Yes I know it is a valid tool but I suppose from managements perspective is that, how can I ask for a Hijackthis log. The customer will see trend and would say to himself, why dont I jsut buy Trend?
Printable View
Yes I know it is a valid tool but I suppose from managements perspective is that, how can I ask for a Hijackthis log. The customer will see trend and would say to himself, why dont I jsut buy Trend?
@ moxquito
This one is supposed to work with Vista:
http://www.pcworld.com/downloads/fil...scription.html
I have only used it with Win 2000 myself.
Hmm.. well looks like management needs to look at it's marketing approach..Quote:
Originally Posted by Cider
but then HJT is not a tool to leave in the hands of any user.. they have a bad habit of thinking everything HJT lists is bad.. and they remove it.. thinking that they know more than you...
Errrr,Quote:
The customer will see Trend and would say to himself, why don't I just buy Trend?
1. Trend don't sell HJT
2. Trend don't ship HJT with their products.
3. Trend don't support HJT.
4. HJT doesn't interface with any Trend products.
Having said that, I don't think that tier 1 helpdesk for an AV product should be messing around at that level of detail, and certainly not encouraging customers to run something as dangerous as HJT unsupervised. You really don't have the time for that?
Well even after all those comments, we have a number of malware cases pending at the moment and now one of the 3rd level technichans has asked for a HJT log.
One person says no cant use it, the other asks for it?
lol!
Cider,
This is a difficult one to call. On the one hand if there is new malware out there you want to find out about it. On the other hand the customer will probably not be too impressed that your product didn't detect/prevent it.
You have to consider the legal angle here? If you go to a site and it secretly loads some adware/spyware crap on your machine then you would detect that and offer to remove it (or just block it). However, there is still a fair amount of crapware that comes bundled with some P2P, application, or fancy screensaver. You have logged on as administrator and installed that without reading the small print. Even getting caught by loading warez may go undetected, unless it is known malware like a backdoor or trojan.
You do need to be very sure of your ground before branding some of this stuff "malware"
Most modern security suites have the option to scan for "potentially unwanted programs", "warnings" or whatever, but this seems to be turned off by default? perhaps your first move should be to advise the customer to turn it on, update, then do a full scan after rebooting into safe mode.
I suspect that you have something of a local problem over there in SA? given that your bandwidth is severely restricted.............. people will be less inclined to patch their OS and applications if they still seem to be working OK? Now, where you have an exploit using a vulnerability, you cannot really expect your security suite to spot that, as the vulnerability is a part of how the software is apparently supposed to work.
Which one is the more technically competent? :DQuote:
One person says no can't use it, the other asks for it?
That is exactly right Nihil - People dont patch their OS because they will use there monthly cap up. I know witht he blaster or sasser (the one which shutsdown) can be stopped by patching windows.
Try explain that to a customer :)
I am getting alot of this Windows antivirus 2008/9 with clients. I cant give them spybot but it always lands up as they installed another AV and it detected it, no problem.
I used Spybot on the machine here in the office and it cleaned and fixed it ...
Hmmmm,
I am told that Windows Defender will do the job. Haven't tried it yet as I haven't managed to obtain a copy of the scumware :( Normally I would describe it as "scareware" but this one has deliberate or inadvertent flaws in it that could result in your machine being owned. Trojan behaviour in my book.
http://www.microsoft.com/windows/pro...r/default.mspx
I would suggest you use the following script (once you are happy that it is Antivirus XP or Antivirus 2008):
"I am terribly sorry to hear about that Sir/Madam, and can tell you that Microsoft are aware of the problem. They have issued a free solution and will doubtless issue a patch for their operating systems in due course......... you do keep your operating system up to date don't you?" :lildevil: Then just send them to the link above.
You had better get clearance, and do not suggest it to someone running Windows 2000 (WD doesn't support it) or XP before SP2.
Do point out that security suites cannot distinguish some sorts of attack because they are operating system or application related, and cannot be distinguished from legitimate activity. ;)
HOLY CRAP...Quote:
Originally Posted by Cider
Sasser and MSBLASTER patches were part of SP2..(RPC and DCOM services) I thought many AV's didnt work with Pre SP2 now?
beside I have almost forgotten the last Blaster/Sasser infection I had seen..
If peop[le are concerned of their ISP caps.. then.. why not get the SP's on CD from MS.. or cheaper.. sometime PC Mags carry the officila MS SP CD on their cover...
The Idea of a any retailer, whatever it is, is to offer the client solutions..
Q: "hey i need a hole in the wall" -- A:"I will sell you a drill"
in this case if the client isn't running a patched system you can not sell them the full solution... it is like selling a parachute with only half the nylon sheeting..
YOU HAVE TO OFFER THE FULL SOLUTION..
If your company is selling and supporting a product.. you want the product look the best.. so if it means finding a way of providing the MS patches to provide minimum protection then so be it..
sort of shoots many AV providers in the foot.. not checking for basic level of patching.. bit like a car without a fuel gauge..
I spent part of this week training a group of salespeople ..not in sales but PC use.. biggest problem.. they would click on EVERY SINGLE POP UP and READ EVERY SINGLE EMAIL OPENING EVERY ATTACHMENT.. while we were locking down their local mail and blocking many questionable sites.. we didn't want to block Webmail.. so we had to train them .. was it easy? NO these guys are salesmen.. the dumbest of the dumb.
My point.. the biggest vulnerability was, is, and will continue to be.. the USER
True True
I will look into maybe sending out say SP2 + SP3 with our software. Im not usre of the legal implications though.