Home page logo

basics logo Security Basics mailing list archives

Re: Malware detection
From: Vic Vandal <vvandal () well com>
Date: Sun, 22 Jul 2012 21:31:08 -0700 (PDT)

Quotes and responses:

try a mixed solution of Microsoft Windows Security Essentials for servers and workstations to detect and eliminate

Besides the fact that Microsoft Windows Security Essentials can be a resource hog that brings numerous systems to their 
knees, it's not a very robust anti-malware solution.  In comparison to the top 5 or top 10, it will miss a LOT of 
infections.  It also has other false-positive issues, specifically related to Zeus, which is one of the malware items 
that Tony wanted to focus on.

From late 2011:
"Some Chrome users reported persistent problems Monday related to Microsoft's Security Essentials and Forefront 
security products blocking--and in some cases, deleting--copies of the Google Chrome browser after labeling it as a 
"severe" threat. Microsoft had released an emergency update for the problem on Friday.
According to an update announcement from Microsoft, its products began "incorrect detection of Google Chrome as 
PWS:Win32/Zbot," which is another name for the password-stealing Trojan application known as Zeus, which is designed to 
harvest people's financial data."

Google Chrome = Zeus?  Wow!

From the self-promoting post .sig:
Obviously throwing a bunch of acronyms behind one's name doesn't translate to wisdom.  I guess all advice needs to be 
taken with a grain of salt.  I don't mean to be a d*ck, but your advice is bad sir.

In closing, MS Security Essentials is not your best bet for identifying and defeating said malware.

(cough, wink)

----- Original Message -----
From: Savvy95 () gmail com
To: security-basics () securityfocus com
Sent: Thursday, July 19, 2012 6:50:44 AM
Subject: Re: Re: Malware detection

My 2 cents.....

If you are not looking for a "large robust solution" and you have Windows, try a mixed solution of Microsoft Windows 
Security Essentials for servers and workstations to detect and eliminate, 

Windows inherent AppLocker for Windows 2008/Windows 7/Vista for whitelisting authorized apps. 

For Windows XP, try Microsoft SteadyState to "freeze" the machine configuration and any changes are automaticallly 
removed on reboot. Note: It's been discontinued since 2011 and support for XP will be too in the near future.

I hope you don't have Windows 98/ME/NT/2000 in your environment as there is no hope for you. ;-)

Security Essentials:http://www.microsoft.com/en-us/download/details.aspx?id=5201

Applocker (How to Guide): http://technet.microsoft.com/en-us/library/dd723686(v=WS.10).aspx

SteadyState (search for the download) there is also a reference document for all settings in SteadyState here: 

You could use Microsoft System Center to what you want and more.

Good Luck

Glen Victor

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]