VISTA Antivirus 2008 - Warning

[Stark]

That wasn't directed at you, that's why I said 'statements like Norseman's'.

Of course I think security is good - everyone in the IT industry does. Don't try to act like I'm insulting you; I'm simply reacting to the laundry-list posts of stuff you apparently 'need' to be 'safe'.

EDIT - sorry, I didn't see your edit.

There's nothing intrinsically wrong with going nuts with security software, but calling it 'necessary' or implying people are constantly courting disaster by not having a similar laundry list is nuts. In particular, from skilled users who understand how these applications work (ie, not regular users). Of course, next time I see a virus on a system not used by an idiot I'll eat humble pie, but it's been literally -years-, and most of the malware I -do- encounter is the type that is deliberately installed due to tricks like that in the OP, which runs around much security software anyway. Training is both the start of good security and the best way to use security software.

[Bounty]

I'm simply reacting to the laundry-list posts of stuff you apparently 'need' to be 'safe'.

So then, what do you need to be safe?

[Stark]

How much do you need to not constantly pick up malware on XP? Not much; you just need common sense and good user practice. Security software is just a safety net.

[Edi]

While I'm not particularly sure how useful even stuff like Spybot is in the hands of clueless people (since idiots will click through pretty much anything)

Spybot S&D is actually very useful for clueless people, as is Spywareblaster (even more so). The thing is that those have the nice passive protection features that simply vaccinate the system against certain kinds of known malware and quietly prevent it from installing on the machine. Spywareblaster does little more than that, while Spybot S&D is more versatile. That also makes it more dangerous. It's a power tool and if you don't know what you're doing with it, you may fuck up your machine badly. But for 99% of users, the passive protection and keeping its definitions up to date is a good extra layer of security that doesn't interfere with other existing AV softwware like Norton, F-Secure, Noman, Avira, Panda or whatever.

Generally the biggest problem with various AV and antimalware software is finding a combination where the various programs don't fuck with each other and once you find that combo, the layered setup works like a charm.

[Darth Wong]

No way, it's apparently dangerous to even connect XP to a network!

Mockery does not constitute rebuttal. There are some really clever exploits. This one, for example, makes it look like you have brought up a legitimate popup from Microsoft.Com. Laughing at people who take extra precautions is asinine in the extreme; it does them no harm, and it does mitigate the risk, which can be greater or lesser depending on the sensitivity of their work.

Honestly, this attitude of yours is simply childish. If you had millions of dollars of critical business data sitting on a network, would you say "Oh well, Stark hasn't had any problems running his one PC and surfing from home, so the risk must be negligible?" If you would, then you must be some kind of raving idiot.

Because business security is relevant to a thread about protecting personal PCs from attacks.

Yes it is, Numb Nuts. The technologies are the same, the methods are the same, and if people have sensitive information on their home networks, the risks are similar, at least on their personal scale. Maybe it's not "millions of dollars" for everyone (although it can be; some of us do financial transactions on-line), but it can easily be worth enough to be as important to you as it would be to a business.

Just because you are a child-like creature who thinks small and doesn't consider all possible consequences doesn't mean that all of us have to be.

[Stark]

Spybot S&D is actually very useful for clueless people, as is Spywareblaster (even more so). The thing is that those have the nice passive protection features that simply vaccinate the system against certain kinds of known malware and quietly prevent it from installing on the machine. Spywareblaster does little more than that, while Spybot S&D is more versatile. That also makes it more dangerous. It's a power tool and if you don't know what you're doing with it, you may fuck up your machine badly. But for 99% of users, the passive protection and keeping its definitions up to date is a good extra layer of security that doesn't interfere with other existing AV softwware like Norton, F-Secure, Noman, Avira, Panda or whatever.

Generally the biggest problem with various AV and antimalware software is finding a combination where the various programs don't fuck with each other and once you find that combo, the layered setup works like a charm.

When I last used Spybot, it unfortunately didn't have an 'autoupdate, auto-refresh immunisations' option - so for unskilled home users, I was always left wondering just how long the protection would remain useful since they were very likely to forget about it. I used to use such a layered approach myself (back in the crazy IE6/XP exploit days), but after I while I noticed they were never blocking anything (especially the software firewall, but I'm behind a professionally-configured router, so that's not surprising). When I was working frontline support, my attitude was absolutely as yours is, because as you say it cuts out the need for training (impractical) or return visits (a waste of time), but these days I find fifteen minutes of user training and a few software choices (like choosing a browser or email client, as in the past) are just as effective - you just don't get the 'holy shit' safety net of malware protection apps saving you if something bad happens. I have no scorn at all for security; simply the idea that very high levels of security are 'necessary' or you 'will' be attacked. Risk is never going to drop to zero.

It's kinda amusing to me that Mike is very conscious of information security in the workplace, wheras even back in the IE6 days where viruses and malware were showing up on small business networks (due to poorly trained or stupid users), managers would STILL forget to run the daily backup. It's been my experience that those without a very clear sense of the risks involved will need a large amount of this kind of 'safety net', because they can't be trained as they don't seem to be cognizant of how important these issues are, and employees of small businesses often don't have the tolerance for extremely restricted user access that those in larger businesses do (generally because of the very casual culture).

Actually, if I could ask Mike, do you still get attempted intrusions on your server? I remember some years ago you posted a log with several attempts from the same IP over several days, and I'm very curious to know if this still happens. Of course script-kiddies are still out there, but my router's log very rarely picks this sort of thing up, and I remember being surprised by the density of attacks you logged.

[Marko Dash]

laptop got hit with it a few weeks ago, but a system restore fixed it.

[Darth Wong]

Actually, if I could ask Mike, do you still get attempted intrusions on your server? I remember some years ago you posted a log with several attempts from the same IP over several days, and I'm very curious to know if this still happens. Of course script-kiddies are still out there, but my router's log very rarely picks this sort of thing up, and I remember being surprised by the density of attacks you logged.

I get intrusion attempts all the time. But I have port 80 open, so this makes me a higher-priority target. Mind you, ISPs have quietly done a lot of work to cut down on this sort of thing over the years, so the average person may have quite a bit of security without even realizing it. The ISP blocks out a lot of stuff at their network level, your router blocks out a lot of stuff, and your computer is sitting behind NAT anyway. But that doesn't stop stupidity, and it's quite frankly stupid to say "well, I'm a smart user so it won't happen to me". All it takes is some visitor to your house (or a nephew, a child, a wife, etc) to click on the wrong website and then click "yes" to a dialogue box, and BOOM! You're infected.

[Shroom Man 777]

I got hit by this shit. But fortunately I was saved!

Boot into safemode with networking

Download the batch script from here

http://www.internetinspiration.co.uk/roguefix.htm

Kill the explorer.exe process and run the batch script. Reboot from the task manager. It will probably be gone. If not, repeat but don't reboot, run spybot in safe mode while explorer.exe is shut down, and post a hijackthis log (easier to read a shorter log).

If you don't have at least xp with sp2 installed, it may be significantly tougher, the easiest solution then is just to do a repair install with an sp2 or sp3 windows install disc.

Man. It was THAT easy. Too bad I totally, like, couldn't sleep before this got posted, as I was feebly searching for solutions and stuff.


My thread will caution you all on the dangers of pornography and venereal cyber-diseases.

Practicing proper techniques is like condoms for the internet. Prevention is better than cure.

[Azazal]

For those wondering, it's not just "bad", ie porn, consumption junction, etc.. sites that can try and hit you with a drive by, I was reading Newsweek's web site when this tried to hit me over the weekend. Thank good for Firefox and AVG, killed it without issue, but still damn annoying.

[Dominus Atheos]

No way, it's apparently dangerous to even connect XP to a network!

When you're dealing with such a ridiculously unsecure operating system as XP, then yes, it's dangerous to even connect it to a network. If you don't like it, you should switch to a better operating system. But if you insist on using that steaming pile of shit, extraordinary steps are required to secure it. In case you've forgotten, Zod tried to float the same moronic argument of "Dur, 0nly sputid peoble git infeckid wid spyware" earlier in this very thread. Do you remember how that turned out for him?

[Enigma]

Got hit with that stupid virus yesterday but after several scans from Spybot, adaware and AVG, I think I managed to kill it.

[General Zod]

When you're dealing with such a ridiculously unsecure operating system as XP, then yes, it's dangerous to even connect it to a network. If you don't like it, you should switch to a better operating system. But if you insist on using that steaming pile of shit, extraordinary steps are required to secure it. In case you've forgotten, Zod tried to float the same moronic argument of "Dur, 0nly sputid peoble git infeckid wid spyware" earlier in this very thread. Do you remember how that turned out for him?

Considering up until then I'd never been infected with a virus before, my previous strategies had been working relatively well. So why don't you kindly pull the fucking stick out of your ass and take your borish anti-windows crusade elsewhere you useless troglodyte?

[Dominus Atheos]

When you're dealing with such a ridiculously unsecure operating system as XP, then yes, it's dangerous to even connect it to a network. If you don't like it, you should switch to a better operating system. But if you insist on using that steaming pile of shit, extraordinary steps are required to secure it. In case you've forgotten, Zod tried to float the same moronic argument of "Dur, 0nly sputid peoble git infeckid wid spyware" earlier in this very thread. Do you remember how that turned out for him?

Considering up until then I'd never been infected with a virus before, my previous strategies had been working relatively well.

No, you had been lucky. Do you think it is only within the last month that spyware has been able to do what it did to you? Do you think something happened only recently that caused a fundamental paradigm shift in Windows XP security that opened up the possibility of drive-by downloads, which previously were impossible?

So why don't you kindly pull the fucking stick out of your ass and take your borish anti-windows crusade elsewhere you useless troglodyte?

You're calling be an anti-windows crusader while quoting a post where I recommended upgrading to windows vista? Maybe you getting infected with spyware really doesn't disprove your statement "only stupid people get infected with spyware."

[The Dark]

I got hit with the virus last week while using XP and Firefox 2.x (forget exactly which). I thought it was something someone else on my network was sending me, and stupidly approved it. It was fairly easy to clean off the virus. Unfortunately, I screwed up something else in doing so, and eventually just archived my non-replaceable data onto thumb drives and reformatted the ancient beast. I was more interested in how it had made the entire screen an approve button, since I had been planning to reformat soon anyway, since I had a lot of partial installations of old programs that I was having trouble hunting down. Since it's the first virus that's actually caused problems for me in 12 years, I didn't feel too badly about finally getting hit by one.

[Edi]

Here's a good breakdown of just what that shit is, what it does and how it works: Link

[Steel]

The entire desktop is turned into a button by actually being a big window that sits behind your icons. I was able to go to the left hand side of the screen and drag and squash it into a little box so i could get to the desktop behind on the computer i was fixing.

[Dominus Atheos]

When you're dealing with such a ridiculously unsecure operating system as XP, then yes, it's dangerous to even connect it to a network.

There is a thing called a reasonable response. There is a threat present, but that threat can be minimized with far less drastic steps without killing as much of your productivity.

This reminds me of the no sex arguments - sure, it is the most effective way to avoid STDs and such, but less drastic steps are almost just as effective.

My biggest complaint about XP's security is how it discourages people from running as a limited account. Out of the box, the default account is an administrator and it's really hard to run in limited mode with no privilege escalation. The end result being everything runs in admin mode, including the internet browsers. I'm not sure who's idea it was to give internet explorer, a program who's sole purpose is to execute remote code, root level access to the system, but whoever it was needs to be castrated so their genes don't infect future generations.