New
#60
How do people here rate Microsoft's own Windows Defender Offline?
It is supposed to scan for rootkits, too.
Microsoft Security Essentials Scores Incredibly Well in New Antivirus
-
-
New #61
With deference to the Count (since I haven't seen him being wrong in any post). I believe they are certain types of malware that can be triggered by the preview pane. Personally, I have disabled this feature in Outlook. Could be wrong, but was told this by a very highly placed specialist in government security of one alphabet agency. They however are very paranoid and it might not apply to the normal user. It was a passing comment and I might have read more into it.
-
New #62
Ok I got to ask, do you guys mean using outlook mail app on your desktop, OR logging in to outlook.com on the web??? I use outlook.com for most of my emails, it always finds 95% of my junk mail and moves it to the junk folder. I've used outlook.com from the web for years. Now I don't know if its protects you better or not, but I would think it just might. I know that the junk filter on the web works REAL Well. :)
-
New #63
I use Microsoft Outlook 2010 . On the road I will go for the web version. Since my clients are the financial institutions, I tend to be a little paranoid myself.
-
New #64
-
New #65
I meant the Outlook desktop program which is part of the Microsoft Office suite.
The preview pane is very convenient for me, and for short emails (which is maybe 90% of my emails) the preview pane is all I need to be productive, i.e. delete, reply, etc. all done from the preview pane. I would have thought that Microsoft (Windows Defender) and presumably other AV products would protect the very common Outlook preview pane from malware (?)
What bad things could be attributed to the Outlook preview pane?
-
New #66
Windows Defender "offline" is very good and popular also , most AV manufacturers offer a "rescue disk" of some type and they have been around for years .
I am one who would rather just format and re install if i knew there was a rootkit present because once a system has been compromised it's impossible to tell if it's truly trustworthy again .
Rootkits download all types of other nasties including "backdoor" Trojans which can be a cause of re infection even after you think you have eliminated the rootkit .
The below is a "must read" by Microsoft and anybody who is infected should take it very seriously :
The below was written by one of Microsoft's chief security experts , forgive my not knowing his name .
QUOTE]Cleaning a Compromised System
So, you didn’t patch the system and it got hacked. What to do? Well, let’s see:
- You can’t clean a compromised system by patching it. Patching only removes the vulnerability. Upon getting into your system, the attacker probably ensured that there were several other ways to get back in.
- You can’t clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can’t find any more may only mean you don’t know where to look, or that the system is so compromised that what you are seeing is not actually what is there.
- You can’t clean a compromised system by using some “vulnerability remover.” Let’s say you had a system hit by Blaster. A number of vendors (including Microsoft) published vulnerability removers for Blaster. Can you trust a system that had Blaster after the tool is run? I wouldn’t. If the system was vulnerable to Blaster, it was also vulnerable to a number of other attacks. Can you guarantee that none of those have been run against it? I didn’t think so.
- You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them.
If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it. Note that if you can guarantee that the only thing that compromised the system was a particular virus or worm and you know that this virus has no back doors associated with it, and the vulnerability used by the virus was not available remotely, then a virus scanner can be used to clean the system. For example, the vast majority of e-mail worms rely on a user opening an attachment.
In this particular case, it is possible that the only infection on the system is the one that came from the attachment containing the worm. However, if the vulnerability used by the worm was available remotely without user action, then you can’t guarantee that the worm was the only thing that used that vulnerability. - It is entirely possible that something else used the same vulnerability. In this case, you can’t just patch the system.
- You can’t clean a compromised system by reinstalling the operating system over the existing installation. Again, the attacker may very well have tools in place that tell the installer lies. If that happens, the installer may not actually remove the compromised files. In addition, the attacker may also have put back doors in non-operating system components.
- You can’t trust any data copied from a compromised system. Once an attacker gets into a system, all the data on it may be modified. In the best-case scenario, copying data off a compromised system and putting it on a clean system will give you potentially untrustworthy data. In the worst-case scenario, you may actually have copied a back door hidden in the data.
- You can’t trust the event logs on a compromised system. Upon gaining full access to a system, it is simple for an attacker to modify the event logs on that system to cover any tracks. If you rely on the event logs to tell you what has been done to your system, you may just be reading what the attacker wants you to read.
- You may not be able to trust your latest backup. How can you tell when the original attack took place? The event logs cannot be trusted to tell you. Without that knowledge, your latest backup is useless. It may be a backup that includes all the back doors currently on the system.
- The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Alternatively, you could of course work on your resume instead, but I don’t want to see you doing that.
This list makes patching look not so bad, yes? We may hate patches, but the alternative is decidedly worse.
[/QUOTE]
From Fredc
The reason i included the above is because many users who get compromised even with the really nasty malware will much prefer to use all the scanners and rescue disks to get rid of it even when malware removal experts advise otherwise.
If you end up with a rootkit just wipe and re install , it's a much more trustworthy solution in the long run.
-
New #67
-
New #68
It's also a good form to change passwords for everything after real or suspected infestation if you are not doing it regularly.
-
-
New #69
Just to be clear, I don't have a rootkit infection. I just happen to came across this thread and it scared the h... out of me.
Anyway, if push comes to shove (God forbid) I don't see much of an issue with wiping the HDD and re-installing the programs. However, data loss is a huge problem, e.g. Outlook data files that may go back for many years and may be relevant for many years to come, think long-term programs/operations.
What are the best practices to prevent data loss?
Quote
Related Discussions
