Discussion on:
View:
Show:
The best way to avoid viruses is to lose Windows. I have loads of naive-user friends. Theyall used to get viruses ALL the time. I swapped them over to Ubuntu. Over several years, I've never had a virus problem to deal with for them.
Plus, it's not a full-day job to install either.
Plus, it's not a full-day job to install either.
Since cross platform threats are now becoming more prevalent; how are you to truly know your Ubuntu platform isn't actually pwned? You have no way of really knowing, unless you're a file freak who is constantly looking at your file structure.
I agree that viruses are not really the threat here actually; but malware. Today's malware don't need administrative privileges, and can do harm without taking over the operating system. They can pwn the browser though, using java/adobe vulnerabilities and do damage to anyone who uses the machine for financial purposes. Quite frankly for my clients that do not use their PC's for shopping, banking, or E-Trading, I tell them not to worry too much about viruses/malware/etc. Because they have little to lose, and as long as they don't click on fake alerts and run as a limited rights user, they will be fine. Especially if they run CCleaner before every log off and/or shutdown.
I agree that viruses are not really the threat here actually; but malware. Today's malware don't need administrative privileges, and can do harm without taking over the operating system. They can pwn the browser though, using java/adobe vulnerabilities and do damage to anyone who uses the machine for financial purposes. Quite frankly for my clients that do not use their PC's for shopping, banking, or E-Trading, I tell them not to worry too much about viruses/malware/etc. Because they have little to lose, and as long as they don't click on fake alerts and run as a limited rights user, they will be fine. Especially if they run CCleaner before every log off and/or shutdown.
You have to change friends. I've had *NO* friends with any virus infections for years. Why? Because they are smart enough to know what to do.
Most viruses [other than attachments] are from sites you should be going to or pirated software you've downloaded.
Ditch the friends and stop with this Linux crap is better.
Most viruses [other than attachments] are from sites you should be going to or pirated software you've downloaded.
Ditch the friends and stop with this Linux crap is better.
But do your friends pay for security software they wouldn't need if they used Linux? Come on, Ubuntu is 10 times better than Windows, and its free.
I installed Ubuntu on an old Dell laptop last night in little over an hour. Works perfectly, it's fast, I've no need to worry about viruses, it's free (in all contexts), has a beautiful interface, and it isn't riddled with bloatware.
http://duplicatefilesdeleter.com/ - this one deletes duplicate files
http://longpathtool.com/ - and this one deletes files with "too long" filenames
http://longpathtool.com/ - and this one deletes files with "too long" filenames
Do you consider duplicates and long file names as diagnostic? Why?
Sorry if I sound a little like a jerk, but who uses Antivirus to be a proactive measure? If you do, then you are behind the times. I see antivirus to regular cold medicine. It is always behind the latest strand and you still deal with the effects of the cold. Of course they will not have the latest or greatest defense. There is how many new viruses created daily?
The other argument I can't stand is, "Hey switch to this operation system. It has no viruses." My response to that is, "Yea for now." If everyone in the world switched OS's like they do with phones, clothes, girlfriends, wives, jobs, etc; every system would have a virus. It doesn't solve the problem. You are just running away from it.
The odds are against us. There is probably a 2 to 1 ratio when it comes to hackers and anti-virus companies. If you want a strong true antivirus system, be proactive. There are a lot of steps you can take in order to make sure that your system is virus free. Please do not rely just on antivirus software. If you do, you failed.
The other argument I can't stand is, "Hey switch to this operation system. It has no viruses." My response to that is, "Yea for now." If everyone in the world switched OS's like they do with phones, clothes, girlfriends, wives, jobs, etc; every system would have a virus. It doesn't solve the problem. You are just running away from it.
The odds are against us. There is probably a 2 to 1 ratio when it comes to hackers and anti-virus companies. If you want a strong true antivirus system, be proactive. There are a lot of steps you can take in order to make sure that your system is virus free. Please do not rely just on antivirus software. If you do, you failed.
Good article. AV is good for what it is worth as an automatic protection system that runs in the background. User training in safe use of computers, smart phones, and the internet is the next line of defense that should provide good value for the money put into it.
Instead of creating better anti-virus software... I wish we could have better methods of hunting down the worthless pieces of trash that write malware and viruses and... well, make them "disappear"...
There's a whole lotta gray in that realm, and giving too much power to any enforcement body ... well, think Aaron Swartz.
The US made any kind of intrusion a crime, and Germany went so far as to make hacker tools illegal. The result was that law-abiding hackers in those nations watched their skills atrophy while nations like Romania, China and Russia have effectively pwned all the nations that cracked down on their domestic hackers.
You also need to harden your desktop, keep the OS and other software up to date and stop using insecure plugins like Java and Adobe products.
More and more companies and users are having 'clean' computers that they keep offline entirely as backups
It would be nice to encrypt and polymorph our OS comparable to genetic evolution/mutation of "receptor sites"
ASLR and PIE only went part of the way. Individually "unique" OS's would be like a new Ubuntu/OS6 for each individual. That should reduce root kits, drive by's and overflows.
The devil would be in the details e.g MS would need a public key system.
ASLR and PIE only went part of the way. Individually "unique" OS's would be like a new Ubuntu/OS6 for each individual. That should reduce root kits, drive by's and overflows.
The devil would be in the details e.g MS would need a public key system.
out there that lock the drive environment. They have become so effective, they don't even require PCI or other hardware support. Steady state went away, but there are still good paid solutions in this arena. They basically turn the local machine into a dumb terminal, so using an NAS at minimum is probably wise. IT staffs everywhere are already using remote server storage for backup redundancy anyway. It is surprising the industry still buys refresh user equipment with any drive in it at all these days.
the attacks I see in my honeypot lab are almost 100% malware. The threatscape is changing, so questioning the system is legitimate, and I commend the author for bringing it up, because things are changing so rapidly, that constant day-to-day re-evaluation is a requirement.
The Windows x64 NT5 and NT6 kernel have almost achieved the hardness that was once exclusive to Unix based operating systems. However too many users still need java and adobe products to do their daily business, so let us get real here. I propose an SOP that goes something like this; but not necessarily in priority order:
1. Run only in restricted user environments, and DON"T disable the UAC.
2. Only select malware solutions that don't conflict with each other and overlap in coverage.
3. Select mitigation tools that work as near the kernel level as possible to avoid malware manipulation; and always password protect the GUI controls(of course)
4. Have a good automatic backup plan, and use more than one HDD drive whenever possible.
5. Keep the free AV - at least it does housecleaning.
6. I used to recommend two of the top software firewalls, but they've become so bloated now, that using the Vista/Win7 built in firewall with a template and/or manager is just about as good.
7. Switch to new generation UTM perimeter appliances with streaming services for SMBs or any larger organization, that have something to lose.
8. Keep in mind solutions that can actually run in the infected environment and still foil the malicious mission of any resident malware that may be on board. Encrypted password managers, and things like bit-locker are on this list.
9. Use Secunia PSI, File Hippo Update Checker, or any tool necessary to keep all applications, plugins/extensions, and drivers up to date. This can go a LONG way toward hardening the operating system environment.
10, A HIPS that correctly identifies the process in question, and relies more on updates to the heuristic engine, and less on white lists, [and definitely NOT signatures], is the logical direction.
AV might well be on the road to obsolescence; but the blended defense is not.
The Windows x64 NT5 and NT6 kernel have almost achieved the hardness that was once exclusive to Unix based operating systems. However too many users still need java and adobe products to do their daily business, so let us get real here. I propose an SOP that goes something like this; but not necessarily in priority order:
1. Run only in restricted user environments, and DON"T disable the UAC.
2. Only select malware solutions that don't conflict with each other and overlap in coverage.
3. Select mitigation tools that work as near the kernel level as possible to avoid malware manipulation; and always password protect the GUI controls(of course)
4. Have a good automatic backup plan, and use more than one HDD drive whenever possible.
5. Keep the free AV - at least it does housecleaning.
6. I used to recommend two of the top software firewalls, but they've become so bloated now, that using the Vista/Win7 built in firewall with a template and/or manager is just about as good.
7. Switch to new generation UTM perimeter appliances with streaming services for SMBs or any larger organization, that have something to lose.
8. Keep in mind solutions that can actually run in the infected environment and still foil the malicious mission of any resident malware that may be on board. Encrypted password managers, and things like bit-locker are on this list.
9. Use Secunia PSI, File Hippo Update Checker, or any tool necessary to keep all applications, plugins/extensions, and drivers up to date. This can go a LONG way toward hardening the operating system environment.
10, A HIPS that correctly identifies the process in question, and relies more on updates to the heuristic engine, and less on white lists, [and definitely NOT signatures], is the logical direction.
AV might well be on the road to obsolescence; but the blended defense is not.
Anti-virus on its own is useless. Viruses aren't coming out as frequent as 10 years ago. Instead those virus writers are switching to malware or ransomware. Making money off someone's less fortunes is the name of the game now.
Getting ahold of a victim's computer, searching for passwords, account information etc. Then if not use the information, sell it off.
Or maybe hijack someone's computer. Pay $200 or the user never sees the information again.
Most AV software outhere [well particularly the free ones] won't even detect malware out there and if they did, they don't know how to clean the computer.
Avast Pro [which had malware "protection"] couldn't even pick up that fake Windows XP Antivirus crap. Microsoft Security Essentials wouldn't find a bunch of trojans....
But finally the biggest problem is the end user. Either they'll click on anything that pops up or don't do anything when a legitimate popup comes around.
Getting ahold of a victim's computer, searching for passwords, account information etc. Then if not use the information, sell it off.
Or maybe hijack someone's computer. Pay $200 or the user never sees the information again.
Most AV software outhere [well particularly the free ones] won't even detect malware out there and if they did, they don't know how to clean the computer.
Avast Pro [which had malware "protection"] couldn't even pick up that fake Windows XP Antivirus crap. Microsoft Security Essentials wouldn't find a bunch of trojans....
But finally the biggest problem is the end user. Either they'll click on anything that pops up or don't do anything when a legitimate popup comes around.
Since we are mentioning brand names, I like the pro version of MBAM, which BTW has recently hardened its code to avoid manipulation by the malware. Avast will report it as a root-kit on the XP platform(false positive). For my rather indigent clients, I like to pile on the anti-malware, and pick them by their various technologies - this way whatever kind of passive or active real time protection does not conflict.
With the right tools - a scan of the hard drive will not result in any secure data being detected by the crooks. My honey pot tests confirm this.
I got to admit though - even though I dropped Lavasoft's AdAware, I have noticed some malware manipulations on limited rights accounts, that can still be vexing and lead to eventual compromise on a novice's machine. My clients who do not bank or shop online still use it; but you have to cow-tow to their AV, as it is a suite product now. It is still free; but it must be conflicting with some of my kernel based solutions, and I can't get any stability out of it(as if I trusted them anymore anyway).
With the right tools - a scan of the hard drive will not result in any secure data being detected by the crooks. My honey pot tests confirm this.
I got to admit though - even though I dropped Lavasoft's AdAware, I have noticed some malware manipulations on limited rights accounts, that can still be vexing and lead to eventual compromise on a novice's machine. My clients who do not bank or shop online still use it; but you have to cow-tow to their AV, as it is a suite product now. It is still free; but it must be conflicting with some of my kernel based solutions, and I can't get any stability out of it(as if I trusted them anymore anyway).
I'm using GFI Vipre. I also keep a few 'backups' available, but not running (Malware Bytes & various Spyware things). But, no matter who you are, it's not a question of 'if', but 'when'.
I hear that Lavasoft is using Viper's engine in their new suite product - which is still free - AdAware 10. However - since they were bought out by some shady concerns last January, I can't trust them on my machine - but I do encourage clients with little to lose, to continue using it. On those that did uninstall it - they quickly decided to return to using it - so that is proof in the pudding - as I see it.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
