Malware is highly overrated

Dear all,, just to spice up the discussion.

Since a few months I have followed teh advice of my company for PC home use.

Use the inbound firewall of my Nat-router, Antivir free, CuberHAwk free and DefenseWall paid. I also used SafeXP to disable some useless XP parts, used SpywareBlaster to fill my host file and enabled DEP for all programs.

My PC starts fast, surfing is a breeze with the unsafest browser in the world (IE7 with high-medium security).

My company told me to use Ad-Aware and AVG Anti-spyware on a regular base as on demand scanners (yes I update before).

Those scanners do not fins anything since the last three months. I thought, what I am doing wrong? I started to visit security forums, to find security tests, other on-line scanners. I even tried some russian crack sides to see if the PC shoudl get an drive by infection.

So what is the fuss about malware?

 

As I am still twiddling with IE 7 RC1....just what with this version causes you to say or feel that the Internet Zone default setting of high-medium security is "unsafe"

Bubba

 

Sorry I it was ironically intended.

All the Firefox fans (like my son) tell me IE is the most unsafe and slowest browser in the world.

Nice visual you have, what are you sniffing on?

Regards Kees

 

Since your topic seems a bit tongue-in-cheek, I must say that...

+AIDS is highly overrated.

+Fric says: "I use IE as my browser and my computer is completely clean."
Frac says: "I use mosquito repellent, and although I have spent MUCH time camping in the Florida Everglades, I have never been bitten by a snake."

+Your level of security is only revealed when it fails. Not being infected doesn't necessarily mean that you're OKAY.

 

Well your son and "all the Firefox fans" doesn't seem to know much

IE can be tweaked into being as secured as any browser, it is just a matter of knowledge.
Firefox (and I am a fan) is just a bit easier to tweak (noscript extension and a couple more).
Personally I don't find IE slower than any other browser (well maybe K-meleon).

Regarding malware. Just give out your email address here and there, download files like "Windows vista key generator" or some cracks from your favorite p2p network and open every attachment you get in outlook and see what happens. Three month is not very long time tbh. I have not had any malware for at least two years. That is until tonight I did download vista keygen after I heard from a friend he got infected from it. My AV, Drweb, did not detect it, (along with a bunch of other top notch AV´s according to jottis). But I´ve sent a sample to Drweb so I hope they will include it fast.

 

Bellgamin,

Frac: Every day I keep my hand for my eyes and see no evil.
Fric: I always carry my PC with me to slam snakes, so I will never be bitten.

It's true what you are saying (not the Aids, with a PC infection you can perform a clean restore, with Aids not), but I agree with your statement that security level is only revealed when it is broken.

Only 100% protection is a not obtainable, for the average user a balance between usability and safety has to be the point. Some security experts say the person behind the PC is the largest treath. We can focus on security as much as we like, but will never obtain a 100% level.

Regards

 

Sukarof


That is why I started this discussion. When I did not get any malware, I started to look for it. Just to check how strong the protection was. It occured to me that in daily life, I do not walk outside, pick a stone and throw it against a window of my house, just to check how strong the windows are.

Although I promised myself not to try and crack my own security, I am curious what you are going to do.

You did download the vista keygen to check your security. You use an impressive multi layered set. Still got infected. So now you tried. What are you going to change to your security settings?

Regards Kees

 

Oh yeah... but maybe NOT. Maybe IE can be tweaked into being as secure as any browser (?), if you turn all its features off. And I still wouldn't be sure about that.

 

Actually IE can't be made as secure as FF or Opera for the simple reason that IE is integrated into the core of windows, if IE is breached at all it is a clear shot into the OS. I have had two trojans actually make it to my comp in around ten years. Both of those trojans were stuck in Operas cache and were not able to activate in there and were deleted with just clearing the cache. something IE is not capable of. I have the latest version of IE7 and it is a major step forward but as far as security goes it is no match For FF or Opera.

bigc

 

I´m not gonna do much really. I will continue to run Windows with admin rights and hope that if I ever get any malware (unknowingly) my layered defense will catch it. I run with admin rights of my free will and know that as long as I do that my system wont be 100% secure. But I like to think that my common sense takes care of the rest

Personally I have never encountered malware with IE in restricted mode (just read about it), but if you run into malware with IE as a restricted user in a admin environment (tweaked via "Microsoft Management Console" ), wouldn't IE be pretty safe then?

