I use the Windows firewall, with Windows updating daily. Either way, you can keep explaining how severe some viruses can be, and it won't change my opinion in that 99% of viruses can be blocked by common sense.
The idea that this
whole thread is about is that common sense isn't good enough anymore. The guys writing the malware know how you're thinking. They're chaning their attitudes to attack
people like you.
UrbanBounca said:
I use Firefox, 'cause IE is a death trap.
IE8 is arguably more secure than FireFox. FireFox has a large market share and security holes continue to emerge. IE8 defaults to lowest-privileges, and can browse in a sandbox. IE7 and IE6 remain deathtraps. IE8 is not either IE7 or IE6.
UrbanBounca said:
I don't click on a questionable link, such as the example you've given regarding PDF files that can execute code. Why would I open anything from a questionable link? Once again, common sense.
Reading comprehension, man! You don't need to click a link. You don't need to open a file! Here's an example:
1.) You visit these forums, via bookmark. You visit a topic that you started. There's been a new reply, and you want to check it out.
2.) Unbeknownst to you, the reply has a hidden iFrame in it, which launches an XSS attack on you. You don't see it, but a small 1x1 pixel window opens up
without your intervention or input, and starts downloading malware to your computer.
3.) Depending on the nature of the attack, a variety of things could happen here. But let's go extreme and say that the latest PDF exploit is delivered. There's currently no patch available for Adobe, so immediately after auto-opening of the file (Remember, you did nothing but navigate to the forums and check your thread! Just like you had to do to read this message), the malware infects you. Bam. You're done.
In another situation, the iFrame might open a Javascript bug. Now you're looking down a window that says 'You are Infected! Buy our software to clean your computer!'. This is fake anti-virus software. You click 'No' 'Cancel' or the red 'X'. It downloads and infects you anyway.
4.) If the payload carried a rootkit, you have no idea you've been infected until sometime later when someone steals your email account. This is particularly worse if you bank on your computer.
You didn't do anything but view your thread!
Will Antivirus stop all of these attacks? Not 100%, but likely 90-95%. It's not about
fixing the infection. It's about stopping it.