why all are thinking in that way only?

max maximilianbianco at gmail.com
Mon Jun 30 18:29:29 UTC 2008 

Les wrote:
> On Mon, 2008-06-30 at 12:03 -0400, max wrote:
>> Parshwa Murdia wrote:
>>> hi,
>>> when i asked for the keylogger in my system, why people thought of illegal
>>> activities only? it is MINE system and for use only in my system, i am
>>> asking and further more, like one must have knowledge of viruses and then
>>> only he can create an antivirus, similarly it is for the knowledge of
>>> keylogger to prevent the thefts
>>> parshwa
>>>
>>>
>> If you want to know how to find keyloggers then you might want to look 
>> at how programs like chkrootkit and rkhunter function. As for installing 
>> one, well you'd go about that just like you would any other program. 
>> There is nothing special about a virus or keylogger, they are programs 
>> just like open office or vi. That is why anti-virus programs rely 
>> heavily on updates, it is very difficult to tell one program from 
>> another, if there was some magic flag  that went up when a program was 
>> malicious there wouldn't be a virus problem. They use heuristics as well 
>> to try and determine if a program is malicious but programs flagged by 
>> heuristics are just as likely to be benign as malicious. The best 
>> solution is to strictly control what is allowed to execute on the 
>> system. How many programs do you really use on a regular basis?
>>
>> -- 
>> Fortune favors the BOLD
>>
> I wouldn't say that programs marked by heuristics are just as likely to
> be good.  The quality of the heuristics continually improve, and are
> much better than that.  Typically heuristics are applied to programs and
> program errors that remain after other methods have considerably
> narrowed the list.  I suspect that their accuracy greatly exceeds 95%
> these days due to the order of application, and that is improved even
> more by some background software applied after the heuristic ID.
> 
> Please don't overstate the case.  It is hard enough to get people to run
> antivirus now.
> 
> REgards,
> Les H
> 
If heuristics were 95% accurate we wouldn't have a virus problem at all 
and they wouldn't need constant updates. Antivirus is certainly a useful 
part of any comprehensive defense strategy but, its been my experience, 
too many people rely on antivirus and firewall software alone. The 
majority of users are under the impression that running antivirus and 
firewall software means they are safe. I can assure you that is not the 
case. They think if they avoid porn sites they are safe. Sorry just not 
true. Surf <favorite social networking site> long enough, download some 
"free" music , visit a web page with ads on it, download some more 
"free" screen savers your going to catch something sooner or later. I've 
spent plenty of time cleaning viruses and their ilk from infected 
computers, even when you run all the different scanners you can find, 
sometimes the computer keeps getting reinfected on reboot. There are 
small scripts that run and check for a files existence, if they find it 
, done , if not then they fetch a fresh copy or even better some 
"viruses" disable the antivirus program altogether. These programs are 
often broken up so as to avoid detection and work in tandem, executing 
and then calling/downloading the next script in line. The number one 
recommendation is wipe and reinstall. Most security software is a scam 
that keeps you hooked, 20 bucks or more a year, for updates. If this 
security software is so good then how come the number of viruses, 
spyware, trojans, etc keeps growing? Where are those 95% accurate 
heuristics? You'd think with security software that  good the virus 
writers would have given up by now. No, anti-virus is a useful but 
severely limited tool. Of course then there is the notion that if you 
run Linux you are safe, harder to infect?sure but 100% safe? think you 
don't have to worry? Google around for "weakness of DAC". The sooner 
people learn that strict control of running programs is the only way to 
go the better off we will all be. One program to keep track of literally 
hundreds of thousands of malicious bits of code, brilliant strategy I 
gotta say, its a wonder its not working better. Since civilized 
discussions about security are beyond this list I will drop it right 
here. Email me off list if you want to continue this conversation, I am 
perfectly willing to be corrected and or educated on any point.

More information about the fedora-list mailing list