 

Probably safer than the average setup IE but I do not trust it. I use it only when absolutely necessary. But everyone to their own.

 

Gee why didn't I think of this. If IE is breached it could be like a "stroke" occuring in the Operating System. It is a really great point BigC I just never thought about it that way and it makes very good logical sense.

 

There is nothing like getting infected when you least expect it.
Going around looking to get infected doesn't count because you are prepared for it.
It is not pleasant and a similar experience to having your home burglarized (depends on the scope of the damage).
If you want to learn more about this, go to some of the hijack this forums and read about all the nightmares and despair that people have to go thru because of malware.

Because of your company's very intelligent security education policies and your adoption of these positive steps, you are far ahead of the majority. You are aware of the dangers and actively avoiding them.
The fact that you haven't been infected yet is proof that the security steps are working.
Rest assured, there is plenty of malware out there just waiting for your security to lapse for a moment.

 

Very true Devinco, the one and only time (before I got BOClean) anything got by my firewall and AV. I started losing PC functions. Clock stated losing time like 20 minutes in an hour. I rebooted then my AV was disabled all sigs disappeared. . Oh no now I am in trouble. I really wanted to find out what kind of bug I had but I was losing computer function so fast. I was afraid it would be come useless. The whole time I was wondering what could have I done. I have been to no risky sites. I have downloaded very little and I did an AV scan just a day earlier. When I lost key board function. I did a Sytem Restore two days backward. Loaded up new AV and it found nothing. All was well after that.

To this day I wonder what bug I got.

 

I think malware is underrated.

I mean look at http://www.morgud.com/interests/security/dfk-threat-simulator-v2.asp it can kill any of your security programs. GSS, PG, online armor, whatever, it kills them all.

 

I did test DFK Threat Simulator v2 and it is a real naughty one

Prevx1 did catch some of its activity but not all. It killed Dr.Web and prevented it from starting again (renamed the files)
Once loaded it killed Process Explorer after a couple of seconds so I could not kill its live files.
I could not kill it through Port explorer either.
It didn't kill Comodo though, but I guess the simulator has to have it in its database? but Comodo stopped it from receiving data at least.
I had to use DiamondCS "Advanced Process terminator" to kill the live files loaded by the simulator.
It couldn't do any harm in sandboxie though...
It is a real eye opener even though I guess it is hard to get malware using all those techniques used by the simulator.. interesting nevertheless.

*edit*

I did a test with this simulator with Ghost Security Suite and I do not agree that it will bypass GSS.
I allowed the execution of Ipod-commercial.exe but on the next catch by GSS when it tried to create the projector.exe I denied and that stopped the intrusion. Of course if I let it run the temp file it will start the intrusion. So imo GSS passed since it catched the intial process creation. If I want the intrusion to happen I have to allow alot of popups from GSS.

 

Yeah looks like the author didn't borther to target Comodo. It seems to be using the same 2 techniques to kill security programs, so it's trival for him to include a large bunch of proggies.

Obviously...

A real malware would pick and choose what techniques to use, the threat simulator tries to do way too much. But yes the targetting of security programs is really comprehensive and I find it quite realistic. It's like he sat in here, look note of what we guys like to use (except comodo), and made sure they were included.

I think it's child's play

 

A reminder in case if you don't notice.

There's no way to ensure you are 100% clean.

When the scanner says "you are clean", it is actually meant to be "you are clean from the malware we know". But how about the malware you don't?

Accoridng to malware-test.com and AV-comparatives.org, AVG and Ad-aware are only average. They do miss many malware. For anti-virus, AntiVir and Kaspersky have the best detection rates. For anti-spyware, probably Spy Sweeper, CounterSpy, Trend Micro Anti-Spyware.

Here's what my research about the effectiveness of different on-demand scanners. The result is disappointing .
https://www.wilderssecurity.com/showpost.php?p=839371&postcount=33

How about kernel-based malware or rootkits? They are able to bypass and override your AV/AS.

How about if you encounter a personalised or home-made trojan/keylogger? Since your researchers hardly get reach to the malware at all, your scanners cannot detect them. They can be hidden for years without detection.

