Study: If you havent been infected by malware in the last 2 years

Discussion in 'other security issues & news' started by trjam, Jan 8, 2008.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Lets see if this may tell us anything. If you fit in this category, just state what you use your computer for, brief online surfing habits and what type of computer protection you use. Brand specific must be excluded please.
    Thank you.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    What if you downloaded an malicious file but the malware didnt infect your computer?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    I have never been infected. My basic setup has varied, but currently I use Sandboxie, OA, SSM or ProSecurity and thats it. I also do make use of Returnil/Shadowdefender on occasion.

    I primarily use my computers for business, using MS Office, Quickbooks, and Paperport. I also use them for online financial trading.

    Most of my surfing is quite benign, like here at wilders, oA forum, etc. I use either Opera or IE 7, all done with Sandboxie

    If I go to the wilder side of surfing, I then go to the VM machine, where I employ the exact same security setup.

    Finally if I am playing with malware, as I occasionally do, then first I put my host in Shadowmode, start the VM machine, and do the testing I am interested in. I use the Shadowmode of one of the shadow programs on the host, just on the slim chance something should escape the VM machine.

    Pete
     
  4. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Virtually every malware trace ever detected on any of my machines (excluding tracking cookies and the errant toolbar) arrived there via my installations of anti-malware products.
     
  5. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    No infections whatsoever, not even tracking cookies. Scanners have either shown false positives or nothing. My surfing habits are usually revolving around reading newspapers, downloading lots of pictures, doing research in many fields. Sometimes I surf where I shouldn't, but never to test my computer.

    I'm 99% of the time in shadowmode, excluding only 3 folders from the virtual volume: 'My Pictures' 'My New Documents', and 'Bookmarks'. My mail is through G-mail, also protected (not really needed) by the virtual volume.

    I always use Opera, registry protection, antiexecutable, software firewall.

    I never play with malware, and never test programs unless I really want to have them on my system.

    I almost forgot: Wilders is the only security forum I routinely check... Unfortunately it is quite addictive.
     
  6. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Back in 2001 I believe it was, I was infected with some kind of malware. It was bundled into a cracked Mcafee firewall I had downloaded from some warez site. I had it running for three months until I changed my AV which I switched to after noticing one day that I had a connection to russia running in the background all the time.
    That was my last warez I used on my computer.

    After that I have not been infected, if I not willingly let it.

    I surf everywhere I want even some pornsites. I do Download movies with P2P occasionally. I download software sometimes from sites that are not so known. I go to warez sites now and then when I want to look for some malware (havent found much though) I install and test relatively many programs. I never get any spam (I have made it very clear to anyone that I do not enjoy funny videos or other stuff people send to each other, just plain emails if they have anything to say.)

    My defences up till Octoer last year has been a firewall, AV and different flavors of HIPS (tried them all). They never (in 5 years) reacted to bad stuff sneaking into my computer. (Thats one reason why I got rid of them)

    My defense nowadays are Vista, Limited account and a couple of SRP´s (so I have to whitelist the software that tries to execute) a firewall. No realtime AV, I do some on demand scans now and then, no HIPS. And of course a browser that wont let scrpts run unless I say so. Not sure I need it though when I have LUA but it does no harm so I might as well keep it. Well, a snapshot and imagining software too if they count as security (against malware)
     
    Last edited: Jan 9, 2008
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Have not been infected.

    Usage: Lots of p2p, lots of porn, online gaming, email, IM etc. The standard security includes firewall + browser. The "highest" security also includes an anti-virus.

    Regarding anti-virus in the mentioned setup: it never saw real malware once - only several stupid FPs.

    Mrk
     
  8. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Nothing here in ages - quite a while back I once got a warning that my home page was attempting to change, but in hindsight I think I must have accidentally hot-keyed the "make this my home page" thing, or maybe clicked an equivalent link on the page, rather than encountering malware.

    Surfing habits ... "morning rounds" are mail, news, weather and comics, then later into boards like here and games, and probably in the evening some erotic not-quite-porn. Never any problems with the last one (I stick with a couple of favorites), and I once commented to the webmaster that he (?) obviously took great care to keep the site safe.
     
  9. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    Not in the last 2 years.

    Heavy online gaming and torrenting. Moderate adult surfing, office work, and general internet browsing (such as searches, couple of forums, shopping, etc...no real 'dark net' browsing any more).

    Have used a security suite from one vendor or another during those 2 years and generally nothing else.
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Haven't been infected for a lot more than the last two years.

    Other than what I've got showing in the screenshot (which are all the running processes I've got going at any given time, minus IE, Frostwire and/or Trillian, none of which is running at the moment) the only other program I rely on is Javacool's SpywareBlaster.

    I surf any-and-everywhere, do P2P, do IM'ing through Trill.

    Sure, I check things out with a bunch of different programs just to make sure nothing's sneaking through - and nothing has. I'm not even real sure when the last time I had a false positive was.

    Pretty anti-climactic, I guess. Sorry. Pete
     

    Attached Files:

  11. herbalist

    herbalist Guest

    My PCs are clean for better than two years, except for test units I infect deliberately. My primary PC is a dual boot, Win98 and 2K, most of the time running 98. It's a home PC for all the usual purposes, e-mail, IM, browsing anywhere, CD burning/ripping, some office work, etc. I occasionally use P2P. It's used on and off by about 6 different people, most of which qualify as typical users, not techies. It's rare when there's not someone using the computer here. Doesn't get much idle time. Except for the MVPS hosts file, there's no restrictions on where anyone might browse. Except for a few online games that require IE6, SeaMonkey is the browser that's used. IE6 is forced to go thru Proxomitron by firewall rules and is limited by rules to use on only a few sites.

