Fear of loading antispy and antivirus on new comp

[715]

There's an article on computer security and antivirus etc in the latest issue of Computer Power User magazine (cpu).  I mention it because the screenshots used showed the author is a member of the AH community (he had the AH BBS open in the background).

[Vulcan]

Originally posted by wabbit
I have never been successfully attacked by a virus while running AVG free and I make a point of visiting dangerous sites on a weekly basis to make certain my protection is working as promised. Again, I've never been infected!

I see absolutely no reason what-so-ever to pay for anti-virus or anti-malware protection.  Give AVG Free a try and you'll see for yourself. If you're not happy then pay for Nod32, or whatever else you decide on.

You should be using some type of image backup software to help protect you if the worst happens, just as another layer of protection, not against being compromised, but to save your butt if something does go wrong.

For that I recommend Acronis True Image. It's easy to use and works well. Unfortunately it isn't free, costly arount $50.00 bucks. I'm still looking for a free alternative, but no luck so far.

I disagree with vulcan on the false positives and failures. Neither my clients or myself have seen the so-called 'false positives that many reviewers talk about. I've been installing AVG free on my clients systems for years and not one has ever been infected.

Well your experience flies in the face of security professionals (me) and indepedent testing sites ( http://www.av-comparatives.org ), btw who are not *reviewers*. Backing up should the worst happen? LOL, what happens if your backup is tainted.

I woke up to a post on another bbs this morning with someone complaining their avast + spybot install had a nice big red trojan demanding they buy someones software.

[Vulcan]

Originally posted by 715
There's an article on computer security and antivirus etc in the latest issue of Computer Power User magazine (cpu).  I mention it because the screenshots used showed the author is a member of the AH community (he had the AH BBS open in the background).

It's llama , we've done the whole AV dance here many times.

[llama]

Believe it or not, I've been intentionally keeping quiet with this thread, since I've given my opinion many times and had lively debates defending my recommendations. ;-)

That said, here's my quick suggestions:

1. AV Products. You need one. I suggest Eset's NOD32 for the best combination of thoroughness and lightness. If you insist on a free product, Avria's AntiVirus is the one to get, though you'll probably want to disable the annoying popup screen advertising the paid version. AVG Free is simply NOT ENOUGH PROTECTION to be worthwhile anymore. I speak from experience, here, kids.

2. AntiSpyware. You probably need one, unless you keep scrupulous system backups and can be trusted to never get infected with spyware. SUPERAntiSpyware is really great at both cleaning (free version) and monitoring the launch points spyware can get into (paid version) without slowing your system like WebRoot's SpySweeper. SpyBot Search & Destroy is simply NOT ENOUGH PROTECTION and DOESN'T CLEAN CURRENT THREATS as well as it used to. My friend and PCMag writer Neil Rubenking recently confirmed my findings: http://www.pcmag.com/article2/0,2704,2261193,00.asp

3. Firewall. You definitely need a hardware firewall, such as a Linksys router, even if you only have one computer. You definitely need an inbound-blocking software firewall like Windows's own built-in firewall. You may or may not need an inbound-outbound software firewall - I guess it depends on if you are a belt-and-suspenders kind of person, but I generally say no on a gaming system, and YES for a system that children use. The free Comodo firewall is really great, and worth checking out if you feel you need it.

4. If you insist on messing around with warez and porn, consider using a VMWare virtual machine or VirtualPC running Windows (or Linux) within your system, or get a second system just for that stuff and use Ghost or Acronis (or similar tool) to revert it back. Let all that stuff run wild in the virtual or second environment, do what you need, then revert it back to its pre-download, clean state when you are done.

and 5. Make sure Windows Update is set to run automatically, and consider using a regularly updated alternative web browser and email program like Opera, Firefox, Thunderbird, or similar.

Thanks for the plug, 715. ;-)

-Llama

[llama]

Regarding AVG Free and False Positives:

The problem with AVG is really False Negatives. It simply doesn't see zero-day threats as problems much of the time, and it is totally bamboozled by rootkits.

-Llama

[Vulcan]

Originally posted by llama
4. If you insist on messing around with warez and porn, consider using a VMWare virtual machine or VirtualPC running Windows (or Linux) within your system, or get a second system just for that stuff and use Ghost or Acronis (or similar tool) to revert it back. Let all that stuff run wild in the virtual or second environment, do what you need, then revert it back to its pre-download, clean state when you are done.

I'd just like to point out that I think the 'stay away from warez and porn sites' is irrelevant today, as many legitimate websites get hijacked and can launch malware infections, especially those websites with embedded 3rd party advertising (*cough*, right llama  )

[llama]

Originally posted by Vulcan
I'd just like to point out that I think the 'stay away from warez and porn sites' is irrelevant today, as many legitimate websites get hijacked and can launch malware infections, especially those websites with embedded 3rd party advertising (*cough*, right llama  )

..Which is pretty much everything these days.

Vulcan refers to a case where it seems the third-party banner adds served up by the CPU website were infected with something. I forwarded your note to the web guys and they say they found the problem, and I haven't heard anything since.

Since Vulcan and I disagree on this, I'll go out on a limb and produce a very unscientific statistic based on nothing more than the observations made over servicing the security and computer needs of hundreds of my computer consulting clients:

Chance of getting infected with something from a warez or porn site over the course of a week of repeated visits and use: maybe 80%.

Chance of getting infected with something from a "normal" website over the course of a week of repeated visits and use: maybe 2%.

Both assume the use of updated, third party browser and updated Windows OS and no good AV/AS products installed.

Play the odds as you wish.

-Llama

[Vulcan]

I think you're wrong llama.  Late last year http://www.stuff.co.nz had the same problem, now this site is THE major news site for New Zealand. Then at the time of our last 'discussion' on a bbs someone linked to an audio companies website that was infected.

I've also heard of cases from some of our vendors, including an Indian Bank website.

Then there is this: http://computerworld.co.nz/news.nsf/scrt/9D7013EA5389746BCC2573F20072B151

The search engine giant trained its web crawling software on billions of web addresses over the past year looking for malicious pages that tried to attack their visitors. They found more than 3 million of them, meaning that about one in 1,000 web pages is malicious, according to Neils Provos, a senior staff software engineer with Google.

These web-based attacks, called "drive-by downloads" by security experts, have become much more common in recent years as firewalls and better security practices by Microsoft have made it harder for worms and viruses to directly attack computers.

In the past year the websites of Al Gore's "An Inconvenient Truth" movie and the Miami Dolphins were hacked, and the MySpace profile of Alicia Keys was used to attack visitors

Given most porn sites are business's commercially focussed and most likely attacked (afterall porn is a high profile target for geeks  ), and sometimes have connections with the business's (like RBN) involved in malware - I'd suggest you're less likely to get malware from a commercial porn site.

[715]

OK.  Now you got me worried.  I've been to the CPU mag web site.  So, does the embedded ad infect your machine even if you don't click it?

[DrDea]

Please Gawd...Dont infect our Pron:rofl

[llama]

Originally posted by 715
OK.  Now you got me worried.  I've been to the CPU mag web site.  So, does the embedded ad infect your machine even if you don't click it?

I never saw the problem myself, (the CPU website has nothing to do with what I do) but broadly speaking, the banner ad problem affected old, unpatched browsers - almost always IE6 prior to SP2's release, but not completely always, if you follow me. And yes, it would work without a user clicking anything.

Note that the problem was with banner ads served by a common banner ad network, so you've undoubtedly been exposed to it from any manner of websites out there. This is the sort of thing that Vulcan is talking about, and why he thinks infection rates from "common" sites are greater than 2%.

Since these attacks are usually only effective against very very very old, unpatched browsers, and that most users reading this forum don't fall into that category, I stand by my 2% estimation.

Vulcan's firewall logs were the only indication of the CPU problem, and I've not seen the logs personally, and can't comment on what the exact problem was, but you've just heard my guess.

-Llama

[Vulcan]

Originally posted by 715
OK.  Now you got me worried.  I've been to the CPU mag web site.  So, does the embedded ad infect your machine even if you don't click it?

It was only there briefly, and nothing that CPU mag themselves caused 715.  Around the same time the Asus website was comprimised and it was serving up malware (though it was 1 of 5 load balanced servers, so you had a 20% chance).

If you want to understand the threat of comprimised websites read up on the storm worm and how many websites it infected. The have a look at the Attack Archives section of zone-h.org .

On average I get one piece of malware blocked a month from regular web surfing (no pr0n or warez sites).

[715]

Thanks...  I think

Somehow I don't have that warm and fuzzy feeling anymore.   I have NOD32 and Adaware Pro (includes real time AdWatch) and neither have ever caught a thing.  I'm no longer sure that means they are good or bad

[SPKmes]

I'm no genius at this stuff but I have found the best set up for me, after paying for anti virus has been.  AVG, Spybot search and Destroy, and Ad aware. They all work well together. These tracked and removed a virus I had been chasing for days and didn't get removed by an over priced antivirus.

PS I didn't think much of ad watch either.

People have to make up their CV's and so new simple and complex insurgents will continue to plague the sinternet just have to do the the best you can.

[715]

Yeah, you have to turn off "Automatic" on AdWatch or it silently stops every change to your registry- even those that you make yourself when you install software.  Was exceedingly annoying until I figured that out.  With "Automatic" off, it asks you what do do for each instance of registry change.