Where are all infections?

I lift this here:

It is not so easy to find an infected machice. Some PC:s seen during summer:

1) Vista. Used as admin. 1.5 years without any security software. Clean.
2) XP. Used as admin. some months without any AV software. Clean.
3) XP. Used as admin. several years with a completely outdated AV software (F-secure 2002). Clean.
4) win2000. Used as admin. several years with a completely outdated AV software (F-secure 2002). Clean.
5) XP. Used as admin. with slightly outdated AV software (F-secure 2007). Clean.
6) XP. Used as admin. with a slightly outdated AV software (F-secure 2007). Clean.

You can guess I was disappointed!

 

Indeed, contrary to what some people might suggest, not everyone in the world is horribly infected with stealth rootkits and undetectable password stealers that also pillage your drawers for your socks - unless of course you spend $$$ on a very special security software to protect you from these omnipresent and nigh invincible threats.

Some people just don't do much that would get them infected without being unlucky, and then they'll happily browse along without worries and also without getting infected in spite of not having all kinds of security measures in place. And some people of course manage to get infected even running the fanciest security suite. Some people find a reasonable balance in between two extremes of relying on sheer luck and building an invincible and unusable fortress.

In a security forum, it's sometimes easy to fall into fear and paranoia, and start believing that everyone is infected and all kinds of superadvanced malware lurk behind every corner just waiting to pounce on you. In reality, of course, things aren't that bad, and then you may get "surprised" when you see systems that aren't obviously infected.

Where are all the infections? They're out there, most on systems that haven't been keeping up with updates and systems used by people who either don't know or care about security. But there may not be as many of the infections as one might think.

During the summer, I saw some systems that were seriously infected and in need of a flatten and reinstall, and I saw some systems that were as clean as they get. Business as usual. But if users can be educated more about security, and they can be encouraged to adopt best practices, that certainly isn't going to get them more infected than before.

 

I have learned that security lies more in the user than anything else. My pc has not been infected in 3 years. I have downloaded a couple of trojans, but those were dealt with no problem. I use an av, a firewall and an on demand scanner. I don't use HIPS or behavior blockers. I have Vista UAC turned off. I use an admin account. I never find anything when I do my scans. I have a drive image program if something bad happens I'll restore from an image. I look at some the signatures of some of the members on this forum and I am saying to myself "man that is overkill". But if it works for them that is fine, I don't need all that though. I use a paid av Nod32, which I really like, but don't have to have. I could use a free one and still be fine I am sure. I use a free 3rd party firewall because I don't want to configure Vista firewall for outbound. Although I have done that in the past, a 3rd party interactive firewall is so much easier to me. Although I don't have to have outbound protection, I like to have full control over which programs are calling home. I have a few programs that I don't want them calling home every time I use them, even though I know they aren't malicious.

 

The only machine I've seen infected the last three or four years was done through sheer stupidity. The guy's been told over and over not to install rogue games, nor give out his personal info on these rogue online "forms", but he does it anyways. Why? Who the heck knows. You can lead a horse to water but you can't make it drink is what comes to mind with this guy.

 

Why would you get any infections?
Mrk

 

We're not running Linux!

 

Non-Linux users have happily avoided infections for many years.

----
rich

 

Yep, I for one have managed to avoid them for 15 years online now....

 

Nice hunting sites.

Article

 

Not only is the Symantec article using generic terms like "infect computers" rather than operating systems, plus "just by going there ...." panic suggestion that does not help anyone, they are also blathering an entire industry, the very reason Internet exists, more or less, as it is today.

"Ms Connor said hackers were targeting vulnerabilities in website browsers and this affected both PCs and Mac computers." Yes, throw all eggs into one basket.

Not one word of actual advice on how infections occur.
Not one suggestion about how to handle these possible threats.

It's like, keep them dumb and frightened, and they will buy our stuff.

To counter the panic advice given by Symantec and their pseudo-Armaggedonistic flavor laced with a bit of good ole conservatism:

Going to "suspicious" sites? Disable javascript. It costs 0 money and takes 0 resources and requires no anti-virus product by panic mongers. It's absolutely staggering. If you don't want to use Noscript or such, you can install a dedicated p0rn browser that has JS disabled and all it's used for to browse the "dirty" web. Oh my.

