As the title says, people all around the net can be shown posting virus scans from various online groups. This information is often very misleading and very a very grave mistake to trust.
Say if one were to post a download here.. Ill use the example of a little known antivirus by the name of "threatfire", now this tool is very good for detecting rouge apps which contain spyware or malware(trojans or worm viruses). But, you dont know me, im not a full whitehat either and if I said I was, how would you feel safe in believing me without having known me? The only real answer to that is that you better not if you care for your computer and the information it might contain.
So to make downloaders feel safe, regardless of sharing a clean tool, or a virus they wish to conceal, people post virus scan results. But there are programs commonly available for under $100 that will allow people to hide the part of code that antivirus programs use to alert you to that virus... And even worse than that, the scan is posted with simple text copy and paste 90% of the time, which means it can be changed in the process to hide what detections were made if any.
When in doubt and not from a trusted source, most often whatever you are wanting to download just simply ISNT worth messing up your computer for. But for those desperately needed or desired applications which come in .exe form there is a helpfull tool for us all. ANUBIS. What this application was designed to do was moiter everything that an exe file were to do if it was executed/ran on your machine, without having to do so. It will either post a report saying that there is without a doubt that the file is clean, or post evidence of it being suspicious. (there is only one exception which would be that the file keeps anubis from running, and we wouldent want to use that program as that is clear evidence of intentional data tampering to conceal something)
I will post a link of the programs online version here now and recommend that everyone who hasnt been using it if needed to bookmark it for future reference. I am still learning to use the program fully myself and to properly read the log outputs it saves however I am decent @ it and will cover what I do know of the warning signs of malicious activity so far when I have more time. http://anubis.iseclab.org/
offhand some things to look for are, files dropped to different locations (some are common places for malware detection), registry changes when the program shouldent need them, ip connections if it is unneeded and the program shouldent be reporting to anywhere, the program showing as being "live" when the file has closed.
Another great tool to use for preventing infection is a virtual computer. Your current computer can run a second computer within itself that is limited to what programs can do with it, and the data it uses is saved elsewhere than your actual operating systems info. that way if an infection occurs the infection is prequarintened in a sterile enviroment to moniter, and when it is done you can restart the virtual machine (vmware) to restore default data to it. A common freeware example of one would be "sandbocxie" for windows users Note that there are anti-sandboxie methods just as anti anubis and if something dosent run in them its best not to chance trusting it. http://www.sandboxie.com/index.php?DownloadSandboxie
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
ShareThis
