Sun Java cache folder

  • 13 August 2012
  • 3 replies

Webroot secure anywhere did not detect 3 trojans in the sun java cache folder which norton 360 6.0 picked up, I was suspicious something was going on that webroot secure anywhere did not pick up so I installed norton 360 after uninstalling webroot. Webroot deep scan did not find it either.
On another note I was wondering if webroot secure anywhere protects against ddos attacks?

Best answer by JimM 13 August 2012, 18:29

View original

3 replies

Userlevel 7
By default, Webroot is set to scan with a Deep Scan.  A deep scan specifically targets only things that are running, and that definitely or probably will run.  While you may have had a dormant infection present on the system, it is not truly a threat unless it either is running or will be running in the future.  An infection that isn't running is just some 1's and 0's on your hard drive that aren't really doing anything.  A Full Scan would have found it if you had done one, but that's because it scans every last file on your computer instead of just the ones it makes sense to worry about.  If the infection ever attempted to start up, the shields would have caught it regardless.  Any attempt to run also would have had to have been user-initiated since the Deep Scan didn't find anything that would have triggered it otherwise.
For more on Deep Scans vs. Full Scans, take a look here.
You might ask at this point, what if it actually was running and Webroot didn't flag it as an infection?  While that's unlikely, it's possible.  New infections show up every day, and occasionally Webroot might not flag one as an infection right away because we are still analyzing the file.  There is good news though.  In the event that an infection shows up on your system that Webroot has not encountered before, SecureAnywhere will journal all activities of that file.  It keeps a record of every action that file takes, and it can roll those changes back to the original state if it later finds out the file is a threat.  So worst case scenario, it can still revert anything the infection has done anyway just as soon as it's globally flagged in the cloud as being an infection.
Now regarding DDos attacks, the answer is no.  Here's why: A denial-of-service attack works by flooding a server with an excessive amount of data requests, which makes the server unable or incredibly slow to respond to legitimate requests.  That isn't an infection, and it requires no malicious code to be run on the device being attacked.  It's a method to stop a server from functioning properly, but it's an entirely external threat that operates based on creating excessive traffic.  It's usually used to bring down websites.  The best analogy I can come up with off the top of my head is that a security system for your car works great for protecting your car from being broken into or stolen, but it can't do anything about backed up traffic on the freeway or a group of other cars surrounding your own car and not letting it go anywhere.
It is probably worth pointing out though that there are some pretty solid hardware methods of mitigating DDos attacks out there.  Webroot recently partnered with one such provider, Corero.  If protection against DDos attacks is something you're looking for, you could check over there.
Thank you for all the information regarding my questions. I'll be doing full scans more often now. As far as ddos not much I can do to protect my pc.
Userlevel 7
I'm glad I could be of service.  However, those aren't exactly the conclusions I had hoped you would draw, so I'll clarify just a bit.  A full scan isn't ever something you need to do.  For the reasons I specified before, an infection that stands no chance of being run without being user-initiated is no threat at all.  A deep scan will figure out what stands any chance of being run, and if an infection is one of those things, it will quarantine it.  If not, it hurts nothing to let the shields do their job and pick up any user-initiated threats, whether they come from double-clicking on some infected file you downloaded a long time ago or some new threat you accidentally download online.  It's also worth noting that although you might initially find some old infections sitting in old folders the first time you run a Full Scan, subsequent Full Scans are not going to help you any more than a Deep Scan unless you have disabled Webroot at some point, copied the infections into a directory on the hard drive, re-enabled Webroot, and then run another Full Scan.  That would be an incorrect way of using the program though, since you should always leave it on so the shields can protect you.
Regarding DDos, that kind of attack is typically targetted at web servers, and it's not something you need to be concerned about unless you host websites off your personal computer.  Most people have a hosting provider for something like that.