Where are all infections?

Discussion in 'other security issues & news' started by ako, Aug 18, 2009.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I lift this here:

    It is not so easy to find an infected machice. Some PC:s seen during summer:

    1) Vista. Used as admin. 1.5 years without any security software. Clean.
    2) XP. Used as admin. some months without any AV software. Clean.
    3) XP. Used as admin. several years with a completely outdated AV software (F-secure 2002). Clean.
    4) win2000. Used as admin. several years with a completely outdated AV software (F-secure 2002). Clean.
    5) XP. Used as admin. with slightly outdated AV software (F-secure 2007). Clean.
    6) XP. Used as admin. with a slightly outdated AV software (F-secure 2007). Clean.

    You can guess I was disappointed! :D
     
  2. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Indeed, contrary to what some people might suggest, not everyone in the world is horribly infected with stealth rootkits and undetectable password stealers that also pillage your drawers for your socks - unless of course you spend $$$ on a very special security software to protect you from these omnipresent and nigh invincible threats.

    Some people just don't do much that would get them infected without being unlucky, and then they'll happily browse along without worries and also without getting infected in spite of not having all kinds of security measures in place. And some people of course manage to get infected even running the fanciest security suite. Some people find a reasonable balance in between two extremes of relying on sheer luck and building an invincible and unusable fortress.

    In a security forum, it's sometimes easy to fall into fear and paranoia, and start believing that everyone is infected and all kinds of superadvanced malware lurk behind every corner just waiting to pounce on you. In reality, of course, things aren't that bad, and then you may get "surprised" when you see systems that aren't obviously infected.

    Where are all the infections? They're out there, most on systems that haven't been keeping up with updates and systems used by people who either don't know or care about security. But there may not be as many of the infections as one might think.

    During the summer, I saw some systems that were seriously infected and in need of a flatten and reinstall, and I saw some systems that were as clean as they get. Business as usual. But if users can be educated more about security, and they can be encouraged to adopt best practices, that certainly isn't going to get them more infected than before. :)
     
  3. JohnnyDollar

    JohnnyDollar Guest

    I have learned that security lies more in the user than anything else. My pc has not been infected in 3 years. I have downloaded a couple of trojans, but those were dealt with no problem. I use an av, a firewall and an on demand scanner. I don't use HIPS or behavior blockers. I have Vista UAC turned off. I use an admin account. I never find anything when I do my scans. I have a drive image program if something bad happens I'll restore from an image. I look at some the signatures of some of the members on this forum and I am saying to myself "man that is overkill". But if it works for them that is fine, I don't need all that though. I use a paid av Nod32, which I really like, but don't have to have. I could use a free one and still be fine I am sure. I use a free 3rd party firewall because I don't want to configure Vista firewall for outbound. Although I have done that in the past, a 3rd party interactive firewall is so much easier to me. Although I don't have to have outbound protection, I like to have full control over which programs are calling home. I have a few programs that I don't want them calling home every time I use them, even though I know they aren't malicious.
     
  4. wat0114

    wat0114 Guest

    The only machine I've seen infected the last three or four years was done through sheer stupidity. The guy's been told over and over not to install rogue games, nor give out his personal info on these rogue online "forms", but he does it anyways. Why? Who the heck knows. You can lead a horse to water but you can't make it drink is what comes to mind with this guy.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Why would you get any infections?
    Mrk
     
  6. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    We're not running Linux! :D
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Non-Linux users have happily avoided infections for many years.

    ----
    rich
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    Yep, I for one have managed to avoid them for 15 years online now....
     
  9. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Nice hunting sites. ;)
    Article
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Not only is the Symantec article using generic terms like "infect computers" rather than operating systems, plus "just by going there ...." panic suggestion that does not help anyone, they are also blathering an entire industry, the very reason Internet exists, more or less, as it is today.

    "Ms Connor said hackers were targeting vulnerabilities in website browsers and this affected both PCs and Mac computers." Yes, throw all eggs into one basket.

    Not one word of actual advice on how infections occur.
    Not one suggestion about how to handle these possible threats.

    It's like, keep them dumb and frightened, and they will buy our stuff.

    To counter the panic advice given by Symantec and their pseudo-Armaggedonistic flavor laced with a bit of good ole conservatism:

    Going to "suspicious" sites? Disable javascript. It costs 0 money and takes 0 resources and requires no anti-virus product by panic mongers. It's absolutely staggering. If you don't want to use Noscript or such, you can install a dedicated p0rn browser that has JS disabled and all it's used for to browse the "dirty" web. Oh my.

