Jump to content

Microsoft Security Essentials


mudmanc4

Recommended Posts

So isn't the 30 day same as the paid version?  :smiley:

Sure, but thats 30 days, then your done, unless you uninstall, and reinstall every month. Myself, i wouldn't want all those registry turds from the installs/uninstalls laying all over the place. I dunno what this has to do with it though, I must have missed something.
Link to comment
Share on other sites

  • Replies 61
  • Created
  • Last Reply

Top Posters In This Topic

Guy's check this out, the system Iv'e been talking about was working fine at my place, as soon as I connected it to there network, and there in the middle of no where, IE * was turned back into IE6, and many of the same issues that it had before, are back, like the popups that say something like, "the key was not found in the access to access the access key, " or something like this !!

WTF ? Is the modem maybe part of a botnet ? Iv'e not sen this before !!!!!!

Link to comment
Share on other sites

Heres a couple of vague news articles on infected routers serving up infected files to the computers connected. The third article has more information on how a router can be infected.

http://blogs.chron.com/techblog/archives/2009/01/are_wifi_routers_potential_malware_infection_1.html

 Wi-Fi hotspots are wonderfully convenient. As they increase in number, they help fulfill the promise of ubiquitous access to global information.

But they also come with risk. Legitimate hotspots can be spoofed - you think you're connecting to the coffee shop's router, but you're actually jacking in to an imposter's trap. In addition, if the connection isn't encrypted, the data you're sending can be captured.

Now, British researchers have given Wi-Fi users one more thing to worry about. They contend that flaws in the software used in many wireless routers, along with the fact that many don't use encryption, could be used to spread malware to the computers that connect to them.

From the BBC:

   Using modelling methods from real diseases the team showed how a worm could gradually infect all access points in urban areas.

   They found that the majority of vulnerable access points would be hit in the first 24 hours of an outbreak.

   The simulation work showed that within two weeks of an outbreak occurring 55% of wi-fi access points would be compromised. In urban areas this could mean tens of thousands of people were at risk, said the researchers.

   Before now malicious attacks carried out via wi-fi routers have been limited in scope. Most revolve around the creation of fake access points that steal login and other details from those using them to get online.

   The work by Hao Hu, Steven Myers, Vittoria Colizza, and Alessandro Vespignani from the University of Indiana shows how the ubiquitous access points could be used in a much more ambitious attack.

   The theoretical attack modelled by the team involved attempts to subvert the firmware inside a wi-fi access point or router which keeps the device running.

The BBC doesn't provide much technical detail on the study, but this item at heise Security UK has a little more. The researchers, by the way, have been raising the alarm about this possibility since late 2007. Here's a copy of their study from Feb. 2008 (PDF).

The researchers looked at Boston, Chicago, New York City, San Francisco, Seattle and the state of Indiana and determined that 20 to 40 percent of wireless nodes are encrypted - the rest are wide open. That seems a bit high to me. In Houston at least, most of the Wi-Fi access points I see are now encrypted, likely thanks to better education about wireless security and the fact that almost all routers come with setup wizards that walk users through securing their networks.

The researchers theorized that an unsecured network could be compromised by a hacker uploading bogus firmware via a router's updating feature. Once in place, the router would then begin distributing malware to computers that connect to it. Those machines, once used at a different unsecured hotspot, would infect that node.

The heise item points out that not every router uses the same firmware, and that would prevent a hack such as this from spreading as quickly as the researcher theorize. Still, if attackers targeted an extremely popular model - say, Linksys' WRT54G - they could do some damage.

To a certain extent, I think this study is overblown - it's a theoretical possibility, but not a realistic one, given the diversity of routers out there. Still, it's one more argument for securing your home network.

Which you've done. Right?

Update: Commenter docduke says his router has been infected with malware that apparently is targeting the Internet Assigning Numbers Authority - the body that hands out IP addresses - with a Denial of Service Attack.

   I am here to tell you this is NOT theoretical. I have a wired router, a Linksys BEFSR41, that has been infected. It performs its router and firewall tasks normally, but it is apparently part of a DDoS attack against IANA. Certain other anomalies alerted me that something was going on. I could disconnect everything on my home network, leaving just the router connected to the cable modem, and still it would be energetically communicating with the internet.

   I installed Snort on one of my computers and learned that the router was sending hundreds of packets per minute to IANA. I have communicated with Linksys support. They seem unaware that such a problem could be occurring, but gave me instructions on how to update the firmware inside the router. The router refused the update.

Update 2.0: See this comment from Jim K., which offers a less malevolent explanation for what may be happening to docduke.

http://www.h-online.com/security/news/item/When-the-neighbour-s-wireless-router-sounds-the-attack-735759.html

 When the neighbour's wireless router sounds the attack

When thinking about viruses, worms and trojans, we usually think of the internet. But now scientists of Indiana University and of the Institute for Scientific Interchange (ISI) in Italy have investigated wireless networks as a potential platform for the distribution of worms, and have developed an epidemic model depicting how fast such a WiFi worm might spread across a city.

Wireless routers are especially interesting in this context. They are usually switched on permanently, are available to anyone and have become very popular. Although all models offer security features to protect them from unauthorised access, these features are often not activated by the user, or can be bypassed with very little effort. In the surveyed cities of Chicago, Boston, New York City, San Francisco Bay Area, Seattle and Indiana, the researchers estimate that only 20 to 40 percent of wireless routers operate with cryptographic features such as WEP or WPA enabled. These cities were selected because the public Wireless Geographic Logging Engine (WiGLE) provides sufficient data about the wireless networks available there. According to the WiGLE maps, it is already difficult to find a WiFi-free zone in areas like Manhattan.

A WiFi worm could infect hundreds of WLAN routers within a very short time.

Even with cryptographic features enabled, protection is by no means one hundred percent assured. WEP only represents a small hurdle and can be cracked with tools such as aircrack-PTW within a short period of time. Once this hurdle has been overcome, the router's access password needs to be guessed. The research suggests that users often leave their routers' default passwords in place. But even if the password were to be changed, the researchers estimate that it can be cracked in a maximum of 65,000 attempts (the size of the dictionary) in 25 percent of cases. Via the update feature, the worm can then be written into or even replace the firmware, and can then spy out further routers in its vicinity. All that the WiFi worm requires for this task is already available as packages in the OpenWRT Open Source router distribution: kismet, aircrack-NG/PTW etc.

The epidemic model developed by the study's authors - Hao Hu, Steven Myers, Vittoria Colizza and Alessandro Vespignani - suggests that several tens of thousands of routers could be infected with a worm within two weeks, most of them even within two days. To avoid the potential distribution of these so far only theoretical flying worms, users should be forced to change the default password of their router's configuration interface and to enable WPA functionality with passwords which cannot be guessed.

The variety of different router models it would encounter while it spreads might also inhibit a worm's distribution. However, the model used in this study did not include that parameter. To infect a WLAN router successfully, a WiFi worm would have to have specific firmware for each individual model. Even under the uniform OpenWRT platform there are numerous images for the various models.

http://apcmag.com/Content.aspx?id=3687

New worm can infect home modem/routers

Samantha Rose Hunt25 March 2009, 2:00 PM

A new botnet,

Link to comment
Share on other sites

I ran a telnet from the mac into there netgear router, and found a something, I dunno what it is, but it's not an ordinary config, at least that i know of. It looks like some sort of vpn , but it's defiantly not something these people have anything to do with.

So I would have to say this is an infected router, I'm going to save the config file when i get back out there tomorrow or the next day. (I should have exported it today ) .

None the less, they had a modem from 2003 , obviously not updated by the ISP (TWC)  I made a quick call to the ISP, telling them my thoughts that this modem's mac address was part of a botnet, I get home to read this, which would explain the config in the router. Thanks zalternate.

I'll re flash the firmware when i get back out there , after the new modem has been installed .

Link to comment
Share on other sites

So routers and MACs are no longer safe either.  :undecided: Where to hide next.

Anything to get a dig in on a mac, even though you know nothing about them , whatso ever. Probably never touched one, hell, I bet you may have never seen one in real life.  :haha:  But you stick that dig in there , even though it means nothing as far as the thread or the posts before t.  :2funny:
Link to comment
Share on other sites

http://www.pcworld.com/businesscenter/article/173824/microsofts_free_av_got_15_million_downloads_in_first_week.html

 

Microsoft's Free AV Got 1.5 Million Downloads in First Week

Robert McMillan, IDG News Service

Friday, October 16, 2009 12:10 PM PDT

Microsoft registered more than 1.5 million downloads of its free antivirus software in the week after it shipped.

The company's Security Essentials software is a basic antivirus program designed to appeal to Windows users who don't want to shell out the US$40 to $50 per year that most AV vendors charge. It was launched on Sept. 29, and by Oct. 6, the software had been downloaded more than 1.5 million times, according to a Thursday blog post by Microsoft.

The free AV software has proved popular with Microsoft's Windows 7 operating system, which is available to business users now, but set to be made widely available next Thursday. According to Microsoft, 44 percent of users are running Windows 7, followed by XP (33 percent) and then Vista (23 percent).

Though XP is not the most popular platform for Security Essentials, it's where the software is doing the most work. Microsoft counted 4 million total malware detections on more than 500,000 machines during the one-week period; 52 percent of them were on XP machines. Vista was next, with 32 percent of detections, followed by Windows 7, with 16 percent. "This follows our usual observed trend of seeing less malware on newer OSes and service packs," Microsoft said.

The U.S., China and Brazil were the top three countries reporting malware detections, with more than a quarter of all detections occurring in the U.S.

But the nature of the threats varies somewhat from country to country. "Trojans are the top detected category in the U.S., China has lots of potentially unwanted software threats, and worms (particularly Conficker) are very active in Brazil," Microsoft said. "There are also many exploits being encountered in China, which may mean these PCs do not have the latest security updates."

Security Essentials is available in 19 countries.

Antivirus vendors have predictably downplayed the effect of Microsoft's free AV efforts, but the product has received generally favorable reviews as a lightweight but generally effective security product. It competes head-on with AVG's free antivirus software, which has about 85 million users, AVG says.

Link to comment
Share on other sites

Let me turn this boat around! :2funny: :2funny: :2funny:

Has anyone tried Vipre by Sunbelt? I guess I'll install it on my spare desktop and get back! [nerdly]

http://www.sunbeltsoftware.com/

Interesting poll on the site.

Symantec and McAfee both got sued by New York for 'auto-renewing' peoples product purchases without permission. It's better for the product to warn that it is expiring.

And lets not forget that a company has your credit card number on file for anyone to steal, even though all servers are impervious to hackers and disgruntled employee's. :tickedoff:

Link to comment
Share on other sites

Havent used it coknuck, you ? 

What about clamwin , I use clamxav on the mac, and started implementing clamwin on clients machines, so far, in the last month or so there's been several detections, and nothing negative.

I do hope MSSE works out well, I would like to see something like this from MS, something that can be applied and work seamlessly with there software, as well as there OS.

Link to comment
Share on other sites

Anything to get a dig in on a mac, even though you know nothing about them , whatso ever. Probably never touched one, hell, I bet you may have never seen one in real life.  :haha:  But you stick that dig in there , even though it means nothing as far as the thread or the posts before t.  :2funny:

Hey, I've looked at the pics of them ......... :2funny: .... but honestly that was more of a compliment not taken properly. Macs and routers used to be the safe place to be. Now a day thats the challenge for hackers and virus etc... developers to target as they become more popular. And so they are no longer as safe as before.

By the way I thought you did not get defensive.  :wink:

look out!!! CAT FIGHT!!!!!

He started it dammit ! ! ! !
Link to comment
Share on other sites

By the way I thought you did not get defensive.  :wink:   

    Not getting defensive, just pointing out facts. It's your thoughts when you read, that give that interpretation of someone else's feelings. 

  Windows machines are just as safe as macs, thing is, where people visit, what they download, and open attachments is what causes the issues, let alone lack of the proper program.

                                                                               

                                                                                 

Link to comment
Share on other sites

To be honest there is little evidence of infection these days. Till its almost too late. Sometimes it just sits there transferring info quietly really, where and when you go places.  [nerdly]

true but i constantly get new updates for both of these programs everyday or every few hours. And no its not program updates.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...