How about if your malware manage to nullify or terminate your security products? Your security products seem to be running fine. However the malware has already nullified its protection, so the security product cannot detect that malware.

Don't forget all software can be cracked and exploited, they are very competent in finding holes to exploits. Once you connect to the Internet, you can still be infected even if you just visit legitimate websites. If the malware writer can holes of your OS, they will be able to infect you directly without you doing anything (apart from connectng to the Internet).

 

Okay this stops now. Just because one can't be sure 100% one is clean doesn't mean that one is definitely infected.

If you are really so agnotic about whether you are infected or not, you can't say you are safer with all your bells and whistles either because you don't know that you are uninfected either!

And what if I scan with all that and still find nothing? As you said scanning proves nothing.

Your point?

Scary, so how does your security program prevent all that? if we are talking about attackers who uses unknow exploits, he can find holes in your OS, your security programs and own you. So you are not safe either with all your toys.

 

At least someone with higher/more portection security is safer than someone who doesn't.

The point in security is not to get 100% secuirty (which is impossible), but as safe as possible.

Considering:
1) a file is declared clean by 1 AV.
2) a file is declared clean by all AVs.

Which one is safer?

Apart from relying the AV to tell you if it is clean, why don't you research yourself? Allow it to run on a test machine. Record all the changes. That's the most definitive way to determine whether that file/program is clean, although it requires more computing knowledge.

For newbies, if they suspect their files are not clean, they can always submit it to AV/AS vendors for further analysis. It is again safer than just relying on the AV/AS programs.

That's true. Once you are connected to the Internet, you can be affected by doing nothing. Seeing is believing! You could try to run a test computer. Install the original Win XP. Don't install any security product. Just connect to the Internet and do nothing. Your computer will become malware bed after 1 day.

Talking about vulnerabilities, one can prevent hackers/baddies from exploiting some of the vulnerabilitiesby hardening your security. This may include:
- use limited account
- tweak your security settings
- close potentially unsafe services
- install security products: AV+firewall+AS+HIPS

The whole point of security is to take the control back. Long long ago, we didn't impose many restrictions on the program. The program could do many things it wished to.

Now there are millions of known malware. We no longer trust the programs. They need to get approved before they made some changes.

The more restrictive your system is, the safer your computer is.
However the more restrictive your system is, the less enjoyable your computer is.

 

Quote
The more restrictive your system is, the safer your computer is.
However the more restrictive your system is, the less enjoyable your computer is. End Quote

I agree with that, and have decided that if it requires all the security applications that some recommend, then I am just going to get infected.

If KAV 6/Avira Classic, LnS/Kerio 2.1.5, Win Patrol Plus, Ewido Plus, SuperAntiSpyware/Counterspy 2, UnHackMe, and Snoopfree are not enough then so be it. I have two computers hence the two AT, AVs and firewalls. I am also behind a NAT.

Best,
Jerry

 

Once I go on-line with my off-line installed computer, I consider my computer as infected, no matter what security softwares I have on my computer.
All my special clean backup files and clean archived snapshots are created on a fresh off-line installed computer. I only use them for restoration, never for backup.
I consider all my daily backup files and archived snapshots as possible infected.

Lots of users claim they never had an infection on their computer. I really wonder how they know that for sure.
A good working computer doesn't necessarily mean you are clean and your scanners can't be trusted either. In your mind you are clean, not your computer.

 

Hi Erik,
If my computer runs well, and I have no evidence that there is a problem, then I don't care if it is "infected." Frankly, I do not believe it is under those conditions.

I don't do banking and such on my computer, and there is nothing on it that would be a major problem for me if it were compromised.
So far in about 7 years now I have not been infected as far as all my system security applications or operations are concerned.

Best,
Jerry

 

ErikAlbert, I am 100% sure my computer is not infected. But if there was some nasty hidden it is not connecting to the net nor is it affecting the way my computer is working. As far as I am concerned that is not infected. all of my security apps (I won't list them all) aren't finding anything during scans and they are good apps.

 

Unfortunately , you are right .
IE7 for XP SP2 is still integrated into the core of Win
IE7 for Vista is a major improvement with its Safe Mode which doesn't allow malware to spread