|
Every browser has had 0-day vulnerabilities, where just browsing to a website with clever Javascript can compromise your computer. That script could be shown on almost any website, not just "bad" websites, as a lot of hackers use advertising networks to spread this script and it can show up on anyone's site that displays ads. The most clever viruses are ones that you will never notice you got and have low impact on your PC so you will never notice them running. Kinda like the HPV sexually transmitted disease of the computer world. That's why HPV is so prevalent.
How do you *know* you don't have a virus running right now with a keylogger that waits for sequences of keys that appear to look like a credit card and sends them off? You don't sit there monitoring WinPCap constantly, you don't actually believe that checking WinPCap once in a while means you don't have a virus do you?
Look in your running processes list right now. How many rundll processes are running right now? Do you have any idea what dll's each rundll is running? When is the last time you checked? Do you maintain a list of which ones are actual system processes and which one your newest piece of software installed? How do you know that clever browser script didn't replace a system DLL with one that works just as well but also contains the infected code?
As someone who may have dabbed in the black-hat side of things a long time ago, I promise you that without an integrated pre-emptive AV scanner installed, it is *impossible* to know what is being compromised on your PC right now. Even if you do a complete file scan once in a while, there are very easy ways to conceal a virus from static file scans that many viruses employ.
In the last 6 months or so, I've had my AV catch drive-by javascript exploit attempts twice. Before a browser runs any scripts, those are run through the AV. Just that right there is reason enough, even if you don't believe anything I just wrote.
|
|
|
|
|
Mike Marynowski wrote: Every browser has had 0-day vulnerabilities You worry about your browser. I worry about Skype displaying their Flash ad in a little browser in the chat-application. It is an open window, every friggin' WebBrowser component is a potential security risc, and when they run I wanna know what they load, and they will not load anything from a blacklisted domain.
Mike Marynowski wrote: The most clever viruses are ones that you will never notice you got and have low
impact on your PC so you will never notice them running. Yes; but unless their mere existence is an academic effort in propagation, they will have a purpose and attack one of the files, altering it (changing a fingerprint) or try to communicate (hello firewall).
Mike Marynowski wrote: You don't sit there monitoring WinPCap constantly, you don't actually believe
that checking WinPCap once in a while means you don't have a virus do you? No, nor do I monitor it manually. Still, WinPCap is there for the same reason as an AV, to monitor my succes at not getting infected.
Mike Marynowski wrote: Look in your running processes list right now. How many rundll processes are
running right now? ..aight, right click on the column names, add "startup path". Happy hunting. And yes, if it is the kind of thing you do if you think it is important. Do you run any code you come across?
Mike Marynowski wrote: How do you know that clever browser script didn't replace a system DLL with one
that works just as well but also contains the infected code? A browser script does not have enough rights to do anything that requires admin priviliges. That also happens to be the default on modern Windows machines. Since addins for the browser used to run under the users' credentials, that was a nice entry point too. Things like sandboxing have become the norm. ActiveX has to ask for certain priviliges.
OTOH, it is rather a cheap distribution channel for malware, and there are enough people that will grant those rights to any addin. They can do so, because the settings allow them to do so. In your case, I'd delete your browser and install the Linx browser. Try and run some Silverlight in there
Mike Marynowski wrote: As someone who may have dabbed in the black-hat side of things a long time ago,
I promise you that without an integrated pre-emptive AV scanner installed, it is
*impossible* to know what is being compromised on your PC right now. I had to give that guarantee to professional software, and did
As long as one is admin, one has complete control over what happens in the system. If it weren't so, we would have DRM. There is your other side of the coin - I can attach a debugger to any process.
Mike Marynowski wrote: In the last 6 months or so, I've had my AV catch drive-by javascript exploit
attempts twice The machine I guaranteed does not allow for JavaScript. You can't have safe elephanting without protection.
So no, not the setup for the average user, as those already freak out if a cooky cannot be set. Imagine that, browser-games would refuse to run, without cookies, Silverlight and Flash. Ain't policies involving proxies great?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
You have a very naive view of security if you think you are safe using the above practices you just outlined. You just aren't for all the reasons I mentioned that you haven't actually rebutted. I'm not saying you *ARE* infected, I'm saying there is a statistically significant probability that you are and you have no way of knowing given your current practices.
Sorry, I meant svchost not rundll - "command line" usually won't tell you anything of importance for svc-hosted processes running, especially concealed viruses. Tracking svchost processes is notoriously difficult.
With regards to Javascipt not having admin rights - no, normally it doesn't, that's why they are called "0-day *VULNERABILITIES* - i.e. bugs in the browsers that grant JS full admin privileges without requiring UAC or anything else to intervene. Have you not heard of 0-day vulnerabilities? You actually browse the web with no Javascript enabled all the time? That's pretty excessive these days. Half the sites on the net don't work without Javascript anymore. You will be safer with a good free virus scanner than all your practices combined, and avoid all this hassle you are putting yourself through.
Even if you *can* manually check, which you actually can't with a cleverly programmed virus, but let's pretend there is a way to do it, like checking task manager command line - do you? No, you don't.
Please explain how you use WinPCap to regularly check if you are infected. I fail to see how this will help you in any way. You know that clever viruses hide themselves when commonly used detection and analysis tools are executed by the user, right?
|
|
|
|
|
Mike Marynowski wrote: Tracking svchost processes is notoriously difficult. If you look at the taskmanager without the startup command, and being able to identify it, yes. Not something from JavaScript.
Mike Marynowski wrote: You actually browser the web with no Javascript enabled all the time? No, I have a dummy for browsing and playing, and a dev machine that is not connected. Still, the dummy is reasonably protected. From a security perspective it is an interesting experiment to run anything Windows attached to the internet.
Mike Marynowski wrote: That's pretty excessive these days Is it?
With ads beyond my control being loaded into some addin running in userspace, from some unknown low-paying source?
I have two browsers on the dummy; one for CP and Gmail, one for 'other stuff' like banking, keeping up with news, MSDN, the like - it does not even allow for pictures to load that are hosted on another domain. It is too easy to generate a pixel from ASP.NET and to track someone. I did not consent to that pixel, I'm European. Parliament has still to decide on tracking-pixels, they just did cookies.
Mike Marynowski wrote: Have you not heard of 0-day vulnerabilities? Yes. Enjoy[^].
Mike Marynowski wrote: You know that clever viruses hide themselves when commonly used detection and
analysis tools are executed by the user, right? Yes, and that you cannot check on Windows whether a software keylogger has been installed. What, is your user an admin?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Especially large companies would come under fire if they lost all their data over an old and outdated virus.
Right, so they have to make sure that they have a good, up-to-date anti-virus program to blame it on when they lose all their data. Anti-virus companies mainly sell CYA to enterprises, they have to have it whether it does the job or not.
Eddy Vluggen wrote: there is always a manager that opens the executable.
Of course, it's right there in the policy manual. So nothing to worry about, the buck stops at middle management.
I don't use anti-virus at home, because I generally know what I'm doing, plus I mainly use those boxes for gaming and need the performance. I do keep my boxes updated and do ad-hoc scans once in a while, but no real-time scanning. I've gotten a couple of viruses in the past, but they weren't nearly as bad as having an anti-virus program running in the background.
My main concern at this point is what kind of data-collecting malware MS wants to install on my computer without my knowledge or consent. My Win7 machines aren't even safe from this anymore, I do not like where this is going.
|
|
|
|
|
I use AV because it works. Unless you have a totally left-field OS which is not targeted by hackers, spammers and phishers, you are a fool not to protect your data. Every popular OS - Apple, ix Win - is being targeted and not having a decent defense in place will result in a breach. If you're lucky you'll lose all your data, if you're not then it'll be all your money as well.
Go on, choose.
veni bibi saltavi
|
|
|
|
|
If you need to scan to see whether something is infected, you are already behind the curve and at risk.
Update your hostsfile, check the startup folder, turn on UAC and DEP..
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
My AV is set to scan every morning at 2 am and it's set to automatically remove threats.
If it's not broken, fix it until it is
|
|
|
|
|
If there's software running, as admin, then your AV might be gone in the morning
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Wrong, the AV and Firewall are there in addition to managing access into [and out of] the machine. With kids it is easier to have the AV nannying in the background then it is to keep cleaning the shyte off their machines.
veni bibi saltavi
|
|
|
|
|
Eddy Vluggen wrote: f you need to scan to see whether something is infected, you are already behind the curve and at risk.
Show me someone who claims they aren't behind the curve and I'll show you an up and coming victim..
There isn't one guy on the planet who can plan today against every current and future threat out there. We pass this responsibility onto other teams (anti-virus software companies) so that we can get on with our day-to-day jobs.
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
modified 31-Aug-21 21:01pm.
|
|
|
|
|
Brent Jenkins wrote: Show me someone who claims they aren't behind the curve and I'll show you an up and coming victim.. I am rather paranoid about my computer; the victim is the one that believes to be protected when he is not protected enough.
Brent Jenkins wrote: There isn't one guy on the planet who can plan today against every current and future threat out there. I do not have to; I merely need to be able to control what is on my machine
Brent Jenkins wrote: We pass this responsibility onto other teams That is your choice. "We" don't - if you want something done good, you (learn to) do it yourself
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Even though you think that you have you machine covered, you don't.
Companies like Kaspersky, McAfee, Symantec, and the like all have teams of hundreds (if not more) of guys working on dealing with security threats every hour of every day.
No matter how good you may be, you simply can't match that. And even with all of their resources, they slip up pretty often too.
Still, it's you machine, so your choice..
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
modified 31-Aug-21 21:01pm.
|
|
|
|
|
Brent Jenkins wrote: Even though you think that you have you machine covered, you don't. Again, 100% coverage is not realistic. No AV claims that percentage.
Brent Jenkins wrote: Companies like Kaspersky, McAfee, Symantec, and the like all have teams of hundreds (if not more) of guys working on dealing with security threats every hour of every day. No, not with security in general, but with detecting malicious code.
If you have malicious code on your machine, then who is going to guarantee the integrity of the scanner itself?
Brent Jenkins wrote: No matter how good you may be, you simply can't match that. Learning to protect your machine is not the same as knowing every virus and making a living out of that. I'm preaching hygiene; not claiming to be better than the doctor - but with sufficient hygiene, you will visit your doctor somewhat less often.
Brent Jenkins wrote: And even with all of their resources, they slip up pretty often too. So, no, I am not going to trust some application to clean up after me.
Sorry, I am not buying the idea that simply installing an AV-suite is actually safer than thinking about your machine, consequences and risks. On the contrary; someone who relies on others tends to be less careful in other areas.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
I'll bet you don't wear a seatbelt when driving either?
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
modified 31-Aug-21 21:01pm.
|
|
|
|
|
Brent Jenkins wrote:
I'll bet you don't wear a seatbelt when driving either? |
Your comparison is still incorrect, and it seems that you are looking for arguments to defend your position
..but to answer, no, I don't have a car. I use the train. As for the house, I have not hired a private eye to sweep every room and closet - I only made sure that it is very hard to enter without explicit permission.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
That's fine, you're happy with your security arrangements and it doesn't effect me, so who cares?
As for me, I'll drive carefully as much as I can, but I'll make sure my car has airbags, side impact bars and I'll always wear my seatbelt. Of course I'll never need any of them, because I'm such a great driver..
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
modified 31-Aug-21 21:01pm.
|
|
|
|
|
Brent Jenkins wrote: Of course I'll never need any of them, because I'm such a great driver.. Like I already stated, your analogy is broken, and no, I did not claim to be a good driver.
Brent Jenkins wrote: so who cares The one who is infected, with 40 PC's giving the same virus-warning after the AV automatically updates the virusdefinitions
..and with the majority sharing their attack-vector, it could be easily prevented.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Brent Jenkins wrote: Show me someone who claims they aren't behind the curve and I'll show you an up and coming victim..
I show you Norton Security.
|
|
|
|
|
So, what works better than an off-the-shelf security package?
What do you use (obviously it has to be something you have written yourself as anyone else's software is sub-standard)?
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
modified 31-Aug-21 21:01pm.
|
|
|
|
|
You miss my point.
there is NO guarantee of absolute security. To think otherwise is either hubris or folly (or more likely both). If you access the Internet, you are at risk. The goal should be to strike a balance of minimizing that risk while also being prepared to deal with the very real potential scenario of your computer being compromised.
And to answer your question, I use Webroot, primarily because it has the smallest impact on my system usage though. But it's just one piece of my overall personal security package/plan.
|
|
|
|
|
jRaskell1 wrote: there is NO guarantee of absolute security
I agree with that.
Much in the same way that when I leave for work in the morning I set the house alarm, make sure all my windows are shut securely and make sure my doors are locked. It's all about getting thing lined up in your favour as much as possible.
It's not going to stop people getting in and taking all my things if they're really determined, but it's better than leaving everything open and unsecured, surely?
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
modified 31-Aug-21 21:01pm.
|
|
|
|
|
Eddy Vluggen wrote: turn on UAC
I'd rather be infected
|
|
|
|
|
The main way virus's are spread these days is by drive by installs on trusted websites that have been compromised. If you browse the web and don't have AV protection, you're begging to be pwned without warning while visiting a site that is normally safe.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Exactly which company are you referring to? I get 5 results when filtering by "Computer Software" and none of them seem to be antivirus companies...
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill
America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde
Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
|
|
|
|
|