Why do everyone uses antivirus ?
-
That's fine, you're happy with your security arrangements and it doesn't effect me, so who cares? :laugh: As for me, I'll drive carefully as much as I can, but I'll make sure my car has airbags, side impact bars and I'll always wear my seatbelt. Of course I'll never need any of them, because I'm such a great driver..
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
Brent Jenkins wrote:
Of course I'll never need any of them, because I'm such a great driver..
Like I already stated, your analogy is broken, and no, I did not claim to be a good driver.
Brent Jenkins wrote:
so who cares
The one who is infected, with 40 PC's giving the same virus-warning after the AV automatically updates the virusdefinitions :) ..and with the majority sharing their attack-vector, it could be easily prevented.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
-
http://fortune.com/100-fastest-growing-companies/[^] An antivirus company is the fastest growing company about computer programming. I don't use antivirus last 4 year. Do you use it? Does it work?
Interesting question and interesting responses. It seems that in general the techies do NOT use anti-virus. They are for the most part pointless. Understand what you are doing and using a firewall is what is required. Having some process hungry program listen to every change on your system is not optimal. 0 day exploits will hit you anyways, so maybe run a scan after you see something on the news or set up your system to run it periodically (got kids? a wife? Someone may have clicked something they should not). Anyway, what I find interesting is I have been asked quite a few times by relatives (being the geek in the family) what Anti virus they should buy. I stop them right there. Why would you buy it, especially when the OS maker provides you one for free? http://windows.microsoft.com/en-us/windows/security-essentials-download[^] Yes, not everyone uses Windows. However non geeks on PCs essentially do, and if it is NOT windows ask them why they chose the OS they did. If they say "because there is less viruses", tactfully explain how they are an idiot and made a purchase on a premise that is voided by itself.
Computers have been intelligent for a long time now. It just so happens that the program writers are about as effective as a room full of monkeys trying to crank out a copy of Hamlet. The interesting thing about software is it can not reproduce, until it can.
-
http://fortune.com/100-fastest-growing-companies/[^] An antivirus company is the fastest growing company about computer programming. I don't use antivirus last 4 year. Do you use it? Does it work?
-
Eddy Vluggen wrote:
f you need to scan to see whether something is infected, you are already behind the curve and at risk.
Show me someone who claims they aren't behind the curve and I'll show you an up and coming victim.. :laugh: There isn't one guy on the planet who can plan today against every current and future threat out there. We pass this responsibility onto other teams (anti-virus software companies) so that we can get on with our day-to-day jobs.
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
Brent Jenkins wrote:
Show me someone who claims they aren't behind the curve and I'll show you an up and coming victim.. :laugh:
I show you Norton Security.
-
Brent Jenkins wrote:
Show me someone who claims they aren't behind the curve and I'll show you an up and coming victim.. :laugh:
I show you Norton Security.
So, what works better than an off-the-shelf security package? What do you use (obviously it has to be something you have written yourself as anyone else's software is sub-standard)? ;P
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
-
http://fortune.com/100-fastest-growing-companies/[^] An antivirus company is the fastest growing company about computer programming. I don't use antivirus last 4 year. Do you use it? Does it work?
There are two kinds of people in the world. Those that buy insurance and those that don't. Both types are equally unlikely to suffer a major loss but only one survives with their bank balance intact if they do. These two types also inhabit the computing world but for some odd reason the uninsured of this world seem to think it is their duty to bring the insured over to their way of thinking. 'It's never happened to me; I've never had a problem', they say as though that is a significant statement of truth rather than the mere statistical workings out of probability. By definition, after all, anything which affects a minority does not affect the majority. 'I already do everything in my power to prevent problems', they say as if this is isn't exactly the kind of thing that virus writers love to hear, the challenge which makes it worth getting out of bed, the smugness which they devote their lives to puncturing; as if the existence of things beyond their power is a logical impossibility. They are the people who stand on the roofs of skyscrapers welcoming the aliens in Independence Day. In short, optimists, the most dangerous creatures on the planet. Resist their evangelism, my brothers and sisters. Realists, bathe in the glory of your rationality. Pessimists, hold true to your prophetic insight. And never uninstall your defences!
-
So, what works better than an off-the-shelf security package? What do you use (obviously it has to be something you have written yourself as anyone else's software is sub-standard)? ;P
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
You miss my point. there is NO guarantee of absolute security. To think otherwise is either hubris or folly (or more likely both). If you access the Internet, you are at risk. The goal should be to strike a balance of minimizing that risk while also being prepared to deal with the very real potential scenario of your computer being compromised. And to answer your question, I use Webroot, primarily because it has the smallest impact on my system usage though. But it's just one piece of my overall personal security package/plan.
-
You miss my point. there is NO guarantee of absolute security. To think otherwise is either hubris or folly (or more likely both). If you access the Internet, you are at risk. The goal should be to strike a balance of minimizing that risk while also being prepared to deal with the very real potential scenario of your computer being compromised. And to answer your question, I use Webroot, primarily because it has the smallest impact on my system usage though. But it's just one piece of my overall personal security package/plan.
jRaskell1 wrote:
there is NO guarantee of absolute security
I agree with that. Much in the same way that when I leave for work in the morning I set the house alarm, make sure all my windows are shut securely and make sure my doors are locked. It's all about getting thing lined up in your favour as much as possible. It's not going to stop people getting in and taking all my things if they're really determined, but it's better than leaving everything open and unsecured, surely?
How do you know so much about swallows? Well, you have to know these things when you're a king, you know.
-
Muharrem B. wrote:
Do you use it?
No, haven't used a scanner in 10 years. Haven't had a virus either.
Muharrem B. wrote:
Does it work?
If you are the type that runs code without knowing what it does, open executables, then yes, it works "most of the time". For companies it is different; they'll need to have one. Especially large companies would come under fire if they lost all their data over an old and outdated virus. And in large companies there is always a manager that opens the executable. Always.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
Eddy Vluggen wrote:
No, haven't used a scanner in 10 years. Haven't had a virus either.
Yeah, I never crashed my car, but I will always use my seatbelt. Better safe than sorry.
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson ---- Our heads are round so our thoughts can change direction - Francis Picabia
-
Eddy Vluggen wrote:
No, haven't used a scanner in 10 years. Haven't had a virus either.
Yeah, I never crashed my car, but I will always use my seatbelt. Better safe than sorry.
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson ---- Our heads are round so our thoughts can change direction - Francis Picabia
AV is not a seatbelt, we already established that. You wait until you are infected; your choice, your consequences. I prefer not to get infected at all. This is where the thread ends, as it is useless to repeat the same statements :) --edit I was not paying enough attention, I assumed I was replying to the car-thread. Go ask your doctor; is it better to check for STD's once a week, or is it safer to not have unsafe sex? Neither is a guarantee; but which would feel as "safe", and which as "sorry"? If you are already infected, then the AV results might not be very trustworthy.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
-
Muharrem B. wrote:
Do you use it?
No, haven't used a scanner in 10 years. Haven't had a virus either.
Muharrem B. wrote:
Does it work?
If you are the type that runs code without knowing what it does, open executables, then yes, it works "most of the time". For companies it is different; they'll need to have one. Especially large companies would come under fire if they lost all their data over an old and outdated virus. And in large companies there is always a manager that opens the executable. Always.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
-
There's this movie, I forgot which one, but these guys are trying to rob a bank or something. The crooks use your reasoning so their solution, make sure they're already inside when all doors and windows get locked. The next morning, when everything opens up, they simply walk out with the loot :)
Visit my blog at Sander's bits - Writing the code you need. Or read my articles at my CodeProject profile.
Simplicity is prerequisite for reliability. — Edsger W. Dijkstra
Regards, Sander
-
http://fortune.com/100-fastest-growing-companies/[^] An antivirus company is the fastest growing company about computer programming. I don't use antivirus last 4 year. Do you use it? Does it work?
-
AV is not a seatbelt, we already established that. You wait until you are infected; your choice, your consequences. I prefer not to get infected at all. This is where the thread ends, as it is useless to repeat the same statements :) --edit I was not paying enough attention, I assumed I was replying to the car-thread. Go ask your doctor; is it better to check for STD's once a week, or is it safer to not have unsafe sex? Neither is a guarantee; but which would feel as "safe", and which as "sorry"? If you are already infected, then the AV results might not be very trustworthy.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
Eddy Vluggen wrote:
AV is not a seatbelt, we already established that.
I never said it was, we're talking about an analogy.
Eddy Vluggen wrote:
Go ask your doctor; is it better to check for STD's once a week, or is it safer to not have unsafe sex? Neither is a guarantee; but which would feel as "safe", and which as "sorry"?
