Cruisers Forum

  This discussion is proudly sponsored by:
Please support our sponsors and let them know you heard about their products on Cruisers Forums. Advertise Here
Thread Tools Search this Thread Rate Thread Display Modes
Old 04-11-2011, 12:01   #31
Registered User
engele's Avatar

Join Date: Oct 2009
Location: On the boat -> PNW -> Mexico -> Central America
Boat: Seafarer 38
Posts: 360
Re: Malware Warning

Yet another reminder to choose a more secure OS.
engele is offline   Reply With Quote
Old 04-11-2011, 13:57   #32
Registered User
capn_billl's Avatar

Join Date: Aug 2010
Location: Naples, FL
Boat: Leopard Catamaran
Posts: 2,580
Re: Malware Warning

Originally Posted by TaoJones View Post
I'm probably a bit too paranoid, capt_bill, but I've always suspected that government spooks have "encouraged" Microsoft not to fix these known vulnerabilities so the spooks can easily conduct their cyberwar battles, ala Stuxnet - Wikipedia, the free encyclopedia.

Thats the subject of a whole new thread, but ...

Clipper Chip - Technical definition of Clipper Chip
capn_billl is offline   Reply With Quote
Old 06-11-2011, 04:31   #33
Registered User
Don1500's Avatar

Join Date: Jul 2010
Location: On Board, just above the water
Boat: Camano Troll 31'
Posts: 1,201
Re: Malware Warning

anyone know if Sailnet is back up?

Opps, yes it is.
The Nomad Blog Mother, mother ocean, I have heard you call
Everything I know about cruising I learned from Travis McGee -
Don1500 is offline   Reply With Quote
Old 06-11-2011, 08:58   #34
cat herder, extreme blacksheep

Join Date: Jul 2008
Location: furycame alley , tropics, mexico for now
Boat: 1976 FORMOSA yankee clipper 41
Posts: 18,967
Images: 56
Re: Malware Warning

braved it last night and didnt lose my puter...
zeehag is offline   Reply With Quote
Old 14-11-2011, 06:00   #35
Registered User
svHyLyte's Avatar

Join Date: Mar 2006
Location: Tampa Bay area, USA
Boat: Beneteau First 42
Posts: 3,961
Images: 25
Re: Malware Warning--Again!!!

It seems that SailNet has been reinfected. I attempted to connect this AM and our system went bonkers. The follwoing is the Avast blocking message:

Infection Details

URL:javascript:false;Process:file://C:\Program Files\Internet Explore...Infection:html:Iframe-inf
Warn your friends to avoid this website
Other messages followed in quick succession as I attempted to maneuver away from the site without shutting down our system which I finally did.
"It is not so much for its beauty that the Sea makes a claim upon men's hearts, as for that subtle something, that quality of air, that emanation from the waves, that so wonderfully renews a weary spirit."
svHyLyte is offline   Reply With Quote
Old 10-11-2019, 00:12   #36
Registered User

Join Date: Nov 2015
Location: 60 miles west of Death Valley, California
Boat: self propelled trailerable aluminum hybrid multihull 35' being designed/built for Alaska/BC.
Posts: 36
Re: Malware Warning

there are signs of US Gov internal data gathering in USA's current political cyber state paranoia so info security should not be forgotten.
quahauq is offline   Reply With Quote
Old 10-11-2019, 02:45   #37
Registered User

Join Date: Feb 2017
Location: Med
Boat: Dufour 455 GL
Posts: 218
Re: Malware Warning

Originally Posted by svHyLyte View Post
Back for lunch and discovered that the various scans of our home system all indicate "No Threats Detected". With that I used Spybot's "File Shredder" to dispose of the above referenced file and a Drive Wiper to wipe all of the "free space" on our hard drive. Unfortunately, I really don't know enough about the workings of these systems to know whether the machine is really clean or not. I must say that I long ago disabled "Automatic Updates" on as many files as possible as I found most up-dates caused more problems than they solved. The fastest and least problem-some computer we have is a Laptop that does not speak to the internet at all. (Frankly, to me a computer is nothing more than an adding machine with a bad attitude.)

Now. The question is--who's going to venture over to SailNet to determine when if their site has been disinfected? (Not Moi!)
If malicious payload has been placed in your user profile (desktop), your machine's security has been compromised.

Deactivating automatic installation of operating system updates is unwise, and the longer a machine is deprived of security patches, the more vulnerable it becomes.

"Updates cause more problems than they solve" is simply not true. Tens of millions of computers worldwide run modern general-purpose software, and automatic security updates are appropriate for all except a vanishingly small percentage of special-purpose systems. It is a bad idea to fall prey to the loud opinions of conspiracists and self-declared experts who claim to know more than the teams of professionals who create and maintain operating systems.

Following three straightforward principles will protect against the vast majority of threats:

1) Religiously apply all official operating system updates.
2) Select an anti-malware suite from a reputable vendor, and ensure it too is receiving regular updates.
3) Use a low-powered non-administrator account 99% of the time, except when deliberately intending to make operating system configuration changes.
LongRange is offline   Reply With Quote
Old 10-11-2019, 03:25   #38
Registered User

Join Date: Feb 2017
Location: Med
Boat: Dufour 455 GL
Posts: 218
Re: Malware Warning

Originally Posted by capn_billl View Post
One of the things I've always hated about Windows, is it's complete lack of security. Example: Load a picture, (ok), the picture has executable code in it, (does Windows alarm - this is not a valid picture file - No!), it tries to run the code, the code wants to reformat the hard drive, OK, The code wants to modify the operating system , OK.
Not true. There is a vast difference between executable code and the content of a photo. Content misrepresentation attacks are decades old, and modern OSs are highly resistant to the kind of simplistic trickery you describe.

To prove it to yourself, make a copy of C:\Windows\Notepad.exe, rename it to JustAPhoto.JPG, and then double-click the file.

Originally Posted by capn_billl View Post
AN HTML file is loaded from the internet, should be a hypertext file, but wait it has executable code in it too, it wants to modify root track, OK. It wants to scan hard Drive for passwords, and insert a trojan horse making your computer a slave, OK!
Nah, browsers too are highly resistant to that type of simplistic attack, and they will not run downloaded compiled code, just because it is lurking in an HTML file.

Originally Posted by capn_billl View Post
The antivirus software tries in vain to stop it by checking to see what happens after the code executes, and checking against a list of existing virusus. Step 1 disable antivirus software, step two prompt you to send more money to antivirus software company to fix it.
The vast majority of AV software relies on real-time scanning of executables for patterns corresponding to malware _before_ the executable is allowed to run. If something suspicious is detected, the AV will seek to prevent execution. That is called static analysis. Suspect code is analysed by looking at it in dormant form.

"Checking to see what happens after the code executes" is called dynamic analysis, and it is very rare. It entails a sandbox environment where potential damage is contained, significant hardware horsepower to generate detailed before-and-after comparisons, and automated or manual smarts to gauge whether or not the effect is actually malicious. Dynamic analysis is the domain of security researchers, specialised hardware appliances used by very large companies, and AV software vendors themselves. Home and small-office PCs are not doing dynamic analysis.

Originally Posted by capn_billl View Post
All of this could be fixed by simply not allowing, (auto updates)
Terrible advice.

The moment an update is released by Microsoft/Apple/Google, everyone ranging from state-level actors to naughty 14 year olds start disassembling it in the hope of understanding the nature of the vulnerability which is addressed by that update. Within hours, sophisticated attackers typically understand the defect, and perhaps how to exploit it, even if they had no idea that a vulnerability existed in that area before the update was released.

Those who deactivate automatic updates, and go out of their way to keep their machine behind the times, even though it is connected to the public Internet, are thus "just asking for it", to use a highly technical phrase

Originally Posted by capn_billl View Post
I can't even begin on the idea of putting in a feature in Windows allowing anyone to remote in at any time and "update" the operating system.
There is no such feature in Windows.
LongRange is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Advertise Here

All times are GMT -7. The time now is 16:41.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.