Security Experts Losing the Zombie War?

No amount of a/v signitures will save you from the uneducated users.

I know my pc is spyware and virus free and I don't run any memory resident anti-virus protection. When I perform a virus / spyware scan my worst case scenario is having some data miner cookies.

Why don't I run memory resident virus protection? Because it's extra overhead and as long as I'm behind my secured router, using a patched computer, and not opening virii I have nothing to worry about.

When attachments are exe, com, vbs, scr you have to use some discretion and common sense... even if it says it's coming from your mom.

Tell me about it... How many times have I heard:

"It said I just won a free XBox, I wanted to get it so I clicked the link."

Or something along those lines. In spite of what training you receive as an IT person, it goes without question that it is also 40~50% babysitting.

Hmm...can't say I've seen people infecting themselves via the free crap route. Usually it's more the "OMG! Smileyz/Wallpaper/Screen Saver/Doodad for FREE! I can't loose!"

In otherwords, you HAVE seen people infected by the free crap route. The free Smileyz/Wallpaper/Screen Saver/Doodad crap route.

Oh so how about virii embedded in PNG graphics & stuff..
And don't tell me you never had this unsecure feeling of uncertainty when launching Megaracing2005.exe that you downloaded from a famous video games portal...

if it's from a reputable site... then I have no worries, it's likely an installer or self extracting zip file.

Sadly my computer was infected, apparently from a DRM issue. To assume you are bullet proof, or that you don't need something to be running, I'd disagree. The tools to invade are getting better, and my belief is we should not assume ourselves smarter than those who wish to take advantage of our systems.

If someone has the skills and knowledge to specificly target and infect me... a home user... let em. Because if that's the case, no matter what you do they'll eventually find a way to get you... either that or they'll DoS you into the stone age.

I'v participated in some computer security classes, and the first thing talked about is that there is no such thing as 100% secure. If you want 100% security you have to pull the network and put the PC behind a locked door... and even then your security is only as strong as the door frame.

When I build custom computers for regular users I do install anti-virus software. I install the a/v scanner to reduce my workload if / when they infect the pc. In an extreme case I once gave the user a limited user account and myself an administrator account so I could remotely administer the workstation. The reason? I was getting tired of weakly visits.

i agree anyone that thinks there pc is 100% secure and uses it on the net is a fool at best

True, but there are two ways to approach the problem. I run my Windows PC as safely as I can, but I don't run any A/V or firewall software. I depend on an external gateway router/firewall and keep all my files on a file server. I'm also good at filtering my email the old way - if it looks like crap, it probably is.

This way, should something go terribly wrong - I just blow away the machine and start from a fresh install. I have a custom WinXP w/ SP2 slipstream install CD with the most heavily used utilities on it - so it usually takes about two hours to get back to where I was.

It's cheaper in the long run - and I'm guaranteed that the machine will be free of problems when I get back online. I've operated this way for over 8 years, and I've still only experienced one virus - a boot sector virus from a floppy disk I loaned a guy in 1995. (the floppy, and the virus, are long since gone)

I just do the OVERLY causious thing...

I tell anyone who wants to email me to put a certain phrase in the email, and any email that comes in without that phrase is sent to a holding area. I will occasionally look through it to see if there is anything worth saving, but most of the time it just gets deleted.

Add to that the fact that I only use Firefox, and I am running a pretty safe machine

No one is perfect, though, and I am certain that I will get hit again (Last time was about two years ago.)

I do not even use an av program.
I use IE.
I dont use a firewall other than the windows one.
I dont use a router.
I scan only spyware.
Every now and then just check processes and services.

have been virus/spyware/etc. free for a few years now; its not too hard people just know the risks of what you are opening/downloading/doing and you will be fine.

Do you also not wear a seat belt while driving?

Taking no procautions isn't the safe way to do things.

well i guess until i get infected or comprimised then im not going to change my habits.

and i do wear my seat belt otherwise i would lose a couple points and get a hefty charge; on the other hand i would just burn what is needed or transfer to my other hd and format.

How do you know there is no infection?

If you know your PC like the back of your hand then you can pretty easily tell if it's clean. Easiest way is browse the running processes on occasion, or check the "Run" in the registry to see what's starting up when you boot up your machine...

A while back I was sent an E-mail saying that I was infected with some worm (the e-mail was sent to a web based account) The person worked with a friend of mine out in Calgary. I told him that the e-mail was spoofed and it came from somewhere else, then he asked me if I had A/V. I said no... he flipped out that I had the nerve to say I wasn't infected.

I downloaded a trial of kaspersky and ran it... who would have thought... no virus found.

I wear mine, because I have little to no control over the other drivers...

Dodging traffic and controlling what runs on YOUR computer are very different things.

Get a Mac.

When it supports windows I will j/k
Seriously though,I'm heading in that direction.

If they spam T.V., radio, newspapers, magazines, billboards with information on safe computer habits for a whole year, maybe, just maybe it might help.

Unlikely... most people believe that vast technical knowledge is required to be safe. There are many... MANY people in this office that strugle with anything beyond sending a basic e-mail. If you have the ability to send an attachment your regarded as an advanced user I know some of you know what I'm talkin about.

I've had great results with keeping at-risk computers running virus/spyware-free by using the sort of software used in many schools and libraries. By at-risk, I mean computers that are either available to many different people (public workstations, etc) or ones being used by particularly clueless employees.

I've tried a lot of different products but my favorite is Clean Slate »www.fortres.com/products ··· late.htm because the user is not restricted while the computer is running. Typically, each PC is firewalled and only the AV and spyware apps are given permanent write abilities.

So, a clean system is only a boot away! If a user does get infected, our office router is likely to block the traffic (port 25 is blocked, for eg).

I dunno what anyone else thinks about this approach but I can tell you all it's worked wonderfully for several years for me... the only servicing I've had to do is either related to hardware or just making sure the systems are up to date with various patches, etc.

There is one I haven't tried yet, though... »www.shadowstor.com/produ ··· dowUser/ ...it looks rather interesting, too.

I've been virus free. Well. . .sorta. My software says that it has deleted certain viruses, but there are still traces of them every now and them. I think it's because I visit the same sites regularly, but that's where the doubt comes in because I normally just visit the "big honcho" types sites. The real fancy ones that come from companies I know about.

Here's a couple of goodies I've tested for 18 months, and have found to be better than 99.9% effective against email-borne scatware - add these filters to your email prog:

"If the body of the message contains"
TVqQAA
"delete the (summbeach)"

So, what is "TVqQAA"? Unencoded, it's "MZ", the signature MS uses to begin the file header for most *.EXE files, followed by a null byte. If your email client can understand it, a \n or \0x0A character in front increases its accuracy. (Look at the "source" of a payload-laden message, and you'll see what I mean)

UEsDBA does the same for those .ZIP-encased ones.
IF you recieve ZIP files that you want from folks -- RTFM about filtering, and have an agreed upon word that will let 'em pass..

"What about false positives?"

Scanning a Win98 SE (OEM) CD and a Win2K Server disk#2, with M$' "Anti-$pyware Beta" will yield you at least two more false positives than I've had in a year!

Enjoy. -NK

Users should also use thunderbird instead of outlook express. Not only that, make a seperate email address for public use, like signups, etc. Use a private email address for close friends, etc. (i am on a mailing list, and use my private email address for MANY different things, and i don't recieve a single piece of spam, much less virii.)

If you DO recieve executables in the mail, trash them, even if they scan clean.

Firewall hardware/software that blocks outgoing traffic as well? For the safety of the internet!

I also never ran anti-anything programs and stayed free as a bird. Then I discovered porno. A little overhead for some boobies, fair trade!