X3ap_bonus_pack_5.1.0.0(1).exe is a threat?

Anything not relating to the X-Universe games (general tech talk, other games...) belongs here. Please read the rules before posting.

Moderator: Moderators for English X Forum

Alan Phipps
Moderator (English)
Moderator (English)
Posts: 18682
Joined: Fri, 16. Apr 04, 19:21
x4

Post by Alan Phipps » Mon, 27. Nov 17, 12:36

As mentioned earlier, the threat detection level can be user-adjusted in most AVs. That introduces a user-led impact on trade-offs for checking speed, false positives and potential missed detections.

There are also some malwares that target specific AV code functions in order to disable them or blind them to the specific attack. Some sneak their attacks in via third parties such as the OS apps or drivers. The AVs usually combat those by frequently patching or introducing variations in their internal coding.

No AV is omnipotent, totally invisible in use, totally autonomous or 100% secure; they will often need to react as well as try to deter/prevent. There always will be AV trade-off decisions and precautions for the user to take and maybe a few AV horror stories to tell too. :wink:

As an aside, in my experience, the Norton customer support have been very attentive and helpful on the few occasions when I have contacted them with a query or concern. One minor issue I raised was actually dealt with in an AV update issued very quickly after the report.
A dog has a master; a cat has domestic staff.

User avatar
Morkonan
Posts: 1895
Joined: Sun, 25. Sep 11, 04:33
x3tc

Post by Morkonan » Mon, 27. Nov 17, 18:45

I don't know how they are today, but I would like to say that during the only two times I've ever been subjected to an actual computer virus, Norton had custom removal tools available for free, no strings attached, and they worked exactly as they were advertised. (Two-and-a-half times, actually, as I caught the last one before it had a chance to do anything of import. This doesn't count the one time a service had its credential/login database and sitepage compromised, which they still refuse to admit.)

How did I get these "viruses." In both cases, they occurred in the heyday of "javascript delivered packages through third-party advertising" on gaming sites. I clicked on my bookmark to a gaming site I frequented often and "boom", welcome to virus-land, courtesy of "Google-ads" or whatever ad-stream they had signed up for.

Once that happened, I redoubled my efforts, got "ZoneAlarm", a nice fat Norton package, etc, and, magically, everything was fine from then on.

Today, the soup-de-jour is just going to the source, for the big boys, and targeting single-users with personalized "hostage" schemes made possible by e-currency and certain tools to protect anonymity for some other groups.

What bothers me about certain comprehensive AV packages is that they can, at times, give users a false sense of security. Certainly, they're better than nothing, but I worry that some users think they're "protected" when there's truly no such thing as full protection from one's own habits.

An admin user can authorize anything and that's the default login method for everyone. And, it's the one everyone uses, since nobody likes to be inconvenienced very much.

Personally, I think everyone should be as paranoid as the most wanted hacker on the planet. Everyone should be using encrypted-everything with every encrypted, anonymous, bit of stuff that's possible to use and still be able to get one's machine to function. I think a user's puter should require a blood donation for a DNA scan before it allows any admin/super-user privileges. I think if a user isn't accessing the 'net using an encrypted connection over a distributed network that ensures anonymity, the ISP should warn them. BUT, instead, if a user actually tries to do anything like that, their ISP puts 'em on a "list" of suspicious people who have the temerity to dare to hide their browsing habits from the ISP's commercial-tracking database...

BUT, then again, all of that can be cirumvented wiith one keypress, mouse-click or faked DNA scan... And, if the authentication process was legit, it still relies on the user knowing what it is they're doing.

Anyway, I applaud greypanther for having the guts to question what it is his AV software is responding to as well as the legitimacy of a bit of software, even if it is from our much-beloved Egosoft. THAT'S the kind of attention to detail that helps keep users safer.

User avatar
Terre
Moderator (English)
Moderator (English)
Posts: 7223
Joined: Mon, 19. Dec 05, 22:23
x4

Post by Terre » Mon, 27. Nov 17, 20:16

X3ap_bonus_pack_5.1.0.0(1).exe
Dosen't the one within the brackets indicate that you already have a copy of the download. If you scan that with your AV, do alarm bells sound?
Open Rights Group - Is your site being blocked
Electronic Frontier Foundation - Online Censorship
The Linux Foundation - Let’s Encrypt
Check if your Email account has been pwned.

User avatar
mrbadger
Posts: 5650
Joined: Fri, 28. Oct 05, 17:27
x3tc

Post by mrbadger » Mon, 27. Nov 17, 21:38

I know I seem might quite naive in my assertion that the system overhead of AV isn't worth it.

But I have a quadruple backed up system, with each backup independent of the other, and two of those backups are only connected to my system when they are being updated. There is almost no chance a virus can wipe out my files.

I'm not completely safe, but a lot safer than someone who relies on AV.

My level of backup isn't required, for one thing it cost nearly as much a new PC, My QNAP NAS is essentially a PC with RAIDED drives in it, and that wasn't cheap.

But a double drive mount and a couple of hard drives to slot in it is affordable, and provides a lot of security. I've been doing that for a decade now. If you connect it to a Raspberry Pi you might even be able to RAID it, but I settled for cloning and storing the clone in a safe place.

Even someone using AV should be doing that.
If an injury has to be done to a man it should be so severe that his vengeance need not be feared. ... Niccolò Machiavelli

Alan Phipps
Moderator (English)
Moderator (English)
Posts: 18682
Joined: Fri, 16. Apr 04, 19:21
x4

Post by Alan Phipps » Mon, 27. Nov 17, 21:55

Oh indeed. I use the Paragon Backup 15 app to keep regularly updated boot and data files plus a system ISO on external drives.

I see that as insurance and business continuity in the face of potential disaster (malware, system failure or user error). The role of the AV is to minimise the risk of contracting the malware.
A dog has a master; a cat has domestic staff.

greypanther
Posts: 1128
Joined: Wed, 24. Nov 10, 21:54
x3ap

Post by greypanther » Mon, 27. Nov 17, 22:13

Terre wrote:
X3ap_bonus_pack_5.1.0.0(1).exe
Dosen't the one within the brackets indicate that you already have a copy of the download. If you scan that with your AV, do alarm bells sound?
OK, now I am even more confused, the file appears to be still with the game, which is also running fine. I have one HD, which is split into two, so c and d. I have one copy of ap, on c and two on d. Norton says it has removed the bonus pack from c, but things appear to be unaltered, d is not mentioned by Norton. However I think the file is still there, not sure, because I am stupid! Norton appears to be trying to affect the download exe. record, in the downloads section, but only one of the versions!

What is more Norton has twice today claimed to act and remove the same file, from the same place! Oddly enough the file is still there, in fact there are two other copies, which Norton likes! WTF?

I also redownloaded Malwarebytes last night; scanned and Norton has blocked that too, from doing something to Norton, I presume in the scan I told MB to do.

It has also blocked: windows\system32\svchost.exe from affecting Norton. I am losing confidence in Norton now... :roll:

You are right about backup mrbadger too, I am very bad. It has been a very, very long time since I did a proper back up. :oops: Which of the current cloning software do you recommend? Norton Ghost was used in the past I think... :roll:

Edit: Ah Paragon backup 15 alan, I have just looked that up and PC mag gives it only 2.5 out of 5.
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth

User avatar
red assassin
Posts: 635
Joined: Sun, 15. Feb 04, 16:11
x3

Post by red assassin » Mon, 27. Nov 17, 22:39

Morkonan wrote:Personally, I think everyone should be as paranoid as the most wanted hacker on the planet. Everyone should be using encrypted-everything with every encrypted, anonymous, bit of stuff that's possible to use and still be able to get one's machine to function.
This sort of attitude is nonsense, though. Any security advice that starts with "you should take these inconvenient steps" is going to get ignored. Rule #1 of security: If your security measure is inconvenient, your users will find a convenient way to circumvent it. Corollary: if your security measure is "you should do this", they won't. Relatedly: The more disproportionate to the actual threat your proposed security measures are, the less seriously anyone will take them. Also relevant: changing your behaviour is inconvenient in itself, even if the changed version is easier. [1]

A better security idea to teach is this: Start by asking what you want to protect, and from whom. Go from there. Telling J Random User, who really only cares that they don't lose their files, money, or dignity, to take a battery of measures suited to protect you from "Putin has it in for me personally", would cost more in lost productivity than it ever saved in security if anybody was ever going to actually listen to you in the first place.

The security industry is slowly beginning to wake up to the idea that we need to make good security convenient, and pick our battles, but it's a damn slow process. [6]



[1] This is why nobody really listens to me when I say "you don't need antivirus any more, just use Windows 10 and for god's sake patch" [2]. When I say "just Windows Defender is fine", they don't hear "AV is pretty irrelevant", they hear "use this AV I heard somebody say isn't very good!" Because we wasted a *decade* teaching everybody that Security == Antivirus, because early Windows versions were so laughably insecure that you needed to pay a third party to crash around in your kernel patching things at random [3] just to beat any malware you might bump into to the punch. Microsoft finally cracked down on this after XP and kicked all the third parties out of the kernel with driver signing enforcement [4] because a significant chunk of the crash dumps they got were caused by AV misbehaving. By this point they were taking security seriously as well, but they couldn't just shrug and say "right, AV isn't needed any more" because we'd trained everybody to assume that not having AV was the depth of insecurity by this point! [5]

[2] Microsoft have, with typical Microsoft aplomb, managed to shoot themselves in the foot on this. Users don't install patches because it's inconvenient. Chrome and Firefox both update themselves automatically now to deal with this - Firefox will occasionally mention that it has updated to you; Chrome just does it completely silently and you'll never notice. Nobody complains about these things, because nobody notices, which is basically the definition of convenience, and it makes everyone MUCH more secure. Meanwhile, everybody complains CONSTANTLY about Windows forcing updates on you because it takes ten minutes and inconvenient reboots. I honestly have no idea why Windows updates are so clunky - any given desktop Linux distro can update nearly anything silently in the background if you configure it to (which is increasingly the default) and occasionally ask for a reboot if you've had a kernel/core library update.

