Please feel free to ask any questions to learn all about Computer Security.

[Guest]

[clockwork]

The telephone will not ring for any new virus to find a common name.
But like you said, well known threats need to be named to tell the crowd, we protect against this one too.

Anyway, i would not even call it "a name".

[ycae]

Hi,

Another one: Is polymorphic malware detected/identified based on the signature database? Or how is malware which uses strong obfuscation methods detected/identified. An example of an older malware sample called Allaple uses polymorphic obfuscation but it is often named correctly across many AV vendors. So I guess that after the malware has been analysed correctly, a signature will be set up thus the malware can be identified with the right name even if the code changes due to its polymorphic nature?

Many thanks,
Yves

[panic]

So I guess that after the malware has been analysed correctly, a signature will be set up thus the malware can be identified with the right name even if the code changes due to its polymorphic nature?

Signatures are code dependant - if the code change sufficiently then a new signature would be required to detrect the changed code.

[clockwork]

Allaple uses polymorphic obfuscation but it is often named correctly across many AV vendors. So I guess that after the malware has been analysed correctly, a signature will be set up thus the malware can be identified with the right name even if the code changes due to its polymorphic nature?

1) When its able to change the code of itself, why shouldnt it be able to change names?
2) And it wouldnt be important if another vendor would use the same name to achive a detection anyway.
3) If antivirus programms would go after names, that should let you hope that you will never choose one of the "names" for one of your own files

[ycae]

Signatures are code dependant - if the code change sufficiently then a new signature would be required to detrect the changed code.

Ok, and how do AV manage to name a polymorphic malware like Allaple always the same for different samples? Does it mean that they have to update their signature database each time they see a new sample of the same polymorphic malware?

Thanks,
Yves

[spainach_12]

Ok, and how do AV manage to name a polymorphic malware like Allaple always the same for different samples? Does it mean that they have to update their signature database each time they see a new sample of the same polymorphic malware?

Thanks,
Yves

I'm no expert, but I have encountered a polymorphic virus once (a rather brief occasion since i was only spectating in a computer shop). If I'm guessing correctly, polymorphic viruses are often detected through behavior analysis. And if by signature, I don't think that there is a virus that will or can completely change its code. It can change parts of it, but never the whole of it. There will always be a code that is unique to it (i.e. the code that contains the instructions on how it should "morph", where it should reside, how it should hide, what it should do). That will be its identifying mark. So the answer to your question of, "do AV's have to update their databases for every instance a virus morph?" is no.

In cases when the authors rewrites the code and make significant changes (in which case, the change is no longer caused by the virus so the answer is still a no. This is just to show when updating databases for a new variant is applicable and that is only when human intervention has taken place and significant changes have been made), removal or alteration of the identifying mark(s) will be the only time the name will be changed/database will be updated.

Hope this helps.  

*EDIT: just a few corrections.

[vickylynn]

Here you will have access to the world's best security experts to help you learn all about Computer security!

feel free to ask!

Melih

I want to install my new printer and it says to temporarily disable security software. I am sure this has been asked before but I have spent 30 minutes reading posts and have not found it yet. Is this safe and what do I do to just temporarily disable comodo?

[panic]

I want to install my new printer and it says to temporarily disable security software. I am sure this has been asked before but I have spent 30 minutes reading posts and have not found it yet. Is this safe and what do I do to just temporarily disable comodo?

The safest way is to run the printer software while disconnected from the internet. Re-enable your network adaptor after the installation is completed.

Ewen :-)

[Marj]

Hi...
Left this Post but received no replies( 111 views tho - I guess thisis a Poser )
 Signed in fr Diff PC ?!
« on: November 12, 2011, 10:41:12 AM »     

--------------------------------------------------------------------------------
Hi,
Thanks very much for all your ongoing help.
Today when I clicked on an email Link in an email i received,a Message Box appeared:
"You have been disconnected from Chat because you have signed into Yahoo!Messenger from another Computer or device. "
I did not click on the OK cuz I did not sign into anything from any other PC or device.
I closed the box. But it keeps reappearing when I click on that Link.
(I have clicked on that Link many times before and this never happened.)

