Getting infected

Hi,
I noticed several threads dealing with stealthy viruses, heuristics etc. People were discussing the best method of keeping safe. Some suggest anti-virus, others programs like PG etc. I think the best protection is to simply limit the scope of internet explorations to what is reasonably safe.
My poetic alegory (metaphor?) goes like this:
PG is your kevlar vest and AV is your pistol. So if you walk into a gang hood, you got a good chance of coming out of there safe. But . . .
Why not avoid such places in the first place?
When I surf, I never visit sites that deal in cracks, or (too) many porn sites, or any chats or gambling sites. Most of my internet activity is a few forums, some site here and there, nothing fancy. I do p2p, but the stuff I download are mime Hungarian movies from '20s (and such) no leet haxor would ever consider worth the effort because only 23 people in the world would like those.
So, the greatest threat I have are emails . . . of which I receive 4 a week and erase them without opening.
Safe user-limited surfing will prevent 90% of problems. The remaining 10% could be dealt with using layered approach. Or Linux.
The real problem exists for those whom chats, warez and cracks are 99% of their internet activity, plus they have messenger cause it's kool and they don't have sp2 installed cause it sucks and gives them a gip. And clicking open mails in the blind with Outlook Express (unpatched) and preview pane enabled.
It's not safe out there. So we should act with restraint. The same way the world is limited to us, the Internet should be too. Iraq is not safe to go to, so aren't crack sites . . . just avoid them.
And finally, if you get some ugly disease, just hit format c:. It's the best cure for all problems.
Mrk

 

Make it 24 now . Now that you have painted a target on your head.....
Just kidding.

If you don't test how do you know your kevlar vest is not made of butter instead?

Most problems, not all, according to rumours

 

I agree with your points, yes you can have all these security programs but at the end of the day it all comes down to how you use your computer that really determines your protection. By not going to porn/crack sites, not using a p2p program and watching what you download your chances of getting infected are very low. With my habits I honestly believe I could run my computer just fine with no AV or other security programs, just my routers firewall. I did a reformat last year and since then out of all the malware scanners I have run on my computer the most anything has ever found is a tracking cookie, one that is installed by some windows updates (Alexa), that’s it.

So why am I security paranoid? The reason I had to do that reformat was because of a few virus that I got hit with when I was using McAfee last year. Before getting infected I knew little about computer security, I only had McAfee and Ad-Aware and I used p2p and surfed porn sites. I went like this for almost a year without and major spyware or viruses, but then I got hit with a hijacker and a few viruses/Trojans from a porn site. It was one of the best things that could have happened because in the processes of trying to remove them I learned a ton about computers and began the transformation into a security conscious computer user. After I did the reformat I vowed to never go to porn sites or use p2p again (on this computer anyway). Now I mainly like to have a good defense for peace of mind, and I think I share that reason with a lot of users here. I have seen what malware can do to computers and how it can ruin computing. Now I am sure there are some people that build up a good defense so they can use p2p and surf on the dangerous side of the web and thats cool too.

 

I don´t share your opinion Mrkvonic, the points you suggest are just not enough to keep you safe. Remember that the "gang in the hood" can always come to you! With the minimal "armor" that you suited up to face this war you are still vulnerable to DoS type of attacks. Attacks targeting flaws in your OS could make you crash too. And depending on how you configured your system you could be sharing your secrets with the bad guys and they wouldn´t even have to install anything to get them! How about memory resident malicious codes? There are too many possibilities...

And why do you think only crack and porn sites are the root of all evil? Can you really trust established companies? Are you sure they are looking out 100% for YOUR interests? Spyware was not meant to be harmful, only track what you do for Marketing purposes. Is spyware safe to you?

And have you thought about how to protect the innocent? You may have a good understanding on where you can go and what you can do to be safe but how about your children? Or your employees? Or that blonde chick you´ve been day dreaming about?

The only thing I agree is that the lesser you use the lesser you risk yourself. At the limit, not using at all gives you 100% safety. Unplug it from the wall and you´ve got the best protection.

 

Indeed, don't forget about things like download.ject and the spyware that came though the pop lyrics site (I want to say Eric Clapton, but don't think that's right.. same genre, though.) The sites you visit may be trustworthy, but what about their advertisers? Google is a good example. There's also always the possiblity that the site can be hacked or DNS servers can be poisioned, too. Heck, one of the servers on the Jabber network had a rootkit running for a full year, you can imagine the potential for that one. Taking the standard precautions is a given, but it's not substitute for at least the standard defenses, nor the other way around. I considered my habits to be similar to Mrkvonic's, but when I went though my cookies the other day I realized that I went to a lot of places I had forgotten about. We all end up on pages that could potentially infect us, seedy or not.

