Kaspersky scanning Self-Extracting Cabinet files

Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it
Forum rules
Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it
Post Reply
Danielxv
User avatar
FTP Access
Posts: 168
Joined: Mon Feb 11, 2008 9:11 am
Location: Brazil
Contact:

Kaspersky scanning Self-Extracting Cabinet files

Post by Danielxv »

After I installed the Kaspersky I having a slow to open file folders with "Self-Extracting Cabinet" files, in the case, the slowing down is through folders of Service Pack, when I open the folder of WinXP Service Pack 3 (10 files) the Kaspersky stay 15 minutes scanning the files and let all the computer slowly, I restricted the verification of compressed files but kaspersky does not classify the "Self-Extracting Cabinet" as compressor, have any solution to prevent it from check the archives every time I open these folders?


My pc is:
AMD Athlon 64 X2 4000+
1GB RAM
Windows XP Pro SP2

Ty
There are only 10 types of people in the world: Those who understand binary, and those who don't.

RentedMule
Donator
Posts: 937
Joined: Tue Oct 17, 2006 8:26 pm

Post by RentedMule »

Yeah. Don't enable the proactive scanning. Schedule your virus scanner to go once a day, and scan anything you get that may be questionable, when you get it.

Danielxv
User avatar
FTP Access
Posts: 168
Joined: Mon Feb 11, 2008 9:11 am
Location: Brazil
Contact:

Post by Danielxv »

I already tried that and I was infected with the Win32/Parite all executable that I had including my OS collection has been corrupted.
There are only 10 types of people in the world: Those who understand binary, and those who don't.

RentedMule
Donator
Posts: 937
Joined: Tue Oct 17, 2006 8:26 pm

Post by RentedMule »

That says something about your computer behavior then. Quit using internet explorer. Use http://www.virustotal.com to scan anything you illegitimately get. Don't run as a user in the "Administrators" group.

Danielxv
User avatar
FTP Access
Posts: 168
Joined: Mon Feb 11, 2008 9:11 am
Location: Brazil
Contact:

Post by Danielxv »

Quit using internet explorer.
I use Firefox and NoScript,
Use http://www.virustotal.com to scan anything you illegitimately get.
Make upload of files with 500MB+ is not viable to verify virus.
Don't run as a user in the "Administrators" group.
I need to use administrator all the time.



Edit:

Recently I "lost" 8GB, I thought that he could be some of the many programs that I install, okay, today I was to clean the temporary files, I verified the properties of the folder and it he had 287MB of temporary files in WinRAR folder and other smaller files, I selected all the files and I erased, when I open “My computer” I note that it had appeared that the 8GB was lost, ok, great, ..., I opened the WinXP SP3 folder and the Kaspersky started to verify, while verified the folder, I opened some others folders, in “My computer” I noted that had disappeared 1GB, I was pressing F5 and noted that it won and lost GB's (more lost than won) shortly after the kaspersky stopped the verification, stopped to lost GB's, I made a few more tests and it appears that he unpack the files to a folder/file in the Temp, but it does not inform the size.
There are only 10 types of people in the world: Those who understand binary, and those who don't.

RentedMule
Donator
Posts: 937
Joined: Tue Oct 17, 2006 8:26 pm

Post by RentedMule »

There is NOTHING you need to be doing that requires you to be logged in as an admin. Not a troll, but seriously.

I write and debug drivers at work. I write all sorts of applications at home. Right now, I am working on a raw disk access tool. I simply use runas when I need to access things I can't as a normal user.

If you are an admin, anything you run, whether you like it or not, can do anything. As a standard user, the worst it could do is trash your "My Documents" folder.

Also, things in the recycle bin are used for some space calculations and not others. This may be your discrepancy.

Vista Ultimate R2
User avatar
FTP Access
Posts: 2393
Joined: Wed Aug 30, 2006 10:06 pm

Post by Vista Ultimate R2 »

If you're careful to not click "Yes" to any prompts that iffy websites put up and always scan files from non-trusted sources with a good scanner, then there's no problem with running as an administrator and not having an AV/anti-spyware etc running all the time in the background. I never used to have AV at all but after many years managed to pick up a virus that I think must have come from some keygen or something like that, so now I have Kaspersky installed but only use it to check anything that I download. I could not be bothered not using an admin account, I hate being told I can't do things on my own machine and would find things like UAC or RunAs extremely annoying - UAC drives me mad after about seeing it only once after installign Vista, I have to turn it off and restart straight away.
Image

