Going try something new. Bold but maybe stupid.

Is it worse to get hit and not detect, or get hit but yet detect later.

On one PC, a frigging 64 bit one, I am going with nothing but Hitman Pro for nightly scans and boot scans. Yes you can actually scan more then once a day, if you create a task and add /scan:boot then go into the registry to HKLM and HP and delete the value in Last scan. Hmm, I figured that one out all by myself.

I am going to see if going naked, wheeew we, and catching after the fact actually works. I will use KeyScrambler for other reasons. On 2 computers it will be HP on boot and just Sandboxie. I will let the teens have a go at ripping these up. Will let you know how it goes.

 

You can't go wrong with browsers these days, especially if you're using the latest IE. Chrome is good, Opera and Firefox equally as good.

I was thinking of installing ThreatFire (to prevent any severe changes from a download), and Hitman Pro (to scan each day). Hitman Pro, Sandboxie, and ThreatFire, that'd be one secure setup.

If you have kids going nuts with downloads, wouldn't worry me. Most malware these days seems to focus on throwing up popups, trying to sell you a program or convince you to hand over cash. So a daily scan will pick these up.

 

It has come to pass with me, Threat is not so big.

Install Avast!
Turn on windows firewall.

Ta"DaH! - You now have a setup that is simple dosen't bug you and will give you 98% protection.

I now understand you don't need more then that because the threat is overhyped, and anybody who would get more then a simple AV + WFW would already be able to identify and remove a threat without instaling any software.

Hype about virus + spyware = Overated.

 

You assume that other people know the same things you do. Trust me, there are many many people out there who using simply avast and wfw would still get infected with one thing or another. If it is working for you then you have some skill sets that many do not.

Of course this is just my opinion based on own experience...

Sul.

 

It is just like those using Nortons [sic] - the majority, not everyone - who still manage to get infected and can't understand why

 

I just don't understand how people in this modern age are still that stupid, with an upto-date ~ anti-virus you have to be a total numpty to get a virus or very unlucky.

Seriously the people who go online browseing prawn sites and get virus and wonder why are seriously missing brain matter.

Is someone says here take this package in real life you dont just take it!

 

Prevention is better than cure

 

hey jeff install winpatrol on these pc it will let you know nearly everything that changes on yoursetup...its free with option of paid winpatrol plus...its excellent

 

@3DFireStarteR

I hear what you are saying. lol, it is just the way it is.

I often think of it in terms of a car. Everyone knows you need to change your oil at intervals or your engine will suffer. But how many people don't change thier oil often enough? How many develop a shortened motor life due to this very basic and simple step of maintainance? I know the answer, many. Here is a multi thousand dollar investment, an investment that loses money the day you buy it (typically), yet many don't even give it the most basic upkeep.

So I guess, why should a computer be any different? We here at Wilders (and many many others) are like the backyard mechanic or the person who loves thier car. We either do the maintainance ourselves (learning more and experimenting) or we take it to a mechanic frequently (use programs and only need to understand how to use them).

Sul.

 

All it takes is one new piece of malicious code that an AV doesn't yet recognize. If that piece of malware targets or disables AVs, you've lost the battle. It does happen. Less than 2 weeks ago, I cleaned just such a unit, fully patched, AV and SAS updated daily, both killed. Nastiest infection I've dealt with in years.

 

Well, I guess the problem is where i see my sence of what is right and wrong is skewed by my love of knowing how things work. I guess that 90% of people don't care how or why, they just use it because they couldent care less how it works.

But then again it makes sence when you think about it you only improve if you have desire to learn and it would explain why there are so many people out that that relly on others for everything rather then learning how to do things for themselfs.

If that dosen't sound to offenceive to anyone

 

That would make an interesting poll. It is true for me as well.

Sul.

 

I argued wayyy back that Deep Freeze, Returnil, etc. is basically the end-all of security concerns. Make sure you are behind a router, keep data files on another drive or partition, maybe throw in Anti-Executable, and new code, old code, it doesn't matter; a simple reboot and I'm back running a perfectly safe computer. I can't imagine computing these days without them. (I have Deep Freeze on one and Returnil on another.) I don't mess with an onboard AV, AS, or anything else. I run three or four quick online scans in between OS/application patches and I feel perfectly safe. Actually, I don't just feel safe - I know I'm safe.

 

I won't argue with that. I'm also certain that a system secured with a default-deny policy wouldn't end up in that state either. The problem is that you can't always convince someone else that there's better options. They have to learn the hard way, and they did.

 

And the odds of the right exploit, hitting my particular LV app, at the right time, while I'm in the right (or wrong) place is.....what? I mean, seriously, come on. Anything is possible, yes. People DO get struck by lightning, it DOES happen. But, really. The odds of my setup getting burned by the perfect exploit at the perfect time? The same as getting struck by lightning during the next thunderstorm. Theoretical attacks and the odds of things really happening have to be weighed realistically.

 

1-Never had keylogger problems / issues.

2-Never had any data loss.

I've used BOTH Returnil and Deepfreeze products as well.

 

You need to read the news lately; since June 2009 there has been various breaches involving Deep Freeze. These breaches have been reported to Feronics and they have been very silent ever since. Please read the following post and be informed/warned:

http://www.dslreports.com/forum/r23079919-Deep-Freeze-Breached-

I totaly agree with SSJ100 comments on how to secure yourself and ignorance is not going to help.

 

Trying to determine "the odds of" any specific malicious event happening is pointless and impossible, but it does happen. Someone has to be among the first ones to make contact with new malicious code an AV doesn't recognize. I've encountered, captured, and submitted new variants twice in the last 5 years. It happened to the owners of the PC I described. Since they were using a conventional default-permit based security setup (AV, AS), it wasn't able to deal with it. They didn't go looking for trouble. Sites are getting hacked and they happened to visit one.

I started that journey in 2003 after an AV failed to keep viruses off of my PC and a security suite allowed someone to hack their way in. After trying layered AVs and antispyware apps, I adopted a default-deny policy. I no longer need AVs, anti-spyware, etc when nothing new can execute. Don't need rollback software, snapshots, etc when my system doesn't change.

 

When I got hit by the Alpha Virus last week, that hosed my system, you know what I was doing. I had typed into Google," Recomended front tire pressure for Kawasaki Nomad." It was about the 4th link I clicked on and pow. Talk about harmless surfing has gone away.

 

did you cure the problem with your antivirus?

 

using Microsoft Security Essentials and Sandboxie on the 2 laptops and Kaspersky AV on the 64 bit one for now. At least I know if it detects it, it will clean it.

 

that is good that you clean up this malware

 

That's what I meant by rebooting and it would be gone. There's risks out there - in all parts of life. For me, I feel safe with the risks I have running what i do. (Sorry what happened to you! No fun at all.)

 

You keep posting this in any discussion about AE.
Scripting attacks like this are no longer used these days

And this too. There is no reason for a malware writer to do this these days. They are all about the money now.

Need to keep some perspective here.

 

Hi trjam:

Ha, no one should call your tests stupid! I will be interested in your test results for sure. You will save a fortune on "security" clothes.

I think you are wise to use KeyScrambler to mask your accounts and passwords just in case a trojan slips in and has yet to be found by your scans.

Your post made me think of a semi naked setup,

1 RT scanner
1 FF using all possible white lists, no script etc etc
1 Image restore
1 KeyScrambler

Forget the Sandboxie... heh heh I may get beat up by their advocates!