Fox2
join:2001-02-07
Belgium | reply to CalamityJane
Re: [Humor, maybe] Top Ten Ways to Get Infected Hi Lady CJ and All,
Reading this topic I thought you can reverse the question ?
Suppose you are having the latest updates, and your browser is secured (I do use Firefox or Opera but just for the layout I like)
I think with a few things you might NOT get infected :
1. Spend some time at this site and LEARN how easy it is to be protected...
2. Get some FREE (yes free is not always bad) Firewall/AV/AT you learn about at THIS site and install them so they will whistle at you when you do click something wrong.
3. do NOT let others use your computer in Admin mode
4. Surf happily but do return sometimes here to learn a bit more about the latest nasties
After so many years being here THAT is what I learned and (crossing fingers) I think I am still clean. But as always I looked at the topic and think about the advice
Thanks
Jake |
|
| said by Fox2:install them so they will whistle at you when you do click something wrong. when you do click something wrong. I emphasize that! It's my point! Why are people relying on software to protect them against stupid moves. If only you practice some very simple steps to avoid malware's most common infection methods - you probably don't need a software program to jump in and tell you that clicking that link is wrong.
The newest variants of malware always can circumvent protection software and they are continually releasing new variants to do just that and take advantage of either unpatched systems or stupid user habits. The point of this tongue-in-cheek topic is that we most often see infected computers due to known bad habits and practices. Avoid those and you should have no problem avoiding infection. It doesn't take a lot of expensive software to do that for you.
What people may not be aware of is:
1. The risk of not updating your OS and your browser AND I will add Sun Java! See this topic:
»Potential Vulnerability with Sun Java auto update
That is a little known vulnerability that needs attention and advice! Most Vundo infections are due to running older versions of Sun Java and many folks don't realize you have to remove the older version manually even if you have gotten the latest update!
Everyone should be cognizant of Windows Updates and the need for critical security updates. If you are running pirated software and cannot get updates, you're bound for infection. If you're just plain lazy about updating - ditto. That's what automatic updates is for.
2. Letting others use your computer with an Admin Account. I think in particular of families who give the kids an Admin Account (just downright dangerous) or lend it to a friend, neighbor (or the babysitter  )
3. Engage in known unsafe online activity - use P2P and visit porn sites get freebies smilies for your email, etc. - download anything free because it looks interesting and unsafe habits handling email. Almost all horror stories start with....."I downloaded a file" or "I clicked on a link" {fill in the blank}
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
Fox2
join:2001-02-07
Belgium
1 edit | Hi Jane,
I read you loud and clear and I agree completely
1 One should indeed update all browsers and apps.
2 The Java thing I only became aware of because I come here almost daily to learn.
3 But my point was the one should be not seeking only seeking DON'Ts, but DO's to stay relativily safe while surfing, so I reversed your question and saying what I did to achieve this.
4 I do like to surf around, and though I think I go to "safe" places mostly, I DO like the ..well..."comfy" feeling of knowing that there is a backup (apps) that whistle at me if I click to hasty or something wrong. I don't "depend" on them, but I feel better having them there...
5 As for multiple users I can not judge as both my Wife and me are on our own PC and we both know the tricky things with
e-mail...
6 Finally, I guess I just wanted to say that I used to be paranoid, but thanks to people on this great site, I am now more relaxed BUT still aware! And what I learn here I use to make my family and friends more aware, without scaring them off (hope that makes sense?)
PS Forgive me if I cannot explain better, English is not my motherlanguage and I think faster then I can type 
Jake |
|
 John2gQui Tacet ConsentitPremium
join:2001-08-10
England
1 edit | reply to CalamityJane
said by CalamityJane: Why are people relying on software to protect them against stupid moves. You don't recommend using AV software then? |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
1 edit | reply to CalamityJane
As poorly as I type, I need AV as a backup when I fat finger a URL... :)
Of course strapping an AV/AT/spyware notification-controlled cattle prod to sensitive body parts may help cure that habit...
OOOOOOUUUUUUUUUUGGGGGHHHHHHHH!