Agree, but as in my analogy, it's not because you drive safe that you're free from suffering an accident, the same way as browsing safe does not free you from suffering an attack. The AV seatbelt acts like an antivirus, to save you from situations you cannot control. You can't possibly think you can control all scenarios. You can get infected even for browsing here on code project, which could have been targeted with a silent attack by hackers which explores a 0day flaw on the browser javascript engine. As with the seatbelt, you have much better chances of survival if use an AV.
Eddy Vluggen wrote:
If you are already infected, then the AV results might not be very trustworthy.
That's why it's the first thing I do when I setup an OS. And the seatbelt is the first thing I take care of when I get in my car. It's not guarantee but surely makes it safer.
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson ---- Our heads are round so our thoughts can change direction - Francis Picabia
-
Eddy Vluggen wrote:
AV is not a seatbelt, we already established that.
I never said it was, we're talking about an analogy.
Eddy Vluggen wrote:
Go ask your doctor; is it better to check for STD's once a week, or is it safer to not have unsafe sex? Neither is a guarantee; but which would feel as "safe", and which as "sorry"?
Agree, but as in my analogy, it's not because you drive safe that you're free from suffering an accident, the same way as browsing safe does not free you from suffering an attack. The AV seatbelt acts like an antivirus, to save you from situations you cannot control. You can't possibly think you can control all scenarios. You can get infected even for browsing here on code project, which could have been targeted with a silent attack by hackers which explores a 0day flaw on the browser javascript engine. As with the seatbelt, you have much better chances of survival if use an AV.
Eddy Vluggen wrote:
If you are already infected, then the AV results might not be very trustworthy.
That's why it's the first thing I do when I setup an OS. And the seatbelt is the first thing I take care of when I get in my car. It's not guarantee but surely makes it safer.
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson ---- Our heads are round so our thoughts can change direction - Francis Picabia
Fabio Franco wrote:
I never said it was, we're talking about an analogy.
No, the seatbelt is not an analogy for an antivirus. The browser is merely one point of entry, and I do not consider a browser-toolbar a virus. It may be malware, but it does not replicate and infect files; it will not propagate over the network.
Fabio Franco wrote:
it's not because you drive safe that you're free from suffering an accident, the same way as browsing safe does not free you from suffering an attack.
The seatbelt is protection that only helps once things have already gone wrong; you could be dead and wearing the seatbelt.
Fabio Franco wrote:
As with the seatbelt, you have much better chances of survival if use an AV.
Even more if you install five different products. Still, you're already in an accident. What you are proposing is damage control.
Fabio Franco wrote:
You can't possibly think you can control all scenarios
I never claimed I did; nor can the AV claim the same thing. To be fair, I added the claim at the end of this post.
Fabio Franco wrote:
could have been targeted with a silent attack by hackers which explores a 0day flaw
Most virusses are not based on new exploits. Don't need to, most machines aren't that up to date either, and the most commonly targetted is not the system, but the user - there is your prime vulnerability. The bluddy manager that simply has to open the "Pamela.exe" attachment. As for the AV, most of them can be killed from code. Meaning that if you need to invoke your seatbelt, you will feel the Windows. Now try running the restore-command on the infected and half-corrupted backup.
Fabio Franco wrote:
with a silent attack by hackers
Most virusses operate autonomous, and are not specifically designed by a hacker for a single target. Hackers and virii are different things, with different attack vectors. Now, I said that there is never a 100% guarantee; but in all arrogance, I don't need to think of every scenario, I can prevent some scenario's altogether. Protecting a network is quite different from writing an AV and catering for every possible version of Windows out there, with different service packs and various levels of pa
-
Fabio Franco wrote:
I never said it was, we're talking about an analogy.
No, the seatbelt is not an analogy for an antivirus. The browser is merely one point of entry, and I do not consider a browser-toolbar a virus. It may be malware, but it does not replicate and infect files; it will not propagate over the network.
Fabio Franco wrote:
it's not because you drive safe that you're free from suffering an accident, the same way as browsing safe does not free you from suffering an attack.
The seatbelt is protection that only helps once things have already gone wrong; you could be dead and wearing the seatbelt.
Fabio Franco wrote:
As with the seatbelt, you have much better chances of survival if use an AV.
Even more if you install five different products. Still, you're already in an accident. What you are proposing is damage control.
Fabio Franco wrote:
You can't possibly think you can control all scenarios
I never claimed I did; nor can the AV claim the same thing. To be fair, I added the claim at the end of this post.
