[QUOTE=GoDong-DK;33044496]
If a couple of persons could set up a VM with Windows 7, and various free AVs, as well as a predefined virus list, we could put this somewhat to rest.[/QUOTE]
Ugh, this is just too frustrating. This would take up too much time when I have other shit to do. There are like 4 layers of protection I'd have to disable just to download the samples.
[QUOTE=waxrock;33044600]Ugh, this is just too frustrating. This would take up too much time when I have other shit to do. There are like 4 layers of protection I'd have to disable just to download the samples.[/QUOTE]
That's why you do it in a VM...
[QUOTE=gparent;33045883]That's why you do it in a VM...[/QUOTE]
I was. The AV on the host machine is preventing the VM from downloading the samples.
[QUOTE=waxrock;33046110]I was. The AV on the host machine is preventing the VM from downloading the samples.[/QUOTE]
Oh... I don't do network scan.
[QUOTE=waxrock;33035190]
[img]http://i.imgur.com/uk20c.png[/img]
Still not understanding why people recommend MSE.[/QUOTE]
>Mcafee
>advanced+
HAHAHAHAHAHH, maybe if they were scanning things from 1997, Mcafee is probably the worst AV available. either they donated a good deal of money for that ranking or the test is BS
[editline]31st October 2011[/editline]
I usually do MSE for most protection, MBAM for on demand scanning
Linux
[QUOTE=ZombieWaffle;33042800]Avira AntiVir[/QUOTE]
This. Been using it for years now. Completely free, works like a charm.
I like how waxrock is backing up his arguments using sources and statistics and everyone's counter argument is "nah, your sources are full of shit[citation needed]"
In any case, this thread has convinced me that I should replace Comodo's AV with Avast! and use it in conjuction with Comodo's firewall.
[editline]31st October 2011[/editline]
Speaking of which, does anybody here have experience with the sandboxing capabilities of various software? Both Comodo and Avast! have sandboxing but I'm not sure which one is better.
Hmm, thought Antivirus was free with new PCs.
[QUOTE=RubberFruit;33057939]Hmm, thought Antivirus was free with new PCs.[/QUOTE]
Well, depending on the manufacturer, if you bought a PC it might come with tons of bloatware and it might have Norton or McAfee 30 day trial or something. Obviously, the trial may run out or you might have simply just built a PC yourself, requiring you to make decisions on what you are going to do about your antivirus situation.
I can't Comodo
avast
avast! or MSE
AVG is shit
Common Sense is dumb
End of story
I use Bit Defender OP, It's not let me down yet, doesnt hog CPU power and is only £18
How is common sense dumb? In all of my years being alive, even back in the days of AOL shit, the only way I could obtain malicious software (most stuff today isn't a virus by definition) was by purposely downloading idiotic spyware that was obvious and blatantly suspicious or downloading software from untrustworthy sources.
There are many programmers on Facepunch, myself being one of them, and if anyone from that group of individuals can explain to me why I should care about antiviral software in a rational and reasonable statement, perhaps I won't frown upon it.
I can see it being useful for people who have their head up their bottoms and don't know a thing or two about basic manipulating of people on the Internet, but in general I can't see its usage being practical for those people who know what they're downloading.
Major software exploits which allow for downloading of unauthorized content, and execution upon completion of the download are one thing, but these things are patched in future versions as a general outlook on updated software.
Because you're no longer completely safe through inaction or by selected action. Safe sites can be exploited and being connected to a network often means you're open to malicious software.
In a modern setting, common sense includes active real-time anti-virus software as well as a firewall.
[QUOTE=Allstone;33115301]Because you're no longer completely safe through inaction or by selected action. Safe sites can be exploited and being connected to a network often means you're open to malicious software.
In a modern setting, common sense includes active real-time anti-virus software as well as a firewall.[/QUOTE]
But this is completely bullshit, "inaction or by selected action" doesn't mean anything at all.
If you want to exploit someone's system, you need to execute something on it.
If you rule out the fact that you're not going to experience [url=http://www.youtube.com/watch?v=c8cQ0yU89sk]obscure software exploits[/url] (Link to a single example), which in most cases cannot be protected from anyway, then you're left with raw, plain, run-of-the-mill programs doing something to a computer.
You have to obtain those programs first, and that lies within the hands of the end-user.
Your computer use decisions are up to you. If you believe that the only way to get malware is by being stupid then I'm in no position to change that opinion.