RentedMule
Donator
Posts: 937
Joined: Tue Oct 17, 2006 8:26 pm

Post by RentedMule »

Vista Ultimate R2 wrote:... then there's no problem with running as an administrator ...
Yes, there IS a problem. All of a sudden, if firefox is compromised by an a buffer overflow in a malformed image, or itunes is exploited by a malicious song file you got from some random P2P application, or outlook gets "owned" by a piece of spam with a crafty BINHEX'd attachment, as Administrator, your computer and all of your data is at the mercy of the exploiter. Everything can be changed/deleted. Rootkits can be injected. Services can be installed.

Running as a normal user, the exploited application only has the permissions that you do as a user.

This is the VERY reason that windows viruses run rampant.

Vista Ultimate R2
User avatar
FTP Access
Posts: 2393
Joined: Wed Aug 30, 2006 10:06 pm

Post by Vista Ultimate R2 »

As long as you're careful what websites you go to, keep up to date with patches and exercise common sense like binning iffy emails/attachments, I don't think it's a great problem - the people that have a lot of malware on their PC are those who don't really know what they're doing yet use Admin accounts as that's how Windows is typically set up. Security is a compromise between what the user is happy with and what benefits it brings eg the most secure password is one that's 100 characters long, but how many people would want to type that every time?
Last edited by Vista Ultimate R2 on Fri Apr 25, 2008 10:07 pm, edited 1 time in total.
Image

RentedMule
Donator
Posts: 937
Joined: Tue Oct 17, 2006 8:26 pm

Post by RentedMule »

Vista Ultimate R2 wrote:As long as you're careful what websites you go to, keep up to date with patches and exercise common sense like binning iffy emails/attachments, I don't think it's a great problem - the people that have a lot of malware on their PC are those who don't really know what they're doing yet use Admin accounts as that's how Windows is typically set up. Security is a compromise between what the user is happy with and what benefits it brings 0 eg the most secure password is one that's 100 characters long, but how many people would want to type that every time?
Dude, you still don't get it. It is no longer the days where nasties had to be run by idiots to get infected. There have been numerous times where high-profile websites such as CNN get hacked, and an ever so clever exploit is lurking there waiting for any user to just VIEW the page. It has happened to where a specifically crafted email could exploit a targeted client JUST BY RECEIVING the email... no need to ever even look at it. It just takes a buffer overflow, man. You don't need to explicitly run some executable for the exploit to take over.

I mean, what you are essentially saying is, that it is too much trouble to put your key in the door to unlock it, so you leave them all unlocked.

I know that is oversimplifying it, but it describes the symptom perfectly. If you really cared about getting a virus, and you really cared about the integrity of your system, and you really cared to be part of the solution instead of the problem, then you wouldn't blatantly throw perfectly good security approach out the window, just to save some keystrokes. Especially when I can't imagine anything that you could be doing that requires constantly having to retype your admin password at the times you need it.

Andy
User avatar
Administrator
Posts: 12621
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Post by Andy »

I'm afraid I have to side with RentedMule on this one. If you use administrator all the time (as I do also but I've not had a problem as of yet) then you should expect problems. Secure password or not, running as admin will have adverse effects.

Vista Ultimate R2
User avatar
FTP Access
Posts: 2393
Joined: Wed Aug 30, 2006 10:06 pm

Post by Vista Ultimate R2 »

RentedMule wrote:I mean, what you are essentially saying is, that it is too much trouble to put your key in the door to unlock it, so you leave them all unlocked.
I'm not looking for an argument, but I was just saying that everything's a compromise - by all means lock your front door ie don't run XP SP0 and open every email attachment that you get (and yes, there's more people who do that kind of thing out there than you might think), but personally I don't feel putting 10 locks on my front door (ie using UAC, a non-admin account and tons of security software slowing everything to a crawl) is worth the amount of time and hassle it takes to deal with them all for the small increase in security that it would bring. I do care about the integrity of my system and I would notice straight away if there was eg something in my Task Manager that I didn't recognise - when I got hit by the virus before I started scanning downloaded files I knew about it pretty much instantly and stayed up half the night getting rid of it on probably the same day that I picked it up (and really annoying it was, given that I'd just formatted my PC and replaced XP with Vista a few weeks previously).
Image

Post Reply