Very difficult computer issue.

[shaneturner12]

About 99% of malware these days comes from looking at the latest Microsoft update to see what the vulnerability was then coding a bit of malware to take advantage of it.

Security is more than just antivirus software its procedures as well. So its running under a user account rather than an admin account, its making sure Microsoft update is running. Vista was the first Microsoft operating system where they took security seriously so they actually check bounds and other basic things.

If you run Java and Flash do it in Chrome since both are sand boxed in Chrome, other browsers often allow java scripts full access to any permissions they have. Security essentials is part of the solution,the other part is web sites that keep everything patched. Typically Windows based web sites that run windows updates aren't bad but normally you can expect 30% of web sites to be vulnerable, especially the UNIX based ones.

Remember that Dennis publishing is in business to sell advertising so saying something like upgrade to Win 7, use Windows updates and Microsoft essentials is not in their commercial interests.

Cheerio John

Interestingly, I've just found another source that confirms what I've said, that's not part of Dennis Publishing.

http://www.howtogeek.com/173291/goo...w-recommends-you-use-a-third-party-antivirus/.

Coincidentally though, Computeractive have been recommending users who haven't got touchscreen computers to upgrade to or stick at Windows 7 during a recent review they did of Windows 8.1 (which is probably on their website).

Shane

 

[JCitron]

Interestingly, I've just found another source that confirms what I've said, that's not part of Dennis Publishing.

http://www.howtogeek.com/173291/goo...w-recommends-you-use-a-third-party-antivirus/.

Coincidentally though, Computeractive have been recommending users who haven't got touchscreen computers to upgrade to or stick at Windows 7 during a recent review they did of Windows 8.1 (which is probably on their website).

Shane

Why do writers spread false information? What gets me is how some reviewers do not learn anything about with they are attempting to review and end up spreading false information as this doesn't make sense at all because I am running Windows 8.1 on a dual monitor desktop that does not have touch screens. It works fine and the more I use it the more I like it. There's an option to open up the "fully immersive" browser, meaning IE 11 without menu bar at the top and it fills the screen completely, versus the standard desktop one. I use both, depending upon what I'm doing. With the fully immersive browser, I split screens so I can have as many browser windows open as needed and not have to keep shuffling between them.

The desktop is no longer the main interface, although you can easily boot to it if you want. I have found that with the desktop being an application, I can resize that too so I can split my desktop to hold other Metro apps such as the browser at the same time or their PDF reader. For any applications I need to run on the desktop, I put the shortcuts in a folder there. It saves me the trouble of going back to the metro screen for them. With Windows 8, they did make it easier now with the start menu button icon on the desktop. It brings up the metro screen where you can pin your most oft used apps right at the top. There are only a few there that I use such as Outlook, Word, and Excel, plus a few utilities I need that are not older applications. Any other installed apps, which I haven't put a shortcut in my desktop folder, or on the start menu, I then click on the arrow below and look for. Granted, it's a different way of doing things, but it surely works fine. There's a lot more to this than the initial start screen.

The good news is that Trainz TS12 works fine with it as well, as a desktop application along with anything else I've used in Windows 7 prior.

Regarding Microsoft. Security Essentials has gone away. It's called Windows Defender now under Windows 8 and is integrated with the operating system.

Here's the true answer regarding Windows Defender and Security Essentials right from Microsoft.

http://answers.microsoft.com/en-us/...e/122238a9-f104-4b0e-91f8-f28f828f600d?auth=1

I have always run multiple a/v products, not at the same time of course, but in conjunction with each other. I have the WD installed as the active scanner and will run a weekly full scan with Malware Bytes to check for anything else. So far I've been lucky. Then again I don't go very far on the web and avoid weird sites if I can help it. In all the years of computing, I think I came across 5 viruses on my own machines. I got two of them because someone else had used my PC without my permission and had inserted a floppy disk. They also infected my brother's machine as well because the floppy had an error and tried his drive too. The others were my own stupidity due to downloading a Trojan as part of a utility suite.

