|
pixaal posted:Sounds like it only helps people that already were infected, unless it picks from a limited list of keys instead of generating a fresh one every time. If there is a limited pool all it takes is an updated version with a new pool and things are right back to square one. Yeah but all the previous victims in the history of the malware being able to get their stuff back is quite significant (as long as they kept backups of the files they didn't back up to get into that mess)
|
#
?
Aug 6, 2014 14:45
|
|
|
|
| # ? Jun 3, 2024 12:25 |
|
|
Surprised crytolocker only netted ~3million
|
|
#
?
Aug 6, 2014 14:54
|
|
|
Is there any way to safely scan a USB device before it has a chance to install all sorts poo poo into a computer? I have autoplay disabled on Windows 7, if that helps. I know that it came out that USB has unblockable firmware vulnerabilities, but I'm assuming those aren't in the wild yet (hopefully) and there's really not a lot I can do about it, so for now I'm just worried about regular malware.
|
|
#
?
Aug 8, 2014 18:35
|
|
|
If autoplay is disabled, then you can safely plug in and scan.
|
|
#
?
Aug 8, 2014 21:24
|
|
|
run it in a VM? I believe virtualbox will automatically capture certain devices, but I suppose Khablam is right that if it's not autoplaying it can't hurt you.
|
|
#
?
Aug 9, 2014 09:14
|
|
|
Khablam posted:If autoplay is disabled, then you can safely plug in and scan. This is wrong. The current security issue with USB is that the hardware controller trusts any device that is plugged in to be what is says it is. The 'hack' involves changing the firmware on a USB device so that it claims to be a device it isn't. The example given is that you could modify a memory stick to also claim to be a keyboard. This would allow it to push keystrokes into the operating system (say, open a command prompt and download and run something) or pull keystrokes out of the system. Another example is that a keyboard could be modified to log all keys pressed, and then dump that log on request to a piece of malware. The malware doesn't need to be installed in the system, if the USB device has enough firmware space, it could be included there, loaded on command, and report all your keystrokes, without ever running for more than a few seconds. You'd never notice, and A/V would never catch it. The root cause here is that USB devices have generic hardware that is tailored to a specific function by firmware that is loaded at the factory, but nothing prevents new firmware from being placed on the device that changes the function radically. It doesn't matter what steps you take at the operating system level, as long as USB is enabled, this will be a risk.
|
|
#
?
Aug 10, 2014 00:05
|
|
|
His question was exempting USB firmware level infections and just asking about file poo poo
Proud Christian Mom fucked around with this message at 00:18 on Aug 10, 2014 |
|
#
?
Aug 10, 2014 00:14
|
|
|
While file previews exist the answer is still wrong.
|
|
#
?
Aug 10, 2014 01:09
|
|
|
Wiggly Wayne DDS posted:While file previews exist the answer is still wrong. Are you confusing windows file preview and outlook file preview? The only example of malware getting off a USB stick without user action / autorun is Stuxnet, which is hardly typical as it is nation-state level espionage. It was a one-shot deal too, since the vulnerability is patched. Besides, I never suggested it was safe to rummage around on the drive, it's safe enough to connect in order to right click and scan, though.
|
|
#
?
Aug 10, 2014 11:10
|
|
|
Khablam posted:Are you confusing windows file preview and outlook file preview? You may have missed the article that I linked. As he mentioned, the issue is all USB devices and their firmware are trusted by default. It has nothing to do with the files on the device, but rather the firmware, which can be modified to inject malicious code on to a machine.
|
|
#
?
Aug 10, 2014 11:29
|
|
|
psydude posted:You may have missed the article that I linked. As he mentioned, the issue is all USB devices and their firmware are trusted by default. It has nothing to do with the files on the device, but rather the firmware, which can be modified to inject malicious code on to a machine. The question specifically asked for an answer, assuming that the firmware exploit isn't in the wild / hasn't gotten past proof-of-concept. I suspect kernels will start getting patches for the way they interface with USB devices before we see anything in the wild, but that's just an assumption.
|
|
#
?
Aug 10, 2014 12:38
|
|
|
Khablam posted:The question specifically asked for an answer, assuming that the firmware exploit isn't in the wild / hasn't gotten past proof-of-concept. I assume it is already being used for targeted attacks, and would not be surprised if it has for a long time.
|
|
#
?
Aug 10, 2014 14:07
|
|
|
KennyTheFish posted:I assume it is already being used for targeted attacks, and would not be surprised if it has for a long time. Possibly maybe. Stuxnet afterall, used 3 or 4 then-unknown flaws to deliver it's payload, so the general assumption should always be a determined attacker with a large budget (i.e. national-level espionage) will always have something under their hat to use. Still, that's not in the wild and only time will tell whether patching systems to stop code being executed from USB firmware is trivial, or would break compatibility, or whether we meet somewhere in the middle and it's a new ground for a exploit-vs-host arms race.
|
|
#
?
Aug 10, 2014 15:24
|
|
|
If I'm gonna drop money on one anti-virus, which goon recommended one should it be?
|
|
#
?
Aug 13, 2014 23:26
|
|
|
IIRC, Kapersky consistently gets very high rankings in comparisons. Wait for a second opinion, though.
|
|
#
?
Aug 13, 2014 23:59
|
|
|
EoRaptor posted:This is wrong. Yup. Like so. https://hakshop.myshopify.com/collections/usb-rubber-ducky/products/usb-rubber-ducky-deluxe
|
|
#
?
Aug 14, 2014 00:40
|
|
|
89 posted:If I'm gonna drop money on one anti-virus, which goon recommended one should it be? microsoft security essentials
|
|
#
?
Aug 14, 2014 03:36
|
|
|
http://lifehacker.com/microsoft-admits-that-third-party-antivirus-is-more-eff-1441135677
|
|
#
?
Aug 14, 2014 03:45
|
|
|
89 posted:If I'm gonna drop money on one anti-virus, which goon recommended one should it be? Probably Kaspersky or Bitdefender. AV Comparatives has both of them towards the top in terms of detection. AV Test, if you click on home user, has them both at the top in terms of performance too. Just keep an eye on sales and you can save some bucks. Strike Hold posted:http://lifehacker.com/microsoft-admits-that-third-party-antivirus-is-more-eff-1441135677 Bitdefender Free is the new MSE to me. Runs on old computers quite well, free, not a lot of moving parts to confuse regular folks, tests well.
|
|
#
?
Aug 14, 2014 06:07
|
|
|
BitDefender is okay so long as you never uninstall it. It's de-install process leaves something on the boot sector that will stop Windows from booting. I've had to reformat two different computers due to this.
|
|
#
?
Aug 14, 2014 14:18
|
|
|
Cactus Jack posted:
I'll check that out, thanks!
|
|
#
?
Aug 14, 2014 15:56
|
|
|
I used that inexpensive lifetime purchase to get Malwarebytes when I learned that MSE basically totally sucks and isn't even really all that actively updated anymore. Is Malwarebytes poo poo? I'm fine finding a different thing, and I've got a solid "prosumer" router that has proven extremely resilient, and of course I've got my browser kitted out with every script blocking and manipulation tool that it can elegantly fit (also I try not to be a loving idiot on the internet, that helps). I also keep Secunia running, and thank goodness as it let me know about several java weaknesses well before anyone else did (or, thankfully, before I got drive-by worm'd or something thanks to needing loving java on this system in the first place). My comp is not easily accessible to others, and I don't plug in random USB drives... And, yes, I do keep regular backups. Long story short, I'm tryin' here! And so far, it's worked, no infections or rootkits or anything since about 2006, which given the amount of zero-days and the fact that the time period involved the shift away from AVG as the default recommendation toward MSE and then away from THAT too, to nearly anything else apparently... I feel tentatively as though I'm taking appropriate steps for Just A Person (I can't claim anymore to be active in on-site restoration, last time I did that was in like 2012). But if my anti-malware software is poo poo, and I should switch immediately, well I guess I'm out $25 on Malwarebytes - and I'd rather that than end up getting screwed over, if possible. It's a tough spot to have to do your thing on an outward facing computer in the first place, I'd at least like to be able to say that I'm taking all reasonable precautions given the circumstances. Thanks very much anyone who can tell me if I've made a mistake and should correct it to Bitdefender or something like that. Agreed fucked around with this message at 18:13 on Aug 14, 2014 |
|
#
?
Aug 14, 2014 18:09
|
|
|
I also jumped the MSE ship, but to the free version of Avast! It seemed significantly better while still being unobjectionable. It's more focused on a good boundary than detection of an existing infection, so if you use it, it's a good idea to keep MalwareBytes around and a crisis kit for those times when your Linux ISOs come with fun freebies. If I were to pay, I'd pay for Kapersky (unless something better comes along).
|
|
#
?
Aug 14, 2014 18:36
|
|
|
Ynglaur posted:BitDefender is okay so long as you never uninstall it. It's de-install process leaves something on the boot sector that will stop Windows from booting. I've had to reformat two different computers due to this. Odd, I've never seen that. Were you using their removal tool when you got rid of it?
|
|
#
?
Aug 14, 2014 23:40
|
|
|
Cactus Jack posted:Odd, I've never seen that. Were you using their removal tool when you got rid of it? Haha, whoops. I'm gonna go out on a limb and guess not.
|
|
#
?
