If there a lot of virus/malware are unknown and go un detected form the scanners, does that mean that they can't be cleaned until the AV companies have picked up on them?
What is the point of the silent malware that show no sign of harm to the computer? Are they spyware or are just slowly breaking the system down behind the scene?
I ask as I'm a computer tech and a lot of the work I get is removing virus/malware from infected systems.
For those that mentioned web browsing as being part of the cause, that's why I recommend for people to use browser addons such as AdBlockPlus and WOT. These won't completely stop an infection but they are just another line of defence for novice users.
“To mess up a Linux box, you need to work at it; to mess up your Windows
box, you just need to work on it”.
I'm sure Chayak can and will answer your questions. I can offer you this: All AV does is look at the hashes of the files on your system. It compares your hashes with all the bad hashes it knows about. The reason that's so limited is because you can very easily change the hash of a file by changing a few lines in the code. For instance an executable malware might hard code a call out to evildomain.com. That gets hashed by an AV vendor. Then the malware author changes the domain to superevil.com. Totally different hashes. That's over-simplistic but you get the idea. It's fairly easy for the bad guy to use the same malware by modifying it to create dozens/hundreds of new hashes. It takes AV vendors a lot of work to analyze and hash every single variant of that malware.If there a lot of virus/malware are unknown and go un detected form the scanners, does that mean that they can't be cleaned until the AV companies have picked up on them?
Personally I'm not a fan of "cleaning" malware. Because AV is so bad at detecting all malware, it's quite hard to be certain that you've removed every single malicious thing without an intensive and time consuming forensic investigation. Ain't nobody got time for that. I find it hard to justify anything other than reimaging.
I've been using vi for years, mostly because I can't figure out how to exit.
Some of the worst kinds of malware are the ones that sit quietly and collect information. Most modern malware is about money, so they want credit card numbers, industrial secrets, or anything that might be of value. The more aggressive malware such as cryptolocker holds your files for ransom and punishes you if you fail to pay.
There's all kinds of malware. You can have the amateur hour script driven brute force bots, or you can have examples that implement their own network stack to be invisible to any network tool on the infected system. I've seen stuff that will also write itself out to firmware and hide then as it was built modularly it can quietly pull in extra functionality when needed.
If a piece of malware is detected it's trivial to rearrange the code so the signatures will no longer detect it as well. Polymorphic malware will do this itself, sometimes actively while running, to keep itself hidden.
Malware is getting so difficult to remove that it's best even for the experts to wipe the system and reinstall. That is of course if you haven't gotten a really sophisticated one that writes itself out to hardware firmware and then pulls stuff back in as soon as the operating system will support it. That's pretty rare and normally smells of state sponsored items, but it does exist.
Last edited by Chayak; June 9th, 2014 at 08:30 PM.
It's constantly the top remediation item when I submit reports on network assessments. When they get past keeping computers updated and using strong passwords then I'll start preaching best practices for SSH and exploits. Internet facing servers are a whole different animal as you know and a very deep subject.
At the end of the day, when the talk is about security, it all comes down to the users being to lazy to develop their own skills and knowledge to keep themselves safe on the Internet. Pure bad habit from their days on Windows.
It is no art just to sit back after installing an AV scanner, then blame the scanner when the fool finds out that the scanner can't keep him/her safe from malicious software. Nor is it fruitful cry out on the forums in claim of bad advice.
Many a user will, sadly, experience malware on their system simply because they didn't read the subject seriously when experienced users tell them to use strong passwords, strong encryption on their system and so on. Being an "expert" on the Windows platform is worth nothing on the Linux platform, one will still be a novice on numerous areas of the OS. Having used Linux for eight years does not make me an expert, far from.
Your best friend on Linux and the use thereof is your lust to learn more. No matter what OS you use it will be a never ending learning process. No one will ever know everything there is to know about his/her OS. Admitting that will make you a bit safer in your use of it.