Donate Bitcoin

Donate Paypal


PeakOil is You

PeakOil is You

trouble with virust infection

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:-D :) :( :o 8O :shock: :? 8) :lol: :x :-x :P :razz: :oops: :cry: :evil: :twisted: :roll: :wink: :!: :?: :idea: :arrow: :| :mrgreen: :badgrin:
View more smilies
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Topic review
   

Expand view Topic review: trouble with virust infection

Re: trouble with virust infection

Post by davep » Sun 30 Aug 2015, 04:21:45

If you really want to be paranoid, run your browser in a virtual machine, with Wireshark installed. Some advanced malware checks to see if it's in a VM and/or if a network sniffer is installed before installing itself. They do this to avoid what could be a honeypot.

This isn't foolproof, as there are also potentially means of breaking out of the VM and infecting the host UEFI etc.

Re: trouble with virust infection

Post by ralfy » Sun 30 Aug 2015, 02:24:03

From what I remember, operating systems in general are vulnerable, more problems arise as more features are added, and malware authors tend to focus on more popular systems.

For my system (Win 8.1), I use the following:

Cyberfox 64-bit browser with add-ons like NoScript, uBlock, UAControl, Cookie Controller, etc. (I chose this browser because it allows for more features than Chromium, which I used before, but removes any features that were added to Firefox that I don't need)

Panda antivirus (free version; I selected the free version of antivirus programs with high ratings for protection, performance, and so forth, as mention in sites like AV-Test)

Malwarebytes Anti-Exploit

Malwarebytes Anti-Malware and others for non-real time scanning

Windows Firewall Control (the firewall in the router is also activated)

Finally, I installed VirtualBox to run Zorin OS, as well as backup and timeline programs to recover files or the system when needed.

Re: trouble with virust infection

Post by davep » Sun 30 Aug 2015, 01:52:42

Keith_McClary wrote:
davep wrote:I have no idea where you get the notion that a virus can't survive a reboot.
It has to be somewhere with root permission that gets executed during boot. If it's in a user directory, it's just data. (Assuming the system is configured properly).


The concept of vulnerabilities with privilege escalation I mentioned above means that once you gain that root privilege via exploitation of a vulnerability you can basically do whatever you like to survive reboot (depending on the payload you want to use). Believe me, it's part of my job. And there is no magic wand that means Linux is less prone to such vulnerabilities than Windows.

Re: trouble with virust infection

Post by SeaGypsy » Sat 29 Aug 2015, 22:37:06

I would reckon complacency about app permissions has to be the easiest & most commonly effective entry point to most end point users. A phone full of apps created by & belonging to god knows who is normal already.

Re: trouble with virust infection

Post by Keith_McClary » Sat 29 Aug 2015, 20:43:43

davep wrote:I have no idea where you get the notion that a virus can't survive a reboot.
It has to be somewhere with root permission that gets executed during boot. If it's in a user directory, it's just data. (Assuming the system is configured properly).

Re: trouble with virust infection

Post by onlooker » Sat 29 Aug 2015, 04:30:42

Dave all that make sense. That tip on Http is good to know. Frankly, I had been a bit careless and was asking for problems. Not good considering what a minefield the Web has become.

Re: trouble with virust infection

Post by davep » Sat 29 Aug 2015, 01:18:10

SeaGypsy wrote:The best filter is the one between your ears. Do people just click on random pop ups & email links still? Being careful about what I open I haven't had a virus, mmm since I was sharing a computer with my shopaholic wife.


There is plenty of malware that is delivered via supposedly reputable ad-delivery networks. And you wouldn't necessarily see it coming. Yes, there's the low hanging fruit where people click on almost anything, but you can be owned just by using http rather than https (using techniques such as Quantum Insert - Hacking Team had such an attack in their portfolio).

So, get an ad blocker and HTTPS Everywhere as a minimum. I use Disconnect, HTTPS Everywhere, NoScript, Privacy Badger, BetterPrivacy and uBlock. I have also hardened Firefox a bit by disabling cookies by default and making Java/Flash "Ask to activate" as well as implementing most of the stuff in this http://b.agilob.net/better-security-privacy-and-anonymity-in-firefox/

Re: trouble with virust infection

Post by davep » Sat 29 Aug 2015, 01:12:17

Keith_McClary wrote:
SeaGypsy wrote:The best filter is the one between your ears. Do people just click on random pop ups & email links still?
Linux users don't worry about it. A virus can't survive a reboot unless it can get administrator permissions. Windows also has administrator permissions - I don't know why these don't stop viruses.