--
Charter member, Harry Lime fan club ;-) |
|
1 edit | reply to John2g
said by John2g:said by CalamityJane: Why are people relying on software to protect them against stupid moves. You don't recommend using AV software then? Don't put words in my mouth. That's not what I said. In fact, if you bother to read the first post of this thread, I said "assuming you already have an updated AV". Of course I recommend that. What I was inferring was don't pull stupid moves expecting your security software to "save" you.
In fact, here is a prime example of how NOT to acquire an AV program.
»forums.spybot.info/showthread.php?t=4196
quote:
Along time ago, when I used to use Limewire, I downloaded a version of Panda Antivirus without thinking of the risks. It messed my computer and network up bad. Spybot did not pick the problem up.
I downloaded a version of panda antivirus OFF of Limwire.
the problem is the PANDA ANTIVIRUS. Limewire is fine.
So, the panda anti virus files were what messed everything up.
Shall we add to list that acquiring your AV program from Limewire is a good way to get infected? 
This would be step 1 and Step 6 rolled into one
Edit: typos
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
1 edit | "...long time ago, when I used to use Limewire, I downloaded a...This infection needs to be stopped before someone else gets it!"
with what that guy said i started to laugh uncontrollably....OMG it was so funny...
the things people do... |
|
 RxdoxxPremium,Mod
join:2000-11-03
Middle River, MD
kudos:6
Software
Washington & Balti..
Philadelphia & Nor..
2 edits | reply to CalamityJane
The Limewire post got me to thinking, and I'm having a memory block as to the example I want to use.
There is a site out there with a great program, and the site has something like "merjun" in the url.
He has a disclaimer on the site to only get it from him, that other places offering his program have included unwanted "extras".
So adding to get a program from either the home site, or a trusted mirror site... just Googling and going and grabbing it from the first thing that you find can also be dangerous.
Wish I could remember the program/site  I know I've recommended it to others.
EDIT, thanks to my co-host in software lilhurricane, the site was for HijackThis »www.spywareinfo.com/~merijn/
quote:
April 22, 2005:
Just a short note on the domain HIJACK-THIS.NET: this is not mine! It has been registered by an affiliate of XoftSpy (who are also on the Rogue Antispyware List on SpywareWarrior.com) and they are luring people into downloading their software believing it is HijackThis. Also, they have registered a few AdWords at Google leading to the same result. We'll see where this goes.
In the meantime, if you want to download any of my programs, the official domain is and always will be www.merijn.org.
*Update* April 29, 2005:
I just received word from Paretologic (who own XoftSpy) that the affiliate responsible for the page has been terminated and the site will be taken down. That's one down, one to go.
--
To be on a pedestal is to be in a corner |
|
|
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to CalamityJane
All I can say is that one should never be without a router, the Proxomitron (and Sidki's or Grypen's latest configs) and either an AV that is excellent on trojans, or an antiTrojan application and an on demand AV. The rest I would agree with CJ you don't really need as long as you have some brains and use them. The Proxomitron should be the first application anyone gets I think. With Proxo installed, the user isn't going to be nearly as click happy as there are no ads to see and click on. The latest Firefox vulnerablily that was just patched with a new version...I was invulnerable because of Proxo. I am two versions old on Fx and I don't install all critical patches for XP either but I am fine.
I disagree strongly that anyone should enable auto updating. If a user is not willing to learn how to use a computer then they should not get one and telling them to play into Microsoft's greedy, power hungry hands just creates more problems in the long run. I do think it prudent to not use instant messaging and, of course, don't loan your computer to anyone and practice safe computing such as always reading email in plain text.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions" |
|
Reviews:
 ·Shaw
| reply to CalamityJane
Darn, I am a little tardy in my response, but I haven't posted much lately because I have been busy answering all those unsolicited e-mail, which seem to be growing in leaps and bounds. Funny though, my mortgage just keeps getting bigger, while (ahem) other things have not changed at all. So much for the promises. I have asked them to stop sending me their unsolicited offers, since I can't resist clicking on the links they provide...hmm, neat effect my in box now blinks on and off when I do my on line banking...;)
Regards |
|
