How are they getting in?

[bird7727]

I surf the internet only through a combination of Firefox (proxy), Tor, and Privoxy, I run Norton 360, Ad-Aware, and Spyware Doctor, yet I just found a trojan.popuper. I don't understand how these things keep getting in. Just a few weeks ago, I found a Trojan-Downloader.Zlob.GEN. Also, the same trojan I just quarantined was discovered/quarantined just two months earlier. I am running a port scan with NMap (on my other computer) to see if any unauthorized ports are open.

[The_Computer_Wizard]

my oppinion get rid of norton 360
people i know that LOVE norton still say thats a piece of shit, not to mention it is probably conflicting behind the scenes with ad-aware and spyware doctor fighting for control (not to mention hogging a SHIT ton of resources)

personally i like avast, and its free
if you want to keep with norton dont go with 360

[DenyTheTruth]

Fact: No Virus Scanner is 100% effective.

Subscription based virus scanners are bogus. ALl they do is allow you to shovel your money into someone else's pocket while they do a half-assed job at protecting your PC. New viruses are made every day and new ones are caught, but not even all the ones out there right now are being detected but it'll never be 100%.

[The_Computer_Wizard]

^agreed

[kiddietron]

They aren't useless though. Although I agree that most subscription based anti-virus software are total crap, some like Norton (Not 360) work during their release time.

Having tons of different anti-virus software is not always the best thing.

[sidebottom]

Anti-Spyware and anti-virus are useless to me; all they do is slow me down. I don't use them and I have yet to have any problems. If someone has compromised my computer and I don't know about it, chances are overwhelming that your standard anti-spyware/virus would not have picked them up anyway.

Anyway, in my experience, they flag a lot of benign files as dangerous which could be the case. If you legitimately have malware on your computer, you should learn to take some steps to protect yourself through safe browsing and implementing the good ol' "Policy of Least Privilege."

First, is safe browsing. This is pretty obvious but, you know, you might be REALLY tempted to navigate to a site that is offering up naked pictures of Lindsay Lohands or Nancy Pelosi or whoever it is that tickles your fancy, but those kinds of sites often use "unscrupulous business practices" and can open you up to dangerous situations. Same goes for warez and P2P stuff.

The second is the Policy of Least Privilege. Don't be running highly vulnerable programs like Firefox/IE as root/Administrator. If you're compromised as root you're toast, but if you do all you Lindsey Lowham picture downloading as a lowly, unprivileged user and you get compromised there is not much they can do.

Anyway, like I said, this stuff seems like common sense, but I just figured I would mention it because it has kept the Bonzi buddy at bay for at least a little while.

Of course targeted attacks are a different story, however If someone REALLY wants in any computer and they are good enough...they are getting in. Norton won't help you there.

[The_Computer_Wizard]

No offense side bottom, but i disagree with you 100%
granted safe browsing is a good idea, but it is by no means a good defense by itself
even if you are not running as administrator there are many viruses out there that can still take advantage of your system, just because you're not running as administrator doesnt mean the virus cant use a vuln to get administrator access
(trust me ive seen it a TON of times when someone will bring in a computer, and it turns out the virus came from their kids account, who wasnt an admin, surfin porn)

also (and im not saying this is necissarily your case) in my experience anyone who says they dont use antivirus because it slows down their computer is often riddled with viruses that they dont know about, running rampent in their computer

ive been on sites, which i thought to be legit, all of a sudden a pop-up comes up and i close it (not even by clicking the picture, just right clicking on the taskbar and hitting close) and all of a sudden avast pops up and says "blocked incomming virus threat" or w/e. Thing is, if i didnt have avast i would have assumed it closed with no problem, and i would have had a virus

[sidebottom]

Hey, no offense taken whatsoever. You're right and I should have made it more clear that the lay computer user probably should run those protections. However, for more advanced computer users (especially "computer wizards") I just think they are unnecessary because you know what can and cannot hurt you. And in the cases in which you don't know...Norton probably won't help you anyway.

If I am compromised, it's not from the Bonzi buddy or lame spyware; it's from a serious targeted attack or me being stupid enough to run an EXE that should not be trusted.

Your "blocked incoming virus threat" comment is exactly what I am talking about when I mentioned benign operations being flagged as malicious. I've used anti-virus/anti-spyware in the past and they flag hundreds of innocuous files such as HTML files and cookies as viruses and trojans. Honestly, I think they just do it to scare you and make you say "Boy, I am sure glad I'm paying $xxx.xx a year for my Norton Anti-Virus definition updates!"

Honestly, if your computer is fully patched and you don't explicitly (or accidentially) allow the installation of harmful IE/FF plugins, disregarding 0day exploits, I don't see how the average user is going to be compromised while surfing the web. If it IS a 0day exploit, you're screwed anyway, with or without protection.

And as for your comment about privilege escalation, I'm curious how you know that it was the kids account and not the parents? Either you're damn good at computer forensics or you're just taking the person's word. Hell, would you expect any adult to be like "Yea, you see, this website promised me naked pictures of Lindy Lohan and I just couldn't resist!" Nah, it's a lot easier to blame it on the kid. My principal of least privilege comments about admin and all is simple. If you accidentally run malware as root/admin, it can do whatever it wants with the kernel and make it a real pain to remove. If you run it as an unprivileged user it can't therefore, making easier to extirpate.

By the way, I'm just curious The_Computer_Wizard, do you work in the Geek Squad or something?

[xcurious]

it helps to have a anti virus but it all comes down to using your head, you could have the best anti virus in the world, if you are a dumbass you will be owned.

offering up naked pictures of Lindsay Lohands or Nancy Pelosi or whoever it is that tickles your fancy

hillary clinton ftw

[The_Computer_Wizard]

sidebottom i mostly agree
but the thing avast blocked wasnt an html file or anything, it was a popup for that win-antivirus 2008 (that was actualy a virus itself) thus why i closed it from the task bar, trying not to take a chance
and thats when avast poped up

i was just saying, unless you are doing some pretty boring internet surfing (And no i dont mean non-boring is porn surfing) where you are only on sites like the ubuntu forums, hts, or w/e an antivirus program is a good idea