One thing to keep in mind, too, regarding the subject of "safe hex" and "common sense" is that we all had to start somewhere. There's been a few good posts on the subject, but all too often it seems like this subject gets brought up with a bit of a chip on the shoulder of the speaker, which can really only intimidate those that need that kind of advice the most. I can only imagine how many newcommers read those posts and think: "well, I thought I was using common sense, what am I doing wrong? I only open email from people and places I trust.. I'll probably just get called an idiot if I post." This thread is definitely a good start, though

Perhaps, Pollmaster, you'd like to apply some of that eloquence to posting some advice? It seems like you're good at intellectual jabs, but I've yet to see anything really productive.

I've added a few good starting places to the page in my sig, including a link to a vendor site that hosts one of my own "essays" (link added yesterday, among several others.)

System hardening is another measure that I'd like to point out (of course.) This is somethinig that can save you from a signifigant amount of threats without adding yet more programs to the system tray. If you added nothing more to the standard AV and FW defense, this would be my recommendation.

 

Yes and sadly, nothing much is really going to protect you against DOS attacks if you are running servers, and crashing windows OS? That's known to be trival.

I'm not sure what 'memory resident malicious codes' are though. Most of the malware I know are memory resident.

There is no 100% safety yes, but loading up and using security software that you don't really understand isn't much better.

 

Hi Mrkvonic,

Unfortuantely, it does not appear that "safe surfing" is adequate. During the last year I cleaned several machines for friends and family whose surfing habits were not only safe, but downright non-existent.

How did the trojans and spyware (I netted 6 keyloggers during this time) come into being on these machines? Impossible to say. They all had AVs on their machine (mostly Norton, but in one case it was Trend Micro), and all people were familiar with the problems of surfing the net.

I can tell you that in one case, I visit a site that looking totally benign and I was hit with some malware that KAV caught.

So my approach is Murphy's Law - "If something can happen, it will", and I plan accordingling. That is good locks on the door.

Rich

 

All good points. On a slight off topic note you can block third party cookies, though I know you are concerned about more than that. You can even restrict images to downloading only those on the same domain. Not sure of other objects though like external js scripts, css etc.

My view is when I and other promote safe hex, I'm not saying, don't harden your system, don't patch, don't run any security software at all and the power of positive thinking will protect you!

I'm promoting what the Buddhist would go "Right Action", and this involves not only right surfing habits but also right amounts of patching and software.

I certainly don't subscribe to the opinion that unless you run PG+RD+KAV (or NOD + some AT), you are a big security risk.

Nice jab.

I'm actually trying to counter the FUD being spread by some people who are barely above the level of newbie who like to declare that without <insert cool toy they use>, it's only a matter of time before you are infected. They post over and over the same stories of their friends are idiots, the same advertisements of their favourite products , their 'proactive' strategy etc.

Probe a little and it turns out they have no clue about what they are saying.

Notok I've never "jabbed" you right? Nor, a lot of other people who post sensible advise, even though we disagree about the value of certain policies.

The only ones who get "jabbed" are the ones who post without thinking, quote text blindly without seeing if it applies to justify spreading FUD , mouth mindless slogans like 'proactive defense' and 'layered security' whenever they have nothing concrete to say.

It's difficult to be productive I think because the problem as I see it is that the people who need the advise most, are the very same people running around trying to play "Security expert" to all their friends.

They deny that of course if pressed, so would I .

Yes, I know that's your pet topic

 

Depending on the size of the DoS, yes, there is really not much that can be done (even big corporations have fallen to DoS). But you can use routers and personal firewalls to defeat a certain level of attack. That is leaps and bounds more protection than "safe hex".

I´m only refering to the possibility that you don´t need to install anything to get infected. Of course the infection is terminated once you reboot but if you don´t know and are re-infected...

I know what you are refering to, even the best security scheme can fail due to user misconfiguration. But what do you prefer: a clueless user that uses his common sense or a clueless user that uses common sense, a firewall and an AV? See what I mean?

How much security is enough is *very* hard to determine. It is only logical that too much or too little is a bad idea. All the scenarios in between are personal preferences based on perceived risk exposure.

 

Lol, had a feeling you might take it as a jab, but no. I thought about it, but generally prefer to keep things going at face value. I can appreciate some of the jabs that you make, some of them actually make me snicker out loud, but sometimes you gotta give alternatives too, give something to those that otherwise might get caught up in the clap trap. This was actually some of the same reasoning behind the pages I put up. The idea was to give a fully rounded set of resources that I can point anyone in the direction of so they can choose for themselves, regardless of my opinion. I plan to write more, and link other's writings (once I get permission), but the langa letters will have to do for the time being. Bottom line regarding "jabs", though, is that when there's something on my mind, I generally leave no room for doubt

 

I'm curious do you know of any home user who has being a target of a DoS?
Is it reallly that serious a threat? All I can find is this
http://www.irchelp.org/irchelp/nuke/ and that's hardly a big deal.

Not that I don't appreciate routers and firewalls mind you, but justifying them by throwing around the word DoS attack doesn't really impress me.

About malicious memory resident code.

Any process that is executed I think would go into memory. This includes anything installed by the user. I'm not sure talking about "malicious memory resident code" helps your point, since most all malware I can think of falls into that category.

Or do you mean something more specific? If so please give examples of what falls into this categroy and examples of malware which do not fall into "malicious memory resident code"

Talking about installing I think is just a short hand for saying a process started executed by the user
The issue at hand is, how often does malicious processes execute that are not a result of any user interaction (or installed).

I can think of the following possibilities

1) Processes started by other processes already running.

Arguably, if this process started is malicious you are screwed yes, but as mentioned below, this is a case where you were screwed the second you decided to trust and install this program anyway, since it could have done its evil work the very second you ran it anyway.

2) Bugs in the software that lead to remote execution of code.

This is somewhat rare as long as you keep fully patched. A very few of the examples given by Notok above pertain to this category, though I suspect Notok would be hardpressed to mention more cases of zero day exploits affecting home users.

So no, I think when it comes down to it, in most cases, if you are hit, it means you have failed to practice safe hex in some way. The rare exceptions are when you are targetted with a new exploit that is unknown of course. Not much you can do about that.

Your options are impossible, since a user who uses common sense is by definition not clueless.

And as explained to Notok, I'm not against security software. But I myself have done the same as Matt and gone around with nothing but a router, and I'm clean. So have many other people I know, even 'cluessless' people who don't hang out at security hobbyist forums

Isn't that impossible ?


PS Do you really need a AV to tell you some strange email, from someone you don't know or with a short vague message, with a strange/dangerous attachment extension, is a worm?





How much security is enough is *very* hard to determine. It is only logical that too much or too little is a bad idea. All the scenarios in between are personal preferences based on perceived risk exposure.[/QUOTE]

 

I disagree that there is not much that can be done against a zero day exploit. There are more than a few companies out there developing solutions that block unknown exploits....some work better than others but there are some solutions to zero day exploits and some solutions are getting better and better each day.

[/QUOTE]

Now I also believe that common sense is the best defense but it is also good to have to have some protection. I know that I use a lot of common sense but there are some days that I am just clicking on things fast and there have been times that I have clicked on the wrong thing or have done the wrong thing and I feel safer having the security software that I have on my computer on here......especially since I do a lot of traveling with this laptop and hook up into all types of networks all over the world (In a few days I will be going to Singapore, my favorite city).

I happen to like having some of the security that I have on my computer when I hook up to some strange network in Indonesia or the Philippines or some place like that.....but then again...I am not the average user.



Starrob

 

Why are you nitpicking? Not having a firewall will make you vulnarable to DoS *plus* the other examples I gave. I never said by itself is was justification for anything. And yes, I have been a target of DoS by just running a p2p application. But that´s not the point. And neither is impressing you.

You missed the point. As computer technology gets more and more sofisticated it is becoming virtually impossible for the average user to make sense, and mainly, keep up with all the possibilities to get infected. Who would have thought that it would be possible to get an infection from clicking websites?

No, it´s not impossible because you fail to give proper meaning to the word "common". Today, practically everybody uses a computer with a varied knowledge background. What is common sense for the average user has nothing to do with the knowledge that is necessary to understand all this and how to defend against it. How many time have you heard "I use dial-up so I don´t need a firewall"? Unfortunately, that´s common sense too.

You and Matt have much more than "common sense", enough so you don´t get into trouble. And just like you I have seen people with common sense get loads of malware without any idea how they got them. That doesn´t reinforce any argument. The fact is that a lot of people simply do not have the necessary judgement or knowledge to make decisions about what happens in their computers despite all the common sense they might have. That´s where these tools come into play and assist them making those decisions.

I probably wouldn´t. But if your grandmother got an email apperantly from you harvested by a worm, it would be pretty hard to make that call. Basing decisions on attachment extensions already requires experience that might fail a lot of people that have common sense. There are pitfalls like double extensions and Windows is becoming more visual by creating icons specific to the file type. And there are ways to change those icons so they don´t appear to be what they are.

From your description it would seem impossible to fall victim of a worm, virus or phishing scam but that´s what´s been happening. Or maybe you believe ALL those victims are stupid and don´t have common sense?

Safe sex means "use a condom". Period. Safe hex means... The list is virtually endless, depends on what you do with computers and is changing all the time. Pretty simple? Yeah, right...

 

Hi alien51,

I agree with your position. Most people are aware of the problems with surfing on the Internet (most have either lost data or have had their privacy invaded in some fashion) and are seeking practical advice on how to begin securing their system. Slogans, such as "safe hex" are ambiguous, pretty meaningless, and ultimately impractical.

Rich

 

If you say so. You could pay Idefend ten of thousands of bucks to keep updated about the latest zero day exploits not publised yet I suppose.

But barring that, the fact is, by definition a zero day exploit is something unknown, so how can a reliable solution exist? You can tighten, harden OS security but does that really provide reliable zero day exploit protection?

If you have more information about how reliable zero day exploits portection work, do educate me.

And what is wrong with Singapore ? The last time I checked, it was hardly hacker heaven. Now China.....

So you agree what you are saying has no relevance to average users?

 

I'm 'nitpicking' because, handwaving about threats that are not really practical or common is spreading FUD. Certain members of this forum (not you) are very prone to that, and when I call them on it, they run away. In fact, one of them has apprantly decided not to answer to me directly, to avoid looking foolish but is content instead to snip at me, by answering other posts.

And they have the sophiscation to keep up with "proactive defensive tools" like PG and RD that some people are calling the most important tools ever?

LOL, people think it's possible to get infected just by reading a text file. Getting infected by going to a website would hardly surprise them.

Fair enough. The fact is though, if I can educate my 70 year old Dad, to keep his PC safe, despite not running any AV real time monitor, I'm not sure if it's really that hard. Certainly it isn't harder than learning how to play with the security tools that is so popular here.

My point is, which I'm sure you are already implictly agreed to is that a cluess user that relies only on tools is hardly another more protected. How many times have you seen, someone post that he got infected by opening a strange email attachment because his antivirus said it was okay?

Actually not much nowadays, because the knowledge of being careful of email attachedments has trickled down to the masses

Actually my Dad (retired, non-tech profession) is in the exact situation you mention. And he has no problem at all figuring out which email is a worm.

Like most people I expect he figures out which email is suspect, not by looking at attachments (that's a little technical), but by the practise of common sense.

He usually looks at the context of the email body, anything that is overly short, vague is suspect. It helps that I don't have the habit of sending one liner emails. Anyone who does that is likely to get his email junked these days

Of course, it helps that he doesn't use a shitty email client.

So there! Software+knowledge.

It isn't impossible to fall victim of a virus,worm, or phishing scam, it's just difficult if you are even slightly clued in. Everyone seems to feel the need to underestimate Average Joe (why I don't know, except maybe to make oneself feel good?) , but my own experience is that many already know what to do, and for those who don't ( they get infected), an hour or two of 'lecturing' is sufficient.

Some still get infected don't get me wrong, but those are people who know that they are doing the wrong thing but do it anyway.

And using the countless anti-x tools, is a lot simpler? Trying to figure out if product X, covers malware Y, trying to figure out why software Z conflicts with software X, Pops up flashing at you about process X injecting into process Y is a lot easier?

By God, that's the reason why newbie forums like this exist! And I'm still confused by all these toys

And as always people seem to think that when I advocate safe practises as a number 1 line of defense, they seem to think that I'm advocating not running any protection software. It's a strawman argument.

What I'm saying is that if you want to help, make sure you teach them common ways to protect themselves , knowledge that is likely to last them longer than any security product, instead of trying to turn their machine into a clone of yours, running the exact same setup.

Of course, some people around here seem to be so worried about keeping their fave software developer from starving, to the extent that they are asking the vendors to raise prices! So promoting one or two paid products might be a good idea.

 

Nothing wrong with Singapore. Singapore is more civilized than the USA to me.....but I am also going to Jakarta, Indonesia,,,,,,Indonesia is a bit of a wild lands......piracy runs rampant there....What's the latest movie? I can get it for less than a dollar in Indonesia....LOL.....security on the internet there is about as bad as China...or the Philippines, or just about any other country in that area.

