Login    Forum    Search    FAQ

Board index » Upgrading and Repairing Forum » Scott's Tips




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Tue Dec 08, 2009 11:08 am 
Offline

Joined: Thu Mar 08, 2007 3:11 pm
Posts: 127
Location: Ohio
QUOTE from Scott above: "Using my incredible mad search skillz, I was able to find an excellent up-to-date collection of the latest Atheros reference drivers."

Scott, when I clicked on the Google search link (http://lmgtfy.com/?q=atheros+ar5005g+driver) there were at least two sites that Norton Internet Security identified as unsafe. I would not have known that these were unsafe without the Norton icons next to the website links to tell me. I know that you consider Norton to be "malware." Nonetheless, I appreciate the protection I get from Norton for situations just like this. Without Norton to tell you, how do you avoid clicking on malicious sites?

Thanks for the great info in this topic!

Brad


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Tue Dec 08, 2009 11:59 am 
Offline
Site Admin

Joined: Sun Feb 04, 2007 11:44 am
Posts: 5823
Quote:
Without Norton to tell you, how do you avoid clicking on malicious sites?

I don't! In doing my research I often end up visiting "unsafe" and/or malicious sites. Yet even with *no* anti-malware software running, I never have any malware problems.

How can that be? Mainly for two reasons: The first is that I keep up-to-date with Windows updates, which pretty much eliminates the possibility of anything being installed on my system without my active participation (i.e. without tricking me into installing something). And the second is that I am distrusting, skeptical and suspicious, and simply cannot be tricked into installing anything I don't specifically know of or want. In rare cases where an unsavory site manages to pop up a window or dialog that I believe is untrustworthy (most commonly in the form of a fake malware or security alert), rather than actively clicking anywhere on it (the "Cancel" may really mean "Run"), I open Process Explorer or the Windows Task Manager and kill it.

Bottom line: If you can't be tricked into injecting yourself with the disease, then you don't need the "cure". An educated, skeptical user is a better anti-malware agent than any of the bog-your-system-down anti-malware software I've ever seen. <g> Scott.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Tue Dec 08, 2009 12:08 pm 
Offline

Joined: Sat Nov 28, 2009 6:49 pm
Posts: 270
Location: Pearl Ms
Right on Scott, I roam the net all the time with no virus protection or malware ect, and I never run into problems. Like you say, one just has to be on the look out, and noticing bogus stuff kind of becomes second nature.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Wed Dec 09, 2009 6:24 am 
Offline

Joined: Thu Mar 08, 2007 3:11 pm
Posts: 127
Location: Ohio
Scott, I would appreciate some more clarification on this topic, if you don't mind. I'm trying to understand malicious software a lot better and your postings keep bringing questions to my mind.

For instance, Norton identifies the threat on one of the sites as Spyware.Perfect at the link "http://www.soft32.com/download/63-253156-1/i_bpk2007.exe." I don't know what that looks like on the actual page (because I didn't want to go to the page), but if someone titled that link as "Atheros Driver AR5005G," how would I know that it is spyware and not a legitimate driver? Wouldn't it be easy for someone to name a downloader or trojan file with what looks like a legitimate driver file name and trick the unknowing user into downloading and executing that file? Furthermore, aren't there viruses or other malicious software that download immediately upon visiting a particular website?

Interestingly, I noticed this related article today about fradulent websites that trick search engines into placing their listings in the top search results: http://www.msnbc.msn.com/id/34331938/ns ... d_gadgets/

Thanks so much,
Brad


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Wed Dec 09, 2009 10:53 am 
Offline

Joined: Tue Nov 17, 2009 12:57 pm
Posts: 0
I put AVG on my hp mini 1000 after using it for several months without any anti spyware.

It found a doubleclick cookie.

My hard drive light flickered all the time, even when not on the net and just using it for reading ebooks.

I turned it off because I am afraid it will wear out the hard drive.


http://i180.photobucket.com/albums/x218 ... ure043.jpg

My study lab. I can ride the bike and read the books at the same time without my glasses on !

Love the ebooks ! Thanks for including them !


