Other than the obvious of using a virus scanner, is there a way to detect that a PC has been compromised?
I've been doing some security investigations at work and find that test with the top antivirus tools all seem to score very well on detecting real 'traditional' viruses, the problem comes with other types of 'infection'. NOD32 seems to be the worse of the offenders when it comes to suspicious programs. The question is can you believe these possible infections?
With a good software firewall I should be able to see all outgoing connections and trace them shouldn't I? On a large work network it's difficult to track down (let alone have the time to investigate) the behaviour of our outgoing traffic.
What other forms of detection can you run on a PC? I have tried hijackthis, but the tool is rather complicated and I can't be 100% certain my test machine has been infected?
It would be interesting to hear if anybody can confirm they have seen the behaviour of a PC thats in a botnet.
I've been doing some security investigations at work and find that test with the top antivirus tools all seem to score very well on detecting real 'traditional' viruses, the problem comes with other types of 'infection'. NOD32 seems to be the worse of the offenders when it comes to suspicious programs. The question is can you believe these possible infections?
With a good software firewall I should be able to see all outgoing connections and trace them shouldn't I? On a large work network it's difficult to track down (let alone have the time to investigate) the behaviour of our outgoing traffic.
What other forms of detection can you run on a PC? I have tried hijackthis, but the tool is rather complicated and I can't be 100% certain my test machine has been infected?
It would be interesting to hear if anybody can confirm they have seen the behaviour of a PC thats in a botnet.
