Re: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

Someone in marketing failed. Sent from my BlackBerry® smartphone with Nextel Direct Connect -Original Message- From: Brian Richards Date: Thu, 29 Apr 2010 06:18:52 To: NT System Admin Issues Subject: Re: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds. Amusingly, just got

RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

Brian Richards [mailto:locomotive_breath_...@yahoo.com] Sent: Thursday, April 29, 2010 9:19 AM To: NT System Admin Issues Subject: Re: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds. Amusingly, just got an ad from Adobe which encourages us to "Interact with recipients by sendi

Re: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

Amusingly, just got an ad from Adobe which encourages us to "Interact with recipients by sending out PDF forms" http://direct.adobe.com/v?xPJJvHWEJnqWWclHJT Brian MCSE and stuff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

Re: Outlook 2K3 as non admin (was RE: WTF? Fake AV)

On Wed, Apr 28, 2010 at 5:17 PM, Jon Harris wrote: > I used to run Office 2000 pro as none admin without issues. Office 2000 couldn't edit images correctly without admin rights, unless you manually granted permissions on a registry branch under HKLM. There was also some other stupid thing like

Re: Outlook 2K3 as non admin (was RE: WTF? Fake AV)

Here as well. NT3.51, 4, 2k, etc. On Wed, Apr 28, 2010 at 2:17 PM, Jon Harris wrote: > I used to run Office 2000 pro as none admin without issues. > > Jon > > On Wed, Apr 28, 2010 at 3:51 PM, Ben Scott wrote: >> >> On Wed, Apr 28, 2010 at 1:19 PM, David Lum wrote: >> > ... I have Outlook 2003

Re: Outlook 2K3 as non admin (was RE: WTF? Fake AV)

I used to run Office 2000 pro as none admin without issues. Jon On Wed, Apr 28, 2010 at 3:51 PM, Ben Scott wrote: > On Wed, Apr 28, 2010 at 1:19 PM, David Lum wrote: > > ... I have Outlook 2003 working for non-admins and have for some years > now. > > Same here. We've been running Outlook 20

Re: WTF? Fake AV

.@sunbelt-software.com] > Sent: Wednesday, April 28, 2010 4:17 PM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > Erm, There are 115 known strains (and growing fast) of malware for the Mac. > That's why we are releasing a VIPRE client for the Mac in Q2. They have sol

RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

...@vaopera.org] Sent: Wednesday, April 28, 2010 5:07 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds. Thanks, Z! Sean Rector, MCSE -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 28, 2010 4:50 PM To

RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

Thanks, Z! Sean Rector, MCSE -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, April 28, 2010 4:50 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds. Gang there is another PDF exploit going on

RE: WTF? Fake AV

gov] Sent: Wednesday, April 28, 2010 4:33 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV Not sure what point you are disputing but 115 (total) versus 70,000 per day (your numbers from earlier today) is kind of lopsided. I'm not saying that 115 isn't enough to worry about, but if 115 in

RE: WTF? Fake AV

5 ezi...@lifespan.org -Original Message- From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Wednesday, April 28, 2010 4:33 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV Not sure what point you are disputing but 115 (total) versus 70,000 per day (your numbers from earlier

RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

currently) jademason.com. Adobe has said that the Launch functionality is a feature, not a bug. Adobe is looking into the issue, but has not said what action, if any, they intended to take to mitigate the danger. Their post on the matter does include directions for turning off this functiona

RE: WTF? Fake AV

y?!?! -Original Message- From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Wednesday, April 28, 2010 4:17 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV Erm, There are 115 known strains (and growing fast) of malware for the Mac. That's why we are releasing a VIPRE

RE: WTF? Fake AV

em Admin Issues Subject: RE: WTF? Fake AV And you are making the (rather dramatic, IMO) over generalization that Microsoft simply tells app vendors what to do and expects them to move at the drop of a hat. The reality is that MS has typically bent over backwards to ensure backwards compatibility (to