There are plenty of Linux vulnerabilities and exploits. I have no idea where you get the notion that a virus can't survive a reboot. That may generally be the case if you're using a Live CD, but there are also means of remaining infected via BIOS/UEFI and disk/USB firmware.

Root permissions are the same thing as administrator permissions. The point about vulnerability exploits is that they can do things such as escalate privileges. This is not unique to Windows.

Re: trouble with virust infection

Post by Keith_McClary » Fri 28 Aug 2015, 19:26:06

SeaGypsy wrote:The best filter is the one between your ears. Do people just click on random pop ups & email links still?
Linux users don't worry about it. A virus can't survive a reboot unless it can get administrator permissions. Windows also has administrator permissions - I don't know why these don't stop viruses.

Re: trouble with virust infection

Post by SeaGypsy » Fri 28 Aug 2015, 07:16:27

The best filter is the one between your ears. Do people just click on random pop ups & email links still? Being careful about what I open I haven't had a virus, mmm since I was sharing a computer with my shopaholic wife.

Re: trouble with virust infection

Post by kanon » Fri 28 Aug 2015, 07:02:00

onlooker wrote:Well to you experts if their is one tip for keeping your computer virus free what would that be?

Not an "expert" but after decades of virus free computing, I would suggest you try Linux. The flavor called "Ubuntu" is reported to be easy to set up and use. The unix user/group id and file structure make virus type programs very difficult, since the system gives the user only read access to selected system files. One could have executable programs in their home directory, which a virus hacker could get to, but there is no reason to do this on your own computer. Security is still an issue, but nowhere near the trouble. IMHO, as long as you use Windows, you will have virus/malware issues because the security model is an afterthought.

Select an extra computer for test installation or get a "Live CD" to boot up and figure out how to use it.

Re: trouble with virust infection

Post by onlooker » Thu 27 Aug 2015, 12:39:46

What Outcast says makes much sense. The internet has become unreliable for sensitive data storage. It makes me think for some reason of the Wild West here in the US when Banks were actually unreliable sources to keep your money as they were being robbed almost every week. Well to you experts if their is one tip for keeping your computer virus free what would that be? I am sure the common response would be a good security anti-virus program. Well I just purchased Defender Pro wonder if anyone has feedback on this program. I saw that it was ranked number 4 on a ratings list of security programs with Norton and Mcaffee as one and two.

Re: trouble with virust infection

Post by Outcast_Searcher » Thu 27 Aug 2015, 12:24:15

SeaGypsy wrote:Big problem. Its ransomware. As far as I know it is impossible to get off without either- pay the ransom- reformatt back to factory settings (& lose your data).

This is about as compelling a reason to regularly physically back up your personal/application data onto media and keep it AWAY from the computer as I can think of. At least that way you can go back to factory settings, reinstall any newer software, and restore your personal/application data back to (say) your documents library.

I have multiple computers AND do this. That way, any total hardware or software failure is annoying and takes some time, but doesn't take me out of action. Also ensure you use multiple physical media. ANY single media can fail at any time.

I also annually take copies of my memory sticks with all my personal/application files to a safe deposit box so if my house is burglarized or burns, at least I don't lose all my data too.

FWIW, with all the security problems and dishonesty problems on the internet, I do NOT want to use some online "cloud" etc. solution for my data backup, any more than I want to file my taxes with software from some cloud. Having ALL my key data in one place online for a hacker attack doesn't seem like a good plan to me.

Re: trouble with virust infection

Post by vox_mundi » Thu 27 Aug 2015, 11:17:09

From IBM Threat Intelligence Quarterly 3Q 2015: ...

Ransomware as a service

... Do not assume that if you are infected with encryption-based ransomware you can simply pay
the ransom and reliably get your data back. For example, ZeroLocker command-and-control servers that have not been properly configured may never have received your encryption key, so they can’t sell your data back to you. As a result, they are not only stealing your data, they can’t give it back to you even if you pay! In addition, the authorities or a competing threat group may have “taken down” the command-and-control servers between the time your machines get infected and the time you try to pay the ransom


and from the 'good guys' ...

