|
Iblys posted:1) How does my exclusive use of FoxIt affect my vulnerability to PDF exploits? Last time there was an extensive discussion about PDF exploits, someone got all snooty about not using Adobe Reader and it being a exploit-infested piece of trash. Unfortunately for their argument, it was the day after FoxIt fixed something like a dozen remote code execution vulnerabilities. If you have software, there are bugs in it. If it's a widespread piece of software, people will attempt to find and exploit those vulnerabilities. The impact of those vulnerabilities -- at least from what I can see -- seems to depend much more on the security infrastructure of the operating system that you're running than the particular version or brand of the software you're using. All of that said, without any in-depth technical knowledge on the subject I would assume that we're usually looking at Reader-specific exploits when we read about PDF exploits. There are a slew of FoxIt-specific, no doubt, but Reader has achieved market saturation and is a much larger target.
|
# ? Jun 29, 2009 14:50 |
|
|
# ? Apr 27, 2024 06:46 |
|
Iblys posted:3) What potential problems will I run into / what effects (if any) will I see through normal use? If you hit a program that doesn't like DEP, you will see an error like this: From there you can add an exception if the program crashes every time you try to run it. If you are just surfing around on the web and all of a sudden your browser session crashes with a DEP error, odds are something bad just tried to execute code out of a location it shouldn't have and DEP just saved your rear end. The really lovely thing about plugin-based browsers (all of them at this point) is that a single plugin installed that wasn't compiled with the DEP flag will cause the browser processes to not use it. This corrects that at the somewhat higher risk of compatibility issues.
|
# ? Jun 29, 2009 16:36 |
|
Midelne posted:Last time there was an extensive discussion about PDF exploits, someone got all snooty about not using Adobe Reader and it being a exploit-infested piece of trash. Unfortunately for their argument, it was the day after FoxIt fixed something like a dozen remote code execution vulnerabilities. Personally, I prefer using PDF-Xchange Viewer for a PDF reader and simple editor. It's free, has a lot of features that Foxit has started charging for, and has had little to no security exploits discovered. It also loads fast.
|
# ? Jun 29, 2009 18:41 |
|
BangersInMyKnickers posted:If you hit a program that doesn't like DEP, you will see an error like this: DEP is great and its worth noting that some AV products do also include buffer overflow protection, though they achieve it with a different method than using the NX bit. If you're running AV with such a feature make sure its enabled as some of them really can stop almost all of these PDF javascript exploits despite not being "perfect" protection in the way that DEP is. Adobe really need to start shipping Reader (and probably Acrobat) with Javascript turned off by default anyway. Almost nothing uses it legitimately.
|
# ? Jun 29, 2009 19:29 |
|
Changing DEP in system properties only allows you to switch from everything to system files only. If you really want to disable DEP completely, edit your boot.ini change: /noexecute=optin to: /noexecute=alwaysoff If you want to turn it back on, you'll have to edit the boot.ini again, as the options in system properties will be greyed out. If you get spyware on a regular basis, I'd suggest not doing this.
|
# ? Jun 29, 2009 21:33 |
|
mixitwithblop posted:Changing DEP in system properties only allows you to switch from everything to system files only. If you really want to disable DEP completely, edit your boot.ini Wait, why would anyone ever turn it off completely?
|
# ? Jun 29, 2009 23:59 |
|
liquidXenon posted:Wait, why would anyone ever turn it off completely? some specific specialized software just isn't compatible with it, and will never be. sometimes you want to ensure that a certain piece of software isn't included in that group, so naturally you'd want to be able to turn it off completely and know for sure. But this is a good case of: if you don't know why, then it's not your concern. Anyway, DEP is pretty useless in general. Like any spyware released in the last 5 years gives a crap about DEP(as usually the most common attack vectors are in the exclude list). mixitwithblop fucked around with this message at 04:13 on Jun 30, 2009 |
# ? Jun 30, 2009 04:09 |
|
mixitwithblop posted:some specific specialized software just isn't compatible with it, and will never be. sometimes you want to ensure that a certain piece of software isn't included in that group, so naturally you'd want to be able to turn it off completely and know for sure. Or you could force DEP and then add that specific program to the exclude list and know for sure that that program will not have nx bit checking on. OR, you could run normally and let any program compiled with NX bit support run with the NX bit so you don't get hit with a blaster equivalent in 2009. quote:But this is a good case of: if you don't know why, then it's not your concern. Anyway, DEP is pretty useless in general. Like any spyware released in the last 5 years gives a crap about DEP(as usually the most common attack vectors are in the exclude list). Considering the default exclude list is everything except for critical windows services like LSASS and the rare program compiled with the NX support flag, I'm not surprised. Forcing DEP on an opt-out basis fixes this problem quite spectacularly... it's just that Microsoft's "backwards compatibility at all costs" mentality has prevented them from running it like this by default.