RE: WTF? Fake AV

ilvor...@gmail.com] > Sent: Wednesday, April 28, 2010 3:57 PM > To: NT System Admin Issues > Subject: Re: WTF? Fake AV > > On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare > wrote: > > A) hardware driver models are a somewhat different beast, and that's > > held true

Re: WTF? Fake AV

On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare wrote: > A) hardware driver models are a somewhat different beast, and that's > held true for many a platform, and isn't really germane to what we are > discussing here. The only point I was making (and the one you're determined to ignore, it

Re: Outlook 2K3 as non admin (was RE: WTF? Fake AV)

On Wed, Apr 28, 2010 at 1:19 PM, David Lum wrote: > ... I have Outlook 2003 working for non-admins and have for some years now. Same here. We've been running Outlook 2003 without admin rights since it was released. Come to think of it, I'm not sure I've *ever* run Outlook 2003 as an admin, ev

Re: WTF? Fake AV - resolved.

: Wed, April 28, 2010 12:32:22 PM Subject: Re: WTF? Fake AV - resolved. On 28 Apr 2010 at 8:16, Brian Richards  wrote: >    Hmmm, at home I've been telling Vipre to turn off Windows >    Defender - maybe time to re-think that strategy? I don't think you want to run two AV package

RE: WTF? Fake AV

] Sent: Wednesday, April 28, 2010 1:33 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV Let me restart. I agree that the MAC OS is not more secure because it has a less infection rate. Horrible way to justify security. It's a better security model because by default all users are non a

RE: WTF? Fake AV

es Subject: RE: WTF? Fake AV Let me restart. I agree that the MAC OS is not more secure because it has a less infection rate. Horrible way to justify security. It's a better security model because by default all users are non admins, and the installation of anything requires the root pass

RE: WTF? Fake AV

o the user context, and even if a user was higher privledge what does Win7 do to protect the kernel and main system files? -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 1:22 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV

Re: WTF? Fake AV

My experience has been varied on the issue. A basic Outlook install works fine without local admin. Things change when you start using Outlook add-ins. Some aren't as well behaved as others. On 4/28/2010 12:27 PM, Steven M. Caesare wrote: > I’ve supported email since Outlook eclipsed the “Exchan

Re: WTF? Fake AV

Office '97 absolutely had problems with the spell checker when you weren't local admin. There were permissions changes you could make to the registry keys to work around the issue. In my experience Office 2000 was the first version to fix that. On 4/28/2010 12:25 PM, Maglinger, Paul wrote: > Micr

RE: WTF? Fake AV

I've supported email since Outlook eclipsed the "Exchange Client", on platforms since NT4.0 and I don't recall this. -sc From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Wednesday, April 28, 2010 1:21 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV

RE: WTF? Fake AV

Likewise. I dunno what Bill is experiencing. -sc From: Steve Ens [mailto:stevey...@gmail.com] Sent: Wednesday, April 28, 2010 1:18 PM To: NT System Admin Issues Subject: Re: WTF? Fake AV No, I have all my users running Outlook (2003 and 2007 and 2010) without any special group

RE: WTF? Fake AV

10 12:21 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV I can no longer remember the details, and, as I tried to express, I'm sure there was a way to make it work. But, I am certain that it did not work in a default configuration. It is possible that it was an issue with Windows

RE: WTF? Fake AV

. Sorry for any confusion I generated with my spotty memory. Bill Mayo From: Mayo, Bill Sent: Wednesday, April 28, 2010 1:21 PM To: 'NT System Admin Issues' Subject: RE: WTF? Fake AV I can no longer remember the details, and, as I tried to express

RE: WTF? Fake AV

w years, much more sensible in terms of defaults, IMO. -sc > -Original Message- > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: Wednesday, April 28, 2010 1:05 PM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > Ok, Steven. As you say, the

RE: WTF? Fake AV

Mayo From: Steve Ens [mailto:stevey...@gmail.com] Sent: Wednesday, April 28, 2010 1:18 PM To: NT System Admin Issues Subject: Re: WTF? Fake AV No, I have all my users running Outlook (2003 and 2007 and 2010) without any special group membership...just regular users.

