Windows 7: Drive-By Download Attacks Were the Biggest Online Threat Last Month

Drive-By Download Attacks Were the Biggest Online Threat Last Month - Softpedia

Yup... That is still on the rise and the problem is that it requires people to be literally paranoid about their web browsing.

And by 'paranoid about their web browsing', I mean by literally gimping their web browser, not just "ooh, don't go to that web site." The problem is mostly the fact that in order to 'enrich' a website is also what opens up a lot of people to these types of things as well as the need to find information, there will be multiple places to stumble upon that aren't as careful or as secure as they should or would like to be to avoid the nasty install stuff.

Hi there
Back ages ago when I was sceptical (and still to some extent nothing's changed much) of ALL AV software I pointed out that THIS type of infection was far more dangerous than "Classical Virus and Malware" infections that most AV software was aimimg to protect against and couldn't do much against the "Drive by" type.

I'm not saying that people don't get infected but back then it was usually users of Torrent and other "quasi legal" sites offering warez or shared Pirate downloads. Other users rarely if ever got infected.

Drive by infections are HUGELY difficult to defend against especially for corporations with large lans where 1000's of people may be accessing the internet at any one time and locking a PC down doesn't often solve these types of problems.

AV software is finally realising this type of attack needs much more work on it -- but since you are now having to deal with the WINDOWS internal kernel itself some AV vendors will find it tough going as MS will not want to let Windows Source code out into the public domain -- and releasing it to a lot of smaller companies is in effect just as good as publishing the code on the web --these companies are usually as leaky as a sieve.

For once MS seems the best bet with its MSE offerring since it obviously HAS the Windows Source and can re-write parts of the kernel at will to protect it.

IMO a HOME user will always be better protected by accessing the web through a Virtual Machine and ONLY deploy stuff to a REAL machine after proper testing / scanning etc.

A Small 512 MB VM is all you need for Net access in most cases --even a tiny netbook should be able to run a VM of that size OK. You could probably get away with a 384 MB VM but you might want Windows 7 as your guest VM too.

If the VM gets infected --who cares -- just bin it and load another one. You haven't got any protected data etc on it so there would be nothing to steal or destroy that a hacker would be able to get its hands on.

If you DO use online Banking change passwords, memorable words and pin codes REGULARLY - but not all at the same time of course.

Incidentally as NO AV SOFTWARE is ever or can ever be 100% effective I would suggest that if your machine becomes infected just wipe and reload a fresh image or a complete re-install if you don't have a clean image. YOU CANNOT GUARANTEE THAT ANY INFECTION HAS BEEN 100% REMOVED - EVER - BY AV SOFTWARE.

Usually safe surfing is your best bet -- but we know some people will always take risks so if you do then do it properly and you should still be safe.

Cheers
jimbo