 

Yes, I do say so....I never been hit with a zero day infection and the likelihood that I ever will is low. Not impossible but not probable either.


Starrob

 

That is not for me or you to determine...It is up to the "average user" (Whatever that means) to determine whether what I write or say has relevance.

My father only surfs certain websites. He is sort of older...He would not understand very much that is talked about on here...He would not understand what was meant by "common sense" on a computer but also I dont load up his computer with KAV, PG, RD, SSM, REGRUN or PREVX because he would not understand that either.

For him, I simply leave the Nortons suite that came with the computer on, add some hosts files, Spybot and Spyware blaster and he has never been infected.

Every situation is different....some people operate their computer dangerously and need extra protection....others only surf security forums and dont need extra protection. What is FUD for some is a necessity for others.

Most people like painting everyone into the same box and everyone is not the same. I have seen posts where some claim they can run without any security software whatsoever....not even a firewall and they claim to never get infected.

Others claim to be loaded down with security programs....claim to have lots of knowledge and common sense but yet sometimes they get infected.

If someone wants to put so much security software on their computer so the computer operates at almost a standstill then more power to them....If someone operates with no security software...then more power to them.

Over time, I move increasingly away from wanting everyone to do just like I do and towards encouraging everyone to think for themselves. Everyone do what you want with your computer for after all it is yours. Choose to listen or not listen to anyone you want to on this board or any other board for that matter but don't take people's word as Gospel....read what they say and think it out for yourself and come to a satifactory solution for your own personal situation.


Starrob

 

Now, that's the most sensible thing you've written

Actually, I would begin even before the lecture - take her/him to watch the computer being assembled. This is what we do (a small group of friends who help people get started, or start over) - at a local custom shop. She/he gets to see what’s inside the computer - - why, it’s not so mysterious after all! Not that the user is necessarily going to tinker inside the case, but basic understanding of what a computer "is" is the beginning of security awareness. Our lecturing begins with the actual hooking up of everything once we get the system in the home, and goes from there.

Our users have a firewall, and that’s it, except in two cases where we have Deep Freeze. Actually, two use Win98 and don’t even have a firewall. No unwanted intrusions have ever been experienced.

Pollmaster, it does no good to argue in these posts - - unless you just enjoy doing it - - because you are not going to convince anyone to change her/his mind, and not *one* useful piece of information ever comes out of these arguments.

Most of the posting on these forums is involved in fixing problems and discussing products. Nothing wrong with that, but there is certainly a need for a place to talk about teaching security, and I think what you have to say about this is important and would be more useful if you would just outline step by step what you do, and let people take it or leave it.

I have done that several times a few months ago - - you’ll get a few positive responses, then the thread will take off in a different direction and the "my product is better than yours" rant will take over. But that’s OK - you will have made a useful contribution.

-rich
________________
~~Be ALERT!!! ~~

 

Quote
Of course, some people around here seem to be so worried about keeping their fave software developer from starving, to the extent that they are asking the vendors to raise prices!

Darn near spit out my coffee after reading that, I was laughing so hard.

 

Of course, but you never being hit by a zero day exploit does not mean
whatever product you are relying against them work.

,The number of people hit by a zero day exploit (i'm talking about the home user context), you will find is extremely , extremely low. Much rarer than a worm slipping through an AV before an update was created for sure.

Except you can't get chew gum, and you get canned if you don't flush the toilet. And there is no freedom of speech.

Privacy is rampant in Asia, even Singapore, though it's less serious now

 

You are probably right, though occasionally in the course of these arguments, some people (including me) do learn something.

In any case, I shall stop.

Sadly that is always the case, where's the thread?

 

Here's one I did on Wilders. I had hoped that more people would describe how they would teach someone just getting started in computing, and then lead into how they teach security awareness:

https://www.wilderssecurity.com/showthread.php?t=73778

-rich
________________
~~Be ALERT!!! ~~

 

It also does not mean that the products will not work either. There are some products out there that probably do a great deal of what is advertised.

I also don't simply rely on products. I do a certain amount of system hardening and I learn from the good things others do and also from others mistakes.

I don't believe in 100% solutions. A total common sense only approach is just as likely to get hit by a zero day exploit as a person who has so much security software on their computer that it takes 5 minutes to open a folder on their computer. It is just a matter of preference.

If someone wants to wait 5 minutes to open a file on their computer then it is none of my business. If someone wants to operate with no security software whatsoever, it is none of my business. My business is my own computer and how I can better defend it. If you have specific examples of how a computer can be better defended then I am interesting to hear that. I always looking for best of breed solutions......



Starrob