Custom built more vulnerable to malware

[ohblu]

Is it possible that a custom built computer could be built in a way that would make it vulnerable to malware? I'm not talking about the security software or windows updates. I just find it odd that grandma has two computers both running XP with the exact same security software and windows updates, yet the custom built computer is the one that always gets malware.

[firzen771]

no, just depends what each of the computers are used for...

[Keyboard_Commando]

Do you mean the hardware? Because, to a slight degree the answer is Yes, but doubtful. For instance, older computer CPU's do not support hardware DEP, hardware-enforced ... this can prevent buffer overflow exploits - Most CPU's bought within the last 5 years support hardware DEP. When you try to enable DEP you get a message if it's possible to enable or not.

Also, it depends who set the software up on the custom built PC. How it was configured? You might find that some default settings were accidently changed to leave that one PC vulnerable.

[Bill_Bright]

Quote:

to a slight degree the answer is Yes, but doubtful. For instance, older computer CPU's do not support hardware DEP

What does that have to do with custom built? Nothing. A 5 year old CPU is a 5 year old CPU, regardless if in a Dell, or a self-built computer.

As soon as any new computer is turned on for the very first time, whether it just came off the factory assembly line, or off your dining room table, changes to the defaults can be made that enhance, or degrade security.

Quote:

Is it possible that a custom built computer could be built in a way that would make it vulnerable to malware?

Yes it is possible - but no more so than a non-custom computer. I guess if you bought this "custom" PC in a dark alley from a stranger for cash only, then you could assume it probably is not safe.

IMO, a custom computer is one that is made for you, with your computing habits in mind. And in that respect, it should be safer. But since the user is ALWAYS the weakest link in any security system, it really does not matter where, or who made the computer.

[Keyboard_Commando]

Quote:

Originally Posted by Bill_Bright

What does that have to do with custom built?

Answer: It has about as much to do with custom built as your informal? Example

Quote:

I guess if you bought this "custom" PC in a dark alley from a stranger for cash only, then you could assume it probably is not safe

I presume you were using your example in the informal sense? exempli gratia ?

Anyway. You appear to have then ignored my pertinent point, a CPU WITHOUT DEP SUPPORT, is more vulnerable than with DEP enabled.

As we both do not know the age/circumstances of his gradmas computer, OP didn't say too much ... you have no idea if my example is even relevant lol. The custom built might be custom built five years ago, and currently minus DEP protection. So chill out a bit. It's Christmas.

[Bill_Bright]

Quote:

Answer: It has about as much to do with custom built as your informal? Example

My example pointed out that if you do not know where this "custom" computer came from, it may not be safe. Your example about DEP is totally irrelevant to whether a computer was a custom build, or came strait off the shelf.

I did not ignore it, I said it was irrelevant. And it still is because, I say again, the fact a CPU with DEP support is more secure or not has NOTHING to do with whether a computer was custom built or not. If the CPU is 5 years or older, either may, or may not support DEP.

Quote:

you have no idea if my example is even relevant lol.

The mere fact you realize no can tell if your example is relevant, and since you seem to think it's funny, you are just wasting everyone's time. That's sad. Especially during Christmas when this may be concerning a purchase for Christmas.

@ohblu - please disregard K_C's comments. It seems he would rather play games. Whether it was custom or factory built 5 years ago, yesterday, or you are asking this for a new computer purchase next week, if you buy the PC off the shelf or as a custom built - buy the computer from a reputable source and you have an equal chance of everything being fine. Then ensure you use a decent firewall and current anti-malware solution, keep your system updated, and avoid risky practices like visiting illegal porn, gambling, or participating in illegal filesharing of copyrighted materials (songs, videos and published documents) from peer-to-peer (P2P) sites and you will be fine.

And for the record, as reported by Gibson Reseach, every AMD and Intel CPU made since 2005 has supported DEP, as has every version of Windows since XP SP2.

[Keyboard_Commando]

You Mr Bill_Bright, are not the administrator, or even a moderator, on this website. Therefore it is not your place to tell other posters if their contributions are relevant or not. I have seen you do this to other members on here, but this self appointed moderator role you've got does not apply to me.

Feel free the delete my post if needed - The real moderators.

[Bill_Bright]

I go by the technical facts. If the facts are inaccurate, or irrelevant, I will say so. It matters not to me who you are. If a moderator, admin, or another MVP presents inaccurate facts, or facts that are not pertinent to the OP's inquiry, I will say so too.

You were right, and I did not dispute your contention that DEP CPUs are more secure. But you presented facts about DEP CPUs that are irrelevant to the OP's inquiry. You inaccurately, and persistently tried to tie non-DEP CPU concerns only to custom PCs. That is wrong! The accurate facts are, the concerns apply to both custom and off-the-shelf PCs equally.

The accurate facts are, it does not matter if custom built or off-the-shelf, DEP supported or non-DEP supported - if two computers are kept current and secured with an adequate and updated security defense (either a roll-your-own custom suite or an off-the-shelf security suite) and one gets infected and the other doesn't, then it boils down to the user, or as firzen771 accurately said,

Quote:

Originally Posted by firzen771

just depends what each of the computers are used for...

It one computer continually gets reinfected, it is likely (1) it was not totally cleaned after the first infection, and/or (2) who ever uses that computer has not changed their risky behavior.

Quote:

Originally Posted by Keyboard_Commando

Feel free the delete my post if needed - The real moderators.

I am sure the real moderators will be pleased they have your permission.

[YeOldeStonecat]

Quote:

Originally Posted by ohblu

Is it possible that a custom built computer could be built in a way that would make it vulnerable to malware? I'm not talking about the security software or windows updates. I just find it odd that grandma has two computers both running XP with the exact same security software and windows updates, yet the custom built computer is the one that always gets malware.

//meanwhile..back at the farm

I'd say that one computer which keeps getting reinfected still has some lingering malware in the system, when the first infection was cleaned..it wasn't all cleaned out. I'd go back and revisit that sytem with some better cleaning tools.

I don't see how 2x different hardware based systems with the same software setup can have different levels of protection...or rather, behave differently as far as being susceptible to infection. Same end user, same user permissions, same level of windows updates, same 3rd party security software with same settings..shouldn't make a difference.

[Bill_Bright]

Quote:

Same end user, same user permissions, same level of windows updates, same 3rd party security software with same settings..shouldn't make a difference.

Except we don't know if there is only one end user. There could be kids or grandkids or some other less disciplined user using the second computer. If someone is participating in risky behavior, like visiting P2P sites to download tunes, they may be reinfecting it. The best defense is no good if the doors are left open. That said, I agree with your advice to recheck for malware.

[YeOldeStonecat]

Fair enough....I was just "assuming" it was grandma. But with 2x computers...certainly could be others. How many grandmas out there have 2x computers in their house, not to mention even just 1.

[Bill_Bright]

Quote:

not to mention even just 1.

Good point. But then again, with 7 grandkids, and 9 computers in our house, you never know.

[culla]

Quote:

Originally Posted by ohblu

Is it possible that a custom built computer could be built in a way that would make it vulnerable to malware? I'm not talking about the security software or windows updates. I just find it odd that grandma has two computers both running XP with the exact same security software and windows updates, yet the custom built computer is the one that always gets malware.

cut the ~ Snipped as per TOS ~ guys
the answer is NO

[Keyboard_Commando]

Quote:

Originally Posted by Bill_Bright

You inaccurately, and persistently tried to tie non-DEP CPU concerns only to custom PCs.

Lets just clear this up, seeing you are manipulating my words into something I never said in the first place. I said, in an example, an example that could be a system factor - just like your example of granny buying her beloved computer from someone down a dark alley ... we can both agree that is unlikely, right? so why are you unable to just let it wash over you that anyone else could use an example? smacks of hypocrisy.

Quite clearly the hardware configuration of a computer is a contributing factor to the overall system security, custom or not - If in the case of hardware enforced DEP being unsupported or switched off.

Like you said: "A 5 year old CPU is a 5 year old CPU, regardless if in a Dell, or a self-built computer."

Which is true, I guess. But a 5 year old CPU minus hardware enforced DEP support leaves granny's PC vulnerable, aka vulnerable to malware. Now all we need to do is educate granny to switch DEP on. Funny, I feel like we're going around in circles.

Confronting people on forums can be quite frustrating. Don't you think, Bill_Bright?

[JRViejo]

May I remind all Wilders members to take a step back and read No offense?! Yes, really!!

If this thread disintegrates into an insult match, you know what will happen to it, yes?

JR

[Bill_Bright]

I am not trying to make this confrontational - I really am not. But once again I ask, what does whether a CPU supports DEP or not have to due with the question of this topic? The question of this topic asks if custom PCs "can be built in a way" (which suggests built with intentional maliciousness) to be vulnerable to malware?

The answer presented was that they could be because,

Quote:

older computer CPU's do not support hardware DEP

I agreed and never disputed that DEP supported CPUs are more secure. But I contend, and what is being ignored repeatedly here, is that whether or not a CPU supports DEP has absolutely NO relevance to the issue of a PC being a "custom built" PC. Why? Because non-DEP supported CPUs were used and could be found just as easily in off-the-shelf PCs as they were in custom PCs - but that fact is just not getting through. Nor is the fact that just because an older CPU may not support DEP, that does not mean the computer itself is more likely to be compromised. As pointed out by others, that will depend on the discipline of the user(s) and how the computer is used, maintained, and kept updated.

The example of buying from an unknown source (the stranger in a dark alley) is relevant to the issue of intentional maliciousness because badguys work out of dark alleys, and don't care about repeat business or bad reputations. They just want to do their dirty deeds. If you buy a new, custom built PC from an unknown, non-verifiable source for cash only, there's a good chance it will be made intentionally to be vulnerable. If you buy a used computer out of dark alley from a stranger, regardless if custom built or off-the-shelf, there is an equal chance it has been maliciously compromised.

Now I will refrain from further comment until ohblu responds.

[Keyboard_Commando]

The reason I asked ...

I was under the impression you knew facts about DEP protection when you first commented. But it seems you have been busy googling them since. That's all.

[Bill_Bright]

Quote:

Originally Posted by JRViejo

If this thread disintegrates into an insult match

None coming from my way, but...

Quote:

Originally Posted by Keyboard_Commando

I was under the impression you knew facts about DEP protection when you first commented.

As indicated in the link in my signature, I am a long-time hardware guy that has done a lot of Beta testing for Microsoft and others. As a Beta tester for Windows Server 2003 SP1, and later, XP SP2 while working for various government agencies, I have been very familiar with DEP for many years. That is how I knew, and why I commented in my first post in this thread, DEP support has NOTHING to do with, that is, no relevance at all to the issue of whether a PC was custom built, or an off-the-shelf product.

DEP support is irrelevant to this topic.
***

I apologize to the Staff and members of Wilders for my involvement in this waste of everybody's time. I am also sorry for feeling it necessary to defend myself and posting again after saying I would refrain from doing so.

[Keyboard_Commando]

Quote:

Originally Posted by Bill_Bright

What does that have to do with custom built? Nothing. A 5 year old CPU is a 5 year old CPU, regardless if in a Dell, or a self-built computer.

As soon as any new computer is turned on for the very first time, whether it just came off the factory assembly line, or off your dining room table, changes to the defaults can be made that enhance, or degrade security.

Yes it is possible - but no more so than a non-custom computer. I guess if you bought this "custom" PC in a dark alley from a stranger for cash only, then you could assume it probably is not safe.

IMO, a custom computer is one that is made for you, with your computing habits in mind. And in that respect, it should be safer. But since the user is ALWAYS the weakest link in any security system, it really does not matter where, or who made the computer.

Sorry to nitpick, you know, be all pedantic, and all that. Seeing you are a guy that deals with the facts - You can see (above) you actually didn't mention DEP anywhere in your first post. It's there for everyone to see.

You actually commented on DEP after I pointed out to you, that you had missed the whole point of my post. It was only then you bothered to even google the timestamp DEP support was implemented in both CPU makers.

You only mentioned this irrelevant mumbo jumbo.

Quote:

A 5 year old CPU is a 5 year old CPU, regardless if in a Dell, or a self-built computer.

So yeah. Glad we cleared it up. You can't invent what you said - it is written down for all to see.

[Fly]

Sadly, this has become a silly quarrel.

The first post of this thread has nothing to do with DEP.

Whether Bill_Bright mentioned DEP or not in his first post is completely irrelevant IMO.

I'm not trying to moderate the discussion, with all due respect to JRViejo.

May I suggest we go back to the topic at hand ?

I see no reason to believe that custom build PCs are more vulnerable to malware.

In fact, there is something to say for the position that non-custom built PCs (Dell, etc.), are more vulnerable to malware. For example, because of preinstalled crapware. Preinstalled AVs that won't update after 30 days or so.

Personally, I'd feel safer with a custom built PC, made by a reputable organization. That way, I can get exactly what I want.

<hoping that my post won't close the thread>

[Bill_Bright]

Quote:

Originally Posted by KeyBoard_Commando

you actually didn't mention DEP anywhere in your first post

You are absolutely right. My mistake! Instead of saying, "That is how I knew, and why I commented in my first post in this thread... .", I should have said, "That is how I knew, and why I commented in my first response to the incorrect information posted about DEP, DEP support has NOTHING to do with, that is, no relevance at all to the issue of whether a PC was custom built, or an off-the-shelf product."

Thank you for pointing that out.

And for the record, I am unabashedly not ashamed to admit I regularly verify facts through Google before posting. My memory is not as good as it used to be and I am afraid I forgot if it was XP SP1, or SP2 when DEP was implemented by MS. I only remembered it was before SP3.

I was right, however about 2005 being when Intel and AMD integrated DEP support in all their CPUs - but I verified that before posting too.


***

@ohblu - Once again, sorry for the distractions, I hope we can get back on track now. I had another thought about your problem. Is File and Print Sharing enabled on the PC that keeps getting infected? While I'm still inclined to agree with YeOldeStoneCat and suspect the initial infestation was not totally eradicated, File and Print sharing can expose that machine to more than anticipated. A little dated now, this MSKB on making File and Printer Sharing Safer is still a good read - in particular, the advice to use a router with NAT. That leads to another question. How do both computers connect to the Internet? Does one computer share the other computer's connection? If so, then I would again urge getting a router with NAT to sit between the computers and the gateway device (typically the modem). Then all computers on that network (everything on the computer side of the router) would connect directly through the router, and not through a "host" PC. Although you can spend $200+ on a router, a basic $50 router with NAT and integrated 4-port Ethernet switch offers a huge layer of security over no router, and is fine for most users.

Finally if using wireless connection, that opens up yet more security concerns. In spite of what the wireless hardware makers would have us believe, wireless networks are not "set and forget" and require considerably more attention during setup, and thereafter to remain secure from badguys (and nosy neighbors).

Quote:

Originally Posted by Fly

I see no reason to believe that custom build PCs are more vulnerable to malware.

In fact, there is something to say for the position that non-custom built PCs (Dell, etc.), are more vulnerable to malware. For example, because of preinstalled crapware. Preinstalled AVs that won't update after 30 days or so.

Personally, I'd feel safer with a custom built PC, made by a reputable organization. That way, I can get exactly what I want.

I think those are excellent points - and a main reason I've been building my own for many years.

New Netbook infected from factory

[ohblu]

I'll admit that I just skimmed through most of the replies due to the debating.

I don't know if File and Print Sharing is enabled, I think it is. The custom built computer is connected to a router and the other computer uses a wireless connection. The custom built computer is mainly used by grandma for games and email. The other computer has many of the same games on it and is used by one to three other people for email and networking sites (Facebook, Myspace, etc.).

The custom built computer has had numerous infections. Two were so bad it had to be reformatted. The other computer hasn't had any infections except for a few files (mainly mp3s) here and there. Actually, the other computer has been used for P2P. They both have Webroot's anti-virus software with anti-spyware protection. They don't have a software firewall though, just a hardware firewall. The Webroot software is rather bloated and takes forever to load on both computers. That makes me wonder whether it provides adequate protection.

[Fly]

Quote:

Originally Posted by ohblu

I'll admit that I just skimmed through most of the replies due to the debating.

I don't know if File and Print Sharing is enabled, I think it is. The custom built computer is connected to a router and the other computer uses a wireless connection. The custom built computer is mainly used by grandma for games and email. The other computer has many of the same games on it and is used by one to three other people for email and networking sites (Facebook, Myspace, etc.).

The custom built computer has had numerous infections. Two were so bad it had to be reformatted. The other computer hasn't had any infections except for a few files (mainly mp3s) here and there. Actually, the other computer has been used for P2P. They both have Webroot's anti-virus software with anti-spyware protection. They don't have a software firewall though, just a hardware firewall. The Webroot software is rather bloated and takes forever to load on both computers. That makes me wonder whether it provides adequate protection.

A few points:

I wouldn't recommend Webroot's software for a number of reasons. Many AVs and suites these days offer good antispyware protection. Check for the top performers in www.av-comparatives.org 's reviews.
That Webroot thing is an antispyware application with some Sophos' (I think) antivirus engine added to it. Sophos' AV may be good for businesses, but not for consumers. Again, check the tests in av-comparatives.
I'd recommend a different security setup.

Quote:

The custom built computer is mainly used by grandma for games and email.

Really ? Are you sure ? People usually don't get infected by emails as long as they have an AV that scans those for viruses (Webroot may not be up to the task), they don't open unknown attachments, and they don't click on spam emails.
Games ? What sort of games ? You have to be careful about what you download. The security knowledge and skills of the user cannot be replaced by software. But if you want a 'no brains' protection, NIS 2010 might be a good choice, LUA+SRP (properly implemented), and there are a number of other options.
Maybe she uses the computer for some other things as well, she may not have told you, or she may not remember.

There are a few other things that are not clear. You mention a 'hardware firewall'/router. What's the setup of the network ? Computers, router(s), modem(s), other devices. Enabling file and printer sharing can be a security risk. Wireless ? For it to be safe, you need good encryption (WPA-PSK AES), non-default password, remote access disabled, and the thing needs to work properly! For P2P, often certain ports in the firewall/router need to be open, which is a security risk.
Is it possible that the custom built computer gets infected because it is in some way connected to the other computer ?
I see no reason for not using a software firewall, if nothing else, use the built-in Windows firewall with as few exceptions as possible.

P2P is a risky activity, it surpises me that the 'other computer' doesn't get infected frequently.

Again, this has nothing to do with 'a custom built computer being more vulnerable to malware'.

A good but long read: http://www.wilderssecurity.com/showthread.php?t=252253

[Bill_Bright]

Quote:

I'll admit that I just skimmed through most of the replies due to the debating.

Good! It was all irrelevant to your issue.

Quote:

I don't know if File and Print Sharing is enabled, I think it is.

If you don't need it, disable it - see Disable File and Print Sharing. Since you have a router, it would be better to use a print server to share the printer. The print server attaches to the router, the printer to the print server, then all computers can print independently of any other computer. Some routers have a print server built in, as do some printers. Otherwise, affordable stand alone print servers are available too.

Quote:

The custom built computer is mainly used by grandma for games and email.

"Mainly" does not suggest "only". But as Fly indicated, regardless who uses it, if attachments and downloads are being opened without scanning, if unsolicited links and popups are being clicked, then reinfections are very possible. All computers should be using IE8 as well as it is much more secure than all previous versions.

Quote:

The custom built computer has had numerous infections. Two were so bad it had to be reformatted. The other computer hasn't had any infections except for a few files (mainly mp3s) here and there. Actually, the other computer has been used for P2P.

A properly maintained computer should NEVER get infected - unless the user opens the door and lets the badguy in. That's what users of P2P sites that facilitate illegal filesharing of songs and videos basically do. That's because badguys know these sites are full of easy targets. Besides being one of, if not the worst source of malware, please understand that filesharing of copyrighted materials without the required compensation is flat out, thievery.

Some rootkits can survive a format. Windows rootkits gain access by exploiting known vulnerabilities on un-patched systems, then use that access to install a "back door" to maintain that access to your system. You can scan for rootkits with Sophos Anti-Rootkit.

Quote:

They both have Webroot's anti-virus software with anti-spyware protection.

That is not my favorite either, but if kept current, it should be fine. It did pass certification with ICS Labs. Still, I would consider something else since this is not working. Also, I recommend running supplemental scans regularly with Malwarebytes's Anti-Malware and SUPERAntiSpyware Pro.

Quote:

They don't have a software firewall though, just a hardware firewall.

Unless it was intentionally disabled (or these machines don't have at least SP2 installed) Windows Firewall should be enabled if no other firewall has been installed. In spite of what many will tell you, WF is an excellent firewall. Check Security Center in Control Panel. If Windows Firewall is not enabled, enable it now. Then, download and install an alternative FW, if you wish.

The problem with hardware based firewalls (assuming you mean one in the router) is (1) those found in typically home routers are not real firewalls. NAT is not a firewall. Stateful Packet Inspection is not a firewall. Both perform firewall "type" functions, but they don't block port access. (2) If not configured properly, these router based systems see all traffic coming from the "trusted side" as trusted. Therefore, unless on a corporate network managed by professional IT network administrators, every computer that connects to a network with Internet access with other computer must have a software based firewall too.

I agree completely with Fly about controlling wireless access. In general, unless you have concrete walls, I recommend using Ethernet for ALL home networks. With effort, you can secure a wireless network, but it is impossible to hide a wireless network.

Quote:

Originally Posted by Fly

P2P is a risky activity, it surpises me that the 'other computer' doesn't get infected frequently.

Perhaps it is. Much of the malware produced today is written by highly skilled programmers and is designed to be very stealthy. Some malicious code is designed not to disrupt the host, but to use the host discretely to deliver "payloads" or to attack other computers, starting with any it can find on "local networks". It would not surprise me if the computer used for P2P filesharing is not reinfecting the other computer.

[Fly]

Quote:

The problem with hardware based firewalls (assuming you mean one in the router) is (1) those found in typically home routers are not real firewalls. NAT is not a firewall. Stateful Packet Inspection is not a firewall. Both perform firewall "type" functions, but they don't block port access.

Sorry about straying from the topic, but are you saying that a 'NAT router' doesn't block port access ? I thought that was the main (security) point of having a router. Blocking port access= keeping ports closed ?