Firewall/antivirus software to detect stealth malware - Firewalls

This is a discussion on Firewall/antivirus software to detect stealth malware - Firewalls ; I read that spyware and trojans exist which can't be detected by the virus scanning software, which are not blocked or detected by firewalls and which go into hiding when you activate the task manager, so that you can't identify ...

+ Reply to Thread
Results 1 to 15 of 15

Thread: Firewall/antivirus software to detect stealth malware

  1. Firewall/antivirus software to detect stealth malware

    I read that spyware and trojans exist which can't be detected by the
    virus scanning software, which are not blocked or detected by firewalls
    and which go into hiding when you activate the task manager, so that you
    can't identify the related process(es).

    Is there any secure way to identify such malware? Which firewall (or
    virus scanner) for XP would you recommend?
    --

    Alfred Molon
    http://www.molon.de - Photos of Asia, Africa and Europe

  2. Re: Firewall/antivirus software to detect stealth malware

    Alfred Molon wrote:
    > I read that spyware and trojans exist which can't be detected by the
    > virus scanning software, which are not blocked or detected by firewalls
    > and which go into hiding when you activate the task manager, so that you
    > can't identify the related process(es).
    >
    > Is there any secure way to identify such malware? Which firewall (or
    > virus scanner) for XP would you recommend?


    Long

    http://www.windowsecurity.com/articl...vironment.html

    Short

    http://tinyurl.com/klw1

    You use the tools in the link and you look for yourself from time to
    time. You can even make Process Explorer the default Task Manager.

  3. Re: Firewall/antivirus software to detect stealth malware

    Alfred Molon wrote:
    > I read that spyware and trojans exist which can't be detected by the
    > virus scanning software, which are not blocked or detected by firewalls
    > and which go into hiding when you activate the task manager, so that you
    > can't identify the related process(es).
    >
    > Is there any secure way to identify such malware? Which firewall (or
    > virus scanner) for XP would you recommend?


    I am by no means as competent in this field as the gurus but I am coming
    to understand the difficulty of making sure your computer is not
    compromised. When I read PHRAK online I realized that true internet
    security and privacy was an illusion in flux.

    There are many layers of processes between your display/keyboard and the
    engine that makes it happen. I think the kernal [machine launguage]is
    the lowest level and when malware and 'security'-ware interact at the
    same level some clever-er person will always be able to obfuscate their
    actions. EG; code melts away after assembling bits of seemingly begnine
    code from multiple locations on your HD, code interacts with the
    security software rendering it ineffectual.....
    I think M$-Vista tries to get around that by making the kernal level
    code 'offlimits' to ALL developers. This means the 'goodguys' are
    subject to rules the badguys aren't...Hmmm, much like police work.

    FWIW, I am at the point where utility vs the game of
    hacking/counterhacking is beyond most online persons and suggest perhaps:
    1/ never connect a computer with valuable or sensitive information to
    the wall. Think of it like leaving a locked safe on your front lawn
    ....eventually someone will get in if for no other reason that 'becasue'.
    I could never understand why the Pentagon had to have critical Nuclear
    weapon information on internet connected computers??? Nor why our
    sensitive Credit Card info is similarly exposed by collection points and
    financial institutes. Recent news attests to the inherent vulnerability
    of purchase documents to nepharious users.

    2/ For internet access, use a simply configured, software firewalled,
    hardware firewalled [eg, Linksys router] and keep the install disks
    close at hand.

    3/ Even having 'no valuable information' on your computer doesn't
    prevent you from being targeted... people need open boxes to hide their
    identity and you can easily and unwittingly assist that task if
    connected 'insecurely'

    4/ RE 3...you are always connected insecurely relative to somebodies
    skill or persistence.

    5/ the mind can't devise a means of revealing everything
    'knowable'...the very process of examination changes the state of being.
    The corollary to that is "if you can imagine a lock, you can imagine a
    key or hack"

    Warf...take me now, I confess- my dirty pics of Paris Hilton should have
    been better concealed![g]

  4. Re: Firewall/antivirus software to detect stealth malware

    Thanks for the reply. Another question: does the 'connection status'
    window always show if there is some data flow (in both directions) or is
    there malware capable of sending/receiving data so that it does not show
    in the counts of the connection status window? A few years ago I
    detected a trojan by observing that data was flowing even if it should
    not (that was before I installed the firewall).
    --

    Alfred Molon
    http://www.molon.de - Photos of Asia, Africa and Europe

  5. Re: Firewall/antivirus software to detect stealth malware

    Alfred Molon wrote:
    > Thanks for the reply. Another question: does the 'connection status'
    > window always show if there is some data flow (in both directions) or is
    > there malware capable of sending/receiving data so that it does not show
    > in the counts of the connection status window? A few years ago I
    > detected a trojan by observing that data was flowing even if it should
    > not (that was before I installed the firewall).


    If that's what you're looking at, then you have serious problems in
    determining if malware is running on your machine.

    And if you're depended upon some kind of snake-oil in personal FW's,
    AV's or other forms of snake-oil malware detection solutions running on
    the machine to tell you what's happening, then you have problems as
    every last bit of it can be circumvented and defeated.

    Again, the tools in the link I provided will help you in the
    determination and detection of malware that has circumvented the
    snake-oil solutions you want to depend upon.

  6. Re: Firewall/antivirus software to detect stealth malware

    In article , Mr.
    Arnold says...

    > If that's what you're looking at, then you have serious problems in
    > determining if malware is running on your machine.
    >
    > And if you're depended upon some kind of snake-oil in personal FW's,
    > AV's or other forms of snake-oil malware detection solutions running on
    > the machine to tell you what's happening, then you have problems as
    > every last bit of it can be circumvented and defeated.
    >
    > Again, the tools in the link I provided will help you in the
    > determination and detection of malware that has circumvented the
    > snake-oil solutions you want to depend upon.


    Perhaps you misunderstood my question. And by the way I checked the link
    you posted. Browsed among others through the list of processes and the
    entries in the windows registry, but could not spot anything suspicious,
    probably because I'm not an expert and have no idea of what most
    processes and registry entries are anyway.

    By the way, what tools specifically are you referring to? Perhaps I
    missed something.

    Anyway, getting back to my original question, I simply asked if the
    connection status window always shows the count of bytes which leave the
    computer or if even that count could be faked.
    --

    Alfred Molon
    http://www.molon.de - Photos of Asia, Africa and Europe

  7. Re: Firewall/antivirus software to detect stealth malware

    Alfred Molon wrote:

    >
    >
    > Perhaps you misunderstood my question. And by the way I checked the link
    > you posted. Browsed among others through the list of processes and the
    > entries in the windows registry, but could not spot anything suspicious,
    > probably because I'm not an expert and have no idea of what most
    > processes and registry entries are anyway.


    You can look at the registry, but most home users have no business in
    the registry trying to do anything, as messing with the registry
    manually and not knowing what you're doing can sure hose the O/S and
    make the O/S non functional.
    >
    > By the way, what tools specifically are you referring to? Perhaps I
    > missed something.
    >


    http://www.pcworld.com/downloads/fil...scription.html

    I suggest you go to SystemInternals and download the software and use it
    to dill down into a running process and see what hidden processes legit
    or not legit, such as malware, are hosted or could be hosted by a
    running process. There are plenty of articles out on Google that will
    show you how to effectively use PE to look for yourself at what's
    running on the computer.

    http://www.freedownloadscenter.com/N...ive_Ports.html
    http://www.techspot.com/downloads/660-tcpview.html

    The three tools which are (free) were being discussed in the original
    link I provided. I suggest you go back and read those sections in the
    original link.

    > Anyway, getting back to my original question, I simply asked if the
    > connection status window always shows the count of bytes which leave the
    > computer or if even that count could be faked.


    Malware can fool the O/S as explained in the link provided.

    http://www.microsoft.com/technet/com...mt/sm0504.mspx

    You should cut down the attack vector on your computer as much as
    possible, like if the machine has a direct connection to the modem, no
    router between the computer and the modem, then remove Client for MS
    Networks and MS File and Print Sharing off of the NIC or dial-up
    connection. The computer has no business in any networking situation
    with a machine that has a direct connection to the modem, which is a
    direct connection to the Internet.

    http://labmice.techtarget.com/articl...ychecklist.htm

    There are other links out on Google that tell *you* the home user which
    NT Services on a NT based O/S such as XP can be safely shutdown that
    will help in closing the attack vector on the O/S.

