Longest time as "clean" without resident shield?

Discussion in 'other security issues & news' started by Firefighter, Dec 1, 2007.

Thread Status:
Not open for further replies.
  1. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    About 6 months my SAM Linux has been clean checked by Avast Linux Home Edition and Ewido micro. I remember times when my WinXP Home had got infected after 40 seconds without resident shield. :D

    Best regards,
    Firefighter!
     
  2. Arup

    Arup Guest

    Actually BBC did a demo of a brand new XP install without any protection getting infected in few minutes of surfing.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Same here. I once thought i'll just install, setup my network connection then go online and download to install Kerio free firewall and it will only take a few moments.

    In that few moments XP firewall alerted that something was trying to connect and by the time i had finished download Kerio, the PC was already hit and drawing in more company to all sorts of locations.

    Needless to say, i never tempted fate (with internet) that way again after it cost another wipe & reformat. I dunno the actual time but once the IE browser goes active to the internet without a decent firewall, it's a wide open channel to push anything onto the Windows system before you can even get to the Reset button.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    You can probably run Linux naked for 10 years and be clean.... :cool:
     
  5. ASpace

    ASpace Guest

    :shifty: Windows firewall will only alert for something wanting to gain incoming access for applications inside the machine so it wasn't Windows Firewall's fault you had already had something o_O malicious in your computer .

    It all depends on the person behind the keyboard . It can be pretty easy for one and extrememly difficult for someone else to run with a firewall only .
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I can,t believe of being infected in minutes or even hours.

    If it,s like this why I never get a malware while online?
     
  7. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    I understand the issue with running naked and without any protection but should the XP firewall not be sufficient for the download of updates until installation of a "decent" firewall? Lots of systems run on only XP firewall and do not get infected.
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    This was the case before SP2 emerged (i.e. Messenger spam, ActiveX enabled by default, firewall disabled by default, lots of pop-ups) when network worms/bots were very prominent.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Problem in cases now is figuring out if your are actually naked. My firewall reports little because the router blocks stuff. I recently looked at my router logs, and nothing much there either. I think my ISP is doing blocking, so even with nothing, I am not really naked anymore.
     
  10. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Going on for 10 months now with a number of machines running behind a hardware firewall and surfing with Firefox - no scripts and that is all. I have been criticized by some for pointing this out but it is true that I have no real time AV, no real time AS, no software firewall, no Hips, and no problems.
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Indeed, thanks for the mention. My experience WAS before SP2 and yes it only took a matter of minutes if that long. Surprised me i'll say.

    I've since connect to internet in a more mobile fashion and without a router i'm happy to say. No more surprise interruptions at all.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,

    Actually, if I'm to trust the scanners, I'm not clean:

    AVG AS reports a Linux printer entry as adware on x.x.x.2 address, but it does not care about x.x.x.144 address. And it doesn't like paypal cookies.

    A2 has the issue with BSPlayer (the very first version) for months now and another with CDBurnerXP Pro, they haven't fixed it yet.

    AVG AV gives a hiccup once in a while, usually disliking BartPE plugins or Dr.Web cleaner, plus it will raise an alarm over a file named keygen.exe, even if it's an empty text file...

    However ...

    Depending on the computer setup, the longest time explicitly WITHOUT any resident scanners - as opposed to a period when I did use those - varies between about almost two years or so and a year or so.

    In other words, various comps are resident-free between 12-24 months and are clean save for FPs. This excludes test machines and work machines.

    Most setups are the fabulous F2 - Firewall + Firefox.

    To say nothing about Linux ...

    That said, I never got around to infecting myself. The only personal affliction was when a moron at the dorm helped me girlfriend-upgraded-to-wife install codecs on her computer, which he recommended - which happened to bundled with a bit of crap - clearly demonstrating the self-destructive ability of deluded computing.

    Mrk
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have WinXPproSP2 and my frozen snapshot seems to work like Linux.
    I ran KAV, NOD32, BitDefender, SAS, TrojanHunter, Spyware Doctor and one I don't remember (Norman ...).
    7 scanners = 0 threats and 5 FP's and I don't use scanners.
    My boot-to-restore recovers my system in less than 2m.
    Restoring a clean image takes 9m, NOD32 ran more than 20 minuts.
    I better restore a clean image, than running one scanner, it's 2 times faster.
    It's almost absurd to run scanners at the end of the day, you better restore a clean image. :)
     
  14. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    With FD-ISR frozen and Sandboxie have you thought about removing AE ?
    As you correctly say any bad things that somehow get in will be gone at reboot so the danger period is between reboots ? when was the last time that AE said "something nasty is trying to do xyz" ? ever ? never ? ..... Is it really all that useful with so much more powerful protections running ?
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Removing malware during reboot is like removing malware with a scanner : TOO LATE. There is no difference between two reboots and two scans, except that a reboot is much shorter than the total scan-time. Only the real-time shield of a scanner would be useful for me, but I can't install the real-time shield without the scanner. So I have to replace it with something else. I have the perfect malware removal tool, but not the perfect malware stopper in my system partition.
    Too late is not good and that's why I still need security softwares that stop the execution or isolate them IMMEDIATELY. Until now AE didn't do anything, not even while I was surfing. Is that a good reason to ditch AE ?
    I never had a fire at home, but I have to pay year in year out for an insurance. Do I have to stop this insurance and take the risk ?
     
    Last edited: Dec 2, 2007
  16. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Thanks for the information - which is as I suspected. I'm sure by now that you know that I am convinced that the possibility of contamination is frequently greatly exaggerated ?

    Is the lack of any activity a good reason to ditch AE ? The answer is for each of us to decide. For you no for me yes.

    To me it's is all about proportionality. You have fire insurance not because of the risk of having a fire but because of the expense if you did have one. Insurance need not be taken if the cost of loss can be profitably borne.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I didn't practice any dangerous surfing either, because my data partition wasn't protected until now. I wonder what will happen if I start surfing dangerously.
    When I was a newbie, unaware of any threat and without much protection, my computer was infected all the time due to my careless behaviour on the net and downloading anything without restriction.
     
  18. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    One of my neighbors, that old fellow, who uses router and DeepFreeze only since v.6.0 introduced (now is v.6.3), still is a happy surfer, never complains any problems.

    Lately I asked him to add DefenseWall to fortify his defense a bit. Who knows how long his machine will stay as clean as a white sheet, perhaps his lifetime.
     
  19. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    A lot has changed over the years. 10 years ago, using windows 95, with IE, and no hardware firewall........ On balance I think that a case could be made for it being more dangerous then.

    "I wonder what will happen if I start surfing dangerously" today ?

    With (1) a Hardware Firewall (2) Firefox - no scripts (3) FD-ISR Freeze (4)
    Sandboxie... my guess is that not much will happen - and if it did it would be gone at reboot.

    I'm not saying that you or anyone else should go looking for trouble but if you have not been practicing safe hex and AE has not actually produced warnings
    for a reasonable period of time that suggests to me that even without it nothing would happen. Again I'm not saying that you or anyone else should not use AE - Just curious as to whether it is really, really absolutely necessary.

    Just for the record - I know that the science fiction writers out there will laugh - pointing out that nasties - as yet unknown, that can not be seen, and can not be removed may exist and may ......... they know that hardware viruses exist and can not be destroyed.... that motherboards have chips on which spy on us......i.e that nothing will protect us. Just for the record I'm not interested in such things until they happen as a matter of daily routine.
     
  20. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    I'm going to be brutal and to the point to the know alls who claim, "I dont use Antivirus or Firewall and have never been Infected"

    Well :cautious: To those of you that do this, All I'm going to say Is..At some point in time, dont know where, dont know when, but your going to get Blitzed!

    When you do, dont come running in here Crying like a Banshee about It! :shifty: Dont say you wernt warned! :ninja:
     
  21. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Yes DVD+R thanks for bringing this know it all back to reality. I tend to get carried away and forget that 11 years of surfing is hardly enough time to draw any sensible conclusions.

    In my moments of madness, however, I do wonder how a hardware firewall and firefox plus a modicum of KWYD seems to have kept me out of trouble and yet others who worship the Layered God can not seem to avoid contamination.

    But perhaps we can agree on one thing. when, or as I prefer, if I ever get Blitzed I promise I won't come crying. I'll be too busy restoring images - well at least for 10 to 20 minutes or so. :p :D :-*
     
  22. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I ran my system for a couple of months earlier in the year with just ghost security suite, no malware problems that i knew about. However in regards to a 'resident shield' i'd rather have it and not need it than need it and not have it. Besides, playing around with security software is a bit of fun for me.
     
  23. herbalist

    herbalist Guest

    I stopped using AVs, anti-trojan, anti-spyware and any other signature or definition based security apps about 2 years ago. With Kerio and Proxomitron controlling traffic and its contents, and SSM enforcing a default-deny policy, a resident AV or shield isn't needed. I browse anywhere I want to with no problems. If the day ever comes that my defenses are breached, a quick restoring to the last image will fix the problem.
    Rick
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Dear all.

    Running without AV or AS is not a major problem when you run in limited right setup. When you are running as Admin you have to use a HIPS to establish simular protection.

    On my wife's PC we used to run with only ThreatFire and DefenseWall. Problem with a user who downloads a lot of paid music is the Digital Rights Management (at least within XP). When rolling back to a previous image, you also throw away your DRM (playing/burning rights). Lately I added Avast with the standard shield stopped (only P2P/Web/Network/Internet Mail shields). Reason for this is that some stupid music sites won't play the previews when IE is patched upt to date. Most of these sites won't play preview javascripts with Opera/Firefox either. So now my wife is using Opera (skinned as IE) for normal sufing and she is buying music with IE7 unpatched.

    I think I would not be needing ThreatFire, but I like to know (with custom rules registry and file protection and some elemtary outbound application control) what is protected. With DW and TF I think running in admin gives teh same protection as running as limited user.

    Any info on which files affect DRM on XP is welcome.

    Regards Kees
     
  25. herbalist

    herbalist Guest

    You could probably find what those files are and where they're kept by using an install monitor like Inctrl5 in 2-phase mode. Take a snapshot, go get some music from one of the sites, then run Inctrl5 again. It should tell you what gets changed or added. The 2-phase mode works very well for finding changes made by websites, scripts, etc.

    If you can locate them, maybe you could copy the DRM files to another drive or external media, then replace them after the rollback. If the idea works, you could write a script or batch file and make it a scheduled task.

    Rick
     
Loading...
Thread Status:
Not open for further replies.