What is the actual risk of getting infected?

View previous topic View next topic Go down

What is the actual risk of getting infected?

Post by ssj100 on 4/5/2010, 14:59

Take this example:

One of my closest friends is a fairly typical average computer user (she's not a "noob"). She runs Windows Vista with UAC off and in full blown admin mode. She runs default Windows Firewall and Avira AntiVir Personal in real-time. And that's it. Well, apart from recently acquiring Drive Snapshot to (image) back up her data/system.

She's able to do work and play games on her system efficiently and with no slow-downs or conflicts. In other words, her system works very well for her, and does what it needs to do with no issues.

And she's never had a genuine malware infection for the several years that I have known her.

The fact is that I suspect the actual risk of getting infected as an average home computer user is very low. The "noob" user may be even less likely to get infected, as they generally won't be under-taking any risky internet habits (like surfing crack and other dodgy sites).

Ultimately my point comes down to this question:
"How much MONEY and TIME are you willing to spend to protect your system or perhaps someone else's system, given the above preamble?"

Personally, I always try to stay with software that does not require annual fees. Annual fees are annoying, in my opinion. It's not like I don't have any annual (or monthly) fees to pay already! The fact is that I have already paid a lot of money for my computer system. I am also paying monthly fees to use the internet!

The second point is this:
"Why give yourself additional annual fees for security software when you can use Windows' own built-in security software to eliminate (possibly) 99.99% of all malware threats out there?"

The fact is that users like my friend could easily run as a limited user, particularly on Vista and 7. The fact is that installing strong software that is supposedly "noob" friendly (like DefenseWall) does not (always) work. I only know of one person (demoneye's brother...demoneye thought DefenseWall would work well for him) who uses DefenseWall, and he got his system infected! After some questioning, it appeared he got his system infected because he installed some (dodgy) downloaded software as "trusted" (because it wasn't installing properly as "untrusted"!). This is a real world example guys and girls! This isn't some theoretical debate or statement. And this type of behaviour is extremely common place among computer users out there - if it doesn't install properly, just install it as "trusted"...or if something pops up (in the case of Classical HIPS) asking if you really want to proceed, just click "Allow" or "Permit". This is what happens in the REAL world guys and girls. "Welcome...to the REAL world", as Morpheus once said haha.

Anyway, when demoneye tried to salvage his brother's computer with the DefenseWall "rollback function", he was unable to do so! There were literally hundreds of entries in the rollback list and demoneye (an above average computer user) had no idea which one(s) to delete!

Now take this post (from the thread that generally lacked constructive crticism). It was in response to someone who had said he had never been infected since installing Comodo Internet Security (CIS):
http://www.wilderssecurity.com/showpost.php?p=1671449&postcount=41

I use mosquito repellent, and although I have spent MUCH time camping in the Florida Everglades, I have never been bitten by a snake. Conclusion: Using mosquito repellent prevents snake bites.

He's basically saying that CIS wasn't actually (necessarily) protecting the user and that it was more likely that the user's computer common sense and experience saved him from getting infected in the first place.

The same can be said for any security software. However, the above user (who uses CIS) is perhaps smarter than everyone who is paying for their security software! CIS is completely free with no annual fees whatsoever! So for example, is DefenseWall really protecting you? Or is it just good computer common sense and experience that's doing the job? The user who understands the concept of "trusted" and "untrusted" files (and therefore understands things enough to use DefenseWall) would also likely have enough computer common sense and experience to never get infected in the first place! So is DefenseWall really worth paying annual fees to use and update?

And now comes the third ultimate point:
"For high risk users (like demoneye's brother), what if you could deny them from installing/executing anything new?"

Yes yes, I can hear people yelling obscenities already haha. If you did that to the average computer user, they would either hate you for the rest of their lives, or simply pester you with questions like "Why can't I run this file?".

However, that's the only way you're going to prevent infections for people like demoneye's brother, who sounds like a typical "high risk" computer user. And how would you do this?

The answer lies in the final ultimate point:
"LUA/SUA + SRP/AppLocker + Hardware DEP". All completely free...without annual fees. And ultimately, this entire post is in response to this:
http://www.wilderssecurity.com/showthread.php?t=271792

Now that the true ultimate point has been revealed, it's very clear that when dealing with a "wife's PC", LUA/SUA + SRP/AppLocker + Hardware DEP would be ideal. If the "wife" wanted to run/install new files/software, she would simply ask you for permission. And why would she need to ask you? Simple. You have better computer common sense and experience (and a better security approach) than her! This would be the best way to keep the "wife's PC" clean, even if she used it like demoneye's brother!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: What is the actual risk of getting infected?

