Instant desktop search

Quote:

Originally Posted by chronomatic

I guarantee if you were running your box as admin, using IE with scripting allowed, you would not have been malware free all of this time.

Probably true, but there is a huge difference between running as admin vs standard user. Even if i had been running as admin, the three times in last two months I got subjected to one of those rogue antivirus attempts I could have simply denied the install of the executable anyway. Running as standard user afforded me that much more in defenses, not to mention I have applocker rules in place along with hardware DEP and UAC as well.

Quote:

Do you guys still care to deny that drive-by's are real?

They are for real but they don't have to be an issue to anyone exercising common sense, which includes some basic security measures such as even simply running as a standard user.

[Kerodo]

Quote:

Originally Posted by chronomatic

Then you must have good security practices. I guarantee if you were running your box as admin, using IE with scripting allowed, you would not have been malware free all of this time. Actually, I must ask: how can you be sure you have never been infected?


Do you guys still care to deny that drive-by's are real?

Actually, I always run as admin in Win, always have and always will, well maybe not now in Win 7, I'm not sure what I'm running as, some kind of standard user or something I guess. I use Flash and Java, and scripting is always allowed and enabled, even in IE.

I should clarify a little. I have seen attempts at things here, which were caught a few times by my AV's web scanner, and a few that just didn't quite seem to work or get there. But those were very rare.

And I have been pretty much everywhere on the net, savory and unsavory places.

I rely mostly on my street smarts. People always argue and ask how would I know if I were infected, perhaps I was and didn't know it. Trust me, I'd know it. You can argue that I wouldn't, but I'd argue again that I would.

Anyway, I know there are drive-by's and dangers, and I know a lot of clueless users fall prey to them. But as Mrkvonic stated, and I have to agree, they are highly overrated, and I think a lot of it is designed to generate fear and sensationalism.

Again, the proof is in the pudding. I have managed to stay clean all this time using Win. I must be doing something right.

[Mrkvonic]

chrono, Flash and PDF exploits you mentioned:

If you don't use Acrobat, the vulnerabilities are void.
If you're using the latest version of Adobe Flash, the vulnerabilities are void.

It's not as dire as you portrayed it.

Drive-bys exists, both in life and online, and you need not be part of either if you don't want, it's very simple.

Mrk

[chronomatic]

Quote:

Originally Posted by Mrkvonic

chrono, Flash and PDF exploits you mentioned:

If you don't use Acrobat, the vulnerabilities are void.
If you're using the latest version of Adobe Flash, the vulnerabilities are void.

It's not as dire as you portrayed it.

Drive-bys exists, both in life and online, and you need not be part of either if you don't want, it's very simple.

Mrk

That's like saying if you don't eat you wont get fat. That's true, but you'll also die. It's the same with the Internet: most people (including me) are not going to turn off all scripts, especially Flash. I, for one, like to watch YouTube videos.

Granted, I, personally, am not worried about drive-by's since 1) I use Linux and 2) I have a very locked down Linux box, but they are a major problem for Windows users, especially those who run as admin and enable scripts (the vast majority of Windows users). So simply telling them not to "execute crap" will not solve their problem. They would have to do a lot more than that to be safe. As you said, they would have to basically cripple their browser and disable all scripts. This is like telling people to stop driving their car and begin walking everywhere. In other words, it ain't gonna happen.

[SpikeyB]

Quote:

Originally Posted by chronomatic

As you said, they would have to basically cripple their browser and disable all scripts.

I think that all they really need to do is block unwanted executables. As far as I am aware, the majority of infections via the browser require the execution of a file at some point during the infection. Rmus has many posts explaining these type of infections.

[chronomatic]

Quote:

Originally Posted by SpikeyB

I think that all they really need to do is block unwanted executables. As far as I am aware, the majority of infections via the browser require the execution of a file at some point during the infection. Rmus has many posts explaining these type of infections.

No, if the browser has an unpatched vulnerability, all you have to do is visit a page which exploits said vulnerability. The same goes for plugins like Flash.

Sure one can always make sure the browser and plugins are up to date. This helps, sure, but it's no guarantee since there is such a thing as 0-days.

[SpikeyB]

Quote:

Originally Posted by chronomatic

No, if the browser has an unpatched vulnerability, all you have to do is visit a page which exploits said vulnerability.

That's correct and what does the vulnerability do? It allows the download and possible autoexecution of executable files. There are a number of ways of blocking these.