    Both operating systems are protected by default-deny security policies which are enforced by a firewall and HIPS. Both have very restrictive rulesets in place and are configured not to prompt the user. The PC is fully equipped with software for all the usual tasks, so other users have no need and are not able to install any more software. Web content is filtered thru Proxomitron. No AV, AS, AT, etc installed.

    This PC has run into more than its share of malicious websites, e-mails, etc. None have been able to make any changes to the OS or the installed apps. The default-deny security policy and the apps that enforce it have worked flawlessly for over 2 years.
    Rick
     
  12. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    nothing for a long long time
    FP's about the only frights I get these days.

    behind router, AV, AT/S, firewall,
    torrent junkie, some naughty bits [getting too old :'( and the stuff getting too scary o_O ]
    anything really dodgy goes to a VM first, I occasionally have Boclean or Avast grab something in there, VM has same set up as real world,

    yet I clean boxes with more nasties than you can imagine, well you probably can, and wonder how they got so infected
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,267
    Location:
    England
    I haven't been infected for a long time. Had warnings when surfing but nothing has managed to set itself up on my machine.

    I surf with Sleipnir using Sandboxie. If I am looking for info I will follow leads to get it even if it means translating pages via google.

    No router, just OA firewall and try to use common sense (whatever that is:) )
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Just like our knowledgable and very sharp member Spy1 (plug) LoL

    In over two years absolutely not a single intrusion, only on Windows 98SE. I once picked up something named command.com in the C:\ folder when i first started with XP, nothing malicious and it couldn't call out because of Kerio 2.15, that old obsolete iron wall of a firewall. I could only knock it down when i used to play in the Yahoo Groups Boot Rooms for fun, nothing on the internet or sites ever disabled it.

    When HIPS popped on the scene, it was like using concrete instead of mortar between the bricks and this PC is been quiet ever since.

    Just to humour myself at times, and only works on SP1 XP of course, i occasionally would run those old HTML exploits that use IFrames, remember the site that hosted You Are An Idiot! by white sheep or something, that rapid barrage of bouncing windows was so impressive to me that i just had to keet those files for fun.
     
    Last edited: Jan 12, 2008
  15. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Nothing on my main system for over 2 years. Its primary use is games, multimedia, surfing and email. I don't browse the dark side of the web or open dodgy emails. My basic protection consisted of a hardware firewall, a realtime av and hips.
     
  16. dogma

    dogma Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    138
    Never been infected on 3 machines at home. The only detection of malware was when a member of my family was sent a file via IM which was detected and deleted before execution.

    Wasn't even infected whilst running pc-cillin 2002. My surfing habits are quite safe, usually visiting unknown sites for research (Uni college/assignments), IM, skype, email, etc, etc.

    Largely, attribute this to deficiency 'darkside' disorder (ddd as I call it). One has no inclination of visiting that side of the world wide web i.e. no fettish for porn, warez, or illegal activities.

    Have tested many security software, but have always come back to running a (free) Anti-virus in the long run. As my experience has proved, one does not require anything else.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Since March 2006, I didn't have any infection I know of.
    I don't run scanners anymore, so it's very hard for me to see if I'm or was infected or not. I just replace my possibly infected system partition with a new one and that removes any change.
    Anti-Executable should warn me, but it never did and I never check my sandbox.
    I don't like to spend time on malware. In theory, I'm not supposed to have any malware on board after reboot.
    I know the weaknesses of my approach and I can solve them.
     
  18. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    I have not been infected for at least 4 years, but honestly I can not say, since I use no AV for 2 years and I had no firewall for a year, but I run random ondemand scans with various tools. I visit only a few webpages in my favorites, watch movies, listen music via WMP, chat via WLM, no games or porno.
     
  19. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi trjam,
    I don't think this kind of subjective test is going to result in a "Eureka!" moment as you are trying to make a causal (maybe) connection between long term "cleanliness" and the use of strategy "X".

    I believe the more important factor in determining the likelihood of long term "cleanliness" would be the learning experiences that user has had and how it caused them to use strategy "X"...

    Just my 2 cents YMMV

    Mike
     
  20. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    all good points Mike. I guess what I am looking at is that it diesnt take 10 apps to do what 1 or 2 might. But it is subjective based on a users habits.

    check your pm.:)
     
  21. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Sorry i would like to say i never got infected in my life which was true until 2 weeks ago....

    I really regret not putting in more layers....
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Could you tell us about this?
    Probably a useless measure, per Murphy's laws. If you were to get infected, adding layers wasn't going to help much :p
     
  23. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Well as you would expect to nail one of us paranoid ones, it has to be a targetted attack by a world class hacker, employing the latest in malware techniques including rootkit techniques (bios jumping/metamorphic/polymorphic) and zero day exploits *specifically* designed to bypass the state of the art behavior blocking/sandboxing/hips software and the rootkit is invisible to all known rootkit detectors (even the private versions I have failed) I'm also convinced he has some way of cracking AES 512 bit and no it isn't a dictionary attack, cos my password is 40-50 characters long....
    Oh and did i mentioned that this machine is airgapped with no access to any other machine?

    Nah, not really...

    I just turned off most of the security software (excluding firewalls) while I was doing some maintaince, i left for a while and forgot to lock the machine (admin account), some idiot came in before the screensaver lock out started and started playing flash games, and before i know it the machine was nailed.

    :D :D
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    It has nothing to do with hacker xyz ... the person you mentioned probably installed something, as simple as that. Pure self-defeat, seems to me.
    Mrk
     
  25. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    No I haven't been infected.

    Lots of p2p. Surfing news sites, forums etc. Moderate porn and a little warez.

    I use AV, firewall and classic behavior blocker. Surf sandboxed. Light virtualization for the dark side of the internet.
     
Loading...
Thread Status:
Not open for further replies.