New
#41
When it comes to your systems/file integrity, you cant be too careful.. I use a multi-layered defense policy and adhere to it. While I have been involved with the IT industry since 1978, I never try to tell myself that I am immune to the nasties that abound on the interwebz... It takes not one whit of extra energy to run a good A/V program, and to totally ignore the possibility of infection is IMHO asking for disaster to strike.
Thanks for the heads up pparks!!
The idea that this whole thread is about is that common sense isn't good enough anymore. The guys writing the malware know how you're thinking. They're chaning their attitudes to attack people like you.
IE8 is arguably more secure than FireFox. FireFox has a large market share and security holes continue to emerge. IE8 defaults to lowest-privileges, and can browse in a sandbox. IE7 and IE6 remain deathtraps. IE8 is not either IE7 or IE6.UrbanBounca said:
Reading comprehension, man! You don't need to click a link. You don't need to open a file! Here's an example:UrbanBounca said:
1.) You visit these forums, via bookmark. You visit a topic that you started. There's been a new reply, and you want to check it out.
2.) Unbeknownst to you, the reply has a hidden iFrame in it, which launches an XSS attack on you. You don't see it, but a small 1x1 pixel window opens up without your intervention or input, and starts downloading malware to your computer.
3.) Depending on the nature of the attack, a variety of things could happen here. But let's go extreme and say that the latest PDF exploit is delivered. There's currently no patch available for Adobe, so immediately after auto-opening of the file (Remember, you did nothing but navigate to the forums and check your thread! Just like you had to do to read this message), the malware infects you. Bam. You're done.
In another situation, the iFrame might open a Javascript bug. Now you're looking down a window that says 'You are Infected! Buy our software to clean your computer!'. This is fake anti-virus software. You click 'No' 'Cancel' or the red 'X'. It downloads and infects you anyway.
4.) If the payload carried a rootkit, you have no idea you've been infected until sometime later when someone steals your email account. This is particularly worse if you bank on your computer.
You didn't do anything but view your thread!
Will Antivirus stop all of these attacks? Not 100%, but likely 90-95%. It's not about fixing the infection. It's about stopping it.
While I agree about Noscript and Adblock, I'm going to ask you to back up your statement about Firefox being more secure than IE8. Unless you're running Sandboxie with FF, I don't think you can get much safer than an isolated environment in your browser. Mitigating factors to ActiveX and dropped rights in IE8 have cleaned up much of the problems with previous iterations.
If you're running your system as an Admin (i.e. the way windows installs, default), IE8 is safer out of the box.
Review: IE8 is no speed demon, but is most secure browser available
Microsoft becomes high priest of secure software development
OPINION: Pigs Fly! Microsoft Leads in Security
I use a Dlink router with WPA2 encryption..Malwarebytes Anti-Malware, NIS2010, UAC on default settings, Sandboxie, Standard User Account... All are updated daily/weekly and run on a daily schedule... I also use Acronis True Image Home 2010 to make incremental backups to an off site drive.... I know that some may think this is overkill, but forewarned is forearmed...