Viruses vs Antiviruses

Ask questions and give answers about computers, mobile devices, game boxes, PC security and all manner of geeky stuff.
Post Reply
User avatar
yogi
Posts: 8742
Joined: 14 Feb 2015, 21:49

Viruses vs Antiviruses

Post by yogi »

Security has long been the main topic of criticism about Microsoft's Windows product. I've grown to ignore their feeble attempts in the past and found ways to get by without any direct AV detection installed outside of what MS forces upon me. The criticism has been excessive in my opinion especially that coming from the Linux community, but for the most part security has not been give the attention it should have until recent years. I won't speak to Linux this time, but I can say that with Windows 10 security has taken a turn for the better.

Now that I have replaced Windows 7 with Windows 10 I'm experiencing some security issues I never saw before. There are some programs that are classified as "Potentiality Unwanted Programs" or PUP's. These are not intentionally malicious programs, but they can do things Microsoft, and others, would question the validity of doing. One such item is a scanner I have installed to read the Procuct ID of the license for my Windows installation. It's obvious why Microsoft would classify it as a PUP, but I have needed that information more than once and never removed the program. So, when I updated the software Windows Defender objected. We battled it out for quite a while and I finally found the settings which allow suspicious programs and activities to run. The problem detecting all these PUP's only shows up when I do backups. Windows does not want to copy anything it thinks is malicious. It might even remove it and quarantine it if it thinks it's really bad. All this is a good thing for people who are not hacks, unlike me. I congratulate Microsoft for their efforts. I just need to find a way to make them back off when I don't want to be protected.

But, then, there are times when I should pay closer attention.

I keep copies of this website, and it's two sisters, safely stashed away on an auxiliary encrypted data hard drive. As you must know from past experiences I often crash the site and shut it down completely when I run into problems updating the software. That is when these backup copies of the site come in handy. From time to time I make backup copies of these website backups. I can't say enough about the value of redundancy. I've not done that since I upped the version of Windows from 7 to 10 on this computer. So a few days ago I got around to backing up the backups and received an error message from Windows Defender. It quarantined two files I had been safely saving for nearly a year. These two files were .html index pages from one of the archive websites I maintain. It classified the threat as severe which raised my eyebrows. Normally a PUP is just a nuisance, but this time I was being warned, protected, and quarantined.

The long and the short of it is that the two files were indeed infected with a few viruses. Let me tell you, it's not easy to extract any information from Windows Defender nor is it easy to stop it from quarantining what it doesn't like. I tried to do both but failed. Eventually I downloaded the files in question from the server and sent them up to VirusTotal, which is an online virus checker. It's not that I didn't trust Microsoft ... well, I didn't. But, lo and behold they were right. These two files were severely infected.

I probably should not be writing about all this because that means those infected files have been on the server for the better part of a year. Fortunately they were in an archive which doesn't get very much traffic. The same files on this site are clean, which makes me wonder why they bothered to infect the archive but not the main site. Regardless, it's all cleaned up now, thanks to Micorsoft's Defender antivirus program that I can't shut off or stop in any way.

So, yeah, they are getting serious about security. I am impressed.
User avatar
Kellemora
Posts: 6297
Joined: 16 Feb 2015, 17:54

Re: Viruses vs Antiviruses

Post by Kellemora »

Wow! Yes, I agree, it is great they found it for you. A shame they don't tell you why, so you have to go digging.
It does seem odd that html index pages would get a virus, unless it is something that would redirect to rogue website.
Nevertheless, it is great that your new Windows install caught it for you.
They are making progress! And that is always a good thing.

With everybody and their brother having apps made for folks to upload to their schmartz-fonz, they are going to be the new source for hackers to get into your phone first, and then into computers the phones are linked to via WiFi or Bluetooth or whatever.
I'm always hearing about folks getting problems with their phones after using a public access charger port to charge their phone, and or laptop. I guess because of this, is why so many places now have those no-plug chargers you just lay your phone on top of, if your phone is equipped with that type of charger. But I"m sure some hacker somewhere will figure out how to load a virus through the magnetic field of the charger before long, hi hi.
User avatar
yogi
Posts: 8742
Joined: 14 Feb 2015, 21:49

Re: Viruses vs Antiviruses

Post by yogi »

It's kind of spooky. I download all the system files of all three websites related to Brainformation, but I never check them for viruses. One reason for that is because it's a LINUX server and supposedly safe. The phpBB code won't run on Windows directly which is probably why it never infected anything here in the Command and Control Center. Plus, the drive on which I store these website files is basically data only and not active. It's encrypted going in, but not outbound so that anything that did manage to run from inside the encrypted drive could do some serious damage. Windows Defender software doesn't bother checking anything that is not system related unless I specifically configure it to do so each time. The amazing part of this whole scenario is that Windows 10 would not even copy these files to my Linux based NAS. Apparently it checks files coming and going. Amazing.

