VISTA Antivirus 2008 - Warning

[Dominus Atheos]

Yep, if you had been using XP or had turned UAC off, that would have installed spyware without you even knowing it, requiring you to go through all the trouble Kodiak went through or even worse: reformat your hard drive, losing all the data you have on it. Anyone who says UAC isn't worth it is a moron.

Utter nonsense. I'm using XP Professional and I've never had any of that bullshit malware installed. Why? Because I don't blindly click every single link I see.

Glocksman was just surfing the website for his local newspaper, and he had 2 attempted drive-by downloads.

[General Zod]

Glocksman was just surfing the website for his local newspaper, and he had 2 attempted drive-by downloads.

I've encountered these same ads. What they do is open up a dialog box saying that you should click them. Nothing actually downloads until you click the link. It's pure ignorance to assume that they can start without the user doing something themselves.

[Dominus Atheos]

If you have a better security model that people won't simply turn off, I'd love to hear it.

Don't be a dumbass. I just pointed out being an elitist idiot isn't helping, your goal-post shifting is irrelevant. If you're going to talk security, the people involved are often the weakest element, and simply saying ZOMG 99% OF WORLD DON'T DESERVE TO HAVE COMPUTERS is utterly useless. Next you'll say people who write down their passwords don't deserve to use a computer, instead of it being an issue that every security scheme needs to consider. You know, that planning and thinking part, not the part where you make worthless ivory-tower statements?

Even more amusing, most people DON'T turn UAC off, because they don't even know how. They just get used to clicking through it, and most people have no idea what the information presented even means. I guess they failed the Atheos Computer Licence Exam. UAC is good, but it's never going to be able to stop your average idiot fucking themselves up (and if it could they'd just complain about 'limitations' or 'crippleware' or 'nags' or whatever).

Don't be a moron. I'm pointing out that there aren't very many better security model out there, so complaining about it is pointless. And having no security is completely unacceptable.

[Stark]

Oh yeah, I'm obviously saying no security at all is better, thanks for that. I missed that transmission from backwards-world.

[Glocksman]

Glocksman was just surfing the website for his local newspaper, and he had 2 attempted drive-by downloads.

I've encountered these same ads. What they do is open up a dialog box saying that you should click them. Nothing actually downloads until you click the link. It's pure ignorance to assume that they can start without the user doing something themselves.

I'd have been semi-fucked (UAC would have let me stop it and hopefully at that point NOD would have been screaming at me as well) if I'd let the ad install the cab file it wanted to.

On an XP box at that point my only defense would have been the AV software if I'd let the browser install that cab.

[Dominus Atheos]

Oh yeah, I'm obviously saying no security at all is better, thanks for that. I missed that transmission from backwards-world.

Oh really? Let's take a look at what you said:

A dialog box people don't understand isn't very useful; most people just learn habits, not a deep understanding of their computer, and they quickly simply click through the popups.

Gee, that sure sounds like you're saying UAC (and Linux's sudo and whatever OSX's equivalent is) isn't any better then no security.

[Dominus Atheos]

Glocksman was just surfing the website for his local newspaper, and he had 2 attempted drive-by downloads.

I've encountered these same ads. What they do is open up a dialog box saying that you should click them. Nothing actually downloads until you click the link. It's pure ignorance to assume that they can start without the user doing something themselves.

Do you understand the concept of a drive-by download?

About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code, such as spyware, without a user's knowledge.

Drive-by downloads, as opposed to regular downloads, don't require any user input to install. In Glockmans case, most likely what happened was his paper got payed to have some banner ads and/or popups by some less then scrupulous advertising broker, and the broker turned around and leased those banner spaces and popup windows to a completely unscrupulous company who put code to do a drive-by download in them. That's all it takes, and the newspaper doesn't even know, or have any control over who gets to display ads on there website. Just like almost all the google ads at the bottom of SDN are for creationism.

[Resinence]

Executing arbitrary code on a machine is not as easy now as it was years ago, simply browsing to a site is extremely unlikely to result in a downloaded file with no confirmation unless your running something ridiculous like IE 5. Personally, I'd be more worried about having my personal information stolen because lazy web coders don't sanitize input, and many browsers still have no defense against cross site scripting. The last known vulnerability for IE that allowed code execution (may have, I've never been able to successfully exploit it, and have never seen a working exploit for it in the wild) was MS07-061. The "drive-by" download "epidemic" is massively overblown. Of course I'll admit I'm wrong if you can provide a source for a current, working RCE exploit (a security release I mean, posting script's give's idiots ideas on how to get themself in trouble) for IE. The majority spoof a confirmation dialog that won't go away unless you hit yes (the infamous java dialog loop) or cancel the script, which most users don't know the shortcut for/some browsers don't have one. Anyone paranoid about "drive-by downloads" should just get firefox and run the noscript extension. The reality is that the only people who get infected by these things are already ignorant of security anyway, and would just click a fake dialog box.

[MKSheppard]

I got hit with this fucker, and I did not click a link, I just clicked the "X" close window button. The fuckers have learned....

[General Zod]

I got hit with this fucker, and I did not click a link, I just clicked the "X" close window button. The fuckers have learned....

They clearly have. I wound up getting hit with the fucker the other day too and had to nuke the hdd. It never got that far after I'd closed the window before.

[Darth Wong]

I got hit with this fucker, and I did not click a link, I just clicked the "X" close window button. The fuckers have learned....

Which browser are you using?

[MKSheppard]

I use Eudora/Opera

[MKSheppard]

Now apparently you have to "right click, close" the window. They apparently have remapped ALL of the buttons and dialog boxes to "install" this piece of shit fucker on your system

[Kodiak]

I got hit with this fucker, and I did not click a link, I just clicked the "X" close window button. The fuckers have learned....

It's a mean fucker, that's for sure. I even had a bit of a re-surgence a week later. If you have more than one user on the computer, you have to make sure you remove it from each profile.

[Darth Wong]

It's a good thing I do most of my browsing from Linux. I'll have to try to increase that to 100%.

[CaptainChewbacca]

Doing all my emailing through gmail does a pretty handy job of protecting me from email viruses.

[MKSheppard]

I'll increase my emailing through yahoo or gmail. Apparently eudora doesn't work as well as it used to...

[MKSheppard]

I may have been hit by an email OR by Yuku-poo's ads.

[MKSheppard]

From now on I'll run IE7 + AVG Safe Surf to protect myself from drive bys...AVG doesn't support opera...so bye opera...

[Singular Intellect]

I just disable popups for absolutely everything; the only way a popup ever gets through on my browser is if I manually approve it.

[Ariphaos]

He's good at what he does (probably why he does it for a living) and it took him OVER FOUR HOURS to fix it. The solution involved Norton, several single-shot fixes, and microsoft's recommended anti-malware program.

The first time I encountered AV 2008 took me a half-hour to fix, and I sure as hell do not inflict Norton on my customers' computers unless they specifically request it over my recommendations.

I bet your friend bills for four hours when solving this in the wild, too.

Myself, I browse with Firefox + Noscript when on Windows. If you must use Windows (and I must), it's really the only way.

[Rye]

What type of email accounts did you infectees receive it on? I tend to just use my hotmail and gmail accounts and even my uni one is auto-forwarded to one of those. Did you get it via a scanny webmail service or outlook/equivalent?

[Ariphaos]

Something that can help with the above is to keep your data on a separate partition from your operating system.

[General Zod]

Remember the most important part of a security plan - being able to recover from a complete disaster.

Any good security plan has several layers of protection, and one of them should be making the best out of getting throughly devastated. For regular users, this means keeping backups off your computer of your important stuff and keeping the install CDs for your programs.

That way, if the worst happens, you can easily just go nuke happy, losing nothing except a small amount of time. If your recovery plan is well done, nuke and reinstall will take less time than most other options.

Make backups - someday, you'll be glad you did.

I always have backups. In fact, I'm incredibly anal retentive about making sure all of my data is backed up, to the point of having 2 500gb external drives. It's the main reason I chose to nuke the hdd instead of going through the trouble of finding some kind of fix online. Oddly enough this is the first time I've ever actually gotten a virus on any of my computers in the last . . .hell, nearly 8 years.

[Norseman]

I use XP and run firefox with a no-script and no-cookie extension. I also use thunderbird with text-mail only settings. As a result I haven't had any nasty stuff hit my computer.