Outlook 2K3 as non admin (was RE: WTF? Fake AV)

o:bem...@pittcountync.gov] Sent: Wednesday, April 28, 2010 10:03 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV That one sent me to Google. The quote is accurate, but I thought the stated reason was interesting as well. As I interpet it, he says that in most any browser it is easy to find bug

Re: WTF? Fake AV

reference the LUA Buglight > comment above.) > > Bill Mayo > > -Original Message- > From: Steven M. Caesare [mailto:scaes...@caesare.com] > Sent: Wednesday, April 28, 2010 1:07 PM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > " I mean, when you

RE: WTF? Fake AV

trator permissions to run. (Again, reference the LUA Buglight comment above.) Bill Mayo -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 1:07 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV " I mean, when you cannot eve

RE: WTF? Fake AV

> From: Mayo, Bill [mailto:bem...@pittcountync.gov] > Sent: Wednesday, April 28, 2010 1:03 PM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > That one sent me to Google. The quote is accurate, but I thought the stated > reason was interesting as well. As I interpet

RE: WTF? Fake AV

M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 12:54 PM To: NT System Admin Issues Subject: RE: WTF? Fake AV A) hardware driver models are a somewhat different beast, and that's held true for many a platform, and isn't really germane to what we are discussing here. B) M

RE: WTF? Fake AV

, April 28, 2010 12:27 PM To: NT System Admin Issues Subject: Re: WTF? Fake AV On 28 Apr 2010 at 11:00, Steven M. Caesare wrote: > > While I am not a huge fan of MACS, their security model is obviously > > much > better than Windows > > I'd suggest that's an ill-d

RE: WTF? Fake AV

ng the OS, not the apps written for them Using AV infection #'s to compare those things and draw the conclusion he did is no accurate, IMO. -sc > -Original Message- > From: Ben Scott [mailto:mailvor...@gmail.com] > Sent: Wednesday, April 28, 2010 12:47 PM > To: NT System

Re: WTF? Fake AV

On Wed, Apr 28, 2010 at 11:56 AM, Steven M. Caesare wrote: >> " But when Microsoft wants to, say, create a new API for something, they >> just do, and abandon the old one, and everyone else has to play catchup" > > I guess I haven't seen those multitude of Technet > articles ... Yah, tell that

Re: RE: WTF? Fake AV

al Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 11:20 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV I'm not sure how you draw the conclusion that it probably wouldn't be as bad. I'd also suggest that... > From: Ca

Re: RE: WTF? Fake AV

I've seen low incidents of these types of issues with both Win7 and Vista with UAC enabled. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 28, 2010 10:19 AM, wrote: Are there any reports out there that show Windows 7 running with UAC that its minimizes the infections of

Re: RE: WTF? Fake AV

- *From:* David W. McSpadden [mailto:dav...@imcu.com] *Sent:* Wednesday, April 28, 2010 9:02 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV Trend Security Essentials AVG Are all suspect of the same problem so don’t make it a singular ran... ~ Finally, powerful endpoint secur

Re: WTF? Fake AV - resolved.

On 28 Apr 2010 at 8:16, Brian Richards wrote: > Hmmm, at home I've been telling Vipre to turn off Windows > Defender - maybe time to re-think that strategy? I don't think you want to run two AV packages simultaneously -- that's just asking for trouble. I'd like to see a command-line

Re: WTF? Fake AV

On 28 Apr 2010 at 11:00, Steven M. Caesare wrote: > > While I am not a huge fan of MACS, their security model is obviously much > better than Windows > > I'd suggest that's an ill-drawn conclusion. +1. Charlie Miller, the Pwn20wn champ three years running, hacks Macs by choice over Windows be

RE: WTF? Fake AV

likely because it's intercepting hardware requests). Dave -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, April 28, 2010 8:49 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV FYI... in Windows Vista/7, you do not have to "run as administrat

RE: WTF? Fake AV

mailto:mailvor...@gmail.com] > Sent: Wednesday, April 28, 2010 11:52 AM > To: NT System Admin Issues > Subject: Re: WTF? Fake AV > > On Wed, Apr 28, 2010 at 11:27 AM, John Aldrich > wrote: > > If the Microsoft security model is so good, why did it take them so > > lo

RE: WTF? Fake AV

-Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 11:47 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV The model is fine. I'll agree the transition from the default needed to happen. But quite frankly it would have bro

Re: WTF? Fake AV

On Wed, Apr 28, 2010 at 11:27 AM, John Aldrich wrote: > If the Microsoft security model is so good, why did it take them so > long to make it harder to run as a local admin by default? It's not the Windows security model, but rather, Microsoft's apathy and lack of clue which has led to so many

RE: WTF? Fake AV

> Sent: Wednesday, April 28, 2010 11:37 AM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > Yes, but "out of the box" were you a local admin or a "user"? > > > > > -Original Message- > From: Steven M. Caesare [mailto:scaes

RE: WTF? Fake AV

eclare its need for automatic elevation to admin by including a manifest file. Carl -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, April 28, 2010 11:35 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV Steven, I understand where you

RE: WTF? Fake AV

I've been creating users as non-admins for years now. Long before OS X even had the concept. -sc > -Original Message- > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: Wednesday, April 28, 2010 11:35 AM > To: NT System Admin Issues > Subject: RE:

RE: WTF? Fake AV

ilto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 11:26 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV I'd suggest that's a people problem, not a platform problem. -sc > -Original Message- > From: Carl Houseman [mailto:c.house...@gmail.com] > Sent: Wednesday, Apr

RE: WTF? Fake AV

There are indeed some security/delegation models I'd suggest are better. -sc > -Original Message- > From: Matthew W. Ross [mailto:mr...@ephrataschools.org] > Sent: Wednesday, April 28, 2010 11:29 AM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > >

RE: WTF? Fake AV

Not apps. -sc > -Original Message- > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: Wednesday, April 28, 2010 11:28 AM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > While it's a nice debate, there's really no way to prove which is be

RE: WTF? Fake AV

Yes, but "out of the box" were you a local admin or a "user"? -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 11:24 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV Funny.. .I've been able to ru

RE: WTF? Fake AV

to be in place. Simple economics and marketing beating out security. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, April 28, 2010 11:28 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV While it's a nice debate, there's r

RE: WTF? Fake AV

t;local admin" group, you may still have to manually use "run as an >administrator" to install software. -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 11:26 AM To: NT System Admin Issues Subject: RE: WTF?

RE: WTF? Fake AV

System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Wed, 28 Apr 2010 08:19:32 -0700 Subject: RE: WTF? Fake AV > I'm not sure how you draw the conclusion that it probably wouldn't be as > bad. > > I'd also suggest that there's a significant anti-MS sentime

RE: WTF? Fake AV

M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 11:20 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV I'm not sure how you draw the conclusion that it probably wouldn't be as bad. I'd also suggest that there's a significant anti-MS sentiment th

RE: WTF? Fake AV

I'd suggest that's a people problem, not a platform problem. -sc > -Original Message- > From: Carl Houseman [mailto:c.house...@gmail.com] > Sent: Wednesday, April 28, 2010 11:23 AM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > It wouldn&#

RE: WTF? Fake AV

ars ago is immaterial. -sc > -Original Message- > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: Wednesday, April 28, 2010 11:14 AM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > You don't think the unix security model helps at al

RE: WTF? Fake AV

day, April 28, 2010 11:20 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV I'm not sure how you draw the conclusion that it probably wouldn't be as bad. I'd also suggest that there's a significant anti-MS sentiment that makes it a specific target. Along with the fact t

RE: WTF? Fake AV

rus infection target rate a non-linear exercise. -sc > -Original Message- > From: Carl Houseman [mailto:c.house...@gmail.com] > Sent: Wednesday, April 28, 2010 11:13 AM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > I started to reply to that remark to

RE: WTF? Fake AV

+1 -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, April 28, 2010 10:00 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV > While I am not a huge fan of MACS, their security model is obviously much > better than Windows I

RE: WTF? Fake AV

From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Wednesday, April 28, 2010 11:08 AM To: NT System Admin Issues Subject: Re: WTF? Fake AV +1 UAC may be a pain in the arse but it *works*. A lot of the malware I see these days limits itself to the context of the user's account. The executab

RE: WTF? Fake AV

April 28, 2010 11:00 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV > While I am not a huge fan of MACS, their security model is obviously much > better than Windows I'd suggest that's an ill-drawn conclusion. -sc > -Original Message- > From: gre

Re: WTF? Fake AV - resolved.

On 28 Apr 2010 at 10:28, John Aldrich wrote: > All the more reason to use FireFox with Ad-Block and FlashBlock plugins > installed. ;-) Also use DropMyRights on all browsers if you have to log in as a Local Admin. Unfortunately the original MSDN post describing DMR is gone. You can get it

RE: WTF? Fake AV

2010 11:08 AM > To: NT System Admin Issues > Subject: Re: WTF? Fake AV > > +1 > > UAC may be a pain in the arse but it *works*. A lot of the malware I see > these days limits itself to the context of the user's account. The executables > are dropped somewhere under %APPD

Re: WTF? Fake AV

+1 UAC may be a pain in the arse but it *works*. A lot of the malware I see these days limits itself to the context of the user's account. The executables are dropped somewhere under %APPDATA% and the registry changes are written to HKCU. The only thing that keeps Macs relatively malware-free is

RE: WTF? Fake AV

Wednesday, April 28, 2010 10:19 AM > To: NT System Admin Issues > Subject: RE: WTF? Fake AV > > Are there any reports out there that show Windows 7 running with UAC that > its minimizes the infections of spyware. > While I am not a huge fan of MACS, their security model is obviously

Re: WTF? Fake AV - resolved.

On Wed, Apr 28, 2010 at 10:28 AM, John Aldrich wrote: > All the more reason to use FireFox with Ad-Block and FlashBlock plugins > installed. ;-) NoScript gives excellent protection against all manner of script-based acts. It's something of a pain in the butt to maintain the whitelist (especia

RE: WTF? Fake AV

From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Wednesday, April 28, 2010 7:19 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV Are there any reports out there that show Windows 7 running with UAC that its minimizes the infections of spyware. While I am not a huge fan

RE: WTF? Fake AV

: WTF? Fake AV Everyone seems to be having these issues of the rogues slipping through. Not just any one AV. 70 thousand or so new ones released daily so it is difficult for anyone to keep up. More explained here by Eric Howes http://www.sunbeltsecuritynews.com/ Regards, Tammy Stewart Malware

RE: WTF? Fake AV

Everyone seems to be having these issues of the rogues slipping through. Not just any one AV. 70 thousand or so new ones released daily so it is difficult for anyone to keep up. More explained here by Eric Howes http://www.sunbeltsecuritynews.com/ Regards, Tammy Stewart Malware Removal Special

RE: WTF? Fake AV

run a scan that way! -Original Message- From: Luke [mailto:tesla...@gmail.com] Sent: Wednesday, April 28, 2010 9:55 AM To: NT System Admin Issues Subject: RE: WTF? Fake AV I will second that... You must realize that many of these viruses have the ablilty to either turn of your Virus

RE: WTF? Fake AV

I will second that... You must realize that many of these viruses have the ablilty to either turn of your Virus Protection or slip under the radar so-to-speak. The AV software developers are up against a lot when you consider that a lot of these viruses are either updated or morph daily or ev