[Steve-x8086]

Wow. Here is an E that I was sent by Eset about NOD32 doesn't protect you if you are an administrator on your computer. Wow. If I understand it right, you have to have a limited account just to be protected by NOD32. It appears that if I am the only user on my computer and often need Adm. access, I will have to log in and log out of 2 different accounts just to use Eset. Wish I had known about this Before I paid them.

Below, I have pasted the E that they sent. Could someone please confirm or bust what it looks like?

Thanks, Steve-x8086
-----------------------------------------------------------------------
Update for Case #390xxx - "Case Subject"

An ESET Customer Care Representative has updated this case with the following information:

Hello,

Regarding your question as to why ESET can't get rid of the malware.

This will always happen if a computer is being run in an "Administrator" account as opposed to a "Limited user" account. Programs, when installed, inherit the "rights" of the account from which they are installed. Most programs can't be installed at all from any account other than the "Administrator" and up until the release of the Vista Operating System Microsoft never told users the dangers of using the Admin account in normal day to day use of the machine.

As this malware was installed from an administrator account it has the same "rights" as the administrator of the computer. Those "rights" tell the Operating System and all other programs installed that these malicious programs are allowed to do what they want with no interference.

The malware that you're experiencing is the output of todays version of organized crime. It brings in more money yearly than the sale of illegal drugs world wide and not until the penalty is worthy of the crime will it ever slow down let alone end.

It is usually introduced from a Trojan. As in mythology the Trojan horse was not a "Free gift" like free "Screesavers, free "Toolbars" or offers of free "Scans" that appear out of nowhere. None of these things are free, they all come with a cost.

Because they have "Admin" rights, they can change the rights of installed programs and become the boss. Thet then have more control over the computer than yourself and they come and go as they please. Not until a 3rd party application is introduced that wasn't told to ignore them can they be eliminated.

That said, certain malware is written to hide from certain 3rd party applications also. Often, such as in your case, one 3rd party application will find some of the malware and it will take a different one to find the rest.

The upgrade to v 4 i free to all current license holders.

Thank you,
ESET Technical Support

[Steve-x8086]

I guess either I am just learning about this MS problem or no one has any thoughts about it. Still, something just doesn't seem right if you buy a anti-malware system and it lets viruses, trojans and adware through because the computer operator is an administrator.

I am the only operator and owner of my computer and want to have full control of it when I am using it. Have things changed so much that now I have to have 2 identities on the computer to use anti-malware and have control of my computer? Or, have I misunderstood the E from ESET. I will appreciate clarification on this matter.

Thanks, Steve-x8086

[muppy03]

Steve, I would say you would be better asking this question in the "General Security" thread. No one except malware removers can answer here.

In the other thread you will probably receive a lot of answers.

[dvk01]

I think, you are misreading or misunderstanding the message from Eset

Any Antivirus will do what it can to protect you regardless of whether you run as admin or limited user

What Eset are saying is that running as admin allows the malware to install on an admin account so is harder to get rid of

that isn't completely an accurate statement but in general it is true, that running as a limited user, it is less likely that serious malware can install as it hasn't got install rights ( but that does depend on the OS involved)

The bottom line here is that Eset cannot fix this particular malware with the version of Eset that you have

If you haven't already done so, please start a topic in malware cleaning with a hijackthis log & tell us exactly what problems you are experiencing & we will try to help

I would also post on the Eset support forum http://www.wilderssecurity.com/forumdisplay.php?f=88 because the advice from Eset seems a total cop out from a support person who hasn't understood the problem

[lunarlander]

I have two accounts, one admin and one limited user. I use the limited account for day to day work, and only use the admin account when I need to install software. That is in following the security principle of Least Privilege. You don't need admin rights all day because you don't install software, change ip addresses and do system modification all the time, and having admin rights all the time is a risk. Malware, trojan horses and other bad apps all love admin rights cause they can then do whatever they please. But when you are using a limited account, Windows has file and registry ACLS that prevent a limited user from modifying things in Program Files, Windows folder and HKLM - so viruses have a hard time propagating. Viruses are also known to try to disable Antivirus programs, ( which reside in Program Files folder ) but if you are running as a limited user, they can't do that. So you see, the restrictions that are built into the limited account are there to protect you.

[Steve-x8086]

Thanks for the last 2 answers and thanks for moving this problem to the right area. I'll post that E to ESET's forum sometime this week.

As for the having to use both limited and admin accounts, it is not uncommon for me to be making some adjustment to the Programs, Startup or other folders and progams at any time in any day. Then there is the problem about making all programs and all files available to the limited user as well as the administrator. I cannot tell you how many times I have not been able to use a common program on computers because of this kind of conflict. If I use a router, which I don't need, to block a lot of incoming things, the router causes a jam up requiring a disconnect and resetting as well as a reboot.

Why is it so difficult for anti-malware companies to have their program watching, checking ALL web information that comes through to a computer? This as well as the way many anti-m companies try and prevent you from installing more than 1 anti-m program on a single computer. Some will not install at all if they detect even a trace of another anti-m program. I have another hard drive that I boot from just to use different anti-m programs to search for infections. That drive is unplugged when I am not using it.

Thanks for all the information. Guess it's just another way to take up more of a persons time and sanity.

Later, Steve-x8086

[dvk01]

Steve

if you use Vista or W7, then it makes very good sense to run in limited account all time & if you need to perform an aadmin function, to right click thje program & run as admin

if you use XP then you need to boot to an admin account to do lots of things. However a high proportion of programs don't run properly in limited accounts so that is why so many people run as admin all the time

[Gizzy]

Quote:

Originally Posted by dvk01

if you use XP then you need to boot to an admin account to do lots of things. However a high proportion of programs don't run properly in limited accounts so that is why so many people run as admin all the time

Actually most people don't need to use admin accounts for their daily usage in XP (or other operating systems) and many programs do run in limited accounts these days.

The main reasons you'd need to boot into an admin account would be to install programs or make system-wide changes, Most people don't do those things on a daily basis.
And I don't think it's that much work to boot into an admin account to install/update a program then switch back to the limited account,
If that's too much work there's also "Run as" (built-in) or Surun (a program to make using a limited account easier -- it works similar to many linux distros)

I believe so many people run as admin in XP simply because either they don't know about limited accounts or they've never tried using one.

It considerably increases security.

[lunarlander]

My antivirus program, NOD, does watch all web traffic and stops even the download of the test virus EICAR. The download just disappears. However, no single antivirus program can catch 100% of viruses, simply because there are so many new ones comming out.

There is an alternative to your hard drive switch method. There are several online antivirus scans, like Trend Micro's Housecall, Panda's ActiveScan and Bitdefender's online scan. All of them are ActiveX based, I think.

I understand that one needs to make system changes once in a while, and that may occur at any moment. So just login to the admin account and do it, then log back out. I think the security benefits of using a limited account for daily work outweighs the inconvenience of a separate admin login.

Can you explain what you mean by a router jamming up? I've never heard of such a thing.