This is a kosher program, yes?
This is a kosher program, yes?
And just as bad as some of the things it identifies. Any program that uses kosher cookies as the means to bulk out its results is no better than what it aims to clean, IMO. I'm personally very suspect of it and have stopped using it in favour of Malwarebytes/Spybot. None of them are 100% effective on their own though.
The amount of times staff bring laptops in and find they have been borked by installing fake security software is unbelievable.
Why is it seamingly inteligent people can ignore well known policy in favour of PRODUCT X whenever a site asks tells them to?
And there is lots of it around, some is listed here. but the site appears to be out of date now.
too right :( Acceptable Use for staff laptops in a few of my schools has been updated to ask that people do not change the anti-virus solutions installed, or install any 3rd party solution at least without consulting the right people (me or ICT Coordinator) first. I'm actually quite pleased that most "offenders" have been doing it with the likes of AVG, so I know they're not entirely unprotected, however for licensing reasons and the "Why is it nagging me about buying AVG?" support requests, it needs to stop.
I'm generally unhappy with the whole perception of malicious software, and I'm not happy with putting the blame with the users in this instance. "We have McAfee installed and up to date as supplied by our LEA - why hasn't it even warned me that I have 843 infections on my PC?"
Those infections of course are not viral - they're trojan or worm based, and quite often adware which leads to further aforementioned infections. But the average joe isn't to know the difference between them, nor should they have to. That leaves it in our hands to protect them further both with software and user education, both of which is time consuming to administer and support.
I've certainly had 1 case not too long ago where someone's husband had installed SuperAntiSpyware and found 300 "nasty evil tracking cookies which are watching my every move and recording my bank details"
It had to take a fair bit of explaining that the first 200 were all from eBay which will not actually work without those very cookies and the rest were from other legitimate sites in the same situation.
"Oh, that helps with my next question then - Ebay no longer works...."
DEP & SEHOP for all processes and/or using restricted user accounts helps a lot too. Ideally staff should also use standard user accounts on their home computers but they rarely do this.
Many of these rogue anti-virus/malware applications exploit vulnerabilities in your browser and/or plugins (Flash Player, Adobe Reader and Java usually) to show the initial popup or install themselves. Some like the infamous "XP AntiVirus" are almost impossible to get rid of once they appear on your screen (unless you use Task Manager to kill the browser process) so I can understand why staff click on them. :(
One thing I do not understand though is, why do people not question the Windows XP-style popups that tell them them are infected on a computer running Vista or Windows 7. Surely the fact that the UI is different should be a huge clue that it is fake?
MalwareBytes, RootRepeal and SpywareBlaster are my current favourites (along with some of the utilities listed in this guide). I don't know if it has improved recently, but everytime I have used Spybot it always took an eternity to scan the hard drive which is why I stopped using it.