Ten years later, Windows XP still dominates the Web

Any site I visit is restricted until it proves it needs more to function. I don't trust what I download. Downloads are scanned first at VT, then tested on a virtual unit with a near duplicate security package. I make system backups before installing. I monitor the install process. All changes to the system are recorded. If I decide to keep it, I rebuild my "reboot to restore" files. Nothing new comes on my system without being tested. Needless to say, I don't change it very often. An app or update has to provide something I want or I don't bother.
For the actual testing with malicious sites, I might know they're malicious but there's no way to be sure exactly what will be coming at me until I get there, besides maybe a name. Too many of them change what they use depending on what they think you're using.

 

That sounds like a lot of work.

 

He is adopting strategies typical of virus analysts employed by companies like Symantec. Regular users will never do all those things.

 

Compared to just installing an app, yes. Compared to trying to remove a tough infection or finding a well hidden rootkit, no. That said, it's rare that I install or update anything more than once a month.

My system is what I consider completed. I have all the tools and apps I need. It does what I need and pretty much anything I ask of it. Thanks largely to the unofficial upgrades it's received, it's still surprising me at times with just how much it can do at one time and just how durable it's proving to be. Probably more than anything else, I like being able to let someone else use it and not having to worry about what they'll run into.

 

I agree here.

 

Close. I spent a lot of years at malware removal forums, more than long enough to convince me that relying on detection and removal is an excercise in futility.

 

That's why my particular strategy is to harden my system. And keep good backups. If something gets in I'd rather reimage the machine than hunt it down.

 

Not me! I haven't read those books!

I was fortunate to have a lot of hands on mentoring when I first started out with computers, which stressed investigating and analyzing, learning to do things oneself.

"Risk assessment/management" are terms that put some people off; so, in recent years, I've used the expression, "determine the likelihood that I would be infected by ___." I've used it in my previous posts in this thread.

When you think about it, we do risk assessment in other areas our lives. I've used the home security as an example before: we decide whether or not we want bars on our windows; heavy security screen door; burgular alarm, etc. Ask five homeowners/renters and you will get five different security strategies based on their assessment of potential intrusions.

In computing, I've already given example in my post #188 above where I determined the likelihood that I would be infected by the kernel/font parsing vulnerability.

An older, really widespread example was MS06-014, the Microsoft Data Access Components or MDAC. It affected all versions of Windows in 2006.

This was a web-based exploit, and when I first learned of a site with the exploit embedded, I took a peek at the code:



The first line of the code shows that VBS script is used. Well, my regular browser, Opera, doesn't interpret VBS script. So, I determined for myself (assessed the risk) that the exploit could not run on my system.

Nonetheless, since the exploit served up a binary executable file (3rd line) I tested using a browser that handled that script, IE6, and it was blocked by security in place on my system:



There are many ways of employing risk management. This and other example I cited are two that I use.

To quote BlueZannetti again,

What does it matter, which methods someone uses?!

Quiz for the day:

Why is this MS06-014 MDAC exploit, patched more than five years ago, still used by cybercriminals in the current Exploit Kits?

http://blog.webroot.com/page/2/
October 31, 2011

----
rich

 

Agreed. For me, it boils down to this order:
1, Don't let it execute.
2, If the above isn't possible (rare) keep it confined to the compromised app.
3, Take away its ultimate goal.

Exploits are a means to an end. It's not possible to ever know all the means but there's a limit to the number of usable ultimate targets it can go after.

The only problem I have with re-imaging as a security component is knowing when you're compromised. It's not the the old times when malware was literally "in your face".

 

They're alright but since you have experience there's no real point. They won't teach you anything you don't already know - just more about the industry standardized version of what you know.

As for the rest of the post I started typing something up but I think it really just comes down to having different ideas about security, which is fine.

 

Some good an interesting comments in this thread.

However, I like default/deny approach à la SSM. I have no inclination for analyses of various malware vectors used to infect a system.

Prevention beats cure anytime, for me.

