|
-
August 13th, 2008, 11:55 AM
#11
Yes I know it is a valid tool but I suppose from managements perspective is that, how can I ask for a Hijackthis log. The customer will see trend and would say to himself, why dont I jsut buy Trend?
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 13th, 2008, 12:46 PM
#12
@ moxquito
This one is supposed to work with Vista:
http://www.pcworld.com/downloads/fil...scription.html
I have only used it with Win 2000 myself.
-
August 14th, 2008, 12:05 AM
#13
 Originally Posted by Cider
Yes I know it is a valid tool but I suppose from managements perspective is that, how can I ask for a Hijackthis log. The customer will see trend and would say to himself, why dont I jsut buy Trend?
Hmm.. well looks like management needs to look at it's marketing approach..
but then HJT is not a tool to leave in the hands of any user.. they have a bad habit of thinking everything HJT lists is bad.. and they remove it.. thinking that they know more than you...
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 14th, 2008, 09:25 AM
#14
The customer will see Trend and would say to himself, why don't I just buy Trend?
Errrr,
1. Trend don't sell HJT
2. Trend don't ship HJT with their products.
3. Trend don't support HJT.
4. HJT doesn't interface with any Trend products.
Having said that, I don't think that tier 1 helpdesk for an AV product should be messing around at that level of detail, and certainly not encouraging customers to run something as dangerous as HJT unsupervised. You really don't have the time for that?
-
August 14th, 2008, 09:44 AM
#15
Well even after all those comments, we have a number of malware cases pending at the moment and now one of the 3rd level technichans has asked for a HJT log.
One person says no cant use it, the other asks for it?
lol!
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 14th, 2008, 12:05 PM
#16
Cider,
This is a difficult one to call. On the one hand if there is new malware out there you want to find out about it. On the other hand the customer will probably not be too impressed that your product didn't detect/prevent it.
You have to consider the legal angle here? If you go to a site and it secretly loads some adware/spyware crap on your machine then you would detect that and offer to remove it (or just block it). However, there is still a fair amount of crapware that comes bundled with some P2P, application, or fancy screensaver. You have logged on as administrator and installed that without reading the small print. Even getting caught by loading warez may go undetected, unless it is known malware like a backdoor or trojan.
You do need to be very sure of your ground before branding some of this stuff "malware"
Most modern security suites have the option to scan for "potentially unwanted programs", "warnings" or whatever, but this seems to be turned off by default? perhaps your first move should be to advise the customer to turn it on, update, then do a full scan after rebooting into safe mode.
I suspect that you have something of a local problem over there in SA? given that your bandwidth is severely restricted.............. people will be less inclined to patch their OS and applications if they still seem to be working OK? Now, where you have an exploit using a vulnerability, you cannot really expect your security suite to spot that, as the vulnerability is a part of how the software is apparently supposed to work.
One person says no can't use it, the other asks for it?
Which one is the more technically competent? 
-
August 14th, 2008, 02:08 PM
#17
That is exactly right Nihil - People dont patch their OS because they will use there monthly cap up. I know witht he blaster or sasser (the one which shutsdown) can be stopped by patching windows.
Try explain that to a customer 
I am getting alot of this Windows antivirus 2008/9 with clients. I cant give them spybot but it always lands up as they installed another AV and it detected it, no problem.
I used Spybot on the machine here in the office and it cleaned and fixed it ...
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 14th, 2008, 03:27 PM
#18
-
August 15th, 2008, 12:45 AM
#19
Originally Posted by Cider
That is exactly right Nihil - People dont patch their OS because they will use there monthly cap up. I know witht he blaster or sasser (the one which shutsdown) can be stopped by patching windows.
...
HOLY CRAP...
Sasser and MSBLASTER patches were part of SP2..(RPC and DCOM services) I thought many AV's didnt work with Pre SP2 now?
beside I have almost forgotten the last Blaster/Sasser infection I had seen..
If peop[le are concerned of their ISP caps.. then.. why not get the SP's on CD from MS.. or cheaper.. sometime PC Mags carry the officila MS SP CD on their cover...
The Idea of a any retailer, whatever it is, is to offer the client solutions..
Q: "hey i need a hole in the wall" -- A:"I will sell you a drill"
in this case if the client isn't running a patched system you can not sell them the full solution... it is like selling a parachute with only half the nylon sheeting..
YOU HAVE TO OFFER THE FULL SOLUTION..
If your company is selling and supporting a product.. you want the product look the best.. so if it means finding a way of providing the MS patches to provide minimum protection then so be it..
sort of shoots many AV providers in the foot.. not checking for basic level of patching.. bit like a car without a fuel gauge..
I spent part of this week training a group of salespeople ..not in sales but PC use.. biggest problem.. they would click on EVERY SINGLE POP UP and READ EVERY SINGLE EMAIL OPENING EVERY ATTACHMENT.. while we were locking down their local mail and blocking many questionable sites.. we didn't want to block Webmail.. so we had to train them .. was it easy? NO these guys are salesmen.. the dumbest of the dumb.
My point.. the biggest vulnerability was, is, and will continue to be.. the USER
Last edited by Und3ertak3r; August 15th, 2008 at 12:51 AM.
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 15th, 2008, 08:39 AM
#20
True True
I will look into maybe sending out say SP2 + SP3 with our software. Im not usre of the legal implications though.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
Similar Threads
-
By billy786 in forum The Security Tutorials Forum
Replies: 2
Last Post: June 21st, 2008, 07:51 PM
-
By alakhiyar in forum The Security Tutorials Forum
Replies: 1
Last Post: December 17th, 2006, 11:31 AM
-
By jinxy in forum AntiVirus Discussions
Replies: 0
Last Post: June 2nd, 2004, 01:33 AM
-
By thehorse13 in forum AntiVirus Discussions
Replies: 3
Last Post: May 23rd, 2003, 01:35 PM
-
By khakisrule in forum The Security Tutorials Forum
Replies: 7
Last Post: July 10th, 2002, 02:34 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Normally I would describe it as "scareware" but this one has deliberate or inadvertent flaws in it that could result in your machine being owned. Trojan behaviour in my book.
Then just send them to the link above.