[3] Ever wonder why you couldn't run two antiviruses at once? Yeah, this.

[4] Which caused a spectacular inconvenience drama itself.

[5] Also, they'd created a massive secondary market which would have been DEEPLY unhappy about having their business model just turned back off again.

[6] See also: recent changes to password advice along the lines of "oh hey remember that thing where we told you to change your password every three months? We finally thought about checking what people actually *do* when we tell them to do that and, oh hey, turns out it doesn't actually help, so never mind that. Just try and use good passwords, use a password manager, and change stuff if you think it's actually been compromised." But I bet you still have to change your password at work every three months, because again we wasted a decade training people that Security == Regular Password Changes and now it's ingrained in the popular consciousness as Necessary no matter how stupid it is.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

User avatar
mrbadger
Posts: 5650
Joined: Fri, 28. Oct 05, 17:27
x3tc

Post by mrbadger » Mon, 27. Nov 17, 23:35

greypanther wrote: Edit: Ah Paragon backup 15 alan, I have just looked that up and PC mag gives it only 2.5 out of 5.
you don't need to worry about that score.

It works, at the level of a single user that's all you need, and given that Windows is your primary OS, you do need it, or something like it, and given that you know Alan Phipps uses it and you can likely ask for help, I'd get that.

On my Windows and Linux Boxes I only back up my personal files, not the OS, that only needs you to copy the files yourself.

MacOS has a great built in backup system that I really like.
If an injury has to be done to a man it should be so severe that his vengeance need not be feared. ... Niccolò Machiavelli

pjknibbs
Posts: 28393
Joined: Wed, 6. Nov 02, 21:31
x3tc

Post by pjknibbs » Tue, 28. Nov 17, 10:10

mrbadger wrote: But I have a quadruple backed up system, with each backup independent of the other, and two of those backups are only connected to my system when they are being updated. There is almost no chance a virus can wipe out my files.
But if you're not running AV, how do you know when you get a virus infection? They're not all obvious, and once the virus is on your system it can spread to any attached filesystem, so you might end up infecting your "only on update" backups without realising it.

User avatar
red assassin
Posts: 635
Joined: Sun, 15. Feb 04, 16:11
x3

Post by red assassin » Tue, 28. Nov 17, 10:23

pjknibbs wrote:
mrbadger wrote: But I have a quadruple backed up system, with each backup independent of the other, and two of those backups are only connected to my system when they are being updated. There is almost no chance a virus can wipe out my files.
But if you're not running AV, how do you know when you get a virus infection? They're not all obvious, and once the virus is on your system it can spread to any attached filesystem, so you might end up infecting your "only on update" backups without realising it.
To be fair, this sort of thing is increasingly uncommon. Firstly, modern malware is almost exclusively there to make money, so the fact that you have a virus is usually obvious in a "why is there a big banner telling me my files are encrypted now" or "why is my bank account suddenly empty" sort of way.

And secondly, file infecting is a dying art given exploitable document formats are rare and system binaries enforce signature verification. Definitely still happens, but it's less of an issue.

Also: if you *are* running AV, how do you know when you get a virus infection? It's probably not going to trigger your AV until it's to late anyway because the authors will have tested. Not getting infected in the first place by using a secure OS is a much better approach.
Last edited by red assassin on Tue, 28. Nov 17, 19:03, edited 1 time in total.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

User avatar
mrbadger
Posts: 5650
Joined: Fri, 28. Oct 05, 17:27
x3tc

Post by mrbadger » Tue, 28. Nov 17, 11:20

pjknibbs wrote:
mrbadger wrote: But I have a quadruple backed up system, with each backup independent of the other, and two of those backups are only connected to my system when they are being updated. There is almost no chance a virus can wipe out my files.
But if you're not running AV, how do you know when you get a virus infection? They're not all obvious, and once the virus is on your system it can spread to any attached filesystem, so you might end up infecting your "only on update" backups without realising it.
First off

My final level of backup is a drive, well currently two drives because I have yet to go to 10tb for this stage, in a drawer, that only get connected once every six months or so to be updated.

So these only get updated rarely, from a backup I am pretty sure is itself safe (never from my 'live' system).

Secondly, as Red Assassin says, destructive viruses are quite rare these days, its more likely to be a ransomware or financially motivated attack, and that's what I'm protecting myself from.

I have a better backup system at home then I do for my clusters at work. That's not for lack of trying mind.

Trying to get funding for the amount of backup hardware I want isn't easy, given how expensive disks look to people who don't get the importance of a decent data backup scheme.

It might be easier when my OpenStack system goes live for all the faculty. At that point a data loss scenario would be a tad serious.
If an injury has to be done to a man it should be so severe that his vengeance need not be feared. ... Niccolò Machiavelli

User avatar
Morkonan
Posts: 1895
Joined: Sun, 25. Sep 11, 04:33
x3tc

Post by Morkonan » Tue, 28. Nov 17, 15:54

red assassin wrote:...Rule #1 of security: If your security measure is inconvenient, your users will find a convenient way to circumvent it. ...
I agree.

Post Reply

Return to “Off Topic English”