Edit: small correction

 

LOL- lucky for me I'm a nerd that can't leave her computers alone. I have installed and reinstalled my operating systems countless times to achieve all kinds of stuff. So malware doesn't have a chance in my ever-morphing setup

 

I'm just the opposite. Except for a few apps, my system sees very few changes. The ones it does see go through a virtual test unit first, save for a few apps that my virtual systems are just not sufficient for, those that are picky about the hardware for instance. The bulk of the changes I make are building and modifying batch files and a few scripts for specific tasks and my Proxomitron filters, which are always being modified. In many ways, I'm old school. When something works well, I stay with it. I don't like change for its own sake or for eye candy, and definitely not just to stay with the times. IMO, Windows has been going in the wrong direction for a long time and I don't intend to follow. AFAIC, an OS should be an interface between the user and the hardware, a platform for the software to run on, and nothing more. The OS should stay out of my way, not dominate the PC, not record my every move, not call home, not check constantly to see if I pirated it, etc. If by some miracle Windows ever goes back in that direction, then I'll try that version. Since this will never happen, I'll stay with what I have.

 

Switching from XP to 7 made using my computer faster and easier. It also made more sense security-wise.

I've been running for 6 years now without any security programs other than what comes with Windows. I used to concern myself with all kinds of computer security non-sense.

I now run Windows 7 32/64 bit on my computers with the default security settings. I don't even bother with turning off Windows Defender because it doesn't change performance at all for me.

I still use Firefox with Noscript active and go where I want and access whatever I want on the web. My brain is far superior to determine security risks than any program.

Number of times my systems have been compromised in the last 6 years without my authorization - 0!

However, my daughters accounts are standard users as their brains aren't very good at risk assessment.

 

I agree with you, however I see absolutely no need or purpose to secure my computer. I do nothing at all to secure my computer and just use my own judgement and knowldege to stop me from getting infected. I visit lots of websites every day - even potentially unsafe websites. I also install new software to try it out nearly every day, without ever scanning it before installing.

I do occasionaly scans with Malwarebytes but that's the only security software I ever run - no antivirus software, no online scans, nothing at all to block malicious sites.

I am running Windows 7 currently but I would do exactly the same if I was still using XP.

I'm certainly not dismissing the importance of securing a system or saying that it doesn't matter, but for me I can keep my system infection free without the hassle of trying to fix any possible security hole.

 

That's a fair opinion and fair procedures... that you will hold proudly until you finally get severely infected and notice it.

 

Care to share? Perhaps in another thread?

 

AE = AntiExecutable software.

Of course it depends on which AE you use but you get his point

 

I could write a lot about ae but I dont think it would get anywhere. In short, if you were given SP1 XP and a rootkit you may very well be infected. Or any XP or any OS.

 

It has been well over a year since I've been infected. Sure at some point in time I may get another infection - but in all honesty I think the likelihood of that is fairly low. Also, I'm not paranoid about being infected - I've never come accross any malware that I can't remove or that made me feel the need to reformat and start over.

I belive that I am very well protected against infection because I don't rely on any security software to intercept malware before it infects my system, but rather use my own judegment on what to let run - i.e. if I think an an attachment or download is portentially unsafe I won't run it. Sadly too many people don't have the knowledge to make their own judgement in such cases and rely solely on their security setup to protect them. This is all very well until and unkown threat comes along and infect their system.

 

Because of those 'NO!-can-absolutely-NOT-be-upgraded/changed/recoded/discarded/etc, particularly-on-one-browser-based-programs?
Probably used by the tinniest department in a worldwide corporation, known at the sysadmin office as the program 'faeces 1.0' and the browser in question of course being...badaboom... vanilla IE6?

 

Both systems are, unfortunately (and only currently), flawed. In your case all it takes is a slip of judgment (no one is perfect! I've been infected due purely to my own lack of judgement) and all some other persons case may be their system not working against a new threat. Or some combination of both.

As "random" users we aren't really targets for direct attacks and automated attacks usually target users running with outdated mcaffee and unpatched systems aka: old people. So that semblance of obscurity really does go a long long way.

 

Wow. What a sweeping generalization.

 

Yes it is. And as with all generalizations it's really not the case. I just get annoyed because most of the people I see getting hit with malware are older and that bothers me.

My only point is that automated attacks tend to attack people running outdated software and who have outdated AVs - most people I know with mcaffee have it because it came with the computer and because they never purchased it they started ignoring its popups/ updates.