Fabio Franco wrote:
could have been targeted with a silent attack by hackers which explores a 0day flaw
Most virusses are not based on new exploits. Don't need to, most machines aren't that up to date either, and the most commonly targetted is not the system, but the user - there is your prime vulnerability. The bluddy manager that simply has to open the "Pamela.exe" attachment. As for the AV, most of them can be killed from code. Meaning that if you need to invoke your seatbelt, you will feel the Windows. Now try running the restore-command on the infected and half-corrupted backup.
Fabio Franco wrote:
with a silent attack by hackers
Most virusses operate autonomous, and are not specifically designed by a hacker for a single target. Hackers and virii are different things, with different attack vectors. Now, I said that there is never a 100% guarantee; but in all arrogance, I don't need to think of every scenario, I can prevent some scenario's altogether. Protecting a network is quite different from writing an AV and catering for every possible version of Windows out there, with different service packs and various levels of pa
Eddy Vluggen wrote:
I do not consider a browser-toolbar a virus.
Remote execution from a javascript vulnerability of your browser can infect you with a virus. The javascript attack takes advantage of the browser privileges to inject a virus into an executable, therefore infecting the target machine.
Eddy Vluggen wrote:
The seatbelt is protection that only helps once things have already gone wrong; you could be dead and wearing the seatbelt.
Yes, the same as if you navigated to a site that was target of an attack (and didn't know it) the damage is done, you already got screwed. If you have an AV it may and it may not prevent your infection. If you use a seatbelt it may or may not prevent your death. Odds are... I don't need to explain.
Eddy Vluggen wrote:
Most virusses are not based on new exploits. Don't need to, most machines aren't that up to date either, and the most commonly targetted is not the system, but the user - there is your prime vulnerability. The bluddy manager that simply has to open the "Pamela.exe" attachment.
Of course, but are not limited to. That's where driving safe and browsing safe comes in.
Eddy Vluggen wrote:
As for the AV, most of them can be killed from code. Meaning that if you need to invoke your seatbelt, you will feel the Windows. Now try running the restore-command on the infected and half-corrupted backup.
Not really, they require elevated privileges to be killed, which most attacks don't originally have. If it's from a browser, it does not have elevated priviliges, if its from an executable, it will require your permission. In this case, the Pamela.exe fits pretty well. But still, they are caught before they get to execute code, if their signature is identified. My point is, for us that are tech savvy, are still vulnerable to non trivial attacks and even good drivers are vulnerable to accidents. We use protection to minimize the damage. I lost a couple of friends because they fail to acknowledge of the importance of the seatbelt. And to me the AV is important to safeguard our digital property. Does it mean that all the friends I have will die for not using a seatbelt? No, bu to me it's just plain negligent to not use one. As it is not to use an AV.
Eddy Vluggen wrote:
Now
-
Muharrem B. wrote:
Do you use it?
No, haven't used a scanner in 10 years. Haven't had a virus either.
Muharrem B. wrote:
Does it work?
If you are the type that runs code without knowing what it does, open executables, then yes, it works "most of the time". For companies it is different; they'll need to have one. Especially large companies would come under fire if they lost all their data over an old and outdated virus. And in large companies there is always a manager that opens the executable. Always.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
Every browser has had 0-day vulnerabilities, where just browsing to a website with clever Javascript can compromise your computer. That script could be shown on almost any website, not just "bad" websites, as a lot of hackers use advertising networks to spread this script and it can show up on anyone's site that displays ads. The most clever viruses are ones that you will never notice you got and have low impact on your PC so you will never notice them running. Kinda like the HPV sexually transmitted disease of the computer world. That's why HPV is so prevalent. How do you *know* you don't have a virus running right now with a keylogger that waits for sequences of keys that appear to look like a credit card and sends them off? You don't sit there monitoring WinPCap constantly, you don't actually believe that checking WinPCap once in a while means you don't have a virus do you? Look in your running processes list right now. How many rundll processes are running right now? Do you have any idea what dll's each rundll is running? When is the last time you checked? Do you maintain a list of which ones are actual system processes and which one your newest piece of software installed? How do you know that clever browser script didn't replace a system DLL with one that works just as well but also contains the infected code? As someone who may have dabbed in the black-hat side of things a long time ago, I promise you that without an integrated pre-emptive AV scanner installed, it is *impossible* to know what is being compromised on your PC right now. Even if you do a complete file scan once in a while, there are very easy ways to conceal a virus from static file scans that many viruses employ. In the last 6 months or so, I've had my AV catch drive-by javascript exploit attempts twice. Before a browser runs any scripts, those are run through the AV. Just that right there is reason enough, even if you don't believe anything I just wrote.
-
Every browser has had 0-day vulnerabilities, where just browsing to a website with clever Javascript can compromise your computer. That script could be shown on almost any website, not just "bad" websites, as a lot of hackers use advertising networks to spread this script and it can show up on anyone's site that displays ads. The most clever viruses are ones that you will never notice you got and have low impact on your PC so you will never notice them running. Kinda like the HPV sexually transmitted disease of the computer world. That's why HPV is so prevalent. How do you *know* you don't have a virus running right now with a keylogger that waits for sequences of keys that appear to look like a credit card and sends them off? You don't sit there monitoring WinPCap constantly, you don't actually believe that checking WinPCap once in a while means you don't have a virus do you? Look in your running processes list right now. How many rundll processes are running right now? Do you have any idea what dll's each rundll is running? When is the last time you checked? Do you maintain a list of which ones are actual system processes and which one your newest piece of software installed? How do you know that clever browser script didn't replace a system DLL with one that works just as well but also contains the infected code? As someone who may have dabbed in the black-hat side of things a long time ago, I promise you that without an integrated pre-emptive AV scanner installed, it is *impossible* to know what is being compromised on your PC right now. Even if you do a complete file scan once in a while, there are very easy ways to conceal a virus from static file scans that many viruses employ. In the last 6 months or so, I've had my AV catch drive-by javascript exploit attempts twice. Before a browser runs any scripts, those are run through the AV. Just that right there is reason enough, even if you don't believe anything I just wrote.
Mike Marynowski wrote:
Every browser has had 0-day vulnerabilities
You worry about your browser. I worry about Skype displaying their Flash ad in a little browser in the chat-application. It is an open window, every friggin' WebBrowser component is a potential security risc, and when they run I wanna know what they load, and they will not load anything from a blacklisted domain.
Mike Marynowski wrote:
The most clever viruses are ones that you will never notice you got and have low impact on your PC so you will never notice them running.
Yes; but unless their mere existence is an academic effort in propagation, they will have a purpose and attack one of the files, altering it (changing a fingerprint) or try to communicate (hello firewall).
Mike Marynowski wrote:
You don't sit there monitoring WinPCap constantly, you don't actually believe that checking WinPCap once in a while means you don't have a virus do you?
No, nor do I monitor it manually. Still, WinPCap is there for the same reason as an AV, to monitor my succes at not getting infected.
Mike Marynowski wrote:
Look in your running processes list right now. How many rundll processes are running right now?
..aight, right click on the column names, add "startup path". Happy hunting. And yes, if it is the kind of thing you do if you think it is important. Do you run any code you come across?
Mike Marynowski wrote:
How do you know that clever browser script didn't replace a system DLL with one that works just as well but also contains the infected code?
A browser script does not have enough rights to do anything that requires admin priviliges. That also happens to be the default on modern Windows machines. Since addins for the browser used to run under the users' credentials, that was a nice entry point too. Things like sandboxing have become the norm. ActiveX has to ask for certain priviliges. OTOH, it is rather a cheap distribution channel for malware, and there are enough people that will grant those rights to any addin. They can do so, because the settings allow them to do so. In your case, I'd delete your browser and install the Linx browser. Try and run some Silverlight in there :)
Mike Marynowski w
-
Mike Marynowski wrote:
Every browser has had 0-day vulnerabilities
You worry about your browser. I worry about Skype displaying their Flash ad in a little browser in the chat-application. It is an open window, every friggin' WebBrowser component is a potential security risc, and when they run I wanna know what they load, and they will not load anything from a blacklisted domain.
Mike Marynowski wrote:
The most clever viruses are ones that you will never notice you got and have low impact on your PC so you will never notice them running.
Yes; but unless their mere existence is an academic effort in propagation, they will have a purpose and attack one of the files, altering it (changing a fingerprint) or try to communicate (hello firewall).
Mike Marynowski wrote:
You don't sit there monitoring WinPCap constantly, you don't actually believe that checking WinPCap once in a while means you don't have a virus do you?
No, nor do I monitor it manually. Still, WinPCap is there for the same reason as an AV, to monitor my succes at not getting infected.
Mike Marynowski wrote:
Look in your running processes list right now. How many rundll processes are running right now?
..aight, right click on the column names, add "startup path". Happy hunting. And yes, if it is the kind of thing you do if you think it is important. Do you run any code you come across?
Mike Marynowski wrote:
How do you know that clever browser script didn't replace a system DLL with one that works just as well but also contains the infected code?
A browser script does not have enough rights to do anything that requires admin priviliges. That also happens to be the default on modern Windows machines. Since addins for the browser used to run under the users' credentials, that was a nice entry point too. Things like sandboxing have become the norm. ActiveX has to ask for certain priviliges. OTOH, it is rather a cheap distribution channel for malware, and there are enough people that will grant those rights to any addin. They can do so, because the settings allow them to do so. In your case, I'd delete your browser and install the Linx browser. Try and run some Silverlight in there :)
Mike Marynowski w
You have a very naive view of security if you think you are safe using the above practices you just outlined. You just aren't for all the reasons I mentioned that you haven't actually rebutted. I'm not saying you *ARE* infected, I'm saying there is a statistically significant probability that you are and you have no way of knowing given your current practices. Sorry, I meant svchost not rundll - "command line" usually won't tell you anything of importance for svc-hosted processes running, especially concealed viruses. Tracking svchost processes is notoriously difficult. With regards to Javascipt not having admin rights - no, normally it doesn't, that's why they are called "0-day *VULNERABILITIES* - i.e. bugs in the browsers that grant JS full admin privileges without requiring UAC or anything else to intervene. Have you not heard of 0-day vulnerabilities? You actually browse the web with no Javascript enabled all the time? That's pretty excessive these days. Half the sites on the net don't work without Javascript anymore. You will be safer with a good free virus scanner than all your practices combined, and avoid all this hassle you are putting yourself through. Even if you *can* manually check, which you actually can't with a cleverly programmed virus, but let's pretend there is a way to do it, like checking task manager command line - do you? No, you don't. Please explain how you use WinPCap to regularly check if you are infected. I fail to see how this will help you in any way. You know that clever viruses hide themselves when commonly used detection and analysis tools are executed by the user, right?
-
You have a very naive view of security if you think you are safe using the above practices you just outlined. You just aren't for all the reasons I mentioned that you haven't actually rebutted. I'm not saying you *ARE* infected, I'm saying there is a statistically significant probability that you are and you have no way of knowing given your current practices. Sorry, I meant svchost not rundll - "command line" usually won't tell you anything of importance for svc-hosted processes running, especially concealed viruses. Tracking svchost processes is notoriously difficult. With regards to Javascipt not having admin rights - no, normally it doesn't, that's why they are called "0-day *VULNERABILITIES* - i.e. bugs in the browsers that grant JS full admin privileges without requiring UAC or anything else to intervene. Have you not heard of 0-day vulnerabilities? You actually browse the web with no Javascript enabled all the time? That's pretty excessive these days. Half the sites on the net don't work without Javascript anymore. You will be safer with a good free virus scanner than all your practices combined, and avoid all this hassle you are putting yourself through. Even if you *can* manually check, which you actually can't with a cleverly programmed virus, but let's pretend there is a way to do it, like checking task manager command line - do you? No, you don't. Please explain how you use WinPCap to regularly check if you are infected. I fail to see how this will help you in any way. You know that clever viruses hide themselves when commonly used detection and analysis tools are executed by the user, right?
Mike Marynowski wrote:
Tracking svchost processes is notoriously difficult.
If you look at the taskmanager without the startup command, and being able to identify it, yes. Not something from JavaScript.
Mike Marynowski wrote:
You actually browser the web with no Javascript enabled all the time?
No, I have a dummy for browsing and playing, and a dev machine that is not connected. Still, the dummy is reasonably protected. From a security perspective it is an interesting experiment to run anything Windows attached to the internet.
Mike Marynowski wrote:
That's pretty excessive these days
Is it? With ads beyond my control being loaded into some addin running in userspace, from some unknown low-paying source? I have two browsers on the dummy; one for CP and Gmail, one for 'other stuff' like banking, keeping up with news, MSDN, the like - it does not even allow for pictures to load that are hosted on another domain. It is too easy to generate a pixel from ASP.NET and to track someone. I did not consent to that pixel, I'm European. Parliament has still to decide on tracking-pixels, they just did cookies.
Mike Marynowski wrote:
Have you not heard of 0-day vulnerabilities?
Mike Marynowski wrote:
You know that clever viruses hide themselves when commonly used detection and analysis tools are executed by the user, right?
Yes, and that you cannot check on Windows whether a software keylogger has been installed. What, is your user an admin? :)
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
