Security Basics mailing list archives
Re: Malware detection
From: Vic Vandal <vvandal () well com>
Date: Sun, 22 Jul 2012 21:31:08 -0700 (PDT)
Quotes and responses:
try a mixed solution of Microsoft Windows Security Essentials for servers and workstations to detect and eliminate
Besides the fact that Microsoft Windows Security Essentials can be a resource hog that brings numerous systems to their knees, it's not a very robust anti-malware solution. In comparison to the top 5 or top 10, it will miss a LOT of infections. It also has other false-positive issues, specifically related to Zeus, which is one of the malware items that Tony wanted to focus on.
From late 2011:
"Some Chrome users reported persistent problems Monday related to Microsoft's Security Essentials and Forefront security products blocking--and in some cases, deleting--copies of the Google Chrome browser after labeling it as a "severe" threat. Microsoft had released an emergency update for the problem on Friday. According to an update announcement from Microsoft, its products began "incorrect detection of Google Chrome as PWS:Win32/Zbot," which is another name for the password-stealing Trojan application known as Zeus, which is designed to harvest people's financial data." Google Chrome = Zeus? Wow!
From the self-promoting post .sig:CISSP, ITIL, CEH, MCT
Obviously throwing a bunch of acronyms behind one's name doesn't translate to wisdom. I guess all advice needs to be taken with a grain of salt. I don't mean to be a d*ck, but your advice is bad sir. In closing, MS Security Essentials is not your best bet for identifying and defeating said malware. Peace, Vic, CISSP, SSCP, HIJKLMNOP, etc. (cough, wink) ----- Original Message ----- From: Savvy95 () gmail com To: security-basics () securityfocus com Sent: Thursday, July 19, 2012 6:50:44 AM Subject: Re: Re: Malware detection My 2 cents..... If you are not looking for a "large robust solution" and you have Windows, try a mixed solution of Microsoft Windows Security Essentials for servers and workstations to detect and eliminate, Windows inherent AppLocker for Windows 2008/Windows 7/Vista for whitelisting authorized apps. For Windows XP, try Microsoft SteadyState to "freeze" the machine configuration and any changes are automaticallly removed on reboot. Note: It's been discontinued since 2011 and support for XP will be too in the near future. I hope you don't have Windows 98/ME/NT/2000 in your environment as there is no hope for you. ;-) Security Essentials:http://www.microsoft.com/en-us/download/details.aspx?id=5201 Applocker (How to Guide): http://technet.microsoft.com/en-us/library/dd723686(v=WS.10).aspx SteadyState (search for the download) there is also a reference document for all settings in SteadyState here: http://windowsteamblog.com/windows/b/springboard/archive/2010/09/27/steady-state-for-windows-7.aspx You could use Microsoft System Center to what you want and more. Good Luck Glen Victor CISSP, ITIL, CEH, MCT ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Malware detection, (continued)
- RE: Malware detection John Hebert (Jul 18)
- Message not available
- RE: Malware detection John Hebert (Jul 18)
- Message not available
- RE: Malware detection John Hebert (Jul 19)
- Re: Malware detection Stephanus J Alex Taidri (Jul 23)
- Re: Malware detection Vic Vandal (Jul 19)
- Re: Malware detection Tony (Jul 18)
- Re: Malware detection Vic Vandal (Jul 23)
- Re: Malware detection Jeffrey Walton (Jul 24)
- RE: Malware detection Eric Krumm (Jul 24)
- Re: Malware detection Vic Vandal (Jul 26)
- RE: Malware detection David Gillett (Jul 26)
- Re: Malware detection haZard0us (Jul 26)
- Re: Malware detection haZard0us (Jul 26)
- Re: Malware detection Jeffrey Walton (Jul 26)
- RE: Malware detection Glenn Duquette (Jul 26)
- Re: Malware detection haZard0us (Jul 27)