What is your infection chance?

Discussion in 'other anti-malware software' started by Kees1958, Jul 5, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Currently just using Antivir free and DefenseWall

    So Antivir paid covers 99,6% (source AV comparatives), free version is about 3 to 4 percent worse (no anti spyware), so I settle for 93% safety, DefenseWall takes out another 95% (at least, possibly more, but for arguments sake). so this leaves my infection chance of 0,35 percent.

    For post infection warning I have got Rising FW, which silently blocks outbound and checks the hash of programs seeking outbound control (and warns when it is changed). Anvir Task Manager is used as an startup entries IDS (real nice under appreciated program), so when this 0,35% happens I hope to be informed and recover to a previous image of my (off line) external harddrive.

    What do you think is this risk acceptable?
     
    Last edited: Jul 5, 2008
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    It would be nice to determine the percentages of my setup.
    I'll assume that SBIE has the same 95% that Kees's DefenseWall estimation.
    For Returnil... let's see... only known threats are the "dogs", which use direct disk access. Maybe 99+%? Lets settle on 99% flat.

    so, 5%*1%= 0.05%

    A very gross estimate which I'm sure will be destroyed by anyone with a little more knowledge.

    BTW, so far SBIE covers the known weaknesses of Returnil, so maybe it's 0%?

    Actually while I was writing this, I realized it's impossible to determine the exact chance of infection... Just estimates and speculation.
     
  3. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    When was the last time a virus warning popped up?

    I myself haven't seen any warning that wasn't a false positive in ages. I doubt that you would feel safer by using more perfect security software.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    My setups (DefenseWall + ThreatFire and Defense Wall + Rising HIPS and DefenseWall + Avira + Rising FW) have never given a FP to my knowledge.

    Only when testing nasties they did what should be done, kin dof makes you think why I need security in the first place ;)
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It would be nice to see some large-scale studies in which some users are given treatment A, some treatment B, etc, where each treatment is the same set of security software. Then, at the end of the study, we measure infection rates and see which treatments worked the best. However, because the malware population and tactics change over time, and also security software changes over time, there's no guarantee that the winning treatments in a certain time period would prevail in a different (possibly future) time period.
     
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Not sure you can just use the AV comparatives figure because the rating is not specific to your risk profile. Plus the percentage of real world viruses that will penetrate sandboxie/geswall is minimal.
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If past performance is any kind of indicator my chances are very minimal. But I don't have my head buried in the sand either, there is always the chance that I could get nailed from something from the internet. But paranoia is not part of my computer use vocabulary. I plan to enjoy my computer and surf the web with a semblance of sanity and I should remain infection free for a long time. knock on wood[
     
  8. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    My chance is very minimal with my normal surfing habits. But if I do get hit with a drive by my chance of actually being infected is almost nil with HIPS to alert and Sandboxing/Light Virtulization to get rid of it.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    I got a chuckle from this thread. Theres been times i tried hard to deliberately get hit from a site with malware so my HIPS could stall them long enough for me to gather their sample into my collection.

    The chances of a random infiltration for me is 0%, i have to make some effort these days to visit bad sites then wait for them to see whether or not they'll slip in a dropper and such, all even without an AV. Gotta luv those HIPS.
     
  10. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    LOL, never say never, Easter my friend. There is always that slight chance that someday, someone is going to come up with something that is unstoppable.
     
  11. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I think saying 0% is inaccurate, as there is always a chance malware can slip pass your defenses. It could just be 0.001% or something but I think saying 0% doesn't make sense.
     
  12. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Considering the number of security apps you are using, the risk is low. However it is not 0% (as others have already suggested). Also consider the scenario where you have high value information on your computer. Someone might research your setup and be able to come up with something very targeted.
     
    Last edited: Jul 5, 2008
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    It's not entirely impossible i agree, but the percentages are massively in my favor. That's why i'm confident putting out a 0% probability chance to get compromised. It's nearly nill or highly improbable unless i do it myself, no website can do it, thats for sure, i've tried the worse but with plenty of frontal defenses to nullify the attempts.
     
  14. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Well, here is something to think about in bed:

    When a software quality tester doesn't find any error/bug, that does not imply that the tested sofware is error free.
    Would that also mean that when you don't notice malware slipping in, you didn't get infected?

    Question: Do you also test with malware samples from known malware collections, like 'Offensive Computing'?
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Greets again wilbertnl

    I been a long time member of OC and collected some pretty mean beasties from there for sure, so it's a nice database for "found" malware indeed. It's the homemade PoC types that hype of my interest though.

    And again, no website has the potential to infect me unfortunately for them. And this is with the swisscheese IE6 browser. In fact i invite any sites that can do better then close out IE or run lame Iframe or bufferoverflow runs, and there aren't many of those left i'm aware of anymore. It takes more then a website laced with whatever exploit, .js, .vbs, you name it, to punch thru IE6, thats why i'm not a fan of FF, i won't be run to another browser just because i'm too lazy to harden IE, and believe me, as vulnerable as IE seems to have always been, it's never got thru enough to do any real work here, because theres always a nice surprise waiting for them when this system is being signalled by malware visitations. :D
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If you put the malicious lowel level changes (noisy or quiet) aside :
    1. With AntiVir + DefenseWall alone, I would collect malware on my system.
    2. With AntiVir + DefenseWall + ISR + IB, I would stay malware-free.
    Security doesn't keep your system malware-free, that was very clear to me from the beginning. Forums are full of security failures, but hardly recovery failures.
    Only ISR+IB can keep your system malware-free, if you use it right.
    IB alone is in theory enough, but very inconvenient. ISR alone is not enough, but very convenient.
     
    Last edited: Jul 5, 2008
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Your infection chances should be greatly reduced by large percentages these days thanks in whole to the concerted efforts of not just a few developers or groups like used to be commonplace, but now users have a much greater pool of resources from which to choose from as well as grouping many of them together.

    That's why i'm always amazed reading hijackthis forums where users come limping in with all sorts and varieties of infections even though they have antispywares/antiviruses and the like up-to-date but still are crippled. I know some of that comes from their entering those lame bare skin sites where they simply lose control and just have to install that Codec to satisfy that appetite only to discover later they've promptly introduced files which are coded to create maximum disruption or at worse completely BSOD their system without remedy and not even System Restore can pull their tail out that muck because thats one of the many areas which are targetted to make their captured audience pay for their free ticket to the show :D

    But that's not always the case, just one example, some freeware also allow binded apps to flow freely on their servers like a screensaver or other program and even though some AV's can identify and also delete some of the offending files, they by no means possess the capability to fully remove ALL the newly introduced files that were dropped in.

    So chances of being infected really do depend on the user's surfing habit's and what they're willing to chance.
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, Malware Forums are a fraction of the real world, where security fails all the time. The rest of the real world doesn't even know that Malware Forums exist. How many of these users use ISR and/or IB right ? Not many otherwise Malware Forums wouldn't have so many visitors. SWI Forum solved HJT Logs in the beginning, when I left SWI, they became smarter, they still solved HJT Logs, but they also gave advice how to keep their system malware-free.
    Wilders is not the real world, because most members know what to do to keep their system malware-free.
     
    Last edited: Jul 5, 2008
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    No one is mentioned this yet but it fits. The chances of infection are nipped in the bud with SuRun (LUA) coupled with SRP plus a quality script monitor IMO.

    Well, for that matter, so are some hardening tools added into that mix.

    I'm a big fan of ISR but only one, FD-ISR (Genuine), now theres a curve ball, i only wish they would have or could have kept it and marketed it themselves, but i completely understand their concern over support issues. But as good as they are, i don't see many support issues which might overtake their ability to address them from home base, but i could be wrong. If ever there was an ISR that was carefully thought out and then fashioned to perfection, in my book they claim the prize.

    EASTER
     
  20. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    I agree that SandboxIE and Returnil make a formidable defense (assuming they are used correctly).

    Joined with the average anti mal ware applications the probability of not being able to avoid a meltdown is close to 95% in my experience.

    I have gone into mal ware hell areas of the net and no meltdowns yet ( this is 100 percent so far but for statistical purposes I will say 95%).

    Incidentally the CIA when asking for a vouch on someone, does not allow the certainty to exceed 90%. I take it that "100%" has bitten them in the pants prior to this policy, the same goes for getting zapped on the net.
     
  21. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I think for almost everybody who goes on Wilders regularly the infection chance is less than 1%.
     
  22. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Inactive malware is harmless.
     
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    A little common sense and one good security program = enjoying your computer in peace.;)
     
  24. 3xist

    3xist Guest

    I don't use an AV Anymore.

    My Opinion: Anti-Virus Software isn't enough anymore. AV's depend on signatures that researchers first need to find, then update the AV Database & Release it. So what are the chances off getting infected while just relying on an AV? (It's only an example).

    HIPS Would be the ultimate solution. Prevention should be the first line off defense, You need a layered security solution:
    Prevention (Good HIPS products)
    Detection (your AV)
    Cure (Like an insurance policy if you get infected)

    It's only my opinion... Others could be different. Sorry to be a bit off topic.

    Josh
     
  25. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Black list scanners won't cover you 100%. However heuristics improves detection.

    HIPS won't cover all your bases either. And can be incredibily intrusive.
     
Loading...
Thread Status:
Not open for further replies.