Cheers,
Mrk

 

Norton Symantec names Top 100 Dirtiest websites
http://www.news.com.au/story/0,27574,25956302-29277,00.html

I checked all thirty samples listed of the proclaimed Dirtiest Web Sites with McAfee Site Advisor
http://www.siteadvisor.com/analysis/

Here are the results:

17ebook.com = Green
http://www.siteadvisor.com/sites/17ebook.com

aladel.net = No Results
http://www.siteadvisor.com/lookup/?q=aladel.net

bpwhamburgorchardpark.org = Green
http://www.siteadvisor.com/sites/bpwhamburgorchardpark.org

clicnews.com = Green
http://www.siteadvisor.com/sites/clicnews.com

dfwdiesel.net = Green
http://www.siteadvisor.com/sites/dfwdiesel.net

divineenterprises.net = No Results
http://www.siteadvisor.com/lookup/?q=divineenterprises.net

fantasticfilms.ru = No Results
http://www.siteadvisor.com/lookup/?q=fantasticfilms.ru

gardensrestaurantandcatering.com = Green
http://www.siteadvisor.com/sites/gardensrestaurantandcatering.com

ginedis.com = Green
http://www.siteadvisor.com/sites/ginedis.com

gncr.org = Green
http://www.siteadvisor.com/sites/gncr.org

hdvideoforums.org = Green
http://www.siteadvisor.com/sites/hdvideoforums.org

hihanin.com = Green
http://www.siteadvisor.com/sites/hihanin.com

kingfamilyphotoalbum.com = Red
http://www.siteadvisor.com/sites/kingfamilyphotoalbum.com

likaraoke.com = Green
http://www.siteadvisor.com/sites/likaraoke.com

mactep.org = No Results
http://www.siteadvisor.com/lookup/?q=mactep.org

magic4you.nu = Green
http://www.siteadvisor.com/sites/magic4you.nu

marbling.pe.kr = Green
http://www.siteadvisor.com/sites/marbling.pe.kr

nacjalneg.info = Green
http://www.siteadvisor.com/sites/nacjalneg.info

pronline.ru = Green
http://www.siteadvisor.com/sites/pronline.ru

purplehoodie.com = Red
http://www.siteadvisor.com/sites/purplehoodie.com

qsng.cn = Green
http://www.siteadvisor.com/sites/qsng.cn

seksburada.net = Green
http://www.siteadvisor.com/sites/seksburada.net

sportsmansclub.net = Red
http://www.siteadvisor.com/sites/sportsmansclub.net

stock888.cn = Green
http://www.siteadvisor.com/sites/stock888.cn

tathli.com = Green
http://www.siteadvisor.com/sites/tathli.com

teamclouds.com = Red
http://www.siteadvisor.com/sites/teamclouds.com

texaswhitetailfever.com = Green
http://www.siteadvisor.com/sites/texaswhitetailfever.com

wadefamilytree.org = No Results
http://www.siteadvisor.com/lookup/?q=wadefamilytree.org

xnescat.info = Green
http://www.siteadvisor.com/sites/xnescat.info

yt118.com = No Results
http://www.siteadvisor.com/lookup/?q=yt118.com

I also visited these Web Sites with the following on my test system:
01)- No resident security software and Windows Firewall off
02)- Hardware firewall router with stateful packet inspection (SPI), filtering: proxy, cookies, activex, anonymous internet requests, multicast, internet NAT redirection, IDENT(Port 113)
03)- Microsoft Internet Explorer 7 blocking: first party cookies, third party cookies, session cookies, flash activex (d27cdb6e-ae6d-11cf-96b8-444553540000)
04)- Ad Block Pro v2.6 for Microsoft Internet Explorer
05)- Microsoft Windows XP SP2 with all Flash removed from system

I had fun surfing with no adverse aftermath to my system.
Conclusion = The need of security software is almost nil. Trying to scare the public for monetary gain is.....well.....what ever one wants to call it.....


HKEY1952

 

Well said. Articles like this http://www.news.com.au/story/0,27574,25956302-29277,00.html tend to almost invariably be AV company FUD, designed to make people afraid enough to buy AVs instead of teaching them how to avoid infections. The largest parts of the security software industry are basically pumping out FUD at a rate that makes any tin foil hat conspiracy theorist group blush. They seem to have absolutely no real interest in keeping people safe - instead, they're interested in keeping people ignorant and afraid so people will buy their software. Business is of course business, but the way AV companies go about this is in my view a whole lot more shady than almost any other even remotely legit software business.

Excellent advice. Disabling Javascript breaks a whole lot of exploits and attacks for various browsers and even attacks against browser plugins. Actually I would say it probably breaks at least 90 % of them - looking at any report on any exploit, it almost always uses Javascript, sometimes because it's really required and sometimes because it's just easier that way. While disabling Javascript also breaks many legit sites, decent browsers have built-in mechanisms to configure Javascript on a per site basis to make it less of a problem: for example in Opera, you can disable Javascript for all sites and then enable it for your "more trusted" sites like perhaps Wilders.

 

Managed to grab a pdf exploit and it's payload in being a load.exe from "teamclouds" so far but not anything else atm?

 

I tried really, really hard to get pwned from one of those sites last night (surfed to at least 15 of them, clicking on many of the links within the sites) using Firefox sandboxed in virtualbox, in LUA/SRP and Outpost firewall (to monitor network activity) on host system account, NO antivirus, but not one exploit to speak of. Firefox warned of two attack sites. Even though I ignored the warnings nothing evil occurred.

Yes, my test system could be considered overkill but just in case I wanted to play it ultra safe.

Indeed, lots of fear mongering and FUD by the Symantec rep.

 

Yep, seems Symantec are just scaring the masses shirtless, very similar to those espousing SRP, LUA and or use Linux distros. LOL

And if ya wanna find the devil don't go looking for him with a million crucifixes hanging off ya.

 

LOL. In spite of being logically absurd, that's actually a pretty funny troll.

Symantec is trying to make people pay money for their AV. To do that, they try to scare people "shirtless", and I'd say pantless as well, by articles such as this one discussed right here. They don't bother to provide information on how one might actually avoid getting infected in the first place, but just offer vague scare articles and recommend you to get out your wallet and give them some money so they can protect you - as if they could. How many systems out there are both infected and running with a Symantec AV? The answer is many.

By contrast, those advocating LUA or some free Linux distro aren't trying to scare people into paying them. They're giving people advice on how they could avoid many malware issues without having to pay any money to security software companies, or anyone else for that matter. They give out free information on how to avoid getting infected, and how the infections actually happen, and why something like LUA prevents many of the infections and indeed does much more than that.

One is providing FUD and trying to sell you stuff. The other is providing information and charging nothing for it. Pretty obvious case here.

Then, of course, there's the third group of people who market some particular security software as the single solution to all malware problems, even when the author of that security software himself recommends using his software together with traditional AV and anti-malware products instead of making it the only line of defense.

Ah, Windows security forums. Fun stuff.

 

What made me smile was when I followed the link above.. Down at the bottom of the page, there is a link to Norton Safeweb, which I followed out of curiosity, only to be told by Norton that I couldn't access their security site because I did not have Javascript enabled..!!

On one of the sites, NOD woke up and flagged something; it included "Iframe" in the middle of the name of the trojan it had spotted..?? I'm not "looking", but guessing that suggests an i-frame exploit..??

My default for Opera (for normal day to day), is to disable everything: Javascript, i-frames, java and plug-ins etc, and allow bits only if needed (and then run it in a sandbox with LUA/SRP anyway!). Yes, probably complete overkill too, but better that than the other..

And it's a dirty job, especially for those who willingly put themselves in the front line... But some of us might just be checking that the crucifixes are all in tip top shape.. Heaven forbid that I should personally ever want to meet the ugly critter face to face..!!

Peter

 

Ye all are being a bit harsh on poor Norton Symantec !

See ..

I am a lot more educated after reading the report.
I know know that evil dirty websites are as dangerous as non-evil ones.

I could loose millions of dollars !

 

That's OK folks, there is light at the end of the tunnel, and the Sun always has an way of rising at the right time.
When Microsoft Windows 7 is retail, and the Free Microsoft Security Essentials is out of BETA, there will not be any need for third party security software.

Thank you Microsoft,
Thank you for the:

01)- New and improved Microsoft Windows 7 Operating System designed with security as an priority
02)- New and improved Microsoft Windows two way firewall
03)- New and improved Microsoft Windows Limited User Account Control
04)- New and improved Microsoft Internet Explorer 8 with ad blocking, phishing filter, and better overall security
05)- New and improved Microsoft Security Essentials with free antivirus and spyware detection and removal, along with real time protection

All that I need to do now is get used to not having to open and close countless security applications to modify settings and check for updates and newer versions.


HKEY1952

 

I completely agree with your post. Some people still look at MS's new security developments, as trying to put the competition out of business. A little addendum to your list, IE8 will scan executables for malware even without an AV installed.

As my signature shows, I'm still using Avira Premium on one machine as I have paid for it (more as a donation than a requirement), but I have already tested MSE, and runs very lightly indeed.

Things have changed ever since I joined this forum: the mentality then was to clean, sanitize a system. With the advent of sandboxing, light virtualization, and reliable imaging programs it's almost impossible to get infected or making irreparable damage to your system. Some interest and knowledge from the user is still required though.

 

I tend to think that if you used the basic security provided by XP (its firewall) and Vista (firewall + UAC + WD) and you were careful with your browsing and e-mails, what you experienced is not surprising.

There is however the old dilemma lingering about infections: how does one know for sure the system is completely free from any unwanted objects? Some rootkits are very difficult to detect, and won't affect the normal functioning of a machine, same with spyware it might dwell on your system without giving any sign of its presence, unless you check your system every now and then.

 

Yes I agree, the basic security measure yields are not at all surprising results.
The old dilemma lingering about infections, wondering if the the system is completely free from any unwanted objects, subjects our vulnerable minds prey to security venders.


HKEY1952