When Auto-matic Driver Updates Become Auto-Tragic (by Tony Fortunato)
Processing Dumpcap Ring Buffer Files with Wizz (by Paul Offord)

Not all things are equal, you get what you pay for! (by Casey Mullis)

We can find many things for free in this world and a lot of them are good for what we need. We will never have an issue with free stuff. Have you ever went in to the grocery store and went to an area to find a person handing out free samples of food? Yeah, me too! Love the free food, but the goal was to tempt you to buy. The free food did not fill your fridge or cabinet's! It only did a small piece of what you needed. In most cases you get what you pay for!

2010-12-21-you-get-what-you-paid-for

 

We recently had the luxury to work on a few infected computers. We tested a couple of anti virus programs while we were at it. One computer was infected with Cryptowall 3.0. The thing we learned about the two anti virus programs surprised us.

The first anti virus was by Microsoft (Security Essentials) and is one of the main ones we suggest to people with low budgets. It is free from MS and does not run out at end of year. We have for many years suggested this to people and clients. We were of opinion it was developed by MS for Windows, who better to know what works well and for Windows, other than MS themselves.

When we scanned the computers Microsoft Security Essentials found a couple dozen infected files. Great, right? We thought so and know that we did not use the infected machine to scan itself. Why, because if you use the infected machine to scan, the virus can hide in ram or other areas until you shut down. Once you shut down the virus will get dumped back to the hard drive. We suggest pulling the hard drive and connecting it to a clean system to scan. This way the virus has no chance to hide and or duplicate its self.

We then ran ESET Nod32 on the same drive. ESET is not free and has an annual fee. We were very surprised of what ESET found and you will be to. ESET found over one hundred more infected files. We know that there are false positives but the good thing is we were able to see the file that was infected and the infection type. With a little researches we found that this was a scary thought.

Why was this a scary thought? The simple fact that MS missed so much and it is designed for Windows by the same company. So why does it miss so many infected files? Is that to make sure you need them to fix it and pay for an expensive phone support call? Is it because they want back doors in a system? Is it because it is free and less time and effort is put in to it? Who knows but them and I am sure we will not be told one way or the other.

One of the plus sides of ESET was when we plugged in the infected Cryptowall 3.0 hard drive in. The infection tried to make access to files on our hard drives but ESET blocked it. It notified me it was blocked and the directory/file it was trying to access. MS program did not pop up any notification at the time of connection. So is this a case of “You get what you pay for!” or what? We will be paying for ESET at our office. You do what you may and cut corners if you want but you will be sorry later down the road.

I like Breyers Vanilla Ice Scream and it has a great taste to me versus other brands. Yes, Mayfield is cheaper but does not give me what I am looking for. Do I cut corners and go with Mayfield to save a dollar or two? Or do I buy what I like and what does what I need it to, which is hit my taste buds with a taste like no other? Just because it is cheaper or free does not mean it does the same thing. You do truly get what you pay for. Use your head and common sense when making a choice.

 

Thanks for stopping by and as always, we look forward to hearing back from you.

Casey

Author - Emory Mullis has been in Law Enforcement for roughly 19 years including military and civilian law enforcement. He started learning about computers back when Gateway 266 MHz was the top of the line and cost about $2000.00.Right out the box, I was compelled to take my new found 266 apart. Why I have no idea other than pure curiosity. Once I had the computer out the box and on the floor in pieces, my wife walked in. Trust me people; this was not a good thing! Either way I got a good understanding at this point on how a computer is put together and / or the components inside. This was my starting point with computers and I still hear my wife in the back ground “It better work when you put it back together!” That was my humble beginnings as a Cyber Investigator. Now with many Cyber cases under my belt, I have learned that you must question, challenge and test almost daily to keep up with all the new tools, software, computers and cell phone formats to be able to forensically acquire evidence and it is a real challenge. I enjoy the challenge and look forward to learning more every day!

Comments