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Thu Dec 10, 2009 6:36 am 
Offline
Site Admin

Joined: Sun Feb 04, 2007 11:44 am
Posts: 5823
Quote:
Wouldn't it be easy for someone to name a downloader or trojan file with what looks like a legitimate driver file name and trick the unknowing user into downloading and executing that file?

Of course it would! And that is exactly the mindset you should have: distrusting, skeptical and suspicious.

Quote:
For instance, Norton identifies the threat on one of the sites as Spyware.Perfect at the link "http://www.soft32.com/download/63-253156-1/i_bpk2007.exe" I don't know what that looks like on the actual page (because I didn't want to go to the page),...

I did, and unfortunately the download link doesn't work. I've never used Soft32.com before, so I don't consider it implicitly trustworthy, and since I can't download the file in question, I guess I won't have a chance to confirm. In any case, the driver version offered there is so old I didn't even consider it anyway.

Quote:
...but if someone titled that link as "Atheros Driver AR5005G," how would I know that it is spyware and not a legitimate driver?

You wouldn't. (Well you might, I mean I would, but more on that later...) Here is where the distrusting, skeptical and suspicious mindset must be combined with a little common sense and some experience. In the end, unless you want to write your own OS, software, drivers, etc. you have to trust *somebody* at least *sometimes*. The simple answer is that you use your knowledge and experience, combined with some common sense to decide who or what is trustworthy or not. See in my previous post where I said:

    "Where possible, I prefer to download the latest drivers directly from the chipset manufacturer. Unfortunately unlike many other device manufacturers, Atheros does not provide drivers to end-users, meaning they can't be downloaded from the Atheros site."

By default I consider both the device OEM and the chipset mfr. as trusted sources, which is one reason why I only download drivers from them where possible. For example, just last night I was at a friend's house, and he mentioned he was having problems with his Linksys WMP600N Wireless-N card, where it wasn't staying connected and the Linksys Wireless Manager software was making him click a button to reconnect every time that happened. He was kind of far from the access point, and had low signal strength, but I thought I'd see if I could improve the situation. The first thing I did was to uninstall the Linksys "Manager" software, telling him that he should just use Windows built-in software to manage the wireless connection, and that most of those client manager programs are garbage. Windows has a setting to automatically "Connect when this network is in range", which would prevent him from manually having to click to reconnect if the connection momentarily dropped. Then I looked at his driver and decided to see if a newer one was available. He was using v1.2.1, and Linksys had a newer v.1.4.3 available (which I would implicitly trust, being from Linksys and all <g>), but I decided to check with the chipset mfr. to see if something even newer was available (which I would also trust). The Linksys specs. didn't indicate what chipset was used in the card, but the PCI Vendor/Device code was VEN_1814&DEV_0601, which pointed to a Ralink RT2860 chip. Unlike Atheros, Ralink does provide drivers to end users, and they had a much newer version 1.4.12 available for XP, which is what I downloaded and installed. With the new driver, and with Windows managing the connection, his dropout problem was solved.

While in the Atheros case I would have liked to get an implicitly trustworthy driver directly from Atheros, that was not possible, so I had to decide among the other sources I had found what was trustworthy or not. There are several general purpose software download sites that I consider trustworthy, such as MajorGeeks, CNET, SourceForge, etc. However, in this case none of my known trusted sites had what I thought were the latest Atheros drivers, so I had to venture into untrusted territory.

Here is where I probably have an advantage over most users. I *do* know what a driver is supposed to "look like", and was able to examine the files using various tools in order to verify to my satisfaction that the files and contained code were from Atheros and contained no malware. If I have any lingering suspicion about a downloaded program and am unable to fully verify it by examining the files/code myself, I will then usually scan it with a manual scanner like ClamWin and even if it passes that, will run it in a quarantined environment such as a Virtual Machine or a quarantined physical test system I have on hand, before ever deploying it on any actively used systems. So, while I would by *no means* automatically consider any of the sites that turned up in the search as trustworthy, I personally vetted the specific driver I found and recommended (in fact I'm currently using it on my own system), and so far am giving a thumbs-up for the Station-Drivers site in general. So in that case I guess the question then becomes, do you trust ME? <g>

Quote:
...aren't there viruses or other malicious software that download immediately upon visiting a particular website?

