Virus /Malware Surprises Embedded in Common Shareware

Started by Taronyu Leleioae, December 29, 2013, 07:46:11 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Taronyu Leleioae

It's no surprise that shareware occasionally comes with spyware including unwanted toolbars and various additional programs.

But in my purging my XP desktop with a boot time scan using Avast (which is one of the few offering this feature), I went further and ran the latest Malwarebytes and discovered /verified that two of the latest versions (packaged) of the following programs are coming with a malware/spyware that has developer options to download more to your computer.  So just fyi...  Each anti-virus has its pros and cons.  Malwarebytes found the PUP.Optional.OpenCandy malware in the following programs.

ImgBurn (DVD > Image > DVD) program used in IT

Winamp (Audio Recording Console)

Tìtstewan

Irayo for the warning!

Yeah, since I was hit by a toolbar (I've posted a thread about it) I would use a sandbox or similar to prevent an infection of the PC.

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Taronyu Leleioae

Quote from: Tìtstewan on December 29, 2013, 07:53:24 AM
I would use a sandbox or similar to prevent an infection of the PC.

Older OS systems like XP do not have a sandbox.  Just fyi that doesn't stop something above because when you install WinAmp, this malware /trojan gets installed because you improved the software install.

Tìtstewan

Is there not a programm like sandboxie for XP available?

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Taronyu Leleioae

Quote from: Tìtstewan on December 29, 2013, 08:13:19 AM
Is there not a programm like sandboxie for XP available?

No. 

The kernel (core program) of XP was written so that the program and all applications run by default with Administrator (full) authority.  XP was never written for security, although much work was done (forced by US Govt actually) to make it so as part of the settlement.  Hence why it has been supported for so long.  But XP does not have a sandbox option.  (There is a little part that says "protect computer"... but it really doesn't.  Because when you, the user, click on anything, you do so with full credentials in XP and thus any program tied to that click is given the full permissions.)  Which is why hackers, viruses, spyware... have a much easier time penetrating and infecting XP machines.
(Although now a big shift is growing towards Android (Linux) based devices...)

Vista went too far (with that UAP Control) in dealing with programs, but the disaster was with retro program compatibility.
Windows 7 took Vista and redesigned it with a better sandbox.  And to also allow better legacy (old) program compatibility as well as "run as"...

Clarke


Tìtstewan


-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Taronyu Leleioae

Ok, yes, sandboxie does run.  But it runs on top of the system as an application, not part of the kernal.  So the problem is that it still uses shared memory of the computer RAM that XP itself may not fully isolate.  Plus it could still interact with the base OS.  Most uses would be ok.  But considering how inefficient XP was with using RAM to begin with (max 3.2GB used for x86 (win 32 bit), you'll end up slowing your computer down significantly.  It's an imperfect solution and you'll unfortunately "pay" with a noticeable performance drop...  :(

Niri Te

 Why the day after tomorrow, Ateyo and I are each getting our own Chromebook. The Chromebooks don't HAVE this problem, because you select from thousands of apps from the Google Store, with EVERYTHING being tested FIRST.
Because I am tired of running periodic defrags of a conventional Hard disc drive, I got the one with an SSD. Besides, it appeals to my engineer's Techno Junkie Side.
Tokx alu tawtute, Tirea Le Na'vi

Taronyu Leleioae

Quote from: Niri Te on December 29, 2013, 02:25:26 PM
Why the day after tomorrow, Ateyo and I are each getting our own Chromebook. The Chromebooks don't HAVE this problem, because you select from thousands of apps from the Google Store, with EVERYTHING being tested FIRST.
Because I am tired of running periodic defrags of a conventional Hard disc drive, I got the one with an SSD. Besides, it appeals to my engineer's Techno Junkie Side.

Heh, always be careful, ma Niri Te.  Even Google has pulled apps because of issues.  No system is fool proof.  (Otherwise only a fool would use it...)  Chromebooks are Linux based.  Less likely but not impossible.  Even these you would be wise to put an anti-virus on.  (If one is compatible...)

SSD's are definitely much faster.  But they still have their limits...  However they are getting cheaper and cheaper.  I give it 10 years and the spinning drive will likely be gone.  They just need to get the stability high and price down...

Tìtstewan

There was some articles about hacked Google apps...(who was hacked after checking of such apps)

QuoteThey just need to get the stability high and price down...
What you mean with stability?

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Taronyu Leleioae

#11
Quote from: Tìtstewan on December 30, 2013, 12:39:06 AM
What you mean with stability?

While they have significantly improved, the range of performance as well as the electronic durability has varied between manufacturers and models.  (Meaning that these SSD's have an estimated /rated number of cycles before failure (MTBF) similar to other hard drives.  While the last two years has seen incredible improvements, it is well worth your time to research the reviews and technical specs on the SSD.  (In part, the drive to improve got a huge boost with the destruction of the Seagate and Western Digital main HDD plants in the Philippines a couple of years ago (monsoon).  But fyi that a desktop SSD is not fast enough (or something as error free) as a lower priced model for the general consumer (laptop or desktop).  There's a real reason why there are $200 vs $700 SSD's...  Among other specs, server SSD's (or high end) have much much much faster transfer rates.  (Think HD data cards for your camera.  Some have a 4 rating, some have a 10, some have extra durability ratings...)  But as production costs go down and the technology improves, the SSD pricing will definitely drop and this is a good thing in the long run.  IT will have less traditional HDD failures.  (Such as the 320GB drive on my desk that self destructed on track 0...)

PS.  Having a SSD does NOT excuse you from protecting your data by making backups...  Just saying.  From a performance standpoint, I still think a SSD for the OS drive (say 120-250GB) is a great way to go.  Then have your main files, music, and potentially even some programs live on a traditional HDD as a data drive.  That way you get the processing performance on the SSD, and the storage on the regular HDD.  If you are really looking for a bit of a speed boost, you can always put in a WD Raptor on the traditional drive.  I did that for a 4 year old eight drive web (sql) server with the OS drives and it definitely helped...

Niri Te

 My data will be double backed up, 1) on the cloud, and 2) on a stand alone disc drive. I may also archive it on flash drives.
Tokx alu tawtute, Tirea Le Na'vi