AP sues over access to FBI records involving fake news story

The Associated Press sued the U.S. Department of Justice Thursday over the FBI's failure to provide public records related to the creation of a fake news story used to plant surveillance software on a suspect's computer. AP joined with the Reporters Committee for Freedom of the Press to file the lawsuit in U.S. District Court for the District of Columbia.

"The FBI both misappropriated the trusted name of The Associated Press and created a situation where our credibility could have been undermined on a large scale," AP General Counsel Karen Kaiser said in a 2014 letter to then-Attorney General Eric Holder.

"It is improper and inconsistent with a free press for government personnel to masquerade as The Associated Press or any other news organization," Kaiser wrote. "The FBI may have intended this false story as a trap for only one person. However, the individual could easily have reposted this story to social networks, distributing to thousands of people, under our name, what was essentially a piece of government disinformation."

AP's records request also seeks an accounting of how many times since 2000 the FBI has impersonated media organizations to deliver malicious software.

Re: trouble with virust infection

Post by PrestonSturges » Tue 25 Aug 2015, 19:02:28

Keith_McClary wrote:
KaiserJeep wrote:If what you are using is really called "Windows Security Essentials", then they got you already. Save whatever personal files you can, format the hard disc, and either reinstall from CDs or upgrade your hardware and operating system if it is 4 or more years old. Then reintroduce those personal files only after scanning the media with a good commercial virus checker that you paid real money for.
After that, use a different computer or device for surfing. Alternatively, you can boot (most) PCs into Linux from a USB stick. I have an old PC (750 MB RAM) and an old laptop (1GB RAM) (neither with hard drive) that work great running Puppy Linux with the latest Chromium. Some video formats, etc. may not be supported. You can save files to the USB stick between sessions (bookmarks automatically saved). I use the laptop when I have to connect to those icky hotel wi-fis.
Also known as the porn site "fap-top" (fap-fap-fap-fap-fap).

Re: trouble with virust infection

Post by Keith_McClary » Tue 25 Aug 2015, 16:54:37

kanon wrote:I was the same for many years, but then I subscribed to Slackware, just because I decided I should contribute something to the people who put my Linux distribution together.
You make me feel guilty. :oops: I did buy this:
Image

Re: trouble with virust infection

Post by kanon » Tue 25 Aug 2015, 08:25:35

Keith_McClary wrote:I have never paid a dime for Linux applications, support services or antivirus, etc.

I was the same for many years, but then I subscribed to Slackware, just because I decided I should contribute something to the people who put my Linux distribution together. Linux is free open source, but the programmers do need groceries. I know a lot of Linux is supported by business, since they need the server code. The lack of a good donation model for the desktop applications is probably why they are still a bit clunky. I think a small donation is plenty, since millions of $1 do add up.

Re: trouble with virust infection

Post by davep » Tue 25 Aug 2015, 02:15:49

PrestonSturges wrote:You cam also use the MalwareBytes trial version for free, and it plays well with Microsoft Security Essential. MB catches thing MSE misses. The trial version will give you an annoying popup that disappears after a couple days.


I'd recommend that too. It's very good at picking up malware.

Re: trouble with virust infection

Post by Keith_McClary » Tue 25 Aug 2015, 01:29:03

onlooker wrote:I fix it guys, thanks again. I paid a hefty sum, but I got a technician from National Help Desk who did the technical work. Then I bought a apparently very good security anti-virus software program in Defender Pro. So my computer is now running great no pop ups or anything. By the way Keith and others you seem like real experts, I am novice so that is why I did it this way. So I guess you will have to put up with my posts still haha :lol:
Hate to sound like a Linux fanboy, I have been using it for three decades. In the early years you had to know arcane UNIX commands to get anything working, but now everything "just works". I have forgotten most of that UNIX stuff because I never need to use it.
I have never paid a dime for Linux applications, support services or antivirus, etc. I remember an "Onion" style parody about a product "Norton Crash Guard" for Windows - the joke was they were supposedly coming out with "Norton Crash Guard for Linux". :lol:

Re: trouble with virust infection

Post by PrestonSturges » Mon 24 Aug 2015, 17:53:36

You cam also use the MalwareBytes trial version for free, and it plays well with Microsoft Security Essential. MB catches thing MSE misses. The trial version will give you an annoying popup that disappears after a couple days.

Top

cron