I'd be interested in checking it out if you've got the ip handy. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:49 PM To: NT System Admin Issues Subject: Re: AV and malware protection?
No specific sites... well, actually I /can/ get the IP of one of the sites. The drive-by added bogus google and bing entries to the hosts file in an effort to have another vector on system [re]infection. Malwarebytes promptly blocks access to the Romainian IP in question. Not admin, not aware of any specific unpatched vulnerabilities - but its possible. I've seen the same set of infections on 4 systems in the past two weeks. These were all at different medical/dental clients. 1. Malwarebytes would have prevented it. 2. MSE got tooled. 3. Ultimately it took Kaspersky VRT and TDSSKiller to clean it. -- Espi On Fri, Oct 7, 2011 at 11:33 AM, Crawford, Scott <crawfo...@evangel.edu<mailto:crawfo...@evangel.edu>> wrote: Do you have any examples of sites that exploit this? Are other factors at play? Browsing with admin credentials or unpatched vulnerabilities? From: Micheal Espinola Jr [mailto:michealespin...@gmail.com<mailto:michealespin...@gmail.com>] Sent: Friday, October 07, 2011 1:26 PM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as "a joke". I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle <john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>> wrote: The current version of MSE? I think it's on v2.0 now. Of course, there's no substitute for careful behavior, as others have mentioned. I'm extremely cautious, and honestly can't recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John From: Micheal Espinola Jr [mailto:michealespin...@gmail.com<mailto:michealespin...@gmail.com>] Sent: Friday, October 07, 2011 1:20 PM To: NT System Admin Issues Subject: Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle <john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>> wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us<http://www.taylor.k12.fl.us> -----Original Message----- From: Eric Brouwer [mailto:ithelp.e...@gmail.com<mailto:ithelp.e...@gmail.com>] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