|
# ? Jun 30, 2009 05:49 |
|
I know there a quite a few technicians who peruse this thread, so I'll ask this non-virus related question here. I just recently received a sweet new 16gb USB flash drive (for $35!) - thus, I retired my 8gb drive today. My fleet of drives now includes a 64mb that I use with NT Password, a 512mb that I installed UBCD on, an empty 8gb drive, and my for-work 16gb drive. The NT Password app is a GODSEND, and means I don't need to keep burning tiny-rear end CDRs everytime one gets a scratch. The UBCD one is kind of meh, since a lot of the apps are old, and many of the Linux apps refuse to run from a bootable USB drive. I was thinking about something new and exciting to use with this 8 gigger - possibly a mobile XP installation, possibly a collection of apps that WILL work from a flash drive (and say goodbye to UBCD), or maybe even some sort of do-it-all diagnostics drive with menus for HDD diags, Mem diags, and more. Does anyone have any ideas on what would be most useful to a technician with a spare 8gb USB flash drive?
|
# ? Jul 1, 2009 03:55 |
|
Otacon posted:Does anyone have any ideas on what would be most useful to a technician with a spare 8gb USB flash drive? A) A write protect switch. B) This thread: Whats on your usb IT tools swiss army knife.
|
# ? Jul 1, 2009 04:26 |
|
Not that any of you would go there, but don't go to Torrentreactor.com.
|
# ? Jul 1, 2009 18:12 |
|
So I have a weird problem with Avira Antivir that started a few days ago, namely it stopped being able to autoupdate itself. The update takes ages and just hangs on "scanning for updates.." before I just force it to stop. I dont think the update servers down because its been days, the last update before I manually updated it was on 6/26. I haven't changed anything so I'm not sure what caused it to start. I'm using the win 7 RC, and prior to this it was auto updating just fine.
|
# ? Jul 1, 2009 22:34 |
|
hobb posted:So I have a weird problem with Avira Antivir that started a few days ago, namely it stopped being able to autoupdate itself. The update takes ages and just hangs on "scanning for updates.." before I just force it to stop. Uninstall and reinstall the new version.
|
# ? Jul 1, 2009 22:48 |
|
Ive tried completely uninstalling and reinstalling it, but that doesn't fix it either. edit: it seems like its just taking a very long time to start for whatever reason. After about 15 minutes or so it finally started downloading updates at normal speed. Weird. Maybe its trying different addresses that are all timing out for some reason. hobb fucked around with this message at 23:50 on Jul 1, 2009 |
# ? Jul 1, 2009 23:46 |
|
Otacon posted:Does anyone have any ideas on what would be most useful to a technician with a spare 8gb USB flash drive? http://www.infosecramblings.com/backtrack/backtrack-4-usbpersistent-changesnessus/ maybe?
|
# ? Jul 2, 2009 09:28 |
|
hobb posted:Ive tried completely uninstalling and reinstalling it, but that doesn't fix it either. Had the same issue, it eventually fixed itself. Was probably one of their update servers taking a poo poo.
|
# ? Jul 2, 2009 11:42 |
|
OK so how exactly to I stop Adobe acrobat from being able to automatically load PDF files through IE? I'm stuck using adobe professional 6 for work so I can't upgrade or remove it. I also killed the helper BHO from loading via hijack this. I just got hit with a drive by ad that used a PDF exploit (I saw adobe load real quick) so there has to be some other option I'm missing. I want to be forced to download a PDF file if I want to view it.
|
# ? Jul 4, 2009 20:47 |
|
Open Acrobat and go to its preferences, under the Internet section disable the browser integration. I would also consider disabling Javascript pdf support since that is where 90% of the exploits are coming from.