Post by Ruhe on 21/6/2010, 17:08

You should write a book...I love your stories and thoughts. Thanks.
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

KAspersky

Post by hoyky on 13/7/2010, 16:00

Admin
Post removed not relevent to topic/thread

hoyky
New Member
New Member

Posts : 1
Join date : 2010-07-13

View user profile

Back to top Go down

Re: What is the actual risk of getting infected?

Post by ssj100 on 13/7/2010, 16:07

That doesn't really relate to the original post. If you want to recommend an Antivirus product, please post in the "Antivirus" sub-forum. Also, please don't link to dubious download sources (the one you linked to has a reputation of hosting fake software and distributing malicious files). Thanks.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: What is the actual risk of getting infected?

Post by Sadeghi85 on 26/7/2010, 00:35


"For high risk users (like demoneye's brother), what if you could deny them from installing/executing anything new?"

That doesn't work, for this reason:

Yes yes, I can hear people yelling obscenities already haha. If you did that to the average computer user, they would either hate you for the rest of their lives, or simply pester you with questions like "Why can't I run this file?".

However, that's the only way you're going to prevent infections for people like demoneye's brother, who sounds like a typical "high risk" computer user.

That's not the way, they won't ever learn that better security approach, they'll need you to take care of their PC forever. That might be good for kids or old people(light virtualization is better alternative for that IMO) but others need to learn by themselves.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

View user profile

Back to top Go down

Re: What is the actual risk of getting infected?

Post by ssj100 on 26/7/2010, 06:11

Sadeghi85 wrote:

"For high risk users (like demoneye's brother), what if you could deny them from installing/executing anything new?"

That doesn't work, for this reason:

Yes yes, I can hear people yelling obscenities already haha. If you did that to the average computer user, they would either hate you for the rest of their lives, or simply pester you with questions like "Why can't I run this file?".

However, that's the only way you're going to prevent infections for people like demoneye's brother, who sounds like a typical "high risk" computer user.

That's not the way, they won't ever learn that better security approach, they'll need you to take care of their PC forever. That might be good for kids or old people(light virtualization is better alternative for that IMO) but others need to learn by themselves.

That's very arguable. If they can't run anything not white-listed and need to rely on you for "help" every time, perhaps that would be enough motivation for them to learn this "better security approach". The fact is that this method potentially denies them from doing what they want - that's irritating for them, but it's "for their own good" right haha. Once they show enough responsibility and gain of experience/knowledge, then perhaps you can let them loose.

But as you point out, it's not a method that would work for every single "high risk" user out there. Why? Well, they might punch you in the face for being such a control freak haha. Light virtualisation is definitely another method, but then they'd simply end up complaining that their files and settings weren't saved/remembered...and end up punching you in the face too.

I think for kids, LUA + SRP is definitely the way to go, particularly if you want to control what they install and play/use.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: What is the actual risk of getting infected?

Post by Sadeghi85 on 26/7/2010, 10:52

I agree, for kids, LUA + SRP is the way to go, the "light virtualization" suggestion was for old people, you just need to exclude some folders and that's it. They don't even need to know it's running on their PC.

If they can't run anything not white-listed and need to rely on you for "help" every time, perhaps that would be enough motivation for them to learn this "better security approach". The fact is that this method potentially denies them from doing what they want - that's irritating for them, but it's "for their own good" right haha.

Most get used to that irritation. 'noob' computer user doesn't even know what a virus is, they have to get infected and see the effect of it for themselves. For those who really aren't interested to learn, light virtualization works better IMO.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

View user profile

Back to top Go down

Re: What is the actual risk of getting infected?

Post by ssj100 on 26/7/2010, 11:03

Sadeghi85 wrote:Most get used to that irritation. 'noob' computer user doesn't even know what a virus is, they have to get infected and see the effect of it for themselves. For those who really aren't interested to learn, light virtualization works better IMO.

You're probably right in most cases. However, keep in mind that light virtualisation doesn't prevent data theft (eg. keyloggers, screenshot loggers, clipboard loggers etc).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: What is the actual risk of getting infected?

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum