My thoughts on malware defense

since anyone can "reset" their system by loading a clean system image in a few minutes for me the only problem and dangers lie with having banking infos stolen.
should'nt the new ways of fighting malwares be mostly about this issue?

if i wasn't doing online banking i would not even bother with Lua-this, DEP-that, firewall-this, virtualize-that etc and all this crap.
i'd probably go around "naked".

 

You can take into consideration also using password managers for logging into your bank website and use strong passwords.
There are also softwares like KeyScrambler (helpful when you already infected by software keylogger).

 

also hips and sandboxes help alot in this area

 

Yes, which is why we have seen a new generation of software that protects this sort of thing - Prevx SafeOnline, Trusteer Rapport etc.

 

I'm not sure it would be safe. Rootkits can make a lot of thinghs, on your secondary partitions, for exemple, on your MBR - ok, you can restore it too - and similar. And how you can be sure - if you don't use security softwares - that your pc is always clean and safe ( see rootkits..): you can also have a first clean disk image saved on an external support, but if you want to make a new updated image of your hard disk, and another, and another again... how can you know that the HD is always clean, and the images will be too ?

 

i very much like Trusteer.
unfortunately it doesn't like Geswall at all.
or Sandboxie and Defensewall.

is there an easy way of securing a browser without using Geswall and others like it?

 

Awww, another member has Finally seen the light So much time and effort wasted on these AV and Anti-malware solutions who are always "fighting a losing battle".

As you said, it's very simple. Images on hand - a firewall in place - block out "info-stealers" in your browser and your all set. If you want a second opinion on a program or download, use virus total or go ahead a run an AV if you wish. But it"s "absolutely NUTS" having a ton of these security programs installed as some members here do.

And this

again, completely overrated and unnecessary.

 

The other option could be also use Linux Live CD for online banking only.

 

tnx Creer,
i'll give it a try.

another possible option for me is just not to do any online banking.
it's not that i REALLY have to.
it's just convenient.

 

very true, IMO.

i see your from BC.
i lived in Vancouver for 24 years.
until the cost of living pushed me away.

 

Yes, Prevx SafeOnline for security of your https sessions, if that is what you mean by "securing a browser".

 

it doesn't work for me.

some issues concerning the loss of accents with US English International language input makes it a PITA for me.

 

if i didn't do online banking or other sensitive transactions then my computer could be loaded with rootkits to the gills for all i care.

 

There should be no problem, as some people suggest that for online banking ur bowser must run out of the Sandbox( GW, DW, SBIE) rather than inside the sandbox. However I am not so sure if it,s true.

 

I don,t know how can it help a lot. Ur system is clean. Ok, but what about phishing and spoofing attacks, CossSiteScripting etc etc.

 

The only thing I've always put first while online,was my banking being secure. After that,I threw care out the window.

It's worked for me.

 

You should see it now An "outhouse" goes for half a mill

 

mwahahaha!

 

Your pc is in list to become a zombie in a botnet.

 

Have you reported this in the Prevx forum? It could be a simple/quick fix. Worth a try imo.

 

You wouldn't care if your PC was pumping out spam to everyone in your address book? You wouldn't mind seeing 20+ adware caused popups on every browser page or if pages started taking a full minute to load? It wouldn't bother you to find out the hard way (your door being knocked down and you arrested) that your PC was being used to spread child porn as part of a botnet? The laws are a good 10 years behind reality when it comes to stuff like this. It wouldn't matter to you if your PC was being used for DDOS attacks? Or to find your online gaming account has been stolen? Yes, there's a market for that too. There's more uses for compromised PCs than most people realize.

It's one thing to not want to bog down your system with security apps or spend your time answering prompts and alerts, but the consequences of "going naked" can go far beyond your online banking. There's several approaches to security that work. Each has it good and bad points. The most secure might be too restrictive or want too much of your time. The quietest might not be secure enough. Find the one that best fits you and how you use a PC.

 

Imaging is the ultimate recovery for computers, and it is true in a few minutes a system is up and running again. It is not practical though to use it as anti malware on a regular basis as if you use your machine for productive purposes you'd have to make sure that whatever was written as new data is backed up before restoring a pristine image (appointments, calendar, mail application, any important new file etc).

Incidentally this is my approach in terms of maximum security: all important data is regularly transferred to physically separated USB hard drives, so that in an emergency I can restore a clean image without worrying about deleting important data. That doesn't mean that I let my machines get infected, noone_particular is right, we are not alone on the Internet.

 

ok,

i get the point.
maybe i was a little extreme in my comments.

but like i said, if it wasn't for online banking my concerns would be very low since it takes me the time to have a coffee to load a clean system image.

 

yes i have,

still waiting for resolution.

 

I was hoping that your statements were exaggerating. I have run into people on service calls who really don't care what their equipment might do to someone elses.

System images are fine for making sure that nothing ends up permanently installed to your system, at least until malware starts targeting the BIOS, firmware, etc. That day may or may not come. The weakness in relying on clean images is in real time protection. A while back, the Bank of india was compromised and was serving up malware. Images won't protect you if the financial site you're using gets compromised. Yes, the chance of that is low, but the chance of getting any specific piece of malware is also low. Multiply that low risk by a few hundred thousand pieces of malware and the chance that you'll find one of them isn't so low any more. IMO, relying on clean images with no real time protection is basically playing the odds. You're relying on the odds that the next malware you find is one that won't be a threat to you if it can't survive a reboot. Myself, I wouldn't take that chance, but then I only bet on sure things.

If you're already restoring the same image on a regular basis, you're running a fairly static system. It would be a good candidate for a basic default-deny setup. It wouldn't have to be complicated. Just whitelist the executables for the apps you're already using and the system executables that run during daily use and you'd have that real time protection, and you wouldn't have to add anything heavy to load down your system to get it.