Longest time as "clean" without resident shield?

About 6 months my SAM Linux has been clean checked by Avast Linux Home Edition and Ewido micro. I remember times when my WinXP Home had got infected after 40 seconds without resident shield.

Best regards,
Firefighter!

 

Actually BBC did a demo of a brand new XP install without any protection getting infected in few minutes of surfing.

 

Same here. I once thought i'll just install, setup my network connection then go online and download to install Kerio free firewall and it will only take a few moments.

In that few moments XP firewall alerted that something was trying to connect and by the time i had finished download Kerio, the PC was already hit and drawing in more company to all sorts of locations.

Needless to say, i never tempted fate (with internet) that way again after it cost another wipe & reformat. I dunno the actual time but once the IE browser goes active to the internet without a decent firewall, it's a wide open channel to push anything onto the Windows system before you can even get to the Reset button.

 

You can probably run Linux naked for 10 years and be clean....

 

Windows firewall will only alert for something wanting to gain incoming access for applications inside the machine so it wasn't Windows Firewall's fault you had already had something malicious in your computer .

It all depends on the person behind the keyboard . It can be pretty easy for one and extrememly difficult for someone else to run with a firewall only .

 

I can,t believe of being infected in minutes or even hours.

If it,s like this why I never get a malware while online?

 

I understand the issue with running naked and without any protection but should the XP firewall not be sufficient for the download of updates until installation of a "decent" firewall? Lots of systems run on only XP firewall and do not get infected.

 

This was the case before SP2 emerged (i.e. Messenger spam, ActiveX enabled by default, firewall disabled by default, lots of pop-ups) when network worms/bots were very prominent.

 

Going on for 10 months now with a number of machines running behind a hardware firewall and surfing with Firefox - no scripts and that is all. I have been criticized by some for pointing this out but it is true that I have no real time AV, no real time AS, no software firewall, no Hips, and no problems.

 

Indeed, thanks for the mention. My experience WAS before SP2 and yes it only took a matter of minutes if that long. Surprised me i'll say.

I've since connect to internet in a more mobile fashion and without a router i'm happy to say. No more surprise interruptions at all.

 

Hello,

Actually, if I'm to trust the scanners, I'm not clean:

AVG AS reports a Linux printer entry as adware on x.x.x.2 address, but it does not care about x.x.x.144 address. And it doesn't like paypal cookies.

A2 has the issue with BSPlayer (the very first version) for months now and another with CDBurnerXP Pro, they haven't fixed it yet.

AVG AV gives a hiccup once in a while, usually disliking BartPE plugins or Dr.Web cleaner, plus it will raise an alarm over a file named keygen.exe, even if it's an empty text file...

However ...

Depending on the computer setup, the longest time explicitly WITHOUT any resident scanners - as opposed to a period when I did use those - varies between about almost two years or so and a year or so.

In other words, various comps are resident-free between 12-24 months and are clean save for FPs. This excludes test machines and work machines.

Most setups are the fabulous F2 - Firewall + Firefox.

To say nothing about Linux ...

That said, I never got around to infecting myself. The only personal affliction was when a moron at the dorm helped me girlfriend-upgraded-to-wife install codecs on her computer, which he recommended - which happened to bundled with a bit of crap - clearly demonstrating the self-destructive ability of deluded computing.

Mrk

 

I have WinXPproSP2 and my frozen snapshot seems to work like Linux.
I ran KAV, NOD32, BitDefender, SAS, TrojanHunter, Spyware Doctor and one I don't remember (Norman ...).
7 scanners = 0 threats and 5 FP's and I don't use scanners.
My boot-to-restore recovers my system in less than 2m.
Restoring a clean image takes 9m, NOD32 ran more than 20 minuts.
I better restore a clean image, than running one scanner, it's 2 times faster.
It's almost absurd to run scanners at the end of the day, you better restore a clean image.

 

With FD-ISR frozen and Sandboxie have you thought about removing AE ?
As you correctly say any bad things that somehow get in will be gone at reboot so the danger period is between reboots ? when was the last time that AE said "something nasty is trying to do xyz" ? ever ? never ? ..... Is it really all that useful with so much more powerful protections running ?

 

Removing malware during reboot is like removing malware with a scanner : TOO LATE. There is no difference between two reboots and two scans, except that a reboot is much shorter than the total scan-time. Only the real-time shield of a scanner would be useful for me, but I can't install the real-time shield without the scanner. So I have to replace it with something else. I have the perfect malware removal tool, but not the perfect malware stopper in my system partition.
Too late is not good and that's why I still need security softwares that stop the execution or isolate them IMMEDIATELY. Until now AE didn't do anything, not even while I was surfing. Is that a good reason to ditch AE ?
I never had a fire at home, but I have to pay year in year out for an insurance. Do I have to stop this insurance and take the risk ?