I don't think malicious actors are abandoning desktops or laptops, but the emphasis surely is upon mobile devices. That' is where all the credit card information is and those various pay points from Google, Apple, and Microsoft are located. Mobile devices are today's low hanging fruit for the world's bad actors. It's true that most of them are connected to home networks via WiFi, but as I say the pay dirt is on the phone itself inside that SIM chip.

And, I'm not surprised to see index pages infected, particularly not the two I found. These two index pages served images for the avatars and the emoji. While I never looked up what the infection is intended to do, my guess is that it uses the images to carry the infection to remote computers. Well, the only people that look at those archived sites are the search engines. I doubt that they look at images, but even if they do it's no big deal if they get infected.
User avatar
Kellemora
Posts: 6297
Joined: 16 Feb 2015, 17:54

Re: Viruses vs Antiviruses

Post by Kellemora »

I have a couple of tools I use on my computer which I know are 100% virus free. But all virus checkers will claim they are a virus, hi hi. Now I do know that bad people will take that code, add a virus to it, and then post it on-line for people to download. That's one good reason you should always get your downloads directly from the provider or from a repository you can trust.
I know one of the programs I have for Debi to use on her computer is virus free also, but I warn her and anyone else who asks what Debi uses to never download a copy off the web, because 100% of the out there are all embedded with all kinds of nasty stuff, hi hi.

Yeppers, the bad people will go after what will get them the most return for their time and energy.
But then there are some out there with all the time in the world and are just malicious period.
User avatar
yogi
Posts: 8742
Joined: 14 Feb 2015, 21:49

Re: Viruses vs Antiviruses

Post by yogi »

I'm sure you know that any single AV program is not enough to catch everything. While this is a well known fact, most AV vendors will tell you not to mix programs. Only install one at a time on your computer in order to avoid conflicts. Well I have zero AV programs installed, but I do have a couple malware checkers that look for things that are not necessarily virus related. When I download a file off the internet, and especially from an e-mail, I use a web version of a service called Virus Total Upload. This site will take your uploaded files (executables or not) and run them through 64 different virus checking programs. False positives are not uncommon, but if I see more than two I trash the download. The files which are the topic of this thread failed something like 48 of those checks and listed what was found. The interesting thing is that at least a dozen of them didn't find any problems. I also download a trusted AV source program that changes signatures several times a day. This one can be run locally or from a live CD. I use the live CD version just to make sure the program will indeed run unaffected by whatever is on my machine. I also have a utility that will examine all the running processes to see if they are clean. This won't find any hidden Trojans, for example, but it will tell me if something is spying on me without my knowledge.

Windows 11 has a walled off sandbox built into it. This is a subsystem that isolates itself from everything else on the computer. Nothing is in that space to begin with. If I want to be absolutely safe and secure about checking a downloaded file, I would start up that subsystem, download a browser and install it in the sand box, then use the browser to download the suspect file. From there I can run the online virus check. The beauty of this sandbox is that once I'm done checking out suspicious websites or downloads, I turn off the sandbox and it's all gone without a trace. So, even if the sandbox gets infected, it gets eliminated in the end.
User avatar
Kellemora
Posts: 6297
Joined: 16 Feb 2015, 17:54

Re: Viruses vs Antiviruses

Post by Kellemora »

I don't run any AV programs either.
Even took the ones off my wife's computer because it really slowed it down at times when it shouldn't have.
I do have Clam AV, but rarely if ever run it.

Back when I used to download things to try out, I did so on a different computer than my daily use computer.
All that was on it was the OS, which I had a ISO of how I had it set up. So if I did get something, I could just reformat the drive and reinstall from the ISO I made. Been many years since I did that, because I only load from a trusted repository now.
Post Reply