[QUOTE=amcfaggot;33115245]How is common sense dumb? In all of my years being alive, even back in the days of AOL shit, the only way I could obtain malicious software (most stuff today isn't a virus by definition) was by purposely downloading idiotic spyware that was obvious and blatantly suspicious or downloading software from untrustworthy sources.[/QUOTE]
There are easier ways now. This isn't the AOL days.
[QUOTE=amcfaggot;33115245]There are many programmers on Facepunch, myself being one of them, and if anyone from that group of individuals can explain to me why I should care about antiviral software in a rational and reasonable statement, perhaps I won't frown upon it.[/QUOTE]
Oh, so you're a programmer? So basically you'd trust a site like mysql.com to be safe and you'd say it wouldn't help to have an anti-virus when visiting that site, correct?
[QUOTE=amcfaggot;33115245]I can see it being useful for people who have their head up their bottoms and don't know a thing or two about basic manipulating of people on the Internet, but in general I can't see its usage being practical for those people who know what they're downloading.[/QUOTE]
There are more vectors of infection than direct download and execution. This is when an anti-virus becomes useful.
[QUOTE=amcfaggot;33115245]Major software exploits which allow for downloading of unauthorized content, and execution upon completion of the download are one thing, but these things are patched in future versions as a general outlook on updated software.[/QUOTE]
That depends on the vendor. For instance, Microsoft can take years to get patches out. And there is still a window of opportunity when a 0-day appears where patches just don't exist. An anti-virus can help with these, especially those that do network scanning because they could potentially detect the payload in transit.
[QUOTE=amcfaggot;33115349]But this is completely bullshit, "inaction or by selected action" doesn't mean anything at all.[/QUOTE]
I think he meant that you don't necessarily need to do anything wrong to be exploited, but I'm not sure.
[QUOTE=amcfaggot;33115349]You have to obtain those programs first, and that lies within the hands of the end-user.[/QUOTE]
No, that lies within the hands of every single program the user is running, especially those connected to the internet.
Security is a matter of layers. Common sense is just one of these layers (a very exploitable one).
[QUOTE=gparent;33118861]There are easier ways now. This isn't the AOL days.[/QUOTE]
You have it backwards, it's more difficult now for programmers to write exploits due to security changes in software architecture over the years. Different paradigms make it impossible in some cases.
[QUOTE=gparent;33118861]Oh, so you're a programmer? So basically you'd trust a site like mysql.com to be safe and you'd say it wouldn't help to have an anti-virus when visiting that site, correct?[/QUOTE]
Uh. Yes. And infact, I haven't used antivirus software in over a decade at least. This honestly just sounds paranoid. Can you inform me of a security bypass that would allow a [b]website[/b] to do anything to my computer at all? It's quite literally impossible without a third-party plugin being abused through a site.
[QUOTE=gparent;33118861]There are more vectors of infection than direct download and execution. This is when an anti-virus becomes useful.[/QUOTE]
Like what, and how? You can't give people viruses by being connected to a network. They have to do something first, and be baited into being a victim.
Most malicious software that isn't an executable cannot be detected by an anti-virus anyway. Anti-viruses primarily detect... well... executables. The only way around this is to protect users from an execution environment.
[QUOTE=gparent;33118861]That depends on the vendor. For instance, Microsoft can take years to get patches out. And there is still a window of opportunity when a 0-day appears where patches just don't exist. An anti-virus can help with these, especially those that do network scanning because they could potentially detect the payload in transit.[/QUOTE]
Years is a massive overstatement, and there will always be a window of opportunity for 0-day exploits, because no one knows about them. Not even anti-virus signature repositories would hold data on these types of exploits, so not even anti-virus software would help.
The two types of prevention here would be a payload which initially breaks through from a security hole, and delivers a process which has a known virus signature and can be easily blocked (which no sane software engineer would write, if they knew how to exploit an unknown security hole), or, once again, an execution environment which kept things from occurring outside of intentionally ran processes.
Though to be honest, UAC can block this, and if the exploit came from the process host which had been exploited in the first place, UAC, anti-virus software, or execution sandboxes would never be able to prevent it, because it would have came from a process that was invoked by the user in the first place.
[QUOTE=gparent;33118861]I think he meant that you don't necessarily need to do anything wrong to be exploited, but I'm not sure.
No, that lies within the hands of every single program the user is running, especially those connected to the internet.
Security is a matter of layers. Common sense is just one of these layers (a very exploitable one).[/QUOTE]
That's fine, but something has to get you there first. You can't sit around and get a virus. If you're that paranoid and uninformed that you don't know what programs will download software from unknown servers, then your views on anti-viral software are horribly skewed.