Simple answer: No, *if* you keep updated. But to be completely honest and accurate the answer is: Theoretically and technically "Yes", but essentially and practically (for updated users) "No". See in my previous post where I said:

    "I keep up-to-date with Windows updates, which pretty much eliminates the possibility of anything being installed on my system without my active participation (i.e. without tricking me into installing something)."

By "pretty much eliminates" I mean that while it is possible to be hit by a zero day exploit (a bug or flaw that is actively exploited before the update to correct it appears), encountering such things would be exceedingly rare for any user who stays up-to-date (i.e. one who has Windows Automatic Updates turned ON).

To show how timely this is, a vulnerability in IE that could allow remote code execution by viewing a specially crafted Web page was reported on November 23, 2009, and a patch to correct the problem was released on December 08, 2009. For those who don't keep their systems up-to-date, the threat of exploits like this is much more real, because once an update is published, malicious programmers are now aware of it and can begin writing exploitative code, counting on the fact that many people will not install the update.

Bottom line: By keeping your OS, browser and other important applications updated, and by acting like an educated, skeptical user and only running *trusted* software (and thoroughly vetting and/or testing anything you don't implicitly trust), you can avoid problems with malware without having to use bog-the-system-down anti-malware software. Scott.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Thu Dec 10, 2009 6:45 am 
Offline
Site Admin

Joined: Sun Feb 04, 2007 11:44 am
Posts: 5823
Quote:
I put AVG on my hp mini 1000 after using it for several months without any anti spyware. It found a doubleclick cookie.

Note that cookies are not malware, and DoubleClick is owned by Google. Bottom line: To prove their "worth", many anti-malware programs like to scare people as much as possible with false alarms about cookies and other innocuous stuff, which is just another of the many reasons why I don't run them on my systems. <g>

Quote:
My study lab. I can ride the bike and read the books at the same time without my glasses on ! Love the ebooks ! Thanks for including them !

Nice setup, and thanks! Scott.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Thu Dec 10, 2009 5:07 pm 
Offline

Joined: Sun Jul 20, 2008 10:50 am
Posts: 508
Location: Phoenix, AZ, USA
With regard to the original article that started this thread, thank you Scott. Most useful. MOST useful!

The malware discussion that followed is quite good, but should be in its own thread for search purposes IMHO.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Thu Dec 10, 2009 5:31 pm 
Offline

Joined: Sun Jul 20, 2008 10:50 am
Posts: 508
Location: Phoenix, AZ, USA
[quote="Scott"]....Note that cookies are not malware....[/quote]

I disagree with Scott on some of his 'go spartan' antivirus advice for the typical PC user. But as he demonstrates --- a wary user whom understands what their computer is doing can survive READILY WITHOUT all of the malicious software prevention software present soaking up CPU cycles.

Also, are Scott's visitors to this site "typical PC users?" I would argue "no."

But the above quote by Scott is one of the reasons I turn off the irritating 'search and report cookies' function found in all AV software usually turned on as the default. It speeds up the search process, and as Scott says, cookies are not malware. Cookies are often quite useful to the end user, and presumably always useful to the vendor installing a cookie;-).


Top 
 Profile  
Reply with quote  
 Post subject: Re: Becoming an expert device and driver Detective
 Post Posted: Thu Dec 10, 2009 8:33 pm 
Offline
Site Admin

Joined: Sun Feb 04, 2007 11:44 am
Posts: 5823
Quote:
The malware discussion that followed is quite good, but should be in its own thread for search purposes IMHO.

I agree! So let it be written, so it shall be done. <g> Scott.


Top 
 Profile  
Reply with quote  
 Post subject: Re: A lesson in safe computing
 Post Posted: Sat May 22, 2010 9:08 pm 
Offline

Joined: Tue Nov 11, 2008 2:28 am
Posts: 299
Five ways to keep online Criminals at Bay


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 11 posts ] 

Board index » Upgrading and Repairing Forum » Scott's Tips


Who is online

Users browsing this forum: No registered users and 1 guest

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: