VISTA Antivirus 2008 - Warning

[Ariphaos]

Something that can help with the above is to keep your data on a separate partition from your operating system.

[General Zod]

Remember the most important part of a security plan - being able to recover from a complete disaster.

Any good security plan has several layers of protection, and one of them should be making the best out of getting throughly devastated. For regular users, this means keeping backups off your computer of your important stuff and keeping the install CDs for your programs.

That way, if the worst happens, you can easily just go nuke happy, losing nothing except a small amount of time. If your recovery plan is well done, nuke and reinstall will take less time than most other options.

Make backups - someday, you'll be glad you did.

I always have backups. In fact, I'm incredibly anal retentive about making sure all of my data is backed up, to the point of having 2 500gb external drives. It's the main reason I chose to nuke the hdd instead of going through the trouble of finding some kind of fix online. Oddly enough this is the first time I've ever actually gotten a virus on any of my computers in the last . . .hell, nearly 8 years.

[Norseman]

I use XP and run firefox with a no-script and no-cookie extension. I also use thunderbird with text-mail only settings. As a result I haven't had any nasty stuff hit my computer.

[Edi]

I run XP with a combo of Avira, Zonealarm, Spybot S & D and Spywareblaster for protection and use Firefox and haven't been hit with anything in years. All popups are blocked.

I wouldn't touch IE7 for anything but Windows Update and that's it.

[Bounty]

Shit like this is why my XP partition isn't allowed on the network. I do all my online stuff through Linux + Firefox with adblock and noscript, and my browsing experience is all the better for it. Not having to worry about fucking up my computer and losing two hours of my life on a reinstall every time I click a link is more than worth the bother dualbooting.

[Stark]

I find all this paranoia extraordinarily interesting.

I use pretty much no precautions beyond using Firefox, and the only viruses or spyware that goes splat against my AV are the incredibly obvious, self-downloaded, self-executed kind.

Doubtless I will now be told my computer is actually super-infected with doom codez. Watching viruses or other malware fail to work is actually quite amusing, but it's just not that common.

But hey, I don't go to porn sites. LOL!

[Bounty]

I use pretty much no precautions beyond using Firefox, and the only viruses or spyware that goes splat against my AV

Does not compute. You use no precautions... except a non-default browser and an antivirus suite? Hey, that sounds exactly like what most people in this thread use! What a coincidence.

But hey, I don't go to porn sites. LOL!

Go you?

[Stark]

Don't be asinine. I don't rattle off a huge list of the nonsense I constantly do because of the ever-present threat of zomg windowz ruled by virus!!!! Saying things like 'this is why my xp install never connects to a network' is almost hysterically funny.

I mean, tiered spyware blockers? Noscript? This shit absolutely makes you more secure, but the idea that there are even half-decent odds you're going to run into malware just cruising around is bizarre. My AV suite is meaningless, because I can go look at the log and see it hasn't been blocking JACK SHIT because I don't encounter any threats (except the really obvious stuff that gives me a giggle when it tries to work and is totally avoidable). Clearly, any Windows box is constantly under siege!

[Rye]

I use firefox and deny all the cookies I don't like the look of and adblock wildcarded advertisers and dodgy unrelated sites. Seems to work out fine.

[Stark]

I use firefox and deny all the cookies I don't like the look of and adblock wildcarded advertisers and dodgy unrelated sites. Seems to work out fine.

No way, it's apparently dangerous to even connect XP to a network!

[White Haven]

Are You Stupid?

That's the question. If you're stupid, then you NEED that kind of super-layered protection to go out on the net, because you'll be clicking on idiot material. If you're not stupid, you can honestly get away with IE (I don't, because I don't like it as much) and minimal security software. The problem is that stupid people don't understand they need that kind of protection against themselves, and they don't even try to understand that until they've paid someone like me to fix their computer. Often multiple times.

[MKSheppard]

I find all this paranoia extraordinarily interesting.

I use pretty much no precautions beyond using Firefox, and the only viruses or spyware that goes splat against my AV are the incredibly obvious, self-downloaded, self-executed kind.

Laugh all you want Stark, but that was my plan; except the viruses are now getting trickier; the only real way to close them is ALT-F4 or right click window, close -- and since so many websites use pop up windows nowadays, blocking off all popups is a pain...

[Stark]

Didn't you hear? The average Windows b0x is pwnx0rd hardcore within 16 seconds of directly connecting it to the open Internet. pwnx0r'd HARDCORE!!!11!

Back in 2003 anyway.

Internet Explorer is in the same situation. It used to have some glaring faults, but it isn't a big deal anymore. Furthermore, as I understand it, IE7 on 64 bit Vista is actually the most secure of all the main browsers since it is isolated from the rest of your stuff (I explain a quick idea about how to do this with minimal hassle on linux here if anyone is interested. That same plan should work on Windows too with a little modification, but in that link, I focused on unix like systems.). That is another example of the multi layer security I talked about in my last post - if IE does get penetrated, no big deal, it is restricted to a small, relatively harmless section of your computer anyway.

Absolutely. I remember the heady days of 2002, where most of the support work was people killing their own shit by installing PURPLE MONKEY TOOLBARS and shit like that. Even Microsoft caught up, and as you say IE7 is a respectable browser and not the doom-magnet the older versions were. It's always, always good to be prepared and aware, but hysterical crap like 'must run this laundry list of apps or you're D0M3D' just makes me roll my eyes.

Until one of Shep's viruses get me, anyway.

[Rye]

Nowadays viruses are VIRUSES ON STEROIDS: How CHILDREN are being exposed to computer viruses. Next on FOX. How YOU can stay SAFE online.

[Azazal]

Ran into that bastard and many other versions of smitfraud over the years. Go to http://www.superantispyware.com/ the free version blows it away in 1 go, takes 10 minutes to download, run, reboot, cleaned.

[Baka^Ni]

Ran into that bastard and many other versions of smitfraud over the years. Go to http://www.superantispyware.com/ the free version blows it away in 1 go, takes 10 minutes to download, run, reboot, cleaned.

How I wish this post was written two months ago! I had to manually unhook all the dlls and remove the files before it could replicate, took hours.

[Darth Wong]

I use firefox and deny all the cookies I don't like the look of and adblock wildcarded advertisers and dodgy unrelated sites. Seems to work out fine.

No way, it's apparently dangerous to even connect XP to a network!

Mockery does not constitute rebuttal. There are some really clever exploits. This one, for example, makes it look like you have brought up a legitimate popup from Microsoft.Com. Laughing at people who take extra precautions is asinine in the extreme; it does them no harm, and it does mitigate the risk, which can be greater or lesser depending on the sensitivity of their work.

Honestly, this attitude of yours is simply childish. If you had millions of dollars of critical business data sitting on a network, would you say "Oh well, Stark hasn't had any problems running his one PC and surfing from home, so the risk must be negligible?" If you would, then you must be some kind of raving idiot.

[JointStrikeFighter]

I use firefox and deny all the cookies I don't like the look of and adblock wildcarded advertisers and dodgy unrelated sites. Seems to work out fine.

No way, it's apparently dangerous to even connect XP to a network!

Mockery does not constitute rebuttal. There are some really clever exploits. This one, for example, makes it look like you have brought up a legitimate popup from Microsoft.Com. Laughing at people who take extra precautions is asinine in the extreme; it does them no harm, and it does mitigate the risk, which can be greater or lesser depending on the sensitivity of their work.

Honestly, this attitude of yours is simply childish. If you had millions of dollars of critical business data sitting on a network, would you say "Oh well, Stark hasn't had any problems running his one PC and surfing from home, so the risk must be negligible?" If you would, then you must be some kind of raving idiot.

Because business security is relevant to a thread about protecting personal PCs from attacks.

[Stark]

Mockery does not constitute rebuttal. There are some really clever exploits. This one, for example, makes it look like you have brought up a legitimate popup from Microsoft.Com. Laughing at people who take extra precautions is asinine in the extreme; it does them no harm, and it does mitigate the risk, which can be greater or lesser depending on the sensitivity of their work.

Honestly, this attitude of yours is simply childish. If you had millions of dollars of critical business data sitting on a network, would you say "Oh well, Stark hasn't had any problems running his one PC and surfing from home, so the risk must be negligible?" If you would, then you must be some kind of raving idiot.

I'm aware of this, and this thread is even about such malware, and it's a serious issue. However, the claim that you need huge amounts of protection to even cruise around the internet is just nuts. As I've said, more protection is good, awareness is necessary, but the risk is far, far smaller then people seem to imagine when they say things like 'I am afraid to even connect XP to the internet at large due to fear of malware'. Business browser network security is much more about locking down users so they can't do retarded shit than installing spybot or whatever, and at the serious end thin clients and restricted users are the norm.

The issue of malware is definately a serious one that should concern all computer users, but you don't need a laundry-list of layered protection to connect to the internet. Knowledge and awareness is worth more than worthless statements like 'don't even connect XP to the internet'. I'm in no way opposed to people being secure, I'm just blown away by this attitude.

[Edi]

This attitude of dismissal that is coming from some people in this thread is fucking ridiculous. Most users don't know shit about normal computer security. Every fucking day at work I get calls that start with some variation of "I think I have a virus on my computer, what do I do?". And these are people who do have some form of AV and antimalware software on their computers. Most of them also use IE7. It's true that this problem is not quite as widespread as it used to be a few years ago, but it's still a widespread problem.

A disproportionate part of SDnet members are good with computers or can even be called experts as far as installation, customizing and other sorts of computer technician tasks go, but we have our share of non-technical people and when you start branching out to the general public, they just don't have a fucking clue on how to use their computers, never mind tackling something as complex as securing a PC against malware or taking precautionary measures. Nothing beyond installing whatever software comes preinstalled on their machines or what they buy at the store.

As far as connecting machines to the network, just fucking try and connect an unsecured Windows PC to the internet through a bridging port, say for the purposes of updating Windows, and see how long it lasts before itgets infected. Depending on how heavily your ISP monitors malicious traffic and how draconian measures it takes when such is detected, it varies some but probably won't be too long. Connecting through a NAT port is much safer, especially if you only go to sites known to be safe and you usually don't need to worry about port scans because the modem/router has a firewall feature, but it is totally inadequate to the average user.

And once the average user does get hit, they need the services of a computer technician, because they usually lack the knowledge and skills of what to do even with instructions. Unless it's a direct reformat, but then they'll call tech support and complain they can't access the internet and half the time or more often it's the case of them not having NIC drivers on the newly installed machine.

Compared to all the goddamn hassle involved with malware and unsecured PCs, an ounce of prevention goes a fucking long way.

[Stark]

I'm not sure what you're saying here. The issue of otherwise-secured systems being damaged by user stupidity is quite separate to the issue of connecting XP to a network and having it get infected - somehow - by malware. One is almost impossible to prevent without quite draconian OS measures (that people hate, see Vista), and the other is extremely outlandish to me. I'll give you that a great many problems are resolved by modern routers coming with much more secure default settings for unskilled users, but now I'm curious to test this claim. I regularly work with and use such systems, but it would amuse me to plug in my spare box (if I can fine some ram).

Computer security is a serious issue. User training is a serious issue. The claim that you need half a dozen apps to protect yourself from malware when casually browsing is overstating the issue to little benefit. Sure, from a support perspective it's a pain in the ass to deal with this stuff, but that's unrelated to the alleged ever-present threat.

[Edi]

The issue of malware is definately a serious one that should concern all computer users, but you don't need a laundry-list of layered protection to connect to the internet. Knowledge and awareness is worth more than worthless statements like 'don't even connect XP to the internet'. I'm in no way opposed to people being secure, I'm just blown away by this attitude.

From professionals it is something of an exaggeration, but for the average Joe Schmoe ISP Customer, the layered protection laundry list is actually a damn good idea, because they lack the knowledge and awareness and are not equipped to understand what they need even if it's spelled out to them. The kind of take no risks and take no prisoners attitude that appears in this thread is often a direct response of having had to deal with massive hassles arising out of people doing retarded shit just because they did not know any better. Or their kids doing such even if the parent was aware.

[Bounty]

but the risk is far, far smaller then people seem to imagine when they say things like 'I am afraid to even connect XP to the internet at large due to fear of malware'

The last time I reinstalled XP I had a choice: either download all critical updates, an AV suite, maybe a firewall, a spyware scanner and Firefox (yeah, IE got better, but I likes me adfree browsing); install all of them; go through a weekly virus scan and hope I don't get hit with anything, or simply keep XP offline and do my browsing through Ubuntu, which needs none of those extra programs and doesn't get hit with anything, knock on wood.

Riddle me this, which of these makes more sense? The only reason I'd need an internet connection on XP would be if I used it for online gaming or somesuch, but since that's not the case, why take the risk?

I mean, apart from getting to display a "hur hur i'm so cool and invincible and shit" attitude.

[Stark]

While I'm not particularly sure how useful even stuff like Spybot is in the hands of clueless people (since idiots will click through pretty much anything), I'm more interested in statements like Norseman's, where they credit their elaborate security precautions with the lack of threat. Things like the idea that just using a relatively secure browser isn't enough - that you NEED noscript as well.

Bounty, don't be a tard. It might be more sensible in your situation to bypass XP setup (like it or not, updating is a part of setup, just like in Linux) for convienence, but it's a big step from this and suggesting that XP is a constant vulnerability whenever it's connected. Minimising risk is indeed a solid approach. I'm displaying amazement at the elaborate precautions that are apparently 'necessary' to prevent malware. Actually, it's worth noting that I'm prepared to put up with Vista's quirks for a related reason (it's security), whereas many 'security conscious' people are not.

EDIT - that sentence made no sense.

[Bounty]

Things like the idea that just using a relatively secure browser isn't enough - that you NEED noscript as well.

I don't "need" noscript; it's just a damn convenient way of eliminating shouty ads and stupid background music.

I'm not even sure what you're arguing any more. You think security is good, but slightly more security isn't? You're happy with alternative browsers and antivirus programs, but turning off scripts is a bridge too far? You take offence at me setting up my computer to best suit my needs? What do you think is a proper level of security, and for whom?

I'm displaying amazement at the elaborate precautions that are apparently 'necessary' to prevent malware.

Depends on your definition of "necessary". Your setup might work for you, but it won't work for someone who clicks on any funny powerpoint that gets dropped in his mailbox. If you're going to make a blanket "my way will work for everyone" statement, to me it seems more reasonable to use the more secure setup that might be a bit overboard (not that I think it is) than to pound my chest and say that whatever minimalist security I have set up should be good enough for everyone.