Jump to content


Photo

The complexity of finding, preventing, and cleanup from malware


  • This topic is locked This topic is locked
No replies to this topic

#1 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,183 posts
  • Gender:Male
  • Location:US

Posted 28 July 2013 - 09:51 PM

Generally speaking the average computer user is inexperienced in the complexity and difficulty in any single tool being able to single-handedly both detect, prevent, and cure all ails of a computer. Even in a non infected computer the underlying operation of how a Windows computer runs is heavily controlled by what are called Events. There can be a million events going on in a very short period of time even on a clean computer, let alone on one that is infected. There are estimates of over 5,000 different infections (most are very slight variations of the same basic infection) that come out every day. That slight variation is what helps it to elude detection. It is possible to prevent all infections but then the computer is so locked down, slow, and unusable that the "cure" is probably worse than the infection.

For the sake of argument lets say an infection did get past security and is now on the computer. The Registry can easily have over a million keys, data, and value entries that the vast majority are not documented and often those that are documented are not done well. So now you have an infection that comes along and modifies keys, value, data in the Registry all of which are unknown because this infection is "new". Then you have the file system of the computer where there are hundreds of thousands of different files and folders and again many are not documented as to what they are or what they do but yet computer users want a single security product to know every single file on a computer (there are well over 1 billion computers connected to the Internet now days with many users installing custom, private, or unknown software) when there are probably over a million different software applications and programs that can be downloaded and installed. Some are very proprietary and have no public documentation about them.

The point is that it is very complex and the potential damage and how to correct the damage (when we don't have your specific infection in a test lab to analyze) is Herculean at best. I've been doing Computer and Network Support now for over 20 years and no product is perfect bar none. I think that Malwarebytes has come a long way and is well ahead of some competitors but we too miss things and/or cannot fix all issues. There are about a dozen malware training schools out on the Internet that are well known and respected that provide free training for helpers to help others with cleaning computers and why you often see so many posts using different tools. Most of these helpers spend over a year or more studying computers in order to be able to assist users to scan and clean up from an infection. One should not be running these tools without fully understanding when and how to use them.  Also in many cases the computer user is also partly to blame for the infection in some cases. Many times the culprit is outdated or exploited code in software such as Flash or Java or missing Windows updates. Most users though simply don't know enough about computers and how to take care of them properly and prevent themselves from being infected.
 
In some cases the damage done is not easily found or corrected and may require formatting the drive and reinstalling Windows as the best solution to repair the computer.
 
Having good Backups of one's data is very important as there are many possible reasons how someone can lose their data unexpectedly

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users