Aug 15, 2014 00:18
|
|
|
Strike Hold posted:http://lifehacker.com/microsoft-admits-that-third-party-antivirus-is-more-eff-1441135677 What she was trying to convey, is that if MS provide 3rd party vendors with everything they know (they do) then the beneficial output from that, is you should see every 3rd party vendor at least bringing MSE-level protection forward, with whatever proprietary methods they develop as a supplement. Gawker media and a PC rag read this as "MS says MSE is poo poo". MSE is the worst, but that's another story. Bitdefender free is honestly brilliant for a install-and-forget AV. Avast! is a little more robust at the expense of semi-regular popups. A lot can be turned off though, and if you need it to not annoy you, you can right click the icon and put it in gaming mode.
|
|
#
?
Aug 15, 2014 01:16
|
|
|
Go into settings and set permanent gaming/silent mode, and Avast turns into a set-it-and-forget-it. Except for the yearly re-ups of the free license.
|
|
#
?
Aug 15, 2014 01:22
|
|
|
Factory Factory posted:Go into settings and set permanent gaming/silent mode, and Avast turns into a set-it-and-forget-it. Except for the yearly re-ups of the free license. I had an issue where my Avast would update definitions just fine, but the program would not update until I turned off gaming mode. Just something to keep an eye on I guess.
|
|
#
?
Aug 15, 2014 01:44
|
|
|
Cactus Jack posted:I had an issue where my Avast would update definitions just fine, but the program would not update until I turned off gaming mode. Just something to keep an eye on I guess. For those kinds of issues, I install Secunia PSI, since it will let you know if your programs need to be updated. I think it + AdBlock + safe browsing habits are better than any antivirus program will ever be.
|
|
#
?
Aug 15, 2014 03:22
|
|
|
dpbjinc posted:For those kinds of issues, I install Secunia PSI, since it will let you know if your programs need to be updated. I think it + AdBlock + safe browsing habits are better than any antivirus program will ever be. Add in noScript, adblock misses so much. You still want AV though, stuff slips by. Stuff slips by AV even more often but you should still have something. I also like to scan almost every EXE on virusTotal to get an idea if the software is legit.
|
|
#
?
Aug 15, 2014 17:14
|
|
|
pixaal posted:I also like to scan almost every EXE on virusTotal to get an idea if the software is legit. In case you didn't know, VirusTotal has a Windows program so you can just right-click a file > send to VirusTotal.
|
|
#
?
Aug 15, 2014 18:08
|
|
|
pixaal posted:Add in noScript, adblock misses so much. No it doesn't, Adblock Plus blocks things perfectly if you bother to set it to block things.
|
|
#
?
Aug 16, 2014 01:32
|
|
|
Are Word viruses still a thing? Someone at my work was emailed this document but Kaspersky doesn't seem to pick anything up.
|
|
#
?
Aug 18, 2014 13:07
|
|
|
Bob Morales posted:Are Word viruses still a thing? Someone at my work was emailed this document but Kaspersky doesn't seem to pick anything up. Did the person say they were emailing you an "Adobe Invoice" with macros in word for some stupid reason? It's almost certainly a virus unless they created the doc themselves. There's no reason for an invoice like that to have macros enabled, most invoices are created and saved and have all the data within them. Kaspersky probably didn't catch it as the virus isn't there... yet.
|
|
#
?
Aug 18, 2014 15:53
|
|
|
Gothmog1065 posted:Did the person say they were emailing you an "Adobe Invoice" with macros in word for some stupid reason? quote:From: Adobe Customer Support [mailto:Support@AdobeSupport.com] Tricky!
|
|
#
?
Aug 18, 2014 16:04
|
|
|
It is: http://www.jasonslater.com/2014/05/16/fake-adobe-billing-emails/
|
|
#
?
Aug 18, 2014 16:23
|
|
|
A good way to tell: there's almost zero reason for any company to pay money for a separate domain for their support/customer service/other auxiliary functions. They'll either use their main domain or a subdomain like support.adobe.com, since they can do that for free. Also, any legitimate big company still using .doc files in TYOOL 2014 is run by morons.
|
|
#
?
Aug 19, 2014 12:42
|
|
|
dpbjinc posted:A good way to tell: there's almost zero reason for any company to pay money for a separate domain for their support/customer service/other auxiliary functions. They'll either use their main domain or a subdomain like support.adobe.com, since they can do that for free. I would have thought Adobe sending an invoice in doc instead of pdf would have been the first tell
|
|
#
?
Aug 19, 2014 14:49
|
|
|
dpbjinc posted:Also, any legitimate big company still using .doc files in TYOOL 2014 is run by morons. I see someone here who doesn't actually work for a "big company". 
|
|
#
?
Aug 19, 2014 15:31
|
|
|
|
| # ? Jun 3, 2024 12:25 |
|
|
I of course knew it wasn't a real invoice, I just wondered why it wasn't getting picked up. Adobe is a billion dollar company and they send invoices out by hand? 
|
|
#
?
Aug 19, 2014 15:39
|
|