Do you use anti-virus software?

[Mithran Denizen]

I don't bother with an antivirus package on my Windows machines any more. I do use a great hardware firewall. I have run dedicated removal software a couple of times (twice in 15 years), but aside from disabling access to a lot of potential infection vectors, I don't actually keep them connected to the internet that much.

I also tend to reformat and wipe them completely clean every month or so, and I don't store any sensitive info on them, so I don't really care.

[chungy]

Mithran Denizen said:

I also tend to reformat and wipe them completely clean every month or so

Why?

[Ultraboy94]

I use AVG Free. Never had a fatal virus in my career of owning a computer. Not even when I was a 12-year old moron thanks to the use of AVG Free, although now it's also complimented by not touching those ads.

[Mithran Denizen]

chungy said:

Why?

Various personal and business reasons that I'd rather not discuss, actually. :P

My two main 'personal' computers both primarily run Linux though, and I have no need to wipe those periodically. I do dual-boot a copy of Windows Vista on one of them for software testing, but I rarely use it to access the internet, so again, I don't bother with any AV.

[DoomUK]

For the record I'm currently using Avast. Before that I used AVG for many years before it started reporting false positives and became a pain in the ass. Before that I used the bloated and ineffective software that is McAfee like a noob.

[Wagi]

Mithran Denizen said:

Various personal and business reasons that I'd rather not discuss, actually.

Porn.

It's funny this topic should come up, I just got a virus last night. I used to think Avast was good, but this damned virus literally installed and ran itself on my computer without my permission. Avast can't even detect it with a full hard drive scan, so you know I'm throwing that piece of shit out when I wipe my HD this weekend.

Luckily, I was able to cripple it by overwriting a program it created in my appdata/local folder called NBY.EXE. I replaced it with Chocolate Doom. Now the virus inadvertently runs my favorite game every time it tries to create a popup.

[Aliotroph?]

One infection is insufficient evidence that Avast isn't good. There are a large number of malware removal tools that might kill it.

Most of the computers I've seen riddled with malware were the ones that never ran Windows Update. It seems the authors of those things like to reverse engineer the security patches (rather obvious I guess).

[DoomUK]

Aliotroph? said:

Most of the computers I've seen riddled with malware were the ones that never ran Windows Update.

Most people don't care about looking after their system, or at best don't know how to. They all know "someone who's good with computers" who will fix it for them :p

[Maes]

Wagi said:

Luckily, I was able to cripple it by overwriting a program it created in my appdata/local folder called NBY.EXE. I replaced it with Chocolate Doom. Now the virus inadvertently runs my favorite game every time it tries to create a popup.

I'm surprised that a virus able to get past Avast actually belongs to the "just find the .exe and cripple it/delete it" category. There are many cloking/protection methods that viruses employ to hide or defend themselves, but I wonder how come the best/more stealthy/more aggressive of them don't become commonplace or practically standard fare for any new viruses.

[Wagi]

It was cloaked; hidden and read only so there was no way I could get rid of it through Windows. Any program that would try to delete it terminated immediately. I wrote a C++ Program that renamed it and simultaneously replaced it with Chocolate-Doom. Before the "Head Hancho" of the malware could kick in and fix the damage, it was already too late.

It's not the best virus, though. I can still run any program as long as I do it as Administrator, and it even forgot to block the task manager. I wish I could find out what file is the source of it all, though, because it's still damn annoying.

[chungy]

Mithran Denizen said:

Various personal and business reasons that I'd rather not discuss, actually. :P

I have the feeling it's careless browsing of what the other poster said, porn.

there should be no reason to reinstall Windows on such a regular schedule, or any schedule at all besides "I fucked up the system really badly"

[Mr. T]

Technician said:

I watch way too much porn to rely on common sense.

iPhone...Hehehehe

On my Win7 drive I use avast. It is free and seems to work. I had a Mac AV program, but it seemed to be a waste of time so don't now. The built-in firewall is pretty good too.

[hex11]

Gez said:

There actually are Unix viruses. (And Mac viruses, etc.) It's mostly security through obