Lets see if this may tell us anything. If you fit in this category, just state what you use your computer for, brief online surfing habits and what type of computer protection you use. Brand specific must be excluded please.
Thank you.

What if you downloaded an malicious file but the malware didnt infect your computer?

I have never been infected. My basic setup has varied, but currently I use Sandboxie, OA, SSM or ProSecurity and thats it. I also do make use of Returnil/Shadowdefender on occasion.

I primarily use my computers for business, using MS Office, Quickbooks, and Paperport. I also use them for online financial trading.

Most of my surfing is quite benign, like here at wilders, oA forum, etc. I use either Opera or IE 7, all done with Sandboxie

If I go to the wilder side of surfing, I then go to the VM machine, where I employ the exact same security setup.

Finally if I am playing with malware, as I occasionally do, then first I put my host in Shadowmode, start the VM machine, and do the testing I am interested in. I use the Shadowmode of one of the shadow programs on the host, just on the slim chance something should escape the VM machine.

Pete

Virtually every malware trace ever detected on any of my machines (excluding tracking cookies and the errant toolbar) arrived there via my installations of anti-malware products.

No infections whatsoever, not even tracking cookies. Scanners have either shown false positives or nothing. My surfing habits are usually revolving around reading newspapers, downloading lots of pictures, doing research in many fields. Sometimes I surf where I shouldn't, but never to test my computer.

I'm 99% of the time in shadowmode, excluding only 3 folders from the virtual volume: 'My Pictures' 'My New Documents', and 'Bookmarks'. My mail is through G-mail, also protected (not really needed) by the virtual volume.

I always use Opera, registry protection, antiexecutable, software firewall.

I never play with malware, and never test programs unless I really want to have them on my system.

I almost forgot: Wilders is the only security forum I routinely check... Unfortunately it is quite addictive.

Back in 2001 I believe it was, I was infected with some kind of malware. It was bundled into a cracked Mcafee firewall I had downloaded from some warez site. I had it running for three months until I changed my AV which I switched to after noticing one day that I had a connection to russia running in the background all the time.
That was my last warez I used on my computer.

After that I have not been infected, if I not willingly let it.

I surf everywhere I want even some pornsites. I do Download movies with P2P occasionally. I download software sometimes from sites that are not so known. I go to warez sites now and then when I want to look for some malware (havent found much though) I install and test relatively many programs. I never get any spam (I have made it very clear to anyone that I do not enjoy funny videos or other stuff people send to each other, just plain emails if they have anything to say.)

My defences up till Octoer last year has been a firewall, AV and different flavors of HIPS (tried them all). They never (in 5 years) reacted to bad stuff sneaking into my computer. (Thats one reason why I got rid of them)

My defense nowadays are Vista, Limited account and a couple of SRP´s (so I have to whitelist the software that tries to execute) a firewall. No realtime AV, I do some on demand scans now and then, no HIPS. And of course a browser that wont let scrpts run unless I say so. Not sure I need it though when I have LUA but it does no harm so I might as well keep it. Well, a snapshot and imagining software too if they count as security (against malware)

Hello,

Have not been infected.

Usage: Lots of p2p, lots of porn, online gaming, email, IM etc. The standard security includes firewall + browser. The "highest" security also includes an anti-virus.

Regarding anti-virus in the mentioned setup: it never saw real malware once - only several stupid FPs.

Mrk

Nothing here in ages - quite a while back I once got a warning that my home page was attempting to change, but in hindsight I think I must have accidentally hot-keyed the "make this my home page" thing, or maybe clicked an equivalent link on the page, rather than encountering malware.

Surfing habits ... "morning rounds" are mail, news, weather and comics, then later into boards like here and games, and probably in the evening some erotic not-quite-porn. Never any problems with the last one (I stick with a couple of favorites), and I once commented to the webmaster that he (?) obviously took great care to keep the site safe.

Not in the last 2 years.

Heavy online gaming and torrenting. Moderate adult surfing, office work, and general internet browsing (such as searches, couple of forums, shopping, etc...no real 'dark net' browsing any more).

Have used a security suite from one vendor or another during those 2 years and generally nothing else.

Haven't been infected for a lot more than the last two years.

Other than what I've got showing in the screenshot (which are all the running processes I've got going at any given time, minus IE, Frostwire and/or Trillian, none of which is running at the moment) the only other program I rely on is Javacool's SpywareBlaster.

I surf any-and-everywhere, do P2P, do IM'ing through Trill.

Sure, I check things out with a bunch of different programs just to make sure nothing's sneaking through - and nothing has. I'm not even real sure when the last time I had a false positive was.

Pretty anti-climactic, I guess. Sorry. Pete

My PCs are clean for better than two years, except for test units I infect deliberately. My primary PC is a dual boot, Win98 and 2K, most of the time running 98. It's a home PC for all the usual purposes, e-mail, IM, browsing anywhere, CD burning/ripping, some office work, etc. I occasionally use P2P. It's used on and off by about 6 different people, most of which qualify as typical users, not techies. It's rare when there's not someone using the computer here. Doesn't get much idle time. Except for the MVPS hosts file, there's no restrictions on where anyone might browse. Except for a few online games that require IE6, SeaMonkey is the browser that's used. IE6 is forced to go thru Proxomitron by firewall rules and is limited by rules to use on only a few sites.

Both operating systems are protected by default-deny security policies which are enforced by a firewall and HIPS. Both have very restrictive rulesets in place and are configured not to prompt the user. The PC is fully equipped with software for all the usual tasks, so other users have no need and are not able to install any more software. Web content is filtered thru Proxomitron. No AV, AS, AT, etc installed.

This PC has run into more than its share of malicious websites, e-mails, etc. None have been able to make any changes to the OS or the installed apps. The default-deny security policy and the apps that enforce it have worked flawlessly for over 2 years.
Rick

nothing for a long long time
FP's about the only frights I get these days.

behind router, AV, AT/S, firewall,
torrent junkie, some naughty bits [getting too old :'( and the stuff getting too scary :wacko: ]
anything really dodgy goes to a VM first, I occasionally have Boclean or Avast grab something in there, VM has same set up as real world,

yet I clean boxes with more nasties than you can imagine, well you probably can, and wonder how they got so infected

I haven't been infected for a long time. Had warnings when surfing but nothing has managed to set itself up on my machine.

I surf with Sleipnir using Sandboxie. If I am looking for info I will follow leads to get it even if it means translating pages via google.

No router, just OA firewall and try to use common sense (whatever that is:) )

Just like our knowledgable and very sharp member Spy1 (plug) LoL

In over two years absolutely not a single intrusion, only on Windows 98SE. I once picked up something named command.com in the C:\ folder when i first started with XP, nothing malicious and it couldn't call out because of Kerio 2.15, that old obsolete iron wall of a firewall. I could only knock it down when i used to play in the Yahoo Groups Boot Rooms for fun, nothing on the internet or sites ever disabled it.

When HIPS popped on the scene, it was like using concrete instead of mortar between the bricks and this PC is been quiet ever since.

Just to humour myself at times, and only works on SP1 XP of course, i occasionally would run those old HTML exploits that use IFrames, remember the site that hosted You Are An Idiot! by white sheep or something, that rapid barrage of bouncing windows was so impressive to me that i just had to keet those files for fun.

Nothing on my main system for over 2 years. Its primary use is games, multimedia, surfing and email. I don't browse the dark side of the web or open dodgy emails. My basic protection consisted of a hardware firewall, a realtime av and hips.

Never been infected on 3 machines at home. The only detection of malware was when a member of my family was sent a file via IM which was detected and deleted before execution.

Wasn't even infected whilst running pc-cillin 2002. My surfing habits are quite safe, usually visiting unknown sites for research (Uni college/assignments), IM, skype, email, etc, etc.

Largely, attribute this to deficiency 'darkside' disorder (ddd as I call it). One has no inclination of visiting that side of the world wide web i.e. no fettish for porn, warez, or illegal activities.

Have tested many security software, but have always come back to running a (free) Anti-virus in the long run. As my experience has proved, one does not require anything else.

Since March 2006, I didn't have any infection I know of.
I don't run scanners anymore, so it's very hard for me to see if I'm or was infected or not. I just replace my possibly infected system partition with a new one and that removes any change.
Anti-Executable should warn me, but it never did and I never check my sandbox.
I don't like to spend time on malware. In theory, I'm not supposed to have any malware on board after reboot.
I know the weaknesses of my approach and I can solve them.

I have not been infected for at least 4 years, but honestly I can not say, since I use no AV for 2 years and I had no firewall for a year, but I run random ondemand scans with various tools. I visit only a few webpages in my favorites, watch movies, listen music via WMP, chat via WLM, no games or porno.

-{ Quote: "Lets see if this may tell us anything. If you fit in this category, just state what you use your computer for, brief online surfing habits and what type of computer protection you use. Brand specific must be excluded please.
Thank you." }-

Hi trjam,
I don't think this kind of subjective test is going to result in a "Eureka!" moment as you are trying to make a causal (maybe) connection between long term "cleanliness" and the use of strategy "X".

I believe the more important factor in determining the likelihood of long term "cleanliness" would be the learning experiences that user has had and how it caused them to use strategy "X"...

Just my 2 cents YMMV

Mike

-{ Quote: "Hi trjam,
I don't think this kind of subjective test is going to result in a "Eureka!" moment as you are trying to make a causal (maybe) connection between long term "cleanliness" and the use of strategy "X".

I believe the more important factor in determining the likelihood of long term "cleanliness" would be the learning experiences that user has had and how it caused them to use strategy "X"...

Just my 2 cents YMMV

Mike" }-
all good points Mike. I guess what I am looking at is that it diesnt take 10 apps to do what 1 or 2 might. But it is subjective based on a users habits.

check your pm.:)

Sorry i would like to say i never got infected in my life which was true until 2 weeks ago....

I really regret not putting in more layers....

-{ Quote: "Sorry i would like to say i never got infected in my life which was true until 2 weeks ago...." }-
Could you tell us about this?
-{ Quote: "I really regret not putting in more layers...." }-
Probably a useless measure, per Murphy's laws. If you were to get infected, adding layers wasn't going to help much :P

-{ Quote: "Could you tell us about this?
" }-

Well as you would expect to nail one of us paranoid ones, it has to be a targetted attack by a world class hacker, employing the latest in malware techniques including rootkit techniques (bios jumping/metamorphic/polymorphic) and zero day exploits *specifically* designed to bypass the state of the art behavior blocking/sandboxing/hips software and the rootkit is invisible to all known rootkit detectors (even the private versions I have failed) I'm also convinced he has some way of cracking AES 512 bit and no it isn't a dictionary attack, cos my password is 40-50 characters long....
Oh and did i mentioned that this machine is airgapped with no access to any other machine?

Nah, not really...

I just turned off most of the security software (excluding firewalls) while I was doing some maintaince, i left for a while and forgot to lock the machine (admin account), some idiot came in before the screensaver lock out started and started playing flash games, and before i know it the machine was nailed.

:D :D

Hello,
It has nothing to do with hacker xyz ... the person you mentioned probably installed something, as simple as that. Pure self-defeat, seems to me.
Mrk

No I haven't been infected.

Lots of p2p. Surfing news sites, forums etc. Moderate porn and a little warez.

I use AV, firewall and classic behavior blocker. Surf sandboxed. Light virtualization for the dark side of the internet.

-{ Quote: "Nah, not really...

I just turned off most of the security software (excluding firewalls) while I was doing some maintaince, i left for a while and forgot to lock the machine (admin account), some idiot came in before the screensaver lock out started and started playing flash games, and before i know it the machine was nailed.

:D :D" }-
My last question: it was a drive-by (unlikely, I think that you have an up-to-date machine) or the "idiot" was tricked to install the malware (social engineering)?

No infections
Security - Firefox, DeepFreeze, Netgear DG834, Acronis
Habits - 100 + e-mails per day, Bank and Financial work sites, No P2P, no warez,
no known dark side just dull work and play machines

-{ Quote: "If you fit in this category, just state what you use your computer for, brief online surfing habits and what type of computer protection you use. " }-I use my computer for email, some word processing, database record keeping, maintaining websites for local groups and keeping a group's accounts up to date. I occasionally IM.

Surfing habits include coming to forums like this one, using news sites such as the BBC, researching encyclopaedic content and visiting film/TV related sites. I also read security blogs.

I'm using Kaspersky Internet Security. Firefox is my browser with the Adblock Plus extension added. The only other "security" addition is SpywareBlaster.

-{ Quote: "I don't think this kind of subjective test is going to result in a "Eureka!" moment as you are trying to make a causal (maybe) connection between long term "cleanliness" and the use of strategy "X"." }-I don't think that's the aim. As I am oft to say, much of what we do with our computers accounts to some extent how lucky one is or isn't in getting malware whether they're protected or not. The examples given thus far show this very well.

Never been infected in two years-put it down to attempting to use commonsense regarding sites and a basic security setup,plus the feeling that this whole security paranoia is overblown as regards the home user.

My usage is is ordinary boring surfing,plus some important business usage also.

-{ Quote: "My last question: it was a drive-by (unlikely, I think that you have an up-to-date machine) or the "idiot" was tricked to install the malware (social engineering)?" }-

Well definitions differ of course, but many would say that drivesby can and do involve social engineering, but i presume by driveby you refer to infections that occur automatically without any user interaction?

I was wondering the same thing as well. Since he was playing flash games, the greatest possibility is a problem with the flash plugin.

The fact is I specifically updated flash plugin, just before i left the machine..... Then again, I remember that at that period of time, there was supposedly this vulnerability for the flash plugin that had no patches yet....

So maybe i did get hit by a zero day!!!

:D :D

Haven't been infected for a lot more than the last two years.I have used many different security applications .But at last I settled down,what I use is in my signature.I must admit that I am a careful user I do not visit XXX sites.
For the next 2 weeks I am sure I will not be infected How? I am very busy translating Online Armor so I even dont use internet more than 5 minutes.:P

-{ Quote: "but i presume by driveby you refer to infections that occur automatically without any user interaction?" }-
Correct :) If you're prompted to install a rogue codec or a rogue scanner, it becomes social engineering.
-{ Quote: "I was wondering the same thing as well. Since he was playing flash games, the greatest possibility is a problem with the flash plugin.

The fact is I specifically updated flash plugin, just before i left the machine..... Then again, I remember that at that period of time, there was supposedly this vulnerability for the flash plugin that had no patches yet....

So maybe i did get hit by a zero day!!!

:D :D " }-
Hmmm, it surely warrants further research. I bet on social engineering throu rotating ads.

I've been infected, but it has been a looong time since I got infected just surfing. Last time it was on 2004, when I was surfing a warez site.
Surfing habits: research for university, newspaper reading, financial trading and banking, wilders, youtube, the usual random surfing from one page to another, and some porn (I stick to a couple of sites that have never infected me in more than 7 years, just the expected tracking cookie, wich gets deleted after I close my browser). Since 2004 I don't go to warez/crack sites anymore.

I've had some infections, but they had come via P2P, and mainly it happened because of me beeing in a hurry and skipping my standart checking proceeding (including on-demand scan, virustotal scan, running the first time with returnil enabled and watching what it does. If a suspicious program asks for a reset to complete instalation, it gets deleted, no exceptions).

That said, since I stopped searching for cracks, warez, keygens, etc a few years ago, my infection rate went from +/- 7 a year to less than 1 per year.