So then does this mean someone is using my email add to sign into Yahoo!Messenger Chat ?
If so, how can i prevent/stop this ?
Thanks very much for any info you may have on this.
from marj
============
P.S. This happened again just now when I was in my email and just finished sending an email ( not to that Link tho )
Hope you can tell me what this might be.
Thanks again.
from marj

[spainach_12]

Hi...
Left this Post but received no replies( 111 views tho - I guess thisis a Poser )
 Signed in fr Diff PC ?!
« on: November 12, 2011, 10:41:12 AM »     

--------------------------------------------------------------------------------
Hi,
Thanks very much for all your ongoing help.
Today when I clicked on an email Link in an email i received,a Message Box appeared:
"You have been disconnected from Chat because you have signed into Yahoo!Messenger from another Computer or device. "
I did not click on the OK cuz I did not sign into anything from any other PC or device.
I closed the box. But it keeps reappearing when I click on that Link.
(I have clicked on that Link many times before and this never happened.)

So then does this mean someone is using my email add to sign into Yahoo!Messenger Chat ?
If so, how can i prevent/stop this ?
Thanks very much for any info you may have on this.
from marj
============
P.S. This happened again just now when I was in my email and just finished sending an email ( not to that Link tho )
Hope you can tell me what this might be.
Thanks again.
from marj

  the 111 views or so that you got are not posers but users who came to view your post. The people here are not all employees of comodo nor are they specifically trained to handle information technology related topics. Most of the members here are end-users of comodo products and are therefore, ill-equipped to answer the posts. Regardless, however, this is a forum and not a help desk. The users can answer posts whenever they please. 

The story that you provided is rather confusing on initial readings. If I may, to help you further (though I must warn you that I, too, have not received formal training or anything of the like), ask a few clarificatory questions.
1. It was a link in an email. Can you pm me that link?
2. Even under the same PC/device, if you were to access messenger or mail (Yahoo! mail by default logs you in to messenger upon signing in), you will still be disconnected. Were you using any other software that accesses messenger or mail?
3. It seems probable that someone else is accessing your account. Have you by any chance given someone else your password?

The best way you can remedy this is by changing your current password to a new one, and I suggest doing it now because if this is indeed a legitimate case of identity theft, then it is best to change your account information and password while you still have full control over your account. To prevent the recurrence of such events, use a strong password (is a phrase/sentence, at least 6 characters long, uses special characters preferably alternating with the alphanumeric characters, recognized and remembered only by you, and cannot be found in dictionaries. l33t speak actually make good passwords at times, and so do scientific names) and/or regularly change your passwords at given intervals (i.e. every month or two)

[djnzlab1]

Dear Comodo,
 I recently read an article about imbeded spyware that may be encrypted in new hardware, like flash cards,new usby be  sticks. This new type of hacking maybe installed prio to purchase by company over sea's.
 This would allow the software designers to have access to mainframes, as you know many savy individuals
may wish to back up there important data to a external back-up.
   Several large corporate company have been hacked this way, I believe there needs to be a secure search method for embedded spyware hidden in either the hardwire portion of the item
   The smarter hackers being a individual or  nation may have plans to infiltrate the world market by spyware installed in bootfiles sniffing out informations and passwords of major organazation silently
gathering information allowing them to compete unfairly in the world market of bidding and purchasing of
major corporations that may ibe trying to resize or recover from bankruptcy.
 Imagine if  a major world market was trying to sell off a portion of their company and you knew the high bid limit and could go 1 dollar over the max bid. This would allow this organization or nation complete control and advantage over the fair market process .
Just a thought

[johncallanan]

Hi, I'm a new user.

Is there anyway I can secure individual documents from getting leaked.

For example, my cv. It's all good and well that my pc and identity is hidden from malicious web users but if someone gets access to my personal files, well, that is scary.

[Radaghast]

Hi, I'm a new user.

Is there anyway I can secure individual documents from getting leaked.

For example, my cv. It's all good and well that my pc and identity is hidden from malicious web users but if someone gets access to my personal files, well, that is scary.

Use TrueCrypt to create a virtual disk and store all your sensitive data within that encrypted space.

[Paweu]

Hello,

thank you for the possibility to learn something, I hope, that this topic is still active after years.

Browsers can do a listing of files on hard disk, i.e. when you write "c:"in adress bar, using browsers user can upload whole file on some server. That's why I have two questions:

1) Is it possible for web-site that I visit (or computer that is running that web site) to do a listing of files on my hard disk and to upload them without my knowledge?

2) If it's true, does denying direct disc access in CIS v.6 can prevent it?

Greetings,
Paul

[ranget]

Ok i  read S+
i don't feel i did gain any knowledge or experiance
what should i read / learn in order to gain knowledge ?

[Tags:]