really is.
If XXX is a URL, plesase obfuscate the URL by using hxxp:// instead of http:// in the
posted URL.
Quercus Robur wrote:
> My wife just turned on her computer and up popped a window stating "You need
> to download XXX to clean up your computer. You have visited adult sites."
....
QR that popup is itself the virus and a phish to get you to "download"!!!!
Do not respond to the popup.
I recommend SUPERantispyware and PCRescue and of course you
already have an antivirus for your email, right?
On Sat, 24 Mar 2007 13:44:05 -0400, Rick Merrill wrote:
> Quercus Robur wrote:
>> My wife just turned on her computer and up popped a window stating "You need
>> to download XXX to clean up your computer. You have visited adult sites."
> ...
>
> QR that popup is itself the virus and a phish to get you to "download"!!!!
>
> Do not respond to the popup.
>
> I recommend SUPERantispyware and PCRescue and of course you
> already have an antivirus for your email, right?
>
Does anyone else tire of the "Anti-spyware, anti-virus, anti-adware"
mantra? :-)
Of course, those are regular components of daily life for Windows users,
so I guess it doesn't really matter if they tire of it or not. It is
still a pain.
All you really need are a pop-up blocker (Firefox has one built-in that is
reasonably good--and you can pretty easily get an ad-blocker for it, too,
that prevents a good deal more of crud from being able to get in), a
decent anti-virus program (AVG Free does a decent job and also detects
many types of malware), and HijackThis, which is a Windows utility to help
find things that have installed themselves into places like the Windows
registry.
You can eliminate two-thirds of that stuff if you don't use DOS or Windows,
by the way. (DOS viruses are pretty much out of circulation, but they are
still possible.)
On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
> All you really need are a pop-up blocker (Firefox has one built-in that is
> reasonably good--and you can pretty easily get an ad-blocker for it, too,
> that prevents a good deal more of crud from being able to get in), a
> decent anti-virus program (AVG Free does a decent job and also detects
> many types of malware), and HijackThis, which is a Windows utility to help
> find things that have installed themselves into places like the Windows
> registry.
All you really need is to secure the machine and install a firewall for
the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
FTP sessions and 99% of the Windows people will be free from trouble.
On Sun, 25 Mar 2007 09:14:14 -0500, Leythos wrote:
> On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
>
>> All you really need are a pop-up blocker (Firefox has one built-in that is
>> reasonably good--and you can pretty easily get an ad-blocker for it, too,
>> that prevents a good deal more of crud from being able to get in), a
>> decent anti-virus program (AVG Free does a decent job and also detects
>> many types of malware), and HijackThis, which is a Windows utility to help
>> find things that have installed themselves into places like the Windows
>> registry.
>
> All you really need is to secure the machine and install a firewall for
> the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
> FTP sessions and 99% of the Windows people will be free from trouble.
>
Software firewalls aren't that effective, particularly when they are
running on the machine that they're designed to protect. If one must run
Windows, all that is really needed is a little bit of thought and the three
programs that I mentioned above. Most Windows users are sitting behind a
NAT, which takes care of blocking incoming connections, and those that
aren't behind a NAT, probably should be.
Also, you can't really filter HTTPS through a firewall. You would need a
proxy for that, because all the firewall would see is a stream of
encrypted packets. Systems should be secure enough, anyway, to not
require filtration of the protocols that people use on the
Internet, anyway.
On Sun, 25 Mar 2007 09:23:59 -0500, Michael B. Trausch wrote:
> On Sun, 25 Mar 2007 09:14:14 -0500, Leythos wrote:
>
>> On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
>>
>>> All you really need are a pop-up blocker (Firefox has one built-in that is
>>> reasonably good--and you can pretty easily get an ad-blocker for it, too,
>>> that prevents a good deal more of crud from being able to get in), a
>>> decent anti-virus program (AVG Free does a decent job and also detects
>>> many types of malware), and HijackThis, which is a Windows utility to help
>>> find things that have installed themselves into places like the Windows
>>> registry.
>>
>> All you really need is to secure the machine and install a firewall for
>> the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
>> FTP sessions and 99% of the Windows people will be free from trouble.
>>
>
> Software firewalls aren't that effective, particularly when they are
> running on the machine that they're designed to protect. If one must run
> Windows, all that is really needed is a little bit of thought and the three
> programs that I mentioned above. Most Windows users are sitting behind a
> NAT, which takes care of blocking incoming connections, and those that
> aren't behind a NAT, probably should be.
You misunderstood - I don't consider software solutions running on
non-dedicated servers to be firewalls. I was speaking of a firewall
appliance, although I could have better stated that.
NAT appliances don't filter HTTP, HTTPS, SMTP, POP3 or FTP content, but a
firewall with those as proxy services can remove content.
> Also, you can't really filter HTTPS through a firewall. You would need a
> proxy for that, because all the firewall would see is a stream of
> encrypted packets. Systems should be secure enough, anyway, to not
> require filtration of the protocols that people use on the
> Internet, anyway.
Many firewalls have HTTPS proxy services, but you are completely correct,
most would not be able to filter content in HTTPS.
On Sun, 25 Mar 2007 09:30:39 -0500, Leythos wrote:
> On Sun, 25 Mar 2007 09:23:59 -0500, Michael B. Trausch wrote:
>
>> On Sun, 25 Mar 2007 09:14:14 -0500, Leythos wrote:
>>
>>> On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
>>>
>>>> All you really need are a pop-up blocker (Firefox has one built-in that is
>>>> reasonably good--and you can pretty easily get an ad-blocker for it, too,
>>>> that prevents a good deal more of crud from being able to get in), a
>>>> decent anti-virus program (AVG Free does a decent job and also detects
>>>> many types of malware), and HijackThis, which is a Windows utility to help
>>>> find things that have installed themselves into places like the Windows
>>>> registry.
>>>
>>> All you really need is to secure the machine and install a firewall for
>>> the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
>>> FTP sessions and 99% of the Windows people will be free from trouble.
>>>
>>
>> Software firewalls aren't that effective, particularly when they are
>> running on the machine that they're designed to protect. If one must run
>> Windows, all that is really needed is a little bit of thought and the three
>> programs that I mentioned above. Most Windows users are sitting behind a
>> NAT, which takes care of blocking incoming connections, and those that
>> aren't behind a NAT, probably should be.
>
> You misunderstood - I don't consider software solutions running on
> non-dedicated servers to be firewalls. I was speaking of a firewall
> appliance, although I could have better stated that.
>
My bad. Sometimes, the vernacular usage of terms makes things hard to
communicate about. :-) It seems that most people that discuss firewalls
today mean something like ZoneAlarm or the "firewall" in Windows XP SP2,
which is really nothing but a stumbling block in the way of getting to the
core of the system, and even sometimes such systems are helpful to
crackers, as opposed to hindrances.
Personally, I don't run any of the software that I mentioned above. Then
again, I also do not use Windows, and I try to not use passwords when
possible as authentication. For example, I can go anywhere on my own
network that I want to go, so long as I provide a key. But I can't get
into my accounts by password--nor would I really want to. Given the
strength of today's computers, passwords are relatively trivial to crack.
NAsty Message 
Linear Mode
