Originally Posted by Burillo
This thread has its fair share of bullshit but nevertheless is very informative, especially that post by we3z
about kernel-level trojans. so i'll just put my two cents in this discussion.
So, first of all, Bhullarz
, no offense, but your "HACKERS", "VIRUSES", "TROJANS" and all the other scary words capitalized look like cheap advertising
on a serious note, IMHO you're both right and wrong at the same time. It's true that new malware appears at much higher rate than it goes to the databases of the AV software (especially the free ones), but we all know that pretty high percentage of this malware is being detected by heuristics and "decoy" computers that are used by the AV companies for automated malware detection.
And despite your ravings about infected cracks and keygens the truth is that most of the cracks and keygens are clean if you download them from right sources. On any serious forum (where users are computer enthusiasts) anyone who posts trojan will sooner or later (probably sooner than later) get detected, banned and have his message deleted. Same goes for any serious torrent tracker - if something is reported as fake or trojan - it gets checked immediately by the community - and trust me, most users of such websites aren't exactly dumb computer illiterate leechers. The real danger comes in "true" filesharing networks like ed2k or limewire - but the thing is, almost every trojan i met there had fixed size and was easily detectable once you know how it looks like. A pretty much safe practice would be using some kind of sandboxing software, be it a virtual machine or Sandboxie.
As for that firewall thing... Few posters made some valid points about firewall penetration techniques, and there even is a website that concentrates on exactly that - they write "leaktests" and test them against popular firewall programs (just google Matousec). I myself use the firewall that is stably in first five for several years now and don't use an antivirus at all. The most valid point was that if the trojan was connect - they will get detected. This is not true if they were using legitimate program (like IE) to connect, but that would be true if the firewall was able to detect potentially dangerous actions. For example, i downloaded a keygen. I know it shouldn't try and execute IE, don't i? That's the whole thing, it's that simple. Of course, that won't help if the ring0 trojan was already there, but when it gets installed it will install a driver and that will be detected by firewall! So proactive security (and your own vigilance to unusual behaviour) might be your last chance if signature-based security fails.
PS this post is no bullshit - i can't count how many viruses i've blocked when they tried to own me and i even manually deleted several trojans from my system using solely my firewall and some extra tools (HijackThis, Sysinternals stuff and others). Yes, i shouldn't have been allowed them in the first place but sometimes i make mistakes too
Lets talk about detection of viruses and trojans and other malwares... Tell me who develops the Anti Virus or Firewall Programs ? ANswer is Developers . Who creates the viruses and trojans etc.. Answer again is Developer. Can a developer bypass the thoughts of other developer's thoughts? Answer is YES. Because that is why testers are there. So let me tell you one thing some of the anti-viruses are known for false detections of viruses/trojans etc. Why it is there? Because there are different ways of detecting a virus in a system. Some detects on the basis of behaviour and some on the basis of the definition or code (machine code -- these are fixed size viruses.). and some on the basis of the origin of the code. Now a days , anti-viruses are using behaviour + deefinition based detection , so there are always chances that your common program may be detected as virus. So, If you know that your program is clean but AV is showing warning. What you gonna do then? How much trust you will have in for other detections ?
About forums and torrents, I must say I never gone through any of such where posts are being deleted because those are having trojans... only other users just alerts theothers by posting their reviews regarding the post.