For years, I've been bemoaning people's ignorance toward computer viruses. There's this general misconception, that existed for as long as I can remember, that, hey, all you need to do is to scan your computer from time to time and you'll be fine.
The reality of the situation is, as I've been pointing out, is that by that time it may be too late. There have been viruses known to encrypt your entire hard drive in background, destroy your motherboard BIOS without a chance of recovery, and, most importantly, a self-respecting virus, upon activation, will do whatever's necessary to one-up whatever antivirus programs you may have installed on your machine, as well as your future attempts to remove it, including changing local policies to cripple Task Manager or encrypting themselves.
That's why realtime protection is _mandatory_. You get the virus before it is executed.
Two days ago this was demonstrated to me in crystal clarity. I've been running Kaspersky on my parents' machines, however, for performance reasons, I only set it to scan files on execution.
That was a big mistake.
Somehow, my father was emailed a dropper for NTOS.EXE virus, which he executed. The dropper itself is a harmless program - all it does is secure NTOS in place, making sure it executes before anything else (from several places). The file also changes the viruses' length randomly to fool your crappy Uncle Bob's Virus Signature Scanner.
Even after I cranked up Kaspersky to scan files on both write and read, and turned on heuristics, the virus was undetectable because it has secured the first spot in being executed, and because it manipulated security permissions to be unreadable, yet still be executed.
The only reason I was tipped off to a virus' presence is because my father's machine would hang everytime I would change network settings. You see, NTOS.EXE hooks itself into your networking, captures the keyboard, and attempts to steal your login credentials to a few major online banks.
Once I recognized NTOS.EXE and the folder it created inside SYSTEM32, I blanked its security permissions and restarted the system - it failed to execute. Then I gave it back normal permissions. Kaspersky instantly perked up, notified me that its heuristics detected a trojan, and deleted it.
...
Morale: use a background filesystem scanner. Enable heuristics as well - (I've had cases where I would run a freshly downloaded "greeting card" virus and the antivirus would ONLY stop it when heuristics allowed it to detect it as a variation of something it already knows; its default setting, which only relies on pattern matching, just let it execute).
If you're concerned with performance... well, in case of Kaspersky, I can set it to turn off realtime scan when I run Quake Wars or WoW, or just make it skip scanning the folders containing them. With today's disk access speeds and CPU speeds, realtime scan isn't that much of a bother compared to the risks you run otherwise.
For people who want free protection, AVG Free provides background definition-based scanning, and the free version of PC Tools Threatfire provides heuristic scanning. The "Pro" version of Threatfire adds on-demand scanning, but as shiho says, the idea is to catch the virus/malware/etc in the act, not after the fact.
Their impact on performance is minimal, I don't ever bother turning them off before gaming. I've tried other tools (like Spyware Doctor) which do impact performance a bit more.
I've been using Avast lately, only because Consumer Reports ranked it over AVG in total correct detections in their battery of tests. They want you to register for a key, but it's free. I don't like their interface, but I've been happy with it. It's picked up some stuff that slips through since I installed it, plus the initial scan picked up some leftover files AVG had not cleaned.
Most tests that I've seen (av-test.org and others) give Avast a very slight edge in detection rate, but also a higher false positive rate. Both are head and shoulders above the lion's share of commercial apps, and either one is very good.
That's a good case example of why not opening unknown files is _mandatory_.
That's a good case example of why not opening unknown files is _mandatory_.
It's always amazed me how hard that simple fact is for most people to understand. Hell I never open a file or attachment unless I specifically requested it and I'm running Kaspersky in realtime whenever I'm not actively in a game.
Another thing I recommend: Don't browse the web without having NoScript running. If a site wants to run code on my system it can ask, thank you very much
1) Until we have an insta-education system from The Matrix, people will keep opening unknown files and there's nothing you can do about it. Not everyone is a computer nerd like you and me, who always keeps up with the latest scams. Most of my relatives, for instance, aren't.
We must have the same relatives. But really, this isn't a something with a tech solution and, sadly, even recommending people run anti-virus often does little good unless they've got security-minded relatives to set it up for them. Not everyone does.
There have been exploits that made Outlook execute attachments without asking you.
Chalk that up as one reason I've never bothered to install outlook on any of my personal computers.
4) Traditionally, computer viruses didn't come as seperate files. They attached themselves to perfectly valid executables, allowing the legit code to run after they have. A lot of viruses still do that. So, when you run that program you know to be legit - you could be rolling the dice.
Has this been an issue with any files from vendor sources? I'll admit that you're obviously more of a security geek than I am (I say that in a good way!), but I always figured if I downloaded, say, the latest version of Publisher directly from Microsoft, the Steam client from Valve, or other vendor-supplied software I wouldn't have to worry. Thanks for making me paranoid, lol.
I said - use antiviruses. You say - you can't set them up for everyone.
(shrug) I guess I feel sorry for your relatives.
Not exactly what I said... but whatever.
Your advice is still sound; I was just pointing out that it's only really useful for those of us who know to look for it and our relatives (through us). Many people don't have that luxury and they are, in large part, unreachable. Just an observation of reality; don't take it as an attack.
Raven wrote:Your advice is still sound; I was just pointing out that it's only really useful for those of us who know to look for it and our relatives (through us). Many people don't have that luxury and they are, in large part, unreachable. Just an observation of reality; don't take it as an attack.
I addressed this more accurately in the edit, but the main point stands. Your argument lacks logic.
"Sweep the leg." "Put him in a body bag, Johnny!"
Raven wrote:Your advice is still sound; I was just pointing out that it's only really useful for those of us who know to look for it and our relatives (through us). Many people don't have that luxury and they are, in large part, unreachable. Just an observation of reality; don't take it as an attack.
I addressed this more accurately in the edit, but the main point stands. Your argument lacks logic.
Your edit doesn't really address it either. He says that you can recommend all you want, but unless you've got someone who has an idea of how to set it up, it's about as useful as BonziBuddy.
shihonage wrote:I addressed this more accurately in the edit, but the main point stands. Your argument lacks logic.
"Sweep the leg." "Put him in a body bag, Johnny!"
Seriously. I agree with everything you said, shiho, but why does everything you post come with a combative tone?
"Sweep the leg." "Put him in a body bag, Johnny!"
Nosferatu wrote:That's a good case example of why not opening unknown files is _mandatory_.
That's clever and all, but ill-informed.
1) Until we have an insta-education system from The Matrix, people will keep opening unknown files and there's nothing you can do about it. Not everyone is a computer nerd like you and me, who always keeps up with the latest scams. Most of my relatives, for instance, aren't.
1a) The user manipulation has yet long ways to go. It's getting more clever, and presuming that you'll always be above it is an ego mistake that may cost you big one day.
2) There have been exploits that force execution of unknown files without your consent. There have been exploits that made Email clients execute attachments without asking you. There have been exploits that executed embedded code inside PICTURE FILES. For all you know the next .OGG file you download may exploit a buffer overflow in Winamp or WMPlayer and allow a virus to execute.
3) Traditionally, computer viruses didn't come as separate files. They attached themselves to perfectly valid executables, allowing the legit code to run after they have. A lot of viruses still do that. So, when you run that program you know to be legit - you could be rolling the dice.
1/1a) assuming your realtime antivirus protection is above failure is a big ego mistake that will cost you big one day as well.
2) there have been viruses that specifically targetted certain antivirus software, exploiting it to run itself.
3) Don't buy your software from some guy selling it out of his trunk, or giving it away over the net when you should have to pay for it. Or any file sent to you over e-mail.
You argued against yourself, if your relative had scanned the file before he opened it, then presumably the virus would have been caught and eliminated. I don't open *anything* that isn't verified first.
Podunk wrote:
That was over the line... kind of.
I'm just funnin' you. I'll pull it if you want.
edit: and for the record, I think the video is cool, so don't take that the wrong way.
shihonage wrote:Podunk wrote:
That was over the line... kind of.
I'm just funnin' you. I'll pull it if you want.
edit: and for the record, I think the video is cool, so don't take that the wrong way.
By all means leave it up. shihonage's obviously an expert in software security - he knows what he's talking about here.
But you know shihonage... I spend far too much time dealing with real-life security and how it differs with idealistic security measures to think that discounting reality is in any way productive to the situation. It's nothing but letting ego obscure the facts. The fact is that you've offered sound advice. This is immediately followed by another fact that the vast majority of computer users neither have the knowledge to safeguard their system nor the proper fear of the consequences to know they need to look for that advice. Discounting that common ignorance does nothing but increase overall insecurity.
But what do I know, I just protect clients and/or their overseas assets for a living. You? You're the expert who dishes out computer security advice to an already knowledgeable audience on a popular gaming forum. Good job, you've accomplished a lot.
I hope I made this sufficiently clear. Please, next time you post, I don't care if its positive or negative, but don't strawman me, and don't make grandiose, inaccurate claims along the lines of "Woe is you, your puny advice accomplishes nothing !", without offering a better alternative. Seriously, dude - before you are tempted to do so yet again, I strongly encourage you to examine your motives.
This is an unwarranted attitude. First off, no one said your advice "accomplishes nothing." You started a thread about security, and brought in a story about a relative's computer. Despite the fact that maybe you wanted to talk about how important it is to have real-time file protection activated, the most that can be said on the subject is, "Yep, that's a good idea." That's about as deep as the thread can go. To expect someone not to post about their own relatives and how it's a struggle to be able to expect them to understand this concept, and security in general, doesn't seem like a reasonable expectation as far as this topic goes.
You're being overly defensive and reading things that aren't there. Raven's posts were patient and diplomatic, while yours were consistently confrontational. You have only yourself to blame for any current backlash. I've got no sympathy for you, and you need an attitude adjustment.
Per usual.
Cough. Mac. Cough.
Anyway doesn't your email scan attachments and what not? Wouldn't that prevent something like this from happening? Would Yahoo be strong/current enough to detect this since they scan attachments for viruses?
I practice the don't open spam method. I tell that to my parents, but my Mom is always amazed at how she gets targeted (and untargeted) spam and still opens some of it anyway. Same with my Dad. That can't comprehend that some fat sweaty guy in his basement is just pulling thousands and millions of email addresses from the 'net and sending massloads of spam to them to make a few hundred thousand a year and that it isn't all happening because they are popular.
I do admit it can get tempting once in a great while to open spam. It is human nature to think maybe this one email is legit and I'll win the lottery or the equivalent.
And yes most people don't understand security enough to properly use anti-virus or anything.
So my advice is get a Mac. Not necessarily security proof in and of itself, but the lower market share really helps in this case.
Cough Mac Cough.
Security by obscurity is not security.
Podunk: the genius!!
NERD FIGHT!
Anti-virus is a good idea. Real time scanning is a good idea. Most users are oblivious. Most users will kludge up their machine and help propel the service industry to greater heights. That sum it up? Can we move on?
trip1eX wrote:Cough Mac Cough.
Security by obscurity is not security. ;)
Macs are gaining market share fast. The viruses and exploits will come. They will come down hard on a community that is completely unprepared for them.
Oddly apropos timing. I finally succeeded in getting our corporate offices to turn on the real time scan on our virus client. I spent all day yesterday getting the same phone call repeatedly, "My computer is slow."
Pages