|
# ? Jul 6, 2009 15:21 |
|
BangersInMyKnickers posted:Open Acrobat and go to its preferences, under the Internet section disable the browser integration. I would also consider disabling Javascript pdf support since that is where 90% of the exploits are coming from. Great thanks.
|
# ? Jul 6, 2009 17:19 |
Midelne posted:Last time there was an extensive discussion about PDF exploits, someone got all snooty about not using Adobe Reader and it being a exploit-infested piece of trash. I am pushing for everyone to disable Acrobat's ability to automatically load / execute via the IE Browser Helper Object or Firefox Extension, and disable all JavaScript functionality. Unless you specifically need it, don't turn it on. It's not that hard to download and open a PDF manually and if you get a random pop-up for a PDF download when you didn't request one, you dodged a bullet. Cancel and leave the site you are viewing ASAP
|
|
# ? Jul 6, 2009 23:42 |
|
What would people say are the best online virus scanner sites at the moment?
|
# ? Jul 7, 2009 11:30 |
|
I like Eset's online scanner if anything because it doesn't require IE to run, but there are plenty of others that could do the same job. http://www.eset.com/onlinescan/
|
# ? Jul 7, 2009 14:02 |
|
I just noticed that an update to the AV Comparatives list came out (in May) reviewing the heuristic detection of the antiviruses they'd checked in February. This test also appears to have been run in February. Their top-tier recommendations in February were Symantec, NOD32, Kaspersky, and McAfee, while others like G DATA and Avira had good detection but also more false positives. In the addendum, the top tier (in detection heuristics) is Microsoft OneCare, NOD32, and Kaspersky, with Avira/G DATA/BitDefender/eScan getting docked for false positives.
|
# ? Jul 7, 2009 21:35 |
|
Came across something interesting where there were the usual suspect chkdisk and scandsk dlls loaded by rundll32 in the startup and, somewhat predictably, the internet breaks once those aren't loaded on the next startup. But then, the internet comes back on (no dial-a-fix or anything for XP was run). And on the next reboot it's off. Last I saw they left it running Norton overnight, hope that could do it. Weird though.BangersInMyKnickers posted:I like Eset's online scanner if anything because it doesn't require IE to run, but there are plenty of others that could do the same job. http://www.eset.com/onlinescan/
|
# ? Jul 8, 2009 01:49 |
|
So my kid picked up Vundo and some other poo poo by (playing java games I'm assuming.) I've run malwarebytes to clean it up and that seems to have worked, though the google results hijack is still working. I've been meaning to install Windows 7 on it anyways, so I'm going to flatten/reinstall. The only data to back up are photos and movies he's taken. I don't pay close enough attention, should I be concerned about an infection in those files?
|
# ? Jul 8, 2009 05:52 |
|
highme posted:So my kid picked up Vundo and some other poo poo by (playing java games I'm assuming.) I've run malwarebytes to clean it up and that seems to have worked, though the google results hijack is still working. I've been meaning to install Windows 7 on it anyways, so I'm going to flatten/reinstall. I'm wondering the same thing. Just formatted my C: Drive by my E: 500 gig is intact, I scanned it with everything I could find and it came out clean so I'm hoping it wont carry anything over. It was mostly just all the video/music/pictures on my machine and downloaded content for Team Fortress 2. The viruses seem to be targetting only C: drive, and only specific system, temp and my documents folders at that. What are the chances a virus is on my E:/ drive? I have it backed up on DVD anyways
|
# ? Jul 8, 2009 06:40 |
|
My laptop, running windows 7, has started loving up a lot, and I'm suspecting a virus but maybe you guys can narrow it down. Symptoms include : -Can't go on Youtube with firefox, tried clearing cache and it only worked once. Works fine with IE. -Can't go to Facebook with firefox. Works with IE. -Sometimes things on my screen start to overlap. Like I would be scrolling on the forum and then there would be a bunch of words/images duplicating. Restarting fixes this. -Internet connection dying A LOT. Maybe it's my internet but it wasn't happening for awhile at first. -Everytime I restart my computer, my screen resolutions resets itself. My icons placements are reset, etc. I really want to use a program like Combofix because it helped me a lot when I used XP but Combofix isn't compatible with Windows 7. A program like Combofix is what I'm looking for but for Windows 7
|
# ? Jul 8, 2009 09:45 |
|
Uh-oh. Spybot flagged a file in C:\Windows\System32\ called Unicows.dll as Virtumonde. Haven't noticed any of the symptoms on the wiki page, and hasn't flagged any other files, but it flagged it as such anyway. Anyway: 1) On a scale of 1 to I'm screwed, how bad is this? 2) What's the best way to get rid of Vundo? e:running Malwarebytes after Spybot's done; can I just consider it a false positive if Malware finds nothing? e2: Malwarebytes found nothing. Just deleted the file that Spybot flagged, then. CraigK fucked around with this message at 09:43 on Jul 9, 2009 |
# ? Jul 9, 2009 08:46 |
|
I'm apparently infected with Virut, which infests everything that runs. I'm going to have to flatten and reinstall to get rid of it, most likely, since I can't figure out how to get rid of it.
|
# ? Jul 9, 2009 14:22 |
|
-Troika- posted:I'm apparently infected with Virut, which infests everything that runs. I'm going to have to flatten and reinstall to get rid of it, most likely, since I can't figure out how to get rid of it. It's functionally impossible to get rid of once the infection has reached a certain point. Reinstall and get it over with. edit: functionally impossible to get rid of in any way that retains the integrity of your executable files and prevents you from having to reinstall them anyway
|
# ? Jul 9, 2009 15:40 |
|
-Troika- posted:I'm apparently infected with Virut, which infests everything that runs. I'm going to have to flatten and reinstall to get rid of it, most likely, since I can't figure out how to get rid of it. You can save (carefully) anything that's not HTML or an executable, but you are going to have to reinstall.
|
# ? Jul 9, 2009 18:00 |
|
Dr. Video Games 0089 posted:Symptoms include :
|
# ? Jul 9, 2009 19:10 |
|
Running Windows 7 64-bit (7100), and three weird things happened to me within the last couple of minutes: 1) My graphics drivers seem to have become broked (“This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)”). 2) Half-Life 2 needed to update when I ran it (also with Steam detecting some wonky drivers improper for running the game), and during my brief stint, I began receiving all manners of errors; one of them being “AI Disabled”, which, as I recall, is a feature to piss off pirates. I also received other "Data broked"-like messages. 3) When I ran Opera, an installer prompt opened, even though it's been installed for a while. I don't know how the auto-updater works, but it seemed conspicuous. My virus scanner won't be done until tomorrow, and I'd just like you to pitch in until next, and so I won't accidentally forget about it tomorrow and shut down the computer, leaving the potential malware to go hog-wild.
|
# ? Jul 9, 2009 23:25 |
|
What is the legitimate website for combofix? Searching for it on google shows several sites, some of which have to be fake
|
# ? Jul 11, 2009 01:30 |
|
-Troika- posted:What is the legitimate website for combofix? Searching for it on google shows several sites, some of which have to be fake Bleepingcomputer lists here , here and here.
|
# ? Jul 11, 2009 11:48 |
|
Hey guys, I think I may have a virus on my computer. I was wondering if anyone could help me with it.
|
# ? Jul 11, 2009 14:31 |
|
Sure thing. To fix your computer, we will need the following items: 1x 600v-rated AC->DC rectifier 100 feet 5-0 stranded copper wire 3 phase 208v electric To begin, wire up phases 1, 2, and 3 in parallel to one terminal of the rectifier. From the other terminal of the rectifier, run a cable to the computer's power supply. Connect neutral directly to the hard drive. Switch on the power distro. Don't be alarmed if there is smoke, this means the viruses are being eraticated. The sparks are the viruses fleeing for their lives, but don't worry, they don't survive long without a host computer. After ten minutes, or when the breaker trips, turn off the distro. Take the whole mess down to the scrap yard and sell it off. buy a new computer. After all, you made backups, right?
|
# ? Jul 11, 2009 14:41 |
|
Page 12 of this thread set off my avg on this laptop Is avg 8.5 good enough or is there a better free one? most mentioned like nod32 are pay only
|
# ? Jul 12, 2009 01:20 |
|
get microsoft security essentials oh wait, you can't
|
# ? Jul 12, 2009 02:12 |
|
|
# ? Apr 27, 2024 06:46 |
|
Ken Levine Fan Club posted:Page 12 of this thread set off my avg on this laptop AVG 8.5 works on par with the other free AV options afaik. Page 12 had urls (not links) to a virus, so its not really surprising that your AV would have a problem with it.
|
# ? Jul 12, 2009 02:17 |