 

Thanks for the information - which is as I suspected. I'm sure by now that you know that I am convinced that the possibility of contamination is frequently greatly exaggerated ?

Is the lack of any activity a good reason to ditch AE ? The answer is for each of us to decide. For you no for me yes.

To me it's is all about proportionality. You have fire insurance not because of the risk of having a fire but because of the expense if you did have one. Insurance need not be taken if the cost of loss can be profitably borne.

 

I didn't practice any dangerous surfing either, because my data partition wasn't protected until now. I wonder what will happen if I start surfing dangerously.
When I was a newbie, unaware of any threat and without much protection, my computer was infected all the time due to my careless behaviour on the net and downloading anything without restriction.

 

Hi,

One of my neighbors, that old fellow, who uses router and DeepFreeze only since v.6.0 introduced (now is v.6.3), still is a happy surfer, never complains any problems.

Lately I asked him to add DefenseWall to fortify his defense a bit. Who knows how long his machine will stay as clean as a white sheet, perhaps his lifetime.

 

A lot has changed over the years. 10 years ago, using windows 95, with IE, and no hardware firewall........ On balance I think that a case could be made for it being more dangerous then.

"I wonder what will happen if I start surfing dangerously" today ?

With (1) a Hardware Firewall (2) Firefox - no scripts (3) FD-ISR Freeze (4)
Sandboxie... my guess is that not much will happen - and if it did it would be gone at reboot.

I'm not saying that you or anyone else should go looking for trouble but if you have not been practicing safe hex and AE has not actually produced warnings
for a reasonable period of time that suggests to me that even without it nothing would happen. Again I'm not saying that you or anyone else should not use AE - Just curious as to whether it is really, really absolutely necessary.

Just for the record - I know that the science fiction writers out there will laugh - pointing out that nasties - as yet unknown, that can not be seen, and can not be removed may exist and may ......... they know that hardware viruses exist and can not be destroyed.... that motherboards have chips on which spy on us......i.e that nothing will protect us. Just for the record I'm not interested in such things until they happen as a matter of daily routine.

 

I'm going to be brutal and to the point to the know alls who claim, "I dont use Antivirus or Firewall and have never been Infected"

Well To those of you that do this, All I'm going to say Is..At some point in time, dont know where, dont know when, but your going to get Blitzed!

When you do, dont come running in here Crying like a Banshee about It! Dont say you wernt warned!

 

Yes DVD+R thanks for bringing this know it all back to reality. I tend to get carried away and forget that 11 years of surfing is hardly enough time to draw any sensible conclusions.

In my moments of madness, however, I do wonder how a hardware firewall and firefox plus a modicum of KWYD seems to have kept me out of trouble and yet others who worship the Layered God can not seem to avoid contamination.

But perhaps we can agree on one thing. when, or as I prefer, if I ever get Blitzed I promise I won't come crying. I'll be too busy restoring images - well at least for 10 to 20 minutes or so.

 

I ran my system for a couple of months earlier in the year with just ghost security suite, no malware problems that i knew about. However in regards to a 'resident shield' i'd rather have it and not need it than need it and not have it. Besides, playing around with security software is a bit of fun for me.

 

I stopped using AVs, anti-trojan, anti-spyware and any other signature or definition based security apps about 2 years ago. With Kerio and Proxomitron controlling traffic and its contents, and SSM enforcing a default-deny policy, a resident AV or shield isn't needed. I browse anywhere I want to with no problems. If the day ever comes that my defenses are breached, a quick restoring to the last image will fix the problem.
Rick

 

Dear all.

Running without AV or AS is not a major problem when you run in limited right setup. When you are running as Admin you have to use a HIPS to establish simular protection.

On my wife's PC we used to run with only ThreatFire and DefenseWall. Problem with a user who downloads a lot of paid music is the Digital Rights Management (at least within XP). When rolling back to a previous image, you also throw away your DRM (playing/burning rights). Lately I added Avast with the standard shield stopped (only P2P/Web/Network/Internet Mail shields). Reason for this is that some stupid music sites won't play the previews when IE is patched upt to date. Most of these sites won't play preview javascripts with Opera/Firefox either. So now my wife is using Opera (skinned as IE) for normal sufing and she is buying music with IE7 unpatched.

I think I would not be needing ThreatFire, but I like to know (with custom rules registry and file protection and some elemtary outbound application control) what is protected. With DW and TF I think running in admin gives teh same protection as running as limited user.

Any info on which files affect DRM on XP is welcome.

Regards Kees

 

You could probably find what those files are and where they're kept by using an install monitor like Inctrl5 in 2-phase mode. Take a snapshot, go get some music from one of the sites, then run Inctrl5 again. It should tell you what gets changed or added. The 2-phase mode works very well for finding changes made by websites, scripts, etc.

If you can locate them, maybe you could copy the DRM files to another drive or external media, then replace them after the rollback. If the idea works, you could write a script or batch file and make it a scheduled task.

Rick