    Cheers,
    Mrk
     
  11. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Norton Symantec names Top 100 Dirtiest websites
    http://www.news.com.au/story/0,27574,25956302-29277,00.html


    I checked all thirty samples listed of the proclaimed Dirtiest Web Sites with McAfee Site Advisor
    http://www.siteadvisor.com/analysis/

    Here are the results:

    17ebook.com = Green
    http://www.siteadvisor.com/sites/17ebook.com

    aladel.net = No Results
    http://www.siteadvisor.com/lookup/?q=aladel.net

    bpwhamburgorchardpark.org = Green
    http://www.siteadvisor.com/sites/bpwhamburgorchardpark.org

    clicnews.com = Green
    http://www.siteadvisor.com/sites/clicnews.com

    dfwdiesel.net = Green
    http://www.siteadvisor.com/sites/dfwdiesel.net

    divineenterprises.net = No Results
    http://www.siteadvisor.com/lookup/?q=divineenterprises.net

    fantasticfilms.ru = No Results
    http://www.siteadvisor.com/lookup/?q=fantasticfilms.ru

    gardensrestaurantandcatering.com = Green
    http://www.siteadvisor.com/sites/gardensrestaurantandcatering.com

    ginedis.com = Green
    http://www.siteadvisor.com/sites/ginedis.com

    gncr.org = Green
    http://www.siteadvisor.com/sites/gncr.org

    hdvideoforums.org = Green
    http://www.siteadvisor.com/sites/hdvideoforums.org

    hihanin.com = Green
    http://www.siteadvisor.com/sites/hihanin.com

    kingfamilyphotoalbum.com = Red
    http://www.siteadvisor.com/sites/kingfamilyphotoalbum.com

    likaraoke.com = Green
    http://www.siteadvisor.com/sites/likaraoke.com

    mactep.org = No Results
    http://www.siteadvisor.com/lookup/?q=mactep.org

    magic4you.nu = Green
    http://www.siteadvisor.com/sites/magic4you.nu

    marbling.pe.kr = Green
    http://www.siteadvisor.com/sites/marbling.pe.kr

    nacjalneg.info = Green
    http://www.siteadvisor.com/sites/nacjalneg.info

    pronline.ru = Green
    http://www.siteadvisor.com/sites/pronline.ru

    purplehoodie.com = Red
    http://www.siteadvisor.com/sites/purplehoodie.com

    qsng.cn = Green
    http://www.siteadvisor.com/sites/qsng.cn

    seksburada.net = Green
    http://www.siteadvisor.com/sites/seksburada.net

    sportsmansclub.net = Red
    http://www.siteadvisor.com/sites/sportsmansclub.net

    stock888.cn = Green
    http://www.siteadvisor.com/sites/stock888.cn

    tathli.com = Green
    http://www.siteadvisor.com/sites/tathli.com

    teamclouds.com = Red
    http://www.siteadvisor.com/sites/teamclouds.com

    texaswhitetailfever.com = Green
    http://www.siteadvisor.com/sites/texaswhitetailfever.com

    wadefamilytree.org = No Results
    http://www.siteadvisor.com/lookup/?q=wadefamilytree.org

    xnescat.info = Green
    http://www.siteadvisor.com/sites/xnescat.info

    yt118.com = No Results
    http://www.siteadvisor.com/lookup/?q=yt118.com

    I also visited these Web Sites with the following on my test system:
    01)- No resident security software and Windows Firewall off
    02)- Hardware firewall router with stateful packet inspection (SPI), filtering: proxy, cookies, activex, anonymous internet requests, multicast, internet NAT redirection, IDENT(Port 113)
    03)- Microsoft Internet Explorer 7 blocking: first party cookies, third party cookies, session cookies, flash activex (d27cdb6e-ae6d-11cf-96b8-444553540000)
    04)- Ad Block Pro v2.6 for Microsoft Internet Explorer
    05)- Microsoft Windows XP SP2 with all Flash removed from system

    I had fun surfing with no adverse aftermath to my system.
    Conclusion = The need of security software is almost nil. Trying to scare the public for monetary gain is.....well.....what ever one wants to call it.....


    HKEY1952
     
  12. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Well said. Articles like this http://www.news.com.au/story/0,27574,25956302-29277,00.html tend to almost invariably be AV company FUD, designed to make people afraid enough to buy AVs instead of teaching them how to avoid infections. The largest parts of the security software industry are basically pumping out FUD at a rate that makes any tin foil hat conspiracy theorist group blush. They seem to have absolutely no real interest in keeping people safe - instead, they're interested in keeping people ignorant and afraid so people will buy their software. Business is of course business, but the way AV companies go about this is in my view a whole lot more shady than almost any other even remotely legit software business.

    Excellent advice. Disabling Javascript breaks a whole lot of exploits and attacks for various browsers and even attacks against browser plugins. Actually I would say it probably breaks at least 90 % of them - looking at any report on any exploit, it almost always uses Javascript, sometimes because it's really required and sometimes because it's just easier that way. While disabling Javascript also breaks many legit sites, decent browsers have built-in mechanisms to configure Javascript on a per site basis to make it less of a problem: for example in Opera, you can disable Javascript for all sites and then enable it for your "more trusted" sites like perhaps Wilders.
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Managed to grab a pdf exploit and it's payload in being a load.exe from "teamclouds" so far but not anything else atm?
     
  14. wat0114

    wat0114 Guest

    I tried really, really hard to get pwned from one of those sites last night (surfed to at least 15 of them, clicking on many of the links within the sites) using Firefox sandboxed in virtualbox, in LUA/SRP and Outpost firewall (to monitor network activity) on host system account, NO antivirus, but not one exploit to speak of. Firefox warned of two attack sites. Even though I ignored the warnings nothing evil occurred.

    Yes, my test system could be considered overkill but just in case I wanted to play it ultra safe.

    Indeed, lots of fear mongering and FUD by the Symantec rep.
     
  15. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yep, seems Symantec are just scaring the masses shirtless, very similar to those espousing SRP, LUA and or use Linux distros. LOL

    And if ya wanna find the devil don't go looking for him with a million crucifixes hanging off ya.
     
  16. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    LOL. In spite of being logically absurd, that's actually a pretty funny troll. :)

    Symantec is trying to make people pay money for their AV. To do that, they try to scare people "shirtless", and I'd say pantless as well, by articles such as this one discussed right here. They don't bother to provide information on how one might actually avoid getting infected in the first place, but just offer vague scare articles and recommend you to get out your wallet and give them some money so they can protect you - as if they could. How many systems out there are both infected and running with a Symantec AV? The answer is many.

    By contrast, those advocating LUA or some free Linux distro aren't trying to scare people into paying them. They're giving people advice on how they could avoid many malware issues without having to pay any money to security software companies, or anyone else for that matter. They give out free information on how to avoid getting infected, and how the infections actually happen, and why something like LUA prevents many of the infections and indeed does much more than that.

    One is providing FUD and trying to sell you stuff. The other is providing information and charging nothing for it. Pretty obvious case here.

    Then, of course, there's the third group of people who market some particular security software as the single solution to all malware problems, even when the author of that security software himself recommends using his software together with traditional AV and anti-malware products instead of making it the only line of defense.

    Ah, Windows security forums. Fun stuff. :D
     
  17. pbw3

    pbw3 Registered Member

    Joined:
    Nov 12, 2007
    Posts:
    113
    Location:
    UK
    What made me smile was when I followed the link above.. Down at the bottom of the page, there is a link to Norton Safeweb, which I followed out of curiosity, only to be told by Norton that I couldn't access their security site because I did not have Javascript enabled..!!

    On one of the sites, NOD woke up and flagged something; it included "Iframe" in the middle of the name of the trojan it had spotted..?? I'm not "looking", but guessing that suggests an i-frame exploit..??

    My default for Opera (for normal day to day), is to disable everything: Javascript, i-frames, java and plug-ins etc, and allow bits only if needed (and then run it in a sandbox with LUA/SRP anyway!). Yes, probably complete overkill too, but better that than the other..

    And it's a dirty job, especially for those who willingly put themselves in the front line...:) But some of us might just be checking that the crucifixes are all in tip top shape.. Heaven forbid that I should personally ever want to meet the ugly critter face to face..!!

    Peter
     
  18. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Ye all are being a bit harsh on poor Norton Symantec !

    See ..

    I am a lot more educated after reading the report.
    I know know that evil dirty websites are as dangerous as non-evil ones.

    I could loose millions of dollars !
     
  19. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    That's OK folks, there is light at the end of the tunnel, and the Sun always has an way of rising at the right time.
    When Microsoft Windows 7 is retail, and the Free Microsoft Security Essentials is out of BETA, there will not be any need for third party security software.

    Thank you Microsoft,
    Thank you for the:

    01)- New and improved Microsoft Windows 7 Operating System designed with security as an priority
    02)- New and improved Microsoft Windows two way firewall
    03)- New and improved Microsoft Windows Limited User Account Control
    04)- New and improved Microsoft Internet Explorer 8 with ad blocking, phishing filter, and better overall security
    05)- New and improved Microsoft Security Essentials with free antivirus and spyware detection and removal, along with real time protection

    All that I need to do now is get used to not having to open and close countless security applications to modify settings and check for updates and newer versions.


    HKEY1952
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I completely agree with your post. Some people still look at MS's new security developments, as trying to put the competition out of business. A little addendum to your list, IE8 will scan executables for malware even without an AV installed.

    As my signature shows, I'm still using Avira Premium on one machine as I have paid for it (more as a donation than a requirement), but I have already tested MSE, and runs very lightly indeed.

    Things have changed ever since I joined this forum: the mentality then was to clean, sanitize a system. With the advent of sandboxing, light virtualization, and reliable imaging programs it's almost impossible to get infected or making irreparable damage to your system. Some interest and knowledge from the user is still required though.
     
  21. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I tend to think that if you used the basic security provided by XP (its firewall) and Vista (firewall + UAC + WD) and you were careful with your browsing and e-mails, what you experienced is not surprising.

    There is however the old dilemma lingering about infections: how does one know for sure the system is completely free from any unwanted objects? Some rootkits are very difficult to detect, and won't affect the normal functioning of a machine, same with spyware it might dwell on your system without giving any sign of its presence, unless you check your system every now and then.
     
  22. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Yes I agree, the basic security measure yields are not at all surprising results.
    The old dilemma lingering about infections, wondering if the the system is completely free from any unwanted objects, subjects our vulnerable minds prey to security venders.


    HKEY1952
     
Loading...
Thread Status:
Not open for further replies.