Is Mac or Linux in my future? My virus story...

[cncb]

I recently had a virus incident in Windows 7 that "rocked my world" so I thought I would share and whine about it here :o. I consider myself fairly diligent about internet security - I run Microsoft Security Essentials, have UAC enabled, and use Firefox. Unfortunately, all these "protections" failed me.

I was browsing in Firefox and all the sudden Firefox and Security Essentials shut down and a bogus "Win 7 Internet Security 2012" scanner window popped up. When starting up any browser it would show a bogus page that stated I needed to buy this fake Internet Security program to get rid of another bogus virus. When trying to run all other exe's the fake scanner window would pop up. It turns out that it was able to modify my registry without showing the UAC dialog and without me accepting/Ok'ing any software download or installation!!! I can't even modify the registry as an administrator of the PC without answering the stupid UAC dialog.

I used to feel pretty secure but this incident has crushed that feeling. It seems that Windows offers no real protections and I'm still at the whim of these slimy virus creators. Sorry to vent, but this has really caused me to question things. Do you guys think that Mac and/or Linux are really more secure?

[mvallevand]

Criminals are more interested in the Windows market so it will always be a bigger market but that won't make linux and Mac's safe. They suffer the same vulnerabilities from Adobe which is probably one of the biggest risks right now and it is browser neutral.

However UAC is dumbed down root access because Windows users don't like security. HKCU is open to applications and programs can still run from anywhere, UAC only controls a few folders. In fact this poor security model is why I only install my NextPVR plugins in "Program Files", programmers shouldn't be the one taking shortcuts because users want to be lazy.

Martin

[pBS]

MS Security Essentials is almost useless, it doesn't find many of the more common viruses out there when almost every other anti-virus does..
i use the well performing Avast antivirus and MalwareBytes anti-malware to stay safe..

but basically you need a good antivirus, and at least one decent anti-malware/spyware program and a firewall active..
any less on a machine you browse on and it's just a matter of time..
[of course backups are also a real saver too]

[Antmannz]

MS Security Essentials is almost useless, it doesn't find many of the more common viruses out there when almost every other anti-virus does..
i use the well performing Avast antivirus and MalwareBytes anti-malware to stay safe..

but basically you need a good antivirus,

This sort of comment always, always, always gets my goat. :mad:

Any anti-virus program is only as good as it's current signature file; and that goes for all anti-virus and anti-malware programs. Yes, there are several that claim that they can detect malware outside their list, but their actual performance at this is generally piss-poor.

Your best defence against an attack that cncb has experienced is to remove all Adobe products and stop all scripting in your browser. Adobe Flash, Shockwave and Reader are the largest security holes on a Windows PC, and the "Win 7 Internet Security 2012" will have been delivered via scripting and a Flash ad on a website cncb has visited. Could have been any site, legit sites have been found to carry ads such as this unawares because they carry ads from large networks such as GoogleAds, DoubleClick, etc which can be used for delivery.

Don't want to give up Adobe products, and want to stay with Windows?
Add a sandboxing product to your system (Sandboxie is one). Open your browser inside a Sandbox and surf away. Discard the Sandbox after use.

As for recovery, best bet is to boot into Safe Mode and use System Restore to revert your PC back to an earlier time.

Apologies if this seems rather rant-ish; but after spending approx. 15+ years in the IT industry removing all sorts of malware from PCs, I almost always see red when people start to rubbish one anti-virus over another. As I have stated, they are all of a muchness.

[cncb]

I was fortunate to have a recent Restore Point so that is what I ended up doing to recover.

As Martin is suggesting, if executables were only allowed to run in one location and you had to give permission to move files there that seems like it would avoid a lot of these problems. Is that how Mac/Linux operates?

Regarding sandboxing, I thought that the Chrome browser did something like this by default (although I unfortunately stopped using it a while ago)?

[stustunz]

I use adp in firefox dunno if it helps but havent had any issues

[HarryH3]

I'm running Firefox with the NoScript and AdBlockPlus addons. Many viruses these days come in from automated ad-placement sites that don't vet the stuff that their advertisers serve up. If the browser can't connect to the ad, then the ad can't infect ya. NoScript can be a bit of a pain, as some websites have code that gets pulled in from 10 or more OTHER sites, so it sometimes takes a bit of testing to determine what you want to let a particular site server up.

Microsoft Security Essentials came out to rave reviews but has slipped way down the ratings list of AV tests that I've seen in the last 6 months or so. MS just doesn't seem to be keeping up... I use Avast and also scan with Malware Bytes every now and then. So far, so good.

[cncb]

Thanks - I'll look into these add-ons you guys are recommending. I have to wonder, though, why they rely on third-party developers to offer some security features...

[bgowland]

I have to wonder, though, why they rely on third-party developers to offer some security features...

Partly historical reasons.

Microsoft always provide a 'plugin' capability for things like AV and anti-malware software dev companies but they were very cagey about doing anything about it themselves. There have been issues over the years as to whether things like popup blockers (for example) potentially restricted the ability of legit advertisers from advertising their businesses.

Bearing in mind how many law-suits MS have faced over the years, my guess was they wanted to avoid being faced with legal proceedings regarding possible 'monopoly' suits (i.e., putting 3rd party AV developers out of business) or from companies who felt they were having their freedom of advertising infringed.

MS were very slow to get into this sort of stuff and, ironically, it was only criticism that they didn't provide their own systems that meant they were dragged into it. The truth is MS have never been particularly good at it but then again many 3rd party ISVs have had their ups and downs as well despite having been in the business for years.

BTW as for Macs being a good alternative, as has been mentioned, there may be fewer viruses around that target Macs but it's a myth that they're immune. In fact the first ever AV software I ever came across was called Vaccine and was on a Mac 20+ years ago I think. I also read an interesting article a while ago dispelling myths about so-called Mac security which included a comment that at various IT seminars, conferences etc the Macs available for use by attendees are often the first to be targeted (and brought down) by hackers before they attempt to hack the Windows systems.

Cheers,
Brian

[steeb]

Totally agree with Brian on the Historical and Now angle.

MS cannot be seen to be closing out 3rd parties. Lawsuits follow.

Fortunately/Unfortunately we are in the age of technology moving so fast, it is hard to keep up sometimes.

MS have had a few hits over the years with defence systems but really that is not their business.

They do O/S's

Very irratating that some people want to spend their time trying to destroy these things but that, I think, is human nature, there will always be someone that tries to 'bring the system down'.

Having said that I have a friend with a Mac, (and I have used them a lot up until about 4 years ago) who did get something nasty on her system.

Google a problem with an MS OS most usually you will find someone has a solution. OK a Mac may not get it often. But if it does, try googling that........

Back to the Mac store @ great expense. V few solutions...

cheers all

steeb