So, you think you are secure and don't need precautions

Dogz said:

I read about a report in Maximum PC that out of 10 viruses 8 ran WITH UAC enabled so you do need antivirus.

Can you provide a link to the report?

If you use Facebook, do you know Koobface?

Tews said:

When it comes to your systems/file integrity, you cant be too careful.. I use a multi-layered defense policy and adhere to it. While I have been involved with the IT industry since 1978, I never try to tell myself that I am immune to the nasties that abound on the interwebz... It takes not one whit of extra energy to run a good A/V program, and to totally ignore the possibility of infection is IMHO asking for disaster to strike.

Thanks for the heads up pparks!!

True. There's no harm in being to careful.

UrbanBounca said:

I use the Windows firewall, with Windows updating daily. Either way, you can keep explaining how severe some viruses can be, and it won't change my opinion in that 99% of viruses can be blocked by common sense.

The idea that this whole thread is about is that common sense isn't good enough anymore. The guys writing the malware know how you're thinking. They're chaning their attitudes to attack people like you.

UrbanBounca said:

I use Firefox, 'cause IE is a death trap.

IE8 is arguably more secure than FireFox. FireFox has a large market share and security holes continue to emerge. IE8 defaults to lowest-privileges, and can browse in a sandbox. IE7 and IE6 remain deathtraps. IE8 is not either IE7 or IE6.

UrbanBounca said:

I don't click on a questionable link, such as the example you've given regarding PDF files that can execute code. Why would I open anything from a questionable link? Once again, common sense.

Reading comprehension, man! You don't need to click a link. You don't need to open a file! Here's an example:

1.) You visit these forums, via bookmark. You visit a topic that you started. There's been a new reply, and you want to check it out.

2.) Unbeknownst to you, the reply has a hidden iFrame in it, which launches an XSS attack on you. You don't see it, but a small 1x1 pixel window opens up without your intervention or input, and starts downloading malware to your computer.

3.) Depending on the nature of the attack, a variety of things could happen here. But let's go extreme and say that the latest PDF exploit is delivered. There's currently no patch available for Adobe, so immediately after auto-opening of the file (Remember, you did nothing but navigate to the forums and check your thread! Just like you had to do to read this message), the malware infects you. Bam. You're done.

In another situation, the iFrame might open a Javascript bug. Now you're looking down a window that says 'You are Infected! Buy our software to clean your computer!'. This is fake anti-virus software. You click 'No' 'Cancel' or the red 'X'. It downloads and infects you anyway.

4.) If the payload carried a rootkit, you have no idea you've been infected until sometime later when someone steals your email account. This is particularly worse if you bank on your computer.

You didn't do anything but view your thread!

Will Antivirus stop all of these attacks? Not 100%, but likely 90-95%. It's not about fixing the infection. It's about stopping it.

Carbonyl said:

UrbanBounca said:

I use the Windows firewall, with Windows updating daily. Either way, you can keep explaining how severe some viruses can be, and it won't change my opinion in that 99% of viruses can be blocked by common sense.

The idea that this whole thread is about is that common sense isn't good enough anymore. The guys writing the malware know how you're thinking. They're chaning their attitudes to attack people like you.

UrbanBounca said:

I use Firefox, 'cause IE is a death trap.

IE8 is arguably more secure than FireFox. FireFox has a large market share and security holes continue to emerge. IE8 defaults to lowest-privileges, and can browse in a sandbox. IE7 and IE6 remain deathtraps. IE8 is not either IE7 or IE6.

UrbanBounca said:

I don't click on a questionable link, such as the example you've given regarding PDF files that can execute code. Why would I open anything from a questionable link? Once again, common sense.

Reading comprehension, man! You don't need to click a link. You don't need to open a file! Here's an example:

1.) You visit these forums, via bookmark. You visit a topic that you started. There's been a new reply, and you want to check it out.

2.) Unbeknownst to you, the reply has a hidden iFrame in it, which launches an XSS attack on you. You don't see it, but a small 1x1 pixel window opens up without your intervention or input, and starts downloading malware to your computer.

3.) Depending on the nature of the attack, a variety of things could happen here. But let's go extreme and say that the latest PDF exploit is delivered. There's currently no patch available for Adobe, so immediately after auto-opening of the file (Remember, you did nothing but navigate to the forums and check your thread! Just like you had to do to read this message), the malware infects you. Bam. You're done.

In another situation, the iFrame might open a Javascript bug. Now you're looking down a window that says 'You are Infected! Buy our software to clean your computer!'. This is fake anti-virus software. You click 'No' 'Cancel' or the red 'X'. It downloads and infects you anyway.

4.) If the payload carried a rootkit, you have no idea you've been infected until sometime later when someone steals your email account. This is particularly worse if you bank on your computer.

You didn't do anything but view your thread!

Will Antivirus stop all of these attacks? Not 100%, but likely 90-95%. It's not about fixing the infection. It's about stopping it.

Firefox has always been, and will always be, more secure than IE, especially with access to their addon database.

Secondly, with the Adblock Plus and NoScript addons for Firefox, I don't have to worry about iFrame's and their potentionally harmful injections.

Tews said:

When it comes to your systems/file integrity, you cant be too careful.. I use a multi-layered defense policy and adhere to it. While I have been involved with the IT industry since 1978, I never try to tell myself that I am immune to the nasties that abound on the interwebz... It takes not one whit of extra energy to run a good A/V program, and to totally ignore the possibility of infection is IMHO asking for disaster to strike.

Thanks for the heads up pparks!!

can you please post your lines of defense

UrbanBounca said:

Firefox has always been, and will always be, more secure than IE, especially with access to their addon database.

Secondly, with the Adblock Plus and NoScript addons for Firefox, I don't have to worry about iFrame's and their potentionally harmful injections.

While I agree about Noscript and Adblock, I'm going to ask you to back up your statement about Firefox being more secure than IE8. Unless you're running Sandboxie with FF, I don't think you can get much safer than an isolated environment in your browser. Mitigating factors to ActiveX and dropped rights in IE8 have cleaned up much of the problems with previous iterations.

If you're running your system as an Admin (i.e. the way windows installs, default), IE8 is safer out of the box.

Review: IE8 is no speed demon, but is most secure browser available

Microsoft becomes high priest of secure software development

OPINION: Pigs Fly! Microsoft Leads in Security

Carbonyl said:

UrbanBounca said:

Firefox has always been, and will always be, more secure than IE, especially with access to their addon database.

Secondly, with the Adblock Plus and NoScript addons for Firefox, I don't have to worry about iFrame's and their potentionally harmful injections.

While I agree about Noscript and Adblock, I'm going to ask you to back up your statement about Firefox being more secure than IE8. Unless you're running Sandboxie with FF, I don't think you can get much safer than an isolated environment in your browser. Mitigating factors to ActiveX and dropped rights in IE8 have cleaned up much of the problems with previous iterations.

If you're running your system as an Admin (i.e. the way windows installs, default), IE8 is safer out of the box.

Review: IE8 is no speed demon, but is most secure browser available

Microsoft becomes high priest of secure software development

OPINION: Pigs Fly! Microsoft Leads in Security

I stand corrected, however, I still don't trust IE. Out of the box, IE may be more secure, but is IE still more secure than a Firefox browser with access to the addon database?