Re: Malware detection

[Vic Vandal <vvandal () well com>]

Quotes and responses:

> > try a mixed solution of Microsoft Windows Security Essentials for servers and workstations to detect and eliminate

Besides the fact that Microsoft Windows Security Essentials can be a resource hog that brings numerous systems to their 
knees, it's not a very robust anti-malware solution.  In comparison to the top 5 or top 10, it will miss a LOT of 
infections.  It also has other false-positive issues, specifically related to Zeus, which is one of the malware items 
that Tony wanted to focus on.

> From late 2011:
"Some Chrome users reported persistent problems Monday related to Microsoft's Security Essentials and Forefront 
security products blocking--and in some cases, deleting--copies of the Google Chrome browser after labeling it as a 
"severe" threat. Microsoft had released an emergency update for the problem on Friday.
According to an update announcement from Microsoft, its products began "incorrect detection of Google Chrome as 
PWS:Win32/Zbot," which is another name for the password-stealing Trojan application known as Zeus, which is designed to 
harvest people's financial data."

Google Chrome = Zeus?  Wow!

> From the self-promoting post .sig:
> > CISSP, ITIL, CEH, MCT
Obviously throwing a bunch of acronyms behind one's name doesn't translate to wisdom.  I guess all advice needs to be 
taken with a grain of salt.  I don't mean to be a d*ck, but your advice is bad sir.

In closing, MS Security Essentials is not your best bet for identifying and defeating said malware.

Peace,
Vic,
CISSP, SSCP, HIJKLMNOP, etc. 
(cough, wink)

----- Original Message -----
From: Savvy95 () gmail com
To: security-basics () securityfocus com
Sent: Thursday, July 19, 2012 6:50:44 AM
Subject: Re: Re: Malware detection

My 2 cents.....

If you are not looking for a "large robust solution" and you have Windows, try a mixed solution of Microsoft Windows 
Security Essentials for servers and workstations to detect and eliminate, 

Windows inherent AppLocker for Windows 2008/Windows 7/Vista for whitelisting authorized apps. 

For Windows XP, try Microsoft SteadyState to "freeze" the machine configuration and any changes are automaticallly 
removed on reboot. Note: It's been discontinued since 2011 and support for XP will be too in the near future.

I hope you don't have Windows 98/ME/NT/2000 in your environment as there is no hope for you. ;-)

Security Essentials:http://www.microsoft.com/en-us/download/details.aspx?id=5201

Applocker (How to Guide): http://technet.microsoft.com/en-us/library/dd723686(v=WS.10).aspx

SteadyState (search for the download) there is also a reference document for all settings in SteadyState here: 
http://windowsteamblog.com/windows/b/springboard/archive/2010/09/27/steady-state-for-windows-7.aspx

You could use Microsoft System Center to what you want and more.

Good Luck

Glen Victor
CISSP, ITIL, CEH, MCT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------