what is the easiest/best way to get infected ?

@Long View

I don't believe that you are serious about wanting to get infected.
It appears that you just wanted to take some pot shots at gullible people.
I'm better than the rest of you type post.

What methods/Softwares do you use to verify that you are clean?
Or do you boot up a clean image at each start up?

 

NO, hardware firewall will block worms. Even Pre SP1 WinXPs basic firewall can block a lot of worms.

 

Hi Searching - sorry if you feel that I have misled in any way. In Post #1 I didn't say I wanted to get infected. I asked what was the best way to get infected. I was interested in establishing how a normal user might get infected with the previso that they had a hardware firewall and that they used FF + Noscripts. My belief was (a) that co-operation on the part of the user was probably required and (b) that software protection was not the only way. So far the replies have only confirmed my view that those who get infected do so in a voluntary way.


what method (software methods) do I use to verify ? every so often I run something like CSI, Super-anti spyware......... There are many programs that can be loaded with Shadow Defense protection running so there is no need to have any security installed. After years of no reported infection Iam reasonably confident that my machines are not infected. Yes - Images are available if required. If there is a program that you want to suggest that I run to check ( and there is a free trial) I will do so and report back.

Yes - guilty of tacking pots shots. Software protection is a legitimate way of providing protectrion BUT it is not the only way - there are alternatives and I consider it only fair to poke a bit of fun at those who are without a heavy layered overcoat that infection is inevitable.

If anyone can come up with a way that a machine can get infected that can only be stoped by software then I would be interested. As previously outlandish and extreme behavior invalidates a method.

 

Method #26: Get a cousin and let him/her use your computer...

 

@Long View

I have been under attack, who I don't know for sure. They are able to find me in any public environment which they have listed and is tied to last known IP. So, If I cycle my IP and don't use any personally Identifiable web sites, I have little to no issues. The moment I use a last known personally identifiable place, (Searching_ _ _ @ Wilders Security Forums), I am on the radar so to speak.
After a clean wipe, while using Returnil they could not get a foothold into my machine. They could create bsod's to cause problems by corrupting drivers in an attempt to get me to lower my shield. I did have to update.
Once inside, they inject into COM services, specifically clbcatq.dll, which can inject into all other processes. They are also able to remove this dll patching at will, 54kb in size. I am unable to determine if they are resident and where. What files have they corrupted to maintain their foothold. They must have corrupted some file/drive, because they had to breach the machines shield, Returnil to get a foothold.

My point is that surfing is not the only way to get infected/pwned.

Also, those who don't use virtualization products for protection, while connected to the outside world, which are probably the majority, are at a greater risk of becoming pwned.

While I fit within your opinion of,

You don't have a sufficient sample to statistically say you are correct.

 

@Searching: Have you been targeted for no reason or are you running a webserver f.e.?

 

To be a target means there is a reason.

If I could uninstall the servers built into windows, I would.

Is my garbage being collected, yes.
Is my computer being attacked, yes.
Am I being followed, yes.

Would you like me to be more specific?

 

I know, but these servers are running on everybody's computer aren't they?
Without being too nosy, what reason could someone have to target a specific person?

I hope you won't be hassled too much.

 

Your lack of multiple questions and sparse posts indicate a high level of knowledge in comparison to me.

So if it wouldn't be too much trouble, would you help me in discovering these aberrant file additions?

 

Leaving user actions (what they open, click on, etc) out of the picture for the moment, there are basically 2 ways you or your PC are targeted. Most "attacks" are not aimed at any particular user or PC. Port scans and MS-SQL Worm propagation attempts are examples of looking for any vulnerable PC/server, not someone in particular. My Smoothwall logs an average of 10 of those SQL "attacks" every day. Most of the non-specific attacks can be dealt with by good firewall rules and staying up to date.

There's many possible reasons. The targeted user could have evidence of corporate or government corruption (whistle blower). In some nations, that could include evidence of human rights violations. The user could be developing a product or software that someone wants to steal. Pretty much any reason that would justify strong encryption to protect data is also reason for someone to try to hack a system to get at it.
Attacks that are specifically targeting you are another matter. Depending on who it is and why they are targeting you, you might need to take some extreme steps to defend yourself.

Without going into details, could you clarify one point? Is it you specifically that's being targeted or is there specific data on your PC that someone wants bad enough to target you?

In many cases, you can. Have you looked at LitePC? You might also consider using an OS that doesn't have them in the first place. If neither of these are practical, a good rule based firewall can block all access to those servers. If you can start over with a clean copy of your OS, installed on a wiped drive on a PC with a freshly flashed BIOS, then install your apps and updates from clean, offline copies, you'll start with a system that is as close as you can get to guaranteed clean. Then set up a default-deny security policy that's enforced by system configuration and good security software including frequent integrity checking. Keep this PC behind a hardware firewall such as Smoothwall.

 

IMO the best way is to vist cracker and porn related sites with IE6 without system patches.

 

It is important for me in learning how to prevent or restrain the majority of mischief, as well as, as Long View puts it, personal mistakes or voluntary infections.
Yes, I am specifically targeted. Many different things which goes back to before I was born, it is sort of inherited.
If you would like to classify my computer and internet usage as specific data then yes, but if it is in relation to software development then no.
They make system changes, like powersaver functions and screensaver timeouts to see at what point I notice their intrusion. Recently I've found a COM driver, clbcatq.dll, with 54kb of extra data that returned to normal while I was researching it.

This is great advice and have used it already, it did wonders but wasn't 100%. My WLAN and or NIC are still affected. I can't see my wifi connection from router in Network Connections, so can't connect via Network Connections.
Is there an alternative to connect my WLAN to my wireless router?
I can see it with NetStumbler and another computer, but not this computer and the Windows components. I have tried SSID hand shaking but doesn't change a thing.

I have been contemplating a hardware firewall, though I am not great at creating rules. I have tried this with my modem which has a firewall that you must configure, I was lost.
I am currently learning about VMWare and the like, will have to add Smoothwall to the list of need to learn.
PCLite is intriguing. I have been looking at TinyVista and MicroXP and like the idea but unsure of the security risk.

I hope I have not hijacked Long View's thread or gone too far offtopic.

Thank you for the pointers and advice, it is helpful.

Searching_ _ _

 

I have an old netgear - no need to create rules ( although you can if you want).
I would have thought that their more modern Firewall, Router, modem packages would be fairly cheap and easy to install

 

I'd add to that
"Visiting some really Nasty (i.e. Heavily Infected) Russian & Chinese sites".
Complete Disaster!

 

5 Ways to Surf Like a Complete Moron