    You should practice safe hex as much as possible.

    http://www.claymania.com/safe-hex.html

  8. Re: Firewall/antivirus software to detect stealth malware

    One other thing, if you want to know what traffic is leaving the
    computer, then use a packet sniffer like (free) Ethereal or others.

    http://netsecurity.about.com/cs/hack...eepacsniff.htm

  9. Re: Firewall/antivirus software to detect stealth malware

    Thanks, I'll go through the links you posted.
    --

    Alfred Molon
    http://www.molon.de - Photos of Asia, Africa and Europe

  10. Re: Firewall/antivirus software to detect stealth malware

    Gary wrote:
    > Buy Outpost Pro and let it run out of the box.


    Did they fix their bad security design flaws now?

    Yours,
    VB.
    --
    "Pornography is an abstract phenomenon. It cannot exist without a medium
    to propagate it, and it has very little (if anything at all) to do with sex."
    Tina Lorenz


  11. Re: Firewall/antivirus software to detect stealth malware

    In article <4ibyh.21569$w91.12599@newsread1.news.pas.earthlink .net>,
    Gary says...

    > You say you want out of the box protection - do not even think about
    > Jetico. It requires knowledge of network security and is not at all easy
    > to configure.


    Uups... where did I write that I want out of the box protection? I have
    no problem configuring a firewall or learning to do so (in case my
    knowledge is not sufficient).
    --

    Alfred Molon
    http://www.molon.de - Photos of Asia, Africa and Europe

  12. Re: Firewall/antivirus software to detect stealth malware



    Sebastian Gottschalk wrote:

    Mr. Gottschalk

    Perhaps you are a troll, perhaps not. If you are not, I do not think you
    know as much as you pretend to know.

    To Mr. Molen - I misunderstood you and I'm sorry. I did not mean to dis
    your expertise with network security.

  13. Re: Firewall/antivirus software to detect stealth malware

    Gary wrote:

    > Sebastian Gottschalk wrote:
    >
    > Mr. Gottschalk
    >
    > Perhaps you are a troll, perhaps not. If you are not, I do not think you
    > know as much as you pretend to know.


    ....said the one who suggested replacing thinking of the user with
    non-thinking software, usually of the crapware category.

    At any rate, it seems like you're not even aware of the privilege
    escalation vulnerabilities that your oh-so-praised Outpost Pro adds to the
    system whereas the vendor denies any fix.

    I guess you also missed how Ad-Aware was ripped off in an article on
    . Explains very well why it's so slow and
    ineffective. Generally, any such "anti spyware software" is, for obvious
    reasons.

    Your suggestion won't help any bit with securing the system.

  14. Re: Firewall/antivirus software to detect stealth malware

    Gary wrote:
    >
    >
    > Sebastian Gottschalk wrote:
    >
    > Mr. Gottschalk
    >
    > Perhaps you are a troll, perhaps not. If you are not, I do not think you
    > know as much as you pretend to know.
    >


    Depends on what you're talking about. If you're talking about I.T.
    skills, Seb probably knows a lot. But if you're taking about social
    skills, then I guess he scores about -1 on a scale of 1-10. We're pretty
    much used to his style here. He's become a bit of a character -
    basically a 'Grumpy Old Man'!

    Jim Ford

  15. Re: Firewall/antivirus software to detect stealth malware

    Gary wrote:
    >
    >
    > Sebastian Gottschalk wrote:
    >
    > Mr. Gottschalk
    >
    > Perhaps you are a troll, perhaps not. If you are not, I do not think you
    > know as much as you pretend to know.
    >


    Depends on what you're talking about. If you're talking about I.T.
    skills, Seb probably knows a lot. But if you're taking about social
    skills, then I guess he scores about -1 on a scale of 1-10. We're pretty
    much used to his style here. He's become a bit of a character -
    our resident 'Grumpy Old Man'!

    Jim Ford

+ Reply to Thread