Do I need additional malware protection?

Discussion in 'other security issues & news' started by Toby75, Sep 22, 2006.

Thread Status:
Not open for further replies.
  1. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    I'm curious to see if I am fully protected when it comes to visiting those "nasty sites". I went to a site the other day and it added another folder to my windows folder. The folder was empty and was titled a weird name. I am wondering what kind of software I can use to prevent these kind of sites from adding folders to my system....again the folder was empty so my AV must have prevented any malware from being installed.

    Would a program like Prevx prevent folders and/or files from being added? What would you recommend?

    Regards,

    Toby
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    YES.
    No, you are not.
    The fact that your computer has been already compromised to some degree clearly shows this.
    By simply visiting the "nasty sites", they were able to create a folder on your computer.
    Obviously your anti-virus has already failed you.
    How do you know something else wasn't dropped in the system, altered, or executed (started)?

    How did you discover that a weird folder was created in your windows directory?

    The surest way is don't go to "nasty sites".
    Failing that, you can start by using an alternate browser like Firefox or Opera and turn off JavaScript and Java. Visit Windows Update and get up to date with all critical patches. Update Windows Media Player with all patches.
    Never download and run any programs/utilities/viewers from such sites.
    If you are going to visit malicious sites, you should learn more how to secure your computer.

    It might help with some exploits.
     
  3. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    A frozen snapshot of FirstDefense-ISR would allow the adding of evil folders and/or files, but would remove them automatically during the next reboot, because a frozen snapshot doesn't allow any change (good or bad) in the snapshot.
    Removing the bad changes is good, removing the good changes could be a problem. You have to think about that. :)
    Whatever you decide, there are always advantages and disadvantages.
     
  5. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    If your only consern is "nasty sites" you can use firefox with noscript extension and JAVA turned off, and the problem is gone. Atleast I have yet to find a site that does anything bad to my computer with this setup.
    I guess turning of javascripts and JAVA in IE would do the same thing, but with FF and noscript you have the option to easily allow scripts for clean sites.
    Or if you want to use a "condom" then there always is free apps like greenborder, Geswall, sandboxie.
     
  6. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    An IE add-on that makes javascript, Java, ActiveX (and more) changes much easier is Terabyte Unlimited's QuickSet Internet Zone http://www.terabyteunlimited.com/utilities.html (At the bottom of the page.) Changes can be made without having to wade through all of the IE Tools | Security menus. Very handy!!!
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks. I can use it to secure my IE. That way, I don't need to spend much time on a MS Application, I don't like. :)
     
  8. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks for the info HAN. That is great news for all IE users.
     
  9. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Thanks for all of your responses. I disabled java script and Activex on my system...think I might give Prevx a try.

    I am interested in software other than a sandbox type that would prevent files and folders from being added to my system by malware...does this kind of software exist?
     
  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    i disabled active x and now my mcafee virus scanner won't run
     
  11. theflamingbush

    theflamingbush Registered Member

    Joined:
    Sep 17, 2006
    Posts:
    25
    turning off java script and java in your firewall is also effective to a degree, especially if your using zone alarm pro...but ide run my browser through a sand box as well if were you and thinking about going to ' those nasty sites', which im not!, and then just clear your sandbox when you end your session. ;)
     
  12. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    mcafee's consumer products use activex for updates iirc; thats just the way it is.
     
  13. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    Total off topic but I have to know this - what does IIRC stand for? I've seen it too many times to ignore it
     
  14. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    LOL, I always thought it was a special type of Internet Relay Chat!

    IIRC = If I Recall/Remember Correctly

    Wikipedia rules! :D
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Said several times, but just try Firefox with Noscript, and if you really must, Adblock too. In Noscript, disable plugins. You will be surprised how quiet the net will become for you.
    Mrk
     
  16. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Just to tell you in case you don't know.
    There's no such thing as "fully (100%) protected".

    Connecting to the Internet (or accessing to any external sources) is the only pre-requiste to get infected. That's all. You don't need to do anythng else.

    Why? Each application has hole which can be exploited. If your holes have not been fixed yet, they can exploit it and infect your system. New holes are kept exploiting before Windows release a patch/hotfix.

    I wonder you are talking about IE temp folders.
    So you will see folders which looks like "WRYZCDWL".


    Your problems can be solved (nasty guys adding dirty stuff via IE) without using any pay-ware:
    1) login as a limited user account
    2) simply disable ActiveX, Java, Javascript, .NET Framework
    3) run your IE in a sandbox. Any change done via IE will be isolated. Try sandboxie (it's free!)
    4) run your IE with proxomitron. Proxomitron (it's free!) contains many web filters. You can control what a website can do, how it looks, and so on. You may customise a web filter too.

    Hope this helps.
     
  17. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Excellent...Thank You
     
Loading...
Thread Status:
Not open for further replies.