John

 

[clam1952]

It's interesting that I read about Microsoft Security Essentials here. A recent antivirus test by Dennis Publishing, which owns quite a few UK tech magazines including Computeractive, Microsoft Security Essentials came last at 50 something percent. In addition to this, according to a Computeractive article, Microsoft has also stated that they are no longer improving their Security Essentials product, concentrating instead on collecting data for other antivirus providers to improve their products.

Shane

Interesting so off to look here http://www.av-test.org/en/tests/home-user/windows-7/julaug-2013/
not looking very good for Microsoft.

Actually have MSE on this PC, use Avast on the others, plus of course malwarebytes and a few other standby scanners. Not that malware is ever an issue here.

 

[johnwhelan]

Not that malware is ever an issue here.

My favourite one was a server we think was infected with same sort of root kit. Every night at 2 am it would send a message into the internet. That's how it was detected. Eventually after being given a clean bill of health by every known malware detector the server was sent to Microsoft for analysis. They played with it for a couple of weeks but couldn't find anything then with permission just reinstalled the operating system and that cleared the problem.

Cheerio John

 

[JCitron]

My favourite one was a server we think was infected with same sort of root kit. Every night at 2 am it would send a message into the internet. That's how it was detected. Eventually after being given a clean bill of health by every known malware detector the server was sent to Microsoft for analysis. They played with it for a couple of weeks but couldn't find anything then with permission just reinstalled the operating system and that cleared the problem.

Cheerio John

That can be really nasty and difficult to find. They are saying now that there are some rootkits that infect the writeable boot areas of the drive. The areas that are not normally accessible by the OS and programs. With these it's nearly impossible to remove the infection because the drive has to be zeroed completely. This process is difficult and if done improperly can destroy the drive.

John

 

[malikrthr]

I hope I never run into a dangerous rootkit like that. There are viruses out there that are designed to make the temperature of the CPU increase and work harder. There are some antivirus softwares that come with rootkit detection.

 

[johnwhelan]

I hope I never run into a dangerous rootkit like that. There are viruses out there that are designed to make the temperature of the CPU increase and work harder. There are some antivirus softwares that come with rootkit detection.

Trainz already makes the CPU work harder and causes overheating in a number of systems.

Root kit is a generic term used to describe malware which attempts to hide itself. If its in the firmware then you need to physically replace the memory module and it has been done. This type of root kit is quite difficult to detect. When a hard disk boots it reads certain sectors into memory which bootstraps the operating system, change the pointer on the boot drive and you've bypassed the operating system and you can feed in your malware. ie you load in a kernel that has been compromised.

Program instructions are typically 32 bits long change the value of one of them and you change what they do so one technique would be to put in a branch or jump instruction and pass control to somewhere else which might be anywhere with memory so your malware instructions can sit on the GPU. You're looking for an innocent looking branch instruction in what 4 gigs of operating system instruction the proverbial needle in a haystack, very difficult to detect.

Another technique is to copy the contents of a file from the hard disk or web site it really doesn't matter and overwrite a memory block that will be executed. Again scan the system and there is very little to detect. The file might be compressed and hidden with a .jpg or other type of trusted extension.

Fortunately root kits are hard to build, Stuxnet for example was so specific and so complex that it was fairly obvious that a lot of resources had been put into building it. It was also particularly difficult to detect. Microsoft actually stores vulnerable parts of the operating system in different memory locations at different times to make it harder for malware to find the vulnerable locations.

Cheerio John

 

[malikrthr]

Okay everyone, it's been a month since the PC has been fixed and I am happy to say, it has been working pretty good. I have not noticed any strange activity over the last 30 days on my PC and Trainz has been running good. I have not checked any email or logged on the forums with in for about the past month and a half but now that I think it's been doing pretty good, I am going to check email's, log on to forum, and make trainz purchases with it. I would like to thank everyone again for helping me revive my Trainz PC.