What is your infection chance?

Currently just using Antivir free and DefenseWall

So Antivir paid covers 99,6% (source AV comparatives), free version is about 3 to 4 percent worse (no anti spyware), so I settle for 93% safety, DefenseWall takes out another 95% (at least, possibly more, but for arguments sake). so this leaves my infection chance of 0,35 percent.

For post infection warning I have got Rising FW, which silently blocks outbound and checks the hash of programs seeking outbound control (and warns when it is changed). Anvir Task Manager is used as an startup entries IDS (real nice under appreciated program), so when this 0,35% happens I hope to be informed and recover to a previous image of my (off line) external harddrive.

What do you think is this risk acceptable?

 

It would be nice to determine the percentages of my setup.
I'll assume that SBIE has the same 95% that Kees's DefenseWall estimation.
For Returnil... let's see... only known threats are the "dogs", which use direct disk access. Maybe 99+%? Lets settle on 99% flat.

so, 5%*1%= 0.05%

A very gross estimate which I'm sure will be destroyed by anyone with a little more knowledge.

BTW, so far SBIE covers the known weaknesses of Returnil, so maybe it's 0%?

Actually while I was writing this, I realized it's impossible to determine the exact chance of infection... Just estimates and speculation.

 

When was the last time a virus warning popped up?

I myself haven't seen any warning that wasn't a false positive in ages. I doubt that you would feel safer by using more perfect security software.

 

My setups (DefenseWall + ThreatFire and Defense Wall + Rising HIPS and DefenseWall + Avira + Rising FW) have never given a FP to my knowledge.

Only when testing nasties they did what should be done, kin dof makes you think why I need security in the first place

 

It would be nice to see some large-scale studies in which some users are given treatment A, some treatment B, etc, where each treatment is the same set of security software. Then, at the end of the study, we measure infection rates and see which treatments worked the best. However, because the malware population and tactics change over time, and also security software changes over time, there's no guarantee that the winning treatments in a certain time period would prevail in a different (possibly future) time period.

 

Not sure you can just use the AV comparatives figure because the rating is not specific to your risk profile. Plus the percentage of real world viruses that will penetrate sandboxie/geswall is minimal.

 

If past performance is any kind of indicator my chances are very minimal. But I don't have my head buried in the sand either, there is always the chance that I could get nailed from something from the internet. But paranoia is not part of my computer use vocabulary. I plan to enjoy my computer and surf the web with a semblance of sanity and I should remain infection free for a long time. knock on wood[

 

My chance is very minimal with my normal surfing habits. But if I do get hit with a drive by my chance of actually being infected is almost nil with HIPS to alert and Sandboxing/Light Virtulization to get rid of it.

 

I got a chuckle from this thread. Theres been times i tried hard to deliberately get hit from a site with malware so my HIPS could stall them long enough for me to gather their sample into my collection.

The chances of a random infiltration for me is 0%, i have to make some effort these days to visit bad sites then wait for them to see whether or not they'll slip in a dropper and such, all even without an AV. Gotta luv those HIPS.

 

LOL, never say never, Easter my friend. There is always that slight chance that someday, someone is going to come up with something that is unstoppable.

 

Hi

I think saying 0% is inaccurate, as there is always a chance malware can slip pass your defenses. It could just be 0.001% or something but I think saying 0% doesn't make sense.

 

Considering the number of security apps you are using, the risk is low. However it is not 0% (as others have already suggested). Also consider the scenario where you have high value information on your computer. Someone might research your setup and be able to come up with something very targeted.

 

It's not entirely impossible i agree, but the percentages are massively in my favor. That's why i'm confident putting out a 0% probability chance to get compromised. It's nearly nill or highly improbable unless i do it myself, no website can do it, thats for sure, i've tried the worse but with plenty of frontal defenses to nullify the attempts.

 

Well, here is something to think about in bed:

When a software quality tester doesn't find any error/bug, that does not imply that the tested sofware is error free.
Would that also mean that when you don't notice malware slipping in, you didn't get infected?

Question: Do you also test with malware samples from known malware collections, like 'Offensive Computing'?

 

Greets again wilbertnl

I been a long time member of OC and collected some pretty mean beasties from there for sure, so it's a nice database for "found" malware indeed. It's the homemade PoC types that hype of my interest though.

And again, no website has the potential to infect me unfortunately for them. And this is with the swisscheese IE6 browser. In fact i invite any sites that can do better then close out IE or run lame Iframe or bufferoverflow runs, and there aren't many of those left i'm aware of anymore. It takes more then a website laced with whatever exploit, .js, .vbs, you name it, to punch thru IE6, thats why i'm not a fan of FF, i won't be run to another browser just because i'm too lazy to harden IE, and believe me, as vulnerable as IE seems to have always been, it's never got thru enough to do any real work here, because theres always a nice surprise waiting for them when this system is being signalled by malware visitations.

 

If you put the malicious lowel level changes (noisy or quiet) aside :
1. With AntiVir + DefenseWall alone, I would collect malware on my system.
2. With AntiVir + DefenseWall + ISR + IB, I would stay malware-free.
Security doesn't keep your system malware-free, that was very clear to me from the beginning. Forums are full of security failures, but hardly recovery failures.
Only ISR+IB can keep your system malware-free, if you use it right.
IB alone is in theory enough, but very inconvenient. ISR alone is not enough, but very convenient.

 

Your infection chances should be greatly reduced by large percentages these days thanks in whole to the concerted efforts of not just a few developers or groups like used to be commonplace, but now users have a much greater pool of resources from which to choose from as well as grouping many of them together.

That's why i'm always amazed reading hijackthis forums where users come limping in with all sorts and varieties of infections even though they have antispywares/antiviruses and the like up-to-date but still are crippled. I know some of that comes from their entering those lame bare skin sites where they simply lose control and just have to install that Codec to satisfy that appetite only to discover later they've promptly introduced files which are coded to create maximum disruption or at worse completely BSOD their system without remedy and not even System Restore can pull their tail out that muck because thats one of the many areas which are targetted to make their captured audience pay for their free ticket to the show

But that's not always the case, just one example, some freeware also allow binded apps to flow freely on their servers like a screensaver or other program and even though some AV's can identify and also delete some of the offending files, they by no means possess the capability to fully remove ALL the newly introduced files that were dropped in.

So chances of being infected really do depend on the user's surfing habit's and what they're willing to chance.

 

Yes, Malware Forums are a fraction of the real world, where security fails all the time. The rest of the real world doesn't even know that Malware Forums exist. How many of these users use ISR and/or IB right ? Not many otherwise Malware Forums wouldn't have so many visitors. SWI Forum solved HJT Logs in the beginning, when I left SWI, they became smarter, they still solved HJT Logs, but they also gave advice how to keep their system malware-free.
Wilders is not the real world, because most members know what to do to keep their system malware-free.

 

No one is mentioned this yet but it fits. The chances of infection are nipped in the bud with SuRun (LUA) coupled with SRP plus a quality script monitor IMO.

Well, for that matter, so are some hardening tools added into that mix.

I'm a big fan of ISR but only one, FD-ISR (Genuine), now theres a curve ball, i only wish they would have or could have kept it and marketed it themselves, but i completely understand their concern over support issues. But as good as they are, i don't see many support issues which might overtake their ability to address them from home base, but i could be wrong. If ever there was an ISR that was carefully thought out and then fashioned to perfection, in my book they claim the prize.

EASTER

 

I agree that SandboxIE and Returnil make a formidable defense (assuming they are used correctly).

Joined with the average anti mal ware applications the probability of not being able to avoid a meltdown is close to 95% in my experience.

I have gone into mal ware hell areas of the net and no meltdowns yet ( this is 100 percent so far but for statistical purposes I will say 95%).

Incidentally the CIA when asking for a vouch on someone, does not allow the certainty to exceed 90%. I take it that "100%" has bitten them in the pants prior to this policy, the same goes for getting zapped on the net.

 

Hi

I think for almost everybody who goes on Wilders regularly the infection chance is less than 1%.

 

Inactive malware is harmless.

 

A little common sense and one good security program = enjoying your computer in peace.

 

I don't use an AV Anymore.

My Opinion: Anti-Virus Software isn't enough anymore. AV's depend on signatures that researchers first need to find, then update the AV Database & Release it. So what are the chances off getting infected while just relying on an AV? (It's only an example).

HIPS Would be the ultimate solution. Prevention should be the first line off defense, You need a layered security solution:
Prevention (Good HIPS products)
Detection (your AV)
Cure (Like an insurance policy if you get infected)

It's only my opinion... Others could be different. Sorry to be a bit off topic.

Josh

 

Black list scanners won't cover you 100%. However heuristics improves detection.

HIPS won't cover all your bases either. And can be incredibily intrusive.