Can I fake having an anti-virus program?

G

Gavinni

Limp Gawd
Joined
Sep 29, 2004
Messages
403
My university recently began requiring everyone on the network to run an anti-virus program, which is verified by a cisco application when a user attempts to open a web browser. What's annoying is that I'm living in on-campus housing, so university internet is MY internet at home.

I can't stand anti-virus programs, I've never ran them, and I've been virus free for 10+ years. It really bugs me that my university is forcing software upon us. Is there any way to modify the registry or w/e so that my computer shows that I am running an anti-virus program without actually running one? Thanks hardocp peepz T_T
 
I do not notice that Security Essentials is running at all. IMO, antivirus only used to lag down your computer when 512mb or 1024mb of ram was the defacto standard.
 
Interesting. I'll give those both a try and report back. I noticed that security essentials was on the list of acceptable applications. I'm leaving this question open to anyone that knows a way around this though. Thanks for the feedback guys.
 
What are you running a P2? People who don't run A/V apps are like guys who sleep with random bar chicks and don't wrap it up because they "look healthy." I can count the number of times I've been infected on one hand (we're back to PC's here btw), but it still happens now and then...and you may not even know it if you're not running security software.
 
If you use Linux it may just let you use the network. That is how my school network works since the cisco nac software does not support linux.
 
if you have never run a/v how do you know you have never had a virus?
 
Jay_oasis said:
if you have never run a/v how do you know you have never had a virus?
Click to expand...

My thoughts exactly :D

I don't see the issue. I've never even noticed any AV running on my computer (although it is installed). Most modern computers shouldn't perform noticeably different with or without AV software.
 
to the op, why would you want to by pass the system ? It's people like you that screw up the networks because you "THINK" you don't get viruses or spyware, its guys like me and other company that FORCE THIS POLICY on the people using the network.

The rule and policy is there to protect us & the network, NOT YOU! I could give to shits if your system has viruses spyware and all sorts of crap, BUT it pisses me off to see you posting on here asking how to get around it.

Follow their guide lines, if you don't want to then don't use the system !!
 
Err on the side of caution. Run a lite AV like was suggested. I'm pretty sure you've had some sort of infection. You just didn't notice it.
 
wra18th said:
Err on the side of caution. Run a lite AV like was suggested. I'm pretty sure you've had some sort of infection. You just didn't notice it.
Click to expand...

don't see the problem with using MSE, its free and works very well.
 
Try installing an anti virus and then just disable all of it features. Disable startup and all services ect....

But who knows how cisco software detect it. Know my university use to detect utorrent and said i had to remove it. I just made it a hidden file and it cleared me :)
 
Just run MSE. This is 2011, if your PC is slowed down by an AV program it's time to upgrade your 486.
 
Just get MSE. If your PC has more than 512 megs (got I hope so...who doesn't have like..at least 1 gig these days) and is a dual core processor....well, time to toss the relic and get a newer PC.
Avast or AntiVir are two other good free choices.

Don't waste time with Clam...it's "light" because it has ZERO real time protection, and it can't find much at all, it's about as useless as you can get. Only partially decent for scanning SMTP (mail servers..getting old viruses)
 
YeOldeStonecat said:
Just get MSE. If your PC has more than 512 megs (got I hope so...who doesn't have like..at least 1 gig these days) and is a dual core processor....well, time to toss the relic and get a newer PC.
Avast or AntiVir are two other good free choices.

Don't waste time with Clam...it's "light" because it has ZERO real time protection, and it can't find much at all, it's about as useless as you can get. Only partially decent for scanning SMTP (mail servers..getting old viruses)
Click to expand...

isn't clam built into untangle for it's av ?
 
dashpuppy said:
isn't clam built into untangle for it's av ?
Click to expand...

It powers the basic AV in the free version, yes. The anti spyware module uses a bunch of additional tools though, and it's actually the effective part of Untangle that does a lot of stopping of todays malware threats.
 
YeOldeStonecat said:
It powers the basic AV in the free version, yes. The anti spyware module uses a bunch of additional tools though, and it's actually the effective part of Untangle that does a lot of stopping of todays malware threats.
Click to expand...

Some day ill buy a subscription. Or my Sonicwall NSA2400
 
dashpuppy said:
to the op, why would you want to by pass the system ? It's people like you that screw up the networks because you "THINK" you don't get viruses or spyware, its guys like me and other company that FORCE THIS POLICY on the people using the network.

The rule and policy is there to protect us & the network, NOT YOU! I could give to shits if your system has viruses spyware and all sorts of crap, BUT it pisses me off to see you posting on here asking how to get around it.

Follow their guide lines, if you don't want to then don't use the system !!
Click to expand...

Sorry OP, dashpuppy might sound like an *** but he's right.

Get some lightweight anti-virus, it'll be a win-win situation. Also, just because you think you don't have a virus, doesn't mean you don't have one.. Keyloggers/rootkits can be hard to be detected.. your info could get compromised..
 
DSee said:
Sorry OP, dashpuppy might sound like an *** but he's right.

Get some lightweight anti-virus, it'll be a win-win situation. Also, just because you think you don't have a virus, doesn't mean you don't have one.. Keyloggers/rootkits can be hard to be detected.. your info could get compromised..
Click to expand...

wasn't trying to sound like a ass, but when your main job is to protect the school and you have people trying their hardest to get around the rules that you create to protect the school you think you would get mad LOL!!
 
DSee said:
. Keyloggers/rootkits can be hard to be detected.. your info could get compromised..
Click to expand...

So true...the amateur ones, and the better ones that area meant to be detected (for notoriety)....are very easily seen and discovered and you realize you have something. However the very well written ones....they work in stealth, unknown to the computer owner/user.
 
Bring pc home & let mom wash out the viruses :D Seriously use Microsoft Securities Essentials it's FREE, works OK & won't bother you or your pc. Install it, update it, configure it & do a full scan. Then it just runs in the background. Done. Good luck in school.
 
I agree with everyone's suggestions regarding anti-virus, but I would still have an issue with something like this simply on principle. It would be no business of the University what I am or am not running on my own personal computer.

Via what means is it attempting to verify that you have an Anti-Virus installed? Is this means cross-platform? Does this prevent you from attaching other internet devices to your network that might not be compatible with their AV detection scheme, such as a smart phone, a game console, or an internet enabled DVD player?
 
eh, the norton stuff is horrendous. it frequently makes my work laptop somewhat unresponsive for 20 minutes on booting.
 
GotNoRice said:
I agree with everyone's suggestions regarding anti-virus, but I would still have an issue with something like this simply on principle. It would be no business of the University what I am or am not running on my own personal computer.

Via what means is it attempting to verify that you have an Anti-Virus installed? Is this means cross-platform? Does this prevent you from attaching other internet devices to your network that might not be compatible with their AV detection scheme, such as a smart phone, a game console, or an internet enabled DVD player?
Click to expand...

The Cisco stuff is pretty intelligent and able to discriminate devices from what I've seen. You are also 100% correct that it is no business of the University's what you have installed on your machine...until you try to use it on their network. Plugging a disease infested PC into their network can have consequences that could inconvenience students and potentially cost the University a crazy sum due to outages, potential data loss and cleaning on their own equipment. They absolutely have a right to enforce whatever policies they want on their own network, provided they're upfront about their activities with those who are permitted to connect to it.

Heck, I've got a guest network outside of my personal wireless at home for friends who come over, because I'm not willing to suffer a data loss because someone else decides not to run competent A/V software.
 
I would just install a lightweight AV as suggested. Though at the same time, this is a very poor design on the university's side. They should not have the dorm network be in any shape or form able to access the main network. They should have it completely separate and basically just treat it like the internet and have it free for all, more or less. It's up to the individual users to install their own NAT devices if they want to be safe.
 
Oldie said:
You are also 100% correct that it is no business of the University's what you have installed on your machine...until you try to use it on their network. Plugging a disease infested PC into their network can have consequences that could inconvenience students and potentially cost the University a crazy sum due to outages, potential data loss and cleaning on their own equipment. They absolutely have a right to enforce whatever policies they want on their own network, provided they're upfront about their activities with those who are permitted to connect to it..
Click to expand...

Exactly! You want to use THEIR network (NOT yours...but THEIRS).....you need to comply to their rules. School networks are often a nightmare....college kids are usually heavy p2p/torrent users thus their PCs are infested by their use of poisoned content, just a small handful of infested PCs can bring down a schools entire network and make it virtually unusable for the peeps trying to use it for legit stuff. Not to mention the malware that scan spread across networks.

Many schools are getting smart and enforcing policies...when you first plug into their network...your PC is directed to a wallgarden (separate network that won't go far)...until you're caught up with microsoft updates and antivirus. Then..and only then, will your PC be allowed on the main network.
 
Last edited:
a free for all style dorm network at a school of any decent size will end up being..A) breeding ground for viruses, malware, etc etc.....B)the poor network will get bogged down by the one or two assholes that decide they MUST run a seedbox. since, you know, they're not paying for the bandwidth and suffering any consequences.

personal experience at my university tells me this is true. when it comes to relying on"democracy" in a networked environment, it'll quickly turn into anarchy. disagree all you want but the university has all the rights in the world to run NAC and require whatever software they want, especially if you signed/agreed to some internet/network use policy. which most places have nowadays. end of the day.....grab MSE, run it and be happy you at least have a semi competent IT department at your school.
 
Give me a break, OP is right on, anti-virus programs are annoying to run, there's no reason for a power user to ever run one. Performance has nothing to do with, it's just the principle of having something unless constantly check your every move. Stop going to warez site or clicking on every shady email link and you're fine.
 
zeroARMY said:
Give me a break, OP is right on, anti-virus programs are annoying to run, there's no reason for a power user to ever run one. Performance has nothing to do with, it's just the principle of having something unless constantly check your every move. Stop going to warez site or clicking on every shady email link and you're fine.
Click to expand...

In a way this is kinda true, because AVs don't even catch drive by viruses because they are classified as spyware and not viruses and those are the biggest threat these days. Email viruses or exe links are obvious and you need to actually take extra action to infect yourself with it. Just getting an email with a virus in it wont do anything, you have to actually open the attachement.

The only real threat to a power user is drive bys because it's as simple as clicking a bad link while doing a google search or something. If the title and description looks legit, it's possible to still get hit no matter how smart you are. Some of these can be very nasty, especially the fake AV programs. I don't get why browsers have any code paths that allow this to even happen.
 
claiming your a super suer and safe is being naive, or an idiot... [H] was compromised how long ago..? ?

if AV is annoying, then chances are you keep getting infected so stop trying to act like your some 133t user who never gets infected. the ONLY TIME av is annoying, is because it keeps telling you about an infection, so get off your self, install MSE and move on.

I don't get why browsers have any code paths that allow this to even happen.
Click to expand...

How is a browser supposed to know if you are downloading a legit exe file or a virus if the user says "yes yes yes" to everything...
 
Oldie said:
The Cisco stuff is pretty intelligent and able to discriminate devices from what I've seen. You are also 100% correct that it is no business of the University's what you have installed on your machine...until you try to use it on their network. Plugging a disease infested PC into their network can have consequences that could inconvenience students and potentially cost the University a crazy sum due to outages, potential data loss and cleaning on their own equipment. They absolutely have a right to enforce whatever policies they want on their own network, provided they're upfront about their activities with those who are permitted to connect to it.

Heck, I've got a guest network outside of my personal wireless at home for friends who come over, because I'm not willing to suffer a data loss because someone else decides not to run competent A/V software.
Click to expand...

this is why i have 4 subnets at home with wireless being te 4th and non of them talk together..

only my laptop, can talk t the other network with rdp port thats it. ive had this aregument lots with people and wireless security and just letting friends / family on their network.

the wrvs4400n cisco / linksys routers rock for this...i setup one home network for family only, ie mom dad and one fir guests and children none of the ssid ( networks ) can talk to each other.

works very well, protects parets computers from the kids infested machines...
 
If you never had any AV, how do you know you never had a virus? Maybe you are careful when using internet but still, not all viruses you must notice, and nowadays the better virus is the better it is hidden from user's focus. However if you don't want to pay for AV, get MS security essentials, it's free for legal windows installations.
 
Red Squirrel said:
In a way this is kinda true, because AVs don't even catch drive by viruses because they are classified as spyware and not viruses and those are the biggest threat these days. Email viruses or exe links are obvious and you need to actually take extra action to infect yourself with it. Just getting an email with a virus in it wont do anything, you have to actually open the attachement.

The only real threat to a power user is drive bys because it's as simple as clicking a bad link while doing a google search or something. If the title and description looks legit, it's possible to still get hit no matter how smart you are. Some of these can be very nasty, especially the fake AV programs. I don't get why browsers have any code paths that allow this to even happen.
Click to expand...

It is thoughts like this that make it important to protect a network from its users.
To the OP, it is not "your" network, follow the rules or do not use it.
 
While some of you may be right in the sense that he has a contractual (and apparently ethical?) obligation to comply with such a request. It is still a worthwhile and interesting academic exercise to experiment with circumventing such a system... ;)

Detecting requests to the update servers of approved software maybe?
 
Last edited:
The oversimplified answer is "forge whatever the detection is looking for". It may be looking for files, registry entries, or running processes. It could be as simple as creating a blank text file and naming it AllowedVirusScanner.exe, or it might take a checksum of the file and verify it against a product database.

The biggest performance hit with AV is on-access scanning having to check every single file. Your disk is already the slowest part of your system, and now you're doubling its work.
 
You must log in or register to reply here.
Back
Top