I don't worry about iTunes downloading viruses while I'm not looking, or Google Chrome installing spyware, or Steam putting tranny porn all over my desktop because I don't download weird shit.
I'm with amc on this one, I haven't had real-time antimalware installed for many, many years and I very occasionally scan with MBAM.
Nothing has ever been found.
[QUOTE=sambooo;33119258]I'm with amc on this one, I haven't had real-time antimalware installed for many, many years and I very occasionally scan with MBAM.
Nothing has ever been found.[/QUOTE]
No real-time AV installed, Using Chrome, got 3 viruses in two months of computer usage.
But you see, now they get to just say that your computer use practices are better than yours. Since that's not easily quantifiable, you can't really argue against them, making discussion fairly unproductive.
But that's not my argument, and I'm not trying to imply that, though that is something you can pull from the discussion.
What I am trying to say though is, if you're a regular computer user and you're not downloading anything weird, you don't have a need for anti-virus software.
If you do download a lot of stuff, stuff that you may not consider completely trustworthy all the time, and frequently (Read: warez, torrented downloads, etc.), it would be wise to use something like MSE, which provides a fine amount of virus definition protection against that sort of stuff.
[QUOTE=amcfaggot;33115245]es.There are many programmers on Facepunch, myself being one of them, and if anyone from that group of individuals can explain to me why I should care about antiviral software in a rational and reasonable statement, perhaps I won't frown upon it.[/QUOTE]
Have you tried out MSE? It's so integrated into Windows, you don't even know it's running (except for the little icon on your system tray of course). By far the easiest GUI, no little tricks, no random popups asking you to do something or interrupt your computer usage, and it uses very little ram.
If someone managed to install it on your PC and use the registry to get rid of the system tray icon, you'd never know you had it, it's that convenient. Googling it is probably the biggest inconvenience of the whole process.
[QUOTE=amcfaggot;33119145]You have it backwards, it's more difficult now for programmers to write exploits due to security changes in software architecture over the years. Different paradigms make it impossible in some cases.[/quote]
You're correct, it's more difficult to exploit certain vectors. What I should've written is that there are multiple vectors of infections that we didn't see often before. They can be either easier or harder. My point is that double-clicking an .exe is not the only thing that can make you execute malicious code.
[QUOTE=amcfaggot;33119145]Uh. Yes. And infact, I haven't used antivirus software in over a decade at least. This honestly just sounds paranoid. Can you inform me of a security bypass that would allow a [b]website[/b] to do anything to my computer at all? It's quite literally impossible without a third-party plugin being abused through a site.[/quote]
Who cares if it's a third party plugin? My point is, you can't trust websites to be safe, because [url=http://www.scmagazineus.com/mysqlcom-hacked-to-distribute-malware/article/212883/]they can be hacked.[/url] So your "common sense" anti-virus is completely unreliable. What are you using is called [b]luck[/b]. Your common sense reduces greatly your chance to click on a malicious link, but it can never eliminate it entirely. Every single time you visit a website, you're lucky it wasn't hacked that day to distribute malware and infect your machine. Being lucky isn't proper protection.
[QUOTE=amcfaggot;33119145]Like what, and how? You can't give people viruses by being connected to a network. They have to do something first, and be baited into being a victim.[/QUOTE]
If you truly believe that, you are not fit for a discussion on IT security. A few months ago you could [url=http://seclists.org/fulldisclosure/2009/Sep/39]BSoD a Windows machine by sending it a malformed SMB packet.[/url] That requires no intervention by the user whatsoever. Similar exploits exist that allow remote code execution, which essentially amounts to "getting a virus by doing nothing".
[QUOTE=amcfaggot;33119145]Most malicious software that isn't an executable cannot be detected by an anti-virus anyway. Anti-viruses primarily detect... well... executables. The only way around this is to protect users from an execution environment.[/QUOTE]
Payloads can match signatures or trigger heuristics. Anything can be executable code if it's in the right area in memory.
[QUOTE=amcfaggot;33119145]Years is a massive overstatement,[/QUOTE]
No it's not. It [url=http://news.cnet.com/8301-13846_3-10094696-62.html]has happened before[/url], and will happen again.
[QUOTE=amcfaggot;33119145]and there will always be a window of opportunity for 0-day exploits, because no one knows about them. Not even anti-virus signature repositories would hold data on these types of exploits, so not even anti-virus software would help.[/QUOTE]
Like I said, it's all about layers of security. New exploits can execute known payload, old exploits can be used to execute new payloads... an anti-virus will help against the former but software updates will help better against the latter... The point is to have multiple barriers of protection, not one to rule them all. The same applies to [url=http://en.wikipedia.org/wiki/Layered_security]IT infrastructure security.[/url]
[QUOTE=amcfaggot;33119145]Though to be honest, UAC can block this, and if the exploit came from the process host which had been exploited in the first place, UAC, anti-virus software, or execution sandboxes would never be able to prevent it, because it would have came from a process that was invoked by the user in the first place.[/QUOTE]
That's incorrect. UAC can prevent privilege escalation unless your application already requested privileged execution. For instance, you won't be running as admin. UAC will help e.g. against an exploit targeting Firefox that attempts to execute privileged code. The hacker will need two exploits, which is harder than one. Again here the key is to have multiple layers of protection. UAC alone won't block certain types of attacks, just like an anti-virus alone will be vulnerable to other types of attacks. Of course, [url=http://www.spamfighter.com/News-15489-Windows-Vulnerability-Helps-Malware-to-Evade-UAC.htm]UAC, too, can be hacked[/url].
[QUOTE=amcfaggot;33119145]That's fine, but something has to get you there first. You can't sit around and get a virus.[/QUOTE]
Never heard of remote holes? Keeping your software up-to-date is another layer of security.
[QUOTE=amcfaggot;33119145]If you're that paranoid and uninformed that you don't know what programs will download software from unknown servers, then your views on anti-viral software are horribly skewed.[/QUOTE]
Whew. I guess my views are fine then.
[QUOTE=amcfaggot;33119145]I don't worry about iTunes downloading viruses while I'm not looking, or Google Chrome installing spyware, or Steam putting tranny porn all over my desktop because I don't download weird shit.[/QUOTE]
Assigning all blame to "downloading weird shit" just shows a lack of understanding of computer security. While it applies to a majority of attacks, claiming it's the only vector of infection is simply wrong.
[QUOTE=amcfaggot;33119910]But that's not my argument, and I'm not trying to imply that, though that is something you can pull from the discussion.
What I am trying to say though is, if you're a regular computer user and you're not downloading anything weird, you don't have a need for anti-virus software.[/QUOTE]
We understand your point, but the thing is, you're wrong. It is true that the "common sense" part of security helps, but it's also true that a very smart user can be infected by attacks that are thwarted by anti-viruses. With that in mind, there is no excuse not to have an anti-virus running. Sure, you can refuse to run one out of ignorance, but that isn't because anti-virus is useless, but because you accept to lower your level of security and expose yourself to attack. It's just a trade-off, not a net improvement. But it's a trade-off that the majority of people have no reason to make.
I'm using Comodo right now. Though it may be like UAC, all it's trying to do is protecting your PC.
[QUOTE=The Baconator;33121285]Have you tried out MSE? It's so integrated into Windows, you don't even know it's running (except for the little icon on your system tray of course). By far the easiest GUI, no little tricks, no random popups asking you to do something or interrupt your computer usage, and it uses very little ram.
If someone managed to install it on your PC and use the registry to get rid of the system tray icon, you'd never know you had it, it's that convenient. Googling it is probably the biggest inconvenience of the whole process.[/QUOTE]
Why do people keep repeating this? "It's integrated so well". It's funny because all of that has nothing to do with integration. At all. More like transparency.
[QUOTE=waxrock;33121573]Why do people keep repeating this? "It's integrated so well". It's funny because all of that has nothing to do with integration. At all. More like transparency.[/QUOTE]
It's definitions are updated via Winows Update for one, it scans MUCH faster than most scanners, it's UI and wording match other Windows programs, etc.
[editline]4th November 2011[/editline]
And transparency? More like in this day and age most people only visit sites they have book marked, so many sites offer so many services and features (Google and Facebook for example) that you have to try to find yourself on an infected site.
[editline]4th November 2011[/editline]
How does one even get an infection in this day and age? Going out of your way find an infected .exe to download and installing it?
[QUOTE=The Baconator;33121727]It's definitions are updated via Winows Update for one, it scans MUCH faster than most scanners, it's UI and wording match other Windows programs, etc.[/QUOTE]
That makes more sense because what you stated before had nothing to do with integration.
[editline]4th November 2011[/editline]
[QUOTE=The Baconator;33121727]And transparency? More like in this day and age most people only visit sites they have book marked, so many sites offer so many services and features (Google and Facebook for example) that you have to try to find yourself on an infected site.[/QUOTE]
What?
Sorry, you need to Log In to post a reply to this thread.