jtd wrote:
On Sunday 02 December 2007 20:09, Rony wrote:
jtd wrote:
Besides sourceforge and similiar repos dont care whats on the server. You have to do the verification by checking the sigs. Debian uses md5 hashes in a Release file and gpg for sigining the Release file. u can therfore be reasonably sure that what u download is ok. Similiar schemes should exist for other distros too.
This virus does not reach the stage of executing after download. As soon as you click on the download link, instead of the file download beginning, the system goes into a reboot. It has got infected.
That IS execution.
True, but it happens only when clicking on download links for exe files. Otherwise net surfing and Java applications run fine.
On reboot, it brings in the bigger payload which causes irreversible damage as it reboots everytime an admin command is run.
That is a very poorly written virus. You want to have control rather than mindlessly rebooting the system, which will only make him paranoid. Maybe it's a side effect of preventing the av from execution as avs require admin privileges.
The AV cannot even detect the virus. 2 different updated ones tried.
If the net is shut off just before the system boots again, the bigger payload is kept away and the system can be restored to an earlier clean period.
You are assuming that it is restored. Once infected you have got to format. You just dont know what has been compromised particularly in with closed software. Unless you have a previous known good offline disk dump to restore from. With opensystems too the task of restoring a compromised system can be a real pain and would be undertaken only for forensic purposes.You are mostly better off reinstalling and patching up before going online.
The system was formated and reloaded. Just as I was leaving the place, I clicked on a download link for a software on download dot com and the same thing happened, but this time it could be recovered. The system is clean as I checked it with registry tools. The virus files are lying dormant, unused. Some were removed manually. They may get fully cleaned after a later AV update has its footprint.
This is something very recent
It is not, just that this virus has exposed itself.
Hmm.
That is what finally make systems secure - public scrutiny, full disclosure and public contribution. No amount of AV pasted on top of crap is going to change that. Ofcourse the very hard decision to change underlying bad design criteria, which will break all compatibility will never be taken for doze -it's entire edifice is built on that falsehood.
Very true.
The Government should make it mandatory to net based service providers like web portals, share trading sites, banks etc. to make their online services available cross platform so that subscribers are not forced to use only a particular OS. Those who charge for their online services should be forced to comply under the MRTP act or something similar.