Our server costs ~$33 per month to run. Please consider donating or becoming a Patron to help keep the site running. Help us gain new members by following us on Twitter and liking our page on Facebook!
Current time: 20th January 2017, 05:56

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Protection From Malware (Windows Users)
#11
RE: Protection From Malware (Windows Users)
(26th April 2013, 15:47)JesusHChrist Wrote: But AVG detecting a virus inside a VM disk file is not the same as the host being forced to execute that code. How would the host run the infected code and become infected itself? Seems like there would need to be a flaw in the VM software itself. I also use virtualbox BTW.

I'll have to look into this as I thought windows within windows was a safe architecture.

VirtualBox rules! Big Grin

I agree entirely. However, I found it extremely disconcerting that AVG on the host could detect a piece of malware that was residing inside what I perceived to be multiple layers of protection (i.e. Windows VM, Sandboxie et cetera). Although this obviously does not mean that the execution of the malware inside the VM will automatically lead to infection on the host, there is a much greater probability that the malware will be able to escape the VM and infect the host if you are: using the same operating system for the VM and host, sharing drives and sharing network connections. It also depends on how sophisticated the malware is. I do not think so much that it would be a flaw in the VM software, but rather the ability of the malware to detect that the host and VM are using the same operating system. If the VM is Linux and host is Windows, and you're running the Windows software with WINE in the Linux VM, this will massively confuse the malware; it will not be able to perform operations outside of WINE.
Reply
#12
RE: Protection From Malware (Windows Users)
I've been deeply involved with computing for a long, long time, and aside from my personal safe computing practices, my number one rule is this: Nobody uses my PC except me. I keep a guest PC for guests to use, firewalled from the rest of my network, with user accounts with no admin privileges. I don't keep anything valuable on this PC, and can re-install it whenever I feel like it.

As far as my own habits go -
  • Keep up to date on security and anti-malware patches
  • Don't install software from questionable / untrusted / unknown (obviously this is a judgement call)
  • Don't visit questionable websites (another judgement call)
  • Use browser addons such as AdBlock, Ghostery, NoScript and whitelist exceptions.
  • Use virtual machines for any high-risk computing
  • Employ a good backup strategy for important data, including offsite storage and archiving.
  • Use difficult to exploit passphrases on everything of value wherever possible.

For what it's worth, I rarely see a hit in my anti-virus software (because of safe habits), and I haven't had a known successful infection in so long that I can't remember when it last happened (at least 10 years ago).
Reply
#13
RE: Protection From Malware (Windows Users)
(26th April 2013, 16:20)Cthulhu Dreaming Wrote: As far as my own habits go -
  • Keep up to date on security and anti-malware patches
  • Don't install software from questionable / untrusted / unknown (obviously this is a judgement call)
  • Don't visit questionable websites (another judgement call)
  • Use browser addons such as AdBlock, Ghostery, NoScript and whitelist exceptions.
  • Use virtual machines for any high-risk computing
  • Employ a good backup strategy for important data, including offsite storage and archiving.
  • Use difficult to exploit passphrases on everything of value wherever possible.

Great habits. Clap I also follow a very similar strategy. I pay a particular emphasis on the "use virtual machines for any high-risk computing". I have a keen interest in operating systems and security, but I also have an interest in program cracking (with disassemblers and assembly code editors such as "OllyDBG") and warez, the latter of which is VERY high risk, of which I'm sure you're well aware. I am sure that "warez" will be frowned upon by some of the more moralistic members of this forum. Angel Cloud
Reply
#14
RE: Protection From Malware (Windows Users)
(26th April 2013, 14:55)Love Wrote: What method would you use to safely "test" a piece of Windows malware without infecting the host machine? Also, at the organisation/company where you work, I would be interested to know the security measures that you undertake in terms of protection from malware.

Hah, what I meant is that users who get infected machines provide me with the experience for both avoiding malware in the first place, and dealing with it when there is an infection. Smile

We use Vipre Enterprise on our systems, having switched from Symantec Endpoint Protection a year or two ago. I remain unimpressed by most enterprise AV, and to be honest the thing that has reduced our incidence of virus infections is plain old user experience. Most attempts at infecting a machine are still either through email attachments or pop-up warnings that prompt the user to install a "virus cleaner." Employees here have become suspicious enough that it's very rare that anyone opens an infected attachment or clicks on a download link without checking with me first.

Malwarebytes and TDSSKiller are still my go-to tools when a machine is infected.
"Well, evolution is a theory. It is also a fact. And facts and theories are different things, not rungs in a hierarchy of increasing certainty. Facts are the world's data. Theories are structures of ideas that explain and interpret facts. Facts don't go away when scientists debate rival theories to explain them. Einstein's theory of gravitation replaced Newton's in this century, but apples didn't suspend themselves in midair, pending the outcome. And humans evolved from ape- like ancestors whether they did so by Darwin's proposed mechanism or by some other yet to be discovered."

-Stephen Jay Gould
Reply
#15
RE: Protection From Malware (Windows Users)
(26th April 2013, 16:37)Tonus Wrote: We use Vipre Enterprise on our systems, having switched from Symantec Endpoint Protection a year or two ago.

Interesting. Well as a home user, I am strongly considering discarding local AV/Internet security software completely. AVG is good, but the amount of obvious malware that goes undetected by it (even if it is completely up to date) is unacceptable. This is why I execute all dodgy Windows applications and websites in the Linux VM; it is vastly more secure.

(26th April 2013, 16:37)Tonus Wrote: Malwarebytes and TDSSKiller are still my go-to tools when a machine is infected.

Aside from the method that I use, how would you go about "preventing" a Windows machine from being infected in the first place (assuming that the malware is undetectable on most commercial AV packages? Would you simply allow your machine to become infected and then endeavour to remove the virus(es) using Malwarebytes and TDSSKiller? I just do longer have a great deal of confidence in virus removal programs.
Reply
#16
RE: Protection From Malware (Windows Users)
I think you're overdoing it. I don't tend to get a lot of malware, but then I'm not stupid enough to download key generators or torrents. Shrug.
Reply
#17
RE: Protection From Malware (Windows Users)
(26th April 2013, 16:54)Love Wrote: Aside from the method that I use, how would you go about "preventing" a Windows machine from being infected in the first place (assuming that the malware is undetectable on most commercial AV packages? Would you simply allow your machine to become infected and then endeavour to remove the virus(es) using Malwarebytes and TDSSKiller? I just do longer have a great deal of confidence in virus removal programs.

I don't know if it's possible to prevent an infection as much as try to avoid them. Cthulhu Dreaming covered the most pertinent steps. I try to avoid suspicious sites and files, and am cautious if I ever get a pop-up window or any sort of offer for toolbars and utilities that I don't recognize. I just checked the history on my MSE and it shows nothing. I know I've had an infection or two over the past ten years or so, but I discovered them quickly enough that they didn't do much more than inconvenience me.

One useful thing to do is add entries to your Hosts file. I only have a couple of entries in mine right now, but in the past I used the one from WinHelp. They are useful for keeping some of the more annoying sites from getting access to your computer, even if it's just for the sake of spamming you with worthless ads.
"Well, evolution is a theory. It is also a fact. And facts and theories are different things, not rungs in a hierarchy of increasing certainty. Facts are the world's data. Theories are structures of ideas that explain and interpret facts. Facts don't go away when scientists debate rival theories to explain them. Einstein's theory of gravitation replaced Newton's in this century, but apples didn't suspend themselves in midair, pending the outcome. And humans evolved from ape- like ancestors whether they did so by Darwin's proposed mechanism or by some other yet to be discovered."

-Stephen Jay Gould
Reply
#18
RE: Protection From Malware (Windows Users)



While avoiding dodgy sites has been the mantra in the past, I've read that the bulk of current vectors from web sites are from web sites that don't fit the profile for high risk.


Reply
#19
RE: Protection From Malware (Windows Users)
(26th April 2013, 16:20)Cthulhu Dreaming Wrote: I've been deeply involved with computing for a long, long time, and aside from my personal safe computing practices, my number one rule is this: Nobody uses my PC except me. I keep a guest PC for guests to use, firewalled from the rest of my network, with user accounts with no admin privileges. I don't keep anything valuable on this PC, and can re-install it whenever I feel like it.

As far as my own habits go -
  • Keep up to date on security and anti-malware patches
  • Don't install software from questionable / untrusted / unknown (obviously this is a judgement call)
  • Don't visit questionable websites (another judgement call)
  • Use browser addons such as AdBlock, Ghostery, NoScript and whitelist exceptions.
  • Use virtual machines for any high-risk computing
  • Employ a good backup strategy for important data, including offsite storage and archiving.
  • Use difficult to exploit passphrases on everything of value wherever possible.

For what it's worth, I rarely see a hit in my anti-virus software (because of safe habits), and I haven't had a known successful infection in so long that I can't remember when it last happened (at least 10 years ago).

I recommend changing your DNS to one hosted by McAfee!

It offers different levels of protection.
Imagination will often carry us to worlds that never were. But without it we go nowhere. - Carl Sagan
Professional Watcher of The Daily Show and The Colbert Report!
Reply
#20
RE: Protection From Malware (Windows Users)
OH boy...
As a long time windows user and long time security fanatic, I would NEVER recommend the crap that is AVG.
See this site for an apparently unbiased anti-virus comparative: http://av-comparatives.org
Notice the detection tests.
Unlike cthulu, I remember the last time I was infected... I knew I was going to get infected, but, heck, I wanted to watch that video!... in the end, I didn't get to watch it .... GRRRRRRRRR....
Unknowingly infected... that... I don't remember. perhaps the barrotes virus when I used DOS.

Anyway, the one most important rule to follow: DO NOT USE THE ADMINISTRATOR ACCOUNT FOR EVERYDAY USE! You can do this in windows ever since XP.
Only go into the administrator account for installing the programs you want... but beware of their origin. If downloading from warez or torrents, don't be the first nut to install the new game out... wait for comments from the idiots, or the lucky guys.
In winXP, you can do almost everything from the user account, with a right click and "run as..." to run as the administrator.
In win Vista (and 7 & 8), this feature became a must and works really well... so well, I wanted it on my linux machine!... I hate having to sudo everything from the command line! fedora 18 seems to prompt me for root password for a few programs that require it.... which is a step in the right direction...

As for firewall, ever since XP SP2, the built in firewall is good enough for most users. Unless you have some very special need, just stick with it.

Anti-virus, from the site I posted above, you can see that the one software that detects the most malware is G-data (commercial) closely followed by AVIRA (commercial, but with a free version!)... I use avira free and it catches everything that could have infected me, mostly, infected usb sticks.

The browser, I use flashblock and adblock to prevent stupid content from being downloaded to my computer... and it has the strange side effect of leaving webpages looking real slick!
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  MacOS users help meh SteelCurtain 14 300 13th January 2017, 20:34
Last Post: johan
  Windows 10 Running Slow A Theist 18 270 29th December 2016, 18:19
Last Post: pocaracas
  Groove Music vs Windows media player paulpablo 1 176 11th November 2016, 15:25
Last Post: Moros Synackaon
  New Windows 10 udpate. Jehanne 7 452 15th August 2016, 22:24
Last Post: Jehanne
  Fucking Windows 8/8.1 Alasdair Ham 143 3413 20th July 2016, 02:32
Last Post: Excited Penguin
  Any free PDF editors for Windows 10? KevinM1 14 550 18th July 2016, 08:44
Last Post: Gawdzilla
  Windows 10 mouse unresponsive Sterben 9 702 7th June 2016, 02:10
Last Post: SteelCurtain
  Windows 10 A Theist 205 17521 14th March 2016, 03:11
Last Post: Maelstrom
Information Windows OEM "Licensing" Aractus 1 345 3rd February 2016, 05:37
Last Post: ignoramus
  Linux users? Are there any here? Lemonvariable72 31 1871 18th September 2015, 08:33
Last Post: ironicprogrammer



Users browsing this thread: 1 Guest(s)