Who writes these viruses?!

[ThermalRunaway]

The thing is you have to strike a balance between a protected computer and a useable computer. If your computer is too tightly squeezed with protection software, you'll find that even when you want to do legitimate things the protection software won't let you. For me, my antivirus and firewall software has to be very discrete - I don't want it stopping me from doing the things that I want to do.

It's like that at work at the moment - even downloading a datasheet is a problem and it sucks. If you can find a website where they offer a datasheet as a .pdf to view, then it works fine but if you try most of the datasheet websites where they use a scripting language to start the download process for you, the datasheet download gets blocked and the firewall won't let you fetch it. The amount of time I've wasted because I haven't even been able to get a datasheet is unreal! So the more tightly protected the computer, the more productivity suffers.

Brian

 

[Styx]

I dunno my Linux-box is perfectly safe and I can do whatever I like with not alot of restrictions.

its all about conditioning:
do not run as root/Admin,
only install stuff from trusted sites
know what you have installed (on my XP box I audit it every month)
know what is running

thats it

 

[Nigel Goodwin]

Without protection the average user has about ten minutes before the machine becomes infected. It's a sobering thought.

You would have to be particularly stupid to get infected in 10 minutes!

To catch a virus you have to download and run something - the most comon method of spreading them is by email, and as most are targeted against Outlook and Outlook Express it's a good reason NOT to use them. If you're not downloading emails then that takes care of the biggest problem.

Next is downloading files and running them, particularly from dodgy sources, so if you don't do that, then the next biggest problem is overcome.

I suppose the next problem is direct infection from web pages?, probably the biggest risk here is spyware, but you can catch virus's that way as well. Easiest simple 'improvement' is to increase the browser security and disable all the dangerous facilities like Java or VB scripts.

But I would suggest the first thing you should do is use a router with an in-built firewall, that stops direct attacks on your machine.

 

[spuffock]

The reason for viruses? Consider that the world has become lumbered with a piss-poor operating system by default, something that has behaviour reminescent of a tumour. Maybe, by exploiting its many shortcomings in a destructive manner, the virus writers hope to do the world a favour by making it totally unusable?

 

[Styx]

You would have to be particularly stupid to get infected in 10 minutes!

To catch a virus you have to download and run something - the most comon method of spreading them is by email, and as most are targeted against Outlook and Outlook Express it's a good reason NOT to use them. If you're not downloading emails then that takes care of the biggest problem.

Next is downloading files and running them, particularly from dodgy sources, so if you don't do that, then the next biggest problem is overcome.

I suppose the next problem is direct infection from web pages?, probably the biggest risk here is spyware, but you can catch virus's that way as well. Easiest simple 'improvement' is to increase the browser security and disable all the dangerous facilities like Java or VB scripts.

But I would suggest the first thing you should do is use a router with an in-built firewall, that stops direct attacks on your machine.

Actually not.
The most common method for internet connected PC's are via WORM's
I had to re-install windows XP a while back and I had to patch the oh-so-many vuln that existed in windows (MS-Blast comes to mind)
within 5~6min my machine was already infected AND that was just after a fresh install AND trying to patch and update virus-checker & windows!!!

an unpatch Windows ### will get infected within 5min on connection to the internet!!


so question how do you protect yr machine from vuln that exist within the OS and hte only way to patch those vuln is to connect to the internet...

since SP2 for XP there as been over 100patch released for XP, until SP3 is released that can be d/l onto another machine AND then patch a fresh XP isolated from the net (to then upgrade all the other software ) THEN you will just get infected!!

since I am re-building my PC in Nov/Dec I am faced with the prospect of when I goto install XP, even with NOD32 & Kerio install I shall be vuln for at least 5min untill the relevant patches are inplace...

so tell my what to do.

the internet is like a cheep dutch brothel, would you go into one unprotected? but what if the protection you needed was in the brothel?


Also a router with a built-in firewall are ONLY NAT firewall and only protect against packet-attacks (invalid CP/IP packets), the MS-Blast worm was valid TCP/IP data and passed through EVERY single hardware firewall their was. Since most PC's at that time needed the RPC port open the data was not stopped by software firewall, allowing the MS-Blast worm to buffer-overflow RPC and execute local root/Admin command to d/l a remote file (the main virus) to infect yr machine and then spread on

 

[Styx]

Basically for my Windows setup I have:

Hardware F/W in router --> S/W firewall (Kerio) --> A/V (NOD32) --> restricted user

For Linux:

Hardware F/W in router -->Kernel firewall (iptables) --> normal user

 

[hjames]

Actually not.
so question how do you protect yr machine from vuln that exist within the OS and hte only way to patch those vuln is to connect to the internet...

since SP2 for XP there as been over 100patch released for XP, until SP3 is released that can be d/l onto another machine AND then patch a fresh XP isolated from the net (to then upgrade all the other software ) THEN you will just get infected!!

since I am re-building my PC in Nov/Dec I am faced with the prospect of when I goto install XP, even with NOD32 & Kerio install I shall be vuln for at least 5min untill the relevant patches are inplace...

so tell my what to do.

the internet is like a cheep dutch brothel, would you go into one unprotected? but what if the protection you needed was in the brothel?


Also a router with a built-in firewall are ONLY NAT firewall and only protect against packet-attacks (invalid CP/IP packets), the MS-Blast worm was valid TCP/IP data and passed through EVERY single hardware firewall their was. Since most PC's at that time needed the RPC port open the data was not stopped by software firewall, allowing the MS-Blast worm to buffer-overflow RPC and execute local root/Admin command to d/l a remote file (the main virus) to infect yr machine and then spread on

?
The MS-Blast worm should be blocked by any external firewall worth it's salt. For example, I've had a low-power Via/Linux machine running for the last 3 years that does NAT and doesn't allow *any* packets from the outside world to touch my (woefully vulnerable) windows install unless it's a reply. Unless you poke a hole in your firewall for TCP port 135 explicitly, no computer outside the firewall even knows of the existence of anything inside the NAT, much less how to send any packets to it.

However, most firewalls aren't configured to block outgoing virus packets, so that might be where things are getting confused...

 

[Styx]

yes that port should be closed by a H/W router OR S/W firewall, but at the time (well just before the outbreak) that port was needed to be open becuase RPC liked to talk to MS

after the patch the exploit was fixed and its "wanting to listen" was stopped, but the point still stands

 

[akg]

an unpatch Windows ### will get infected within 5min on connection to the internet!!

i have been using a win98 for past 3 yrs ,(it has avg) and it has never got any virus. yes i do take precautions .
again disabling scripting will disable a large amount of functionality in the browse (sure it has vulnerabilities) , most of the spy ware comes in the form of ActiveX , taking care of that will help a lot

 

[evandude]

You would have to be particularly stupid to get infected in 10 minutes!

Maybe in 10 minutes, but not much more:
https://www.securityfocus.com/columnists/262
according to that, an average unprotected windows XP computer will be infected in around 20 minutes of being connected to the internet.

I, too, run a computer in my car, and even on that, the first thing I did after installing windows, BEFORE I connected it to the internet to download drivers/etc, was to install AVG antivirus, which is small and free. On my desktop PC, I always install NAV before I hook it up to the network for the first time. AVG may not be anywhere near as secure as the mainstream ones, but it's a whole lot better than nothing, and doesn't use much system resources. That will become even more important if you ever decided to hook up a wireless network card to your car computer to get internet access at the free wifi hot spots you sometimes find. Getting a virus in the middle of a road trip and losing access to your media (and even worse, GPS navigation, if you use it) would really suck!

As for the motivation for people to write these viruses, well the purely malicious ones are mainly for the 'script kiddies' to have their fun and maybe make their name known amongst the hacker community... but the ones with popup ads like you seem to have gotten probably have some financial incentive; the popup ad company makes money off the additional exposure, primarily from not-so-computer-savvy people who don't realize that any company whose popup ad reaches you by way of a virus infection is probably not one you want to do business with.

 

[The Mad Professor]

Patches for WinXp are available for download as self installing EXE files through third party I.T. support sites , "Genuine Advantage" does not need to be installed in order to recive these. With these burnt to disc there is no need to connect to the net in an unpatched state ever again after reloading the OS.

 

[evandude]

Patches for WinXp are available for download as self installing EXE files through third party I.T. support sites , "Genuine Advantage" does not need to be installed in order to recive these. With these burnt to disc there is no need to connect to the net in an unpatched state ever again after reloading the OS.

Sounds like I should download those... It would certainly make my life easier at those times where I'm messing with hardware or trying to optimize windows and end up doing a dozen installs in a week... even better if slipstreamed into the install.

 

[HiTech]

i have been using a win98 for past 3 yrs ,(it has avg) and it has never got any virus. yes i do take precautions .
again disabling scripting will disable a large amount of functionality in the browse (sure it has vulnerabilities) , most of the spy ware comes in the form of ActiveX , taking care of that will help a lot

That's because virus authors are not interested in old OS's anymore. Any pc that running important programs etc isn't using Win 98, 95 and so on.

 

[akg]

That's because virus authors are not interested in old OS's anymore. Any pc that running important programs etc isn't using Win 98, 95 and so on.

then another one .. my office pc is connected to net and is xp , but not received any virus till date .
It is the user who is to be careful about what is going on in the comp.(i'm a software guy too)

 

[HiTech]

Anytime I reload an OS, I always do it without network connections. All updates, patches, drivers, and spyware pgms. are first loaded onto CD discs beforehand and installed prior to any network connectivity. Then the anitvirus software is the last pgm. to get installed and updated. What a joy it is to reinstall XP compared to 98SE and the older systems!

 

[The Mad Professor]

akg:

Networks such as one might find in a large office or call-center, are typically defended from intrusions via the internet at the server through which it connects to the world wide web. This way only one computer needs to run firewall and antivirus software, these are known as "Gateway" applications.

 

[ThermalRunaway]

Anytime I reload an OS, I always do it without network connections. All updates, patches, drivers, and spyware pgms. are first loaded onto CD discs beforehand and installed prior to any network connectivity. Then the anitvirus software is the last pgm. to get installed and updated. What a joy it is to reinstall XP compared to 98SE and the older systems!

HiTech, why is it that when my eyes briefly scanned the last paragraph of your signature, "group threesome" registered rather than "gopu_thestore"

LOL

Brian

 

[HiTech]

maybe you have been spending too much time at the bench instead of in the company of women?

 

[ThermalRunaway]

Actually, she has been moaning about that lately. I've been using the excuse that I'm doing a project for her this time and I've got her all excited about what it might be. I've said it'll be soppy.

Sooner or later the ploy will wear off and she'll be expecting me to produce something worthy of the wait, so I guess I'll have to get building soon

Brian

 

[The Mad Professor]

Ahh , I have just the thing for her....perfect for those dark winter evenings.