How are they getting in?

The constant threat: viruses, trojans, spyware, ... the list goes on

How are they getting in?

Post by bird7727 on Sat Feb 07, 2009 1:57 am
([msg=17493]see How are they getting in?[/msg])

I surf the internet only through a combination of Firefox (proxy), Tor, and Privoxy, I run Norton 360, Ad-Aware, and Spyware Doctor, yet I just found a trojan.popuper. I don't understand how these things keep getting in. Just a few weeks ago, I found a Trojan-Downloader.Zlob.GEN. Also, the same trojan I just quarantined was discovered/quarantined just two months earlier. I am running a port scan with NMap (on my other computer) to see if any unauthorized ports are open.
bird7727
New User
New User
 
Posts: 48
Joined: Sun Feb 01, 2009 12:43 am
Blog: View Blog (0)


Re: How are they getting in?

Post by The_Computer_Wizard on Sat Feb 07, 2009 2:01 am
([msg=17494]see Re: How are they getting in?[/msg])

my oppinion get rid of norton 360
people i know that LOVE norton still say thats a piece of shit, not to mention it is probably conflicting behind the scenes with ad-aware and spyware doctor fighting for control (not to mention hogging a SHIT ton of resources)

personally i like avast, and its free
if you want to keep with norton dont go with 360
Image
User avatar
The_Computer_Wizard
Poster
Poster
 
Posts: 119
Joined: Thu May 01, 2008 9:02 am
Blog: View Blog (0)


Re: How are they getting in?

Post by DenyTheTruth on Sat Feb 07, 2009 2:28 am
([msg=17497]see Re: How are they getting in?[/msg])

Fact: No Virus Scanner is 100% effective.

Subscription based virus scanners are bogus. ALl they do is allow you to shovel your money into someone else's pocket while they do a half-assed job at protecting your PC. New viruses are made every day and new ones are caught, but not even all the ones out there right now are being detected but it'll never be 100%.
~ Parruption in Coradise ~
User avatar
DenyTheTruth
Poster
Poster
 
Posts: 139
Joined: Wed Jan 07, 2009 9:54 pm
Blog: View Blog (0)


Re: How are they getting in?

Post by The_Computer_Wizard on Sat Feb 07, 2009 2:28 pm
([msg=17512]see Re: How are they getting in?[/msg])

^agreed
Image
User avatar
The_Computer_Wizard
Poster
Poster
 
Posts: 119
Joined: Thu May 01, 2008 9:02 am
Blog: View Blog (0)


Re: How are they getting in?

Post by kiddietron on Sun Feb 08, 2009 1:48 pm
([msg=17516]see Re: How are they getting in?[/msg])

They aren't useless though. Although I agree that most subscription based anti-virus software are total crap, some like Norton (Not 360) work during their release time.

Having tons of different anti-virus software is not always the best thing.
--Advertising's a no-no. :)
kiddietron
Experienced User
Experienced User
 
Posts: 57
Joined: Sat Aug 16, 2008 8:17 pm
Blog: View Blog (0)


Re: How are they getting in?

Post by sidebottom on Sun Feb 08, 2009 3:02 pm
([msg=17518]see Re: How are they getting in?[/msg])

Anti-Spyware and anti-virus are useless to me; all they do is slow me down. I don't use them and I have yet to have any problems. If someone has compromised my computer and I don't know about it, chances are overwhelming that your standard anti-spyware/virus would not have picked them up anyway.

Anyway, in my experience, they flag a lot of benign files as dangerous which could be the case. If you legitimately have malware on your computer, you should learn to take some steps to protect yourself through safe browsing and implementing the good ol' "Policy of Least Privilege."

First, is safe browsing. This is pretty obvious but, you know, you might be REALLY tempted to navigate to a site that is offering up naked pictures of Lindsay Lohands or Nancy Pelosi or whoever it is that tickles your fancy, but those kinds of sites often use "unscrupulous business practices" and can open you up to dangerous situations. Same goes for warez and P2P stuff.

The second is the Policy of Least Privilege. Don't be running highly vulnerable programs like Firefox/IE as root/Administrator. If you're compromised as root you're toast, but if you do all you Lindsey Lowham picture downloading as a lowly, unprivileged user and you get compromised there is not much they can do.

Anyway, like I said, this stuff seems like common sense, but I just figured I would mention it because it has kept the Bonzi buddy at bay for at least a little while.

Of course targeted attacks are a different story, however ;) If someone REALLY wants in any computer and they are good enough...they are getting in. Norton won't help you there.
sidebottom
Poster
Poster
 
Posts: 104
Joined: Fri Nov 21, 2008 12:09 am
Blog: View Blog (0)


Re: How are they getting in?

Post by The_Computer_Wizard on Sun Feb 08, 2009 3:10 pm
([msg=17519]see Re: How are they getting in?[/msg])

No offense side bottom, but i disagree with you 100%
granted safe browsing is a good idea, but it is by no means a good defense by itself
even if you are not running as administrator there are many viruses out there that can still take advantage of your system, just because you're not running as administrator doesnt mean the virus cant use a vuln to get administrator access
(trust me ive seen it a TON of times when someone will bring in a computer, and it turns out the virus came from their kids account, who wasnt an admin, surfin porn)

also (and im not saying this is necissarily your case) in my experience anyone who says they dont use antivirus because it slows down their computer is often riddled with viruses that they dont know about, running rampent in their computer

ive been on sites, which i thought to be legit, all of a sudden a pop-up comes up and i close it (not even by clicking the picture, just right clicking on the taskbar and hitting close) and all of a sudden avast pops up and says "blocked incomming virus threat" or w/e. Thing is, if i didnt have avast i would have assumed it closed with no problem, and i would have had a virus
Image
User avatar
The_Computer_Wizard
Poster
Poster
 
Posts: 119
Joined: Thu May 01, 2008 9:02 am
Blog: View Blog (0)


Re: How are they getting in?

Post by sidebottom on Sun Feb 08, 2009 4:00 pm
([msg=17527]see Re: How are they getting in?[/msg])

Hey, no offense taken whatsoever. You're right and I should have made it more clear that the lay computer user probably should run those protections. However, for more advanced computer users (especially "computer wizards") I just think they are unnecessary because you know what can and cannot hurt you. And in the cases in which you don't know...Norton probably won't help you anyway.

If I am compromised, it's not from the Bonzi buddy or lame spyware; it's from a serious targeted attack or me being stupid enough to run an EXE that should not be trusted.

Your "blocked incoming virus threat" comment is exactly what I am talking about when I mentioned benign operations being flagged as malicious. I've used anti-virus/anti-spyware in the past and they flag hundreds of innocuous files such as HTML files and cookies as viruses and trojans. Honestly, I think they just do it to scare you and make you say "Boy, I am sure glad I'm paying $xxx.xx a year for my Norton Anti-Virus definition updates!"

Honestly, if your computer is fully patched and you don't explicitly (or accidentially) allow the installation of harmful IE/FF plugins, disregarding 0day exploits, I don't see how the average user is going to be compromised while surfing the web. If it IS a 0day exploit, you're screwed anyway, with or without protection.

And as for your comment about privilege escalation, I'm curious how you know that it was the kids account and not the parents? Either you're damn good at computer forensics or you're just taking the person's word. Hell, would you expect any adult to be like "Yea, you see, this website promised me naked pictures of Lindy Lohan and I just couldn't resist!" Nah, it's a lot easier to blame it on the kid. My principal of least privilege comments about admin and all is simple. If you accidentally run malware as root/admin, it can do whatever it wants with the kernel and make it a real pain to remove. If you run it as an unprivileged user it can't therefore, making easier to extirpate.

By the way, I'm just curious The_Computer_Wizard, do you work in the Geek Squad or something?
sidebottom
Poster
Poster
 
Posts: 104
Joined: Fri Nov 21, 2008 12:09 am
Blog: View Blog (0)


Re: How are they getting in?

Post by xcurious on Sun Feb 08, 2009 4:24 pm
([msg=17532]see Re: How are they getting in?[/msg])

it helps to have a anti virus but it all comes down to using your head, you could have the best anti virus in the world, if you are a dumbass you will be owned.

offering up naked pictures of Lindsay Lohands or Nancy Pelosi or whoever it is that tickles your fancy

hillary clinton ftw
- Apologies to all who I have flamed in the past. Thanks mods for unbanning me.


ckw100 wrote:so i have been pacticeing my batch file hacking for networks
xcurious
Experienced User
Experienced User
 
Posts: 79
Joined: Sun Sep 21, 2008 3:49 pm
Blog: View Blog (0)


Re: How are they getting in?

Post by The_Computer_Wizard on Sun Feb 08, 2009 7:19 pm
([msg=17544]see Re: How are they getting in?[/msg])

sidebottom i mostly agree
but the thing avast blocked wasnt an html file or anything, it was a popup for that win-antivirus 2008 (that was actualy a virus itself) thus why i closed it from the task bar, trying not to take a chance
and thats when avast poped up

i was just saying, unless you are doing some pretty boring internet surfing (And no i dont mean non-boring is porn surfing) where you are only on sites like the ubuntu forums, hts, or w/e an antivirus program is a good idea
Image
User avatar
The_Computer_Wizard
Poster
Poster
 
Posts: 119
Joined: Thu May 01, 2008 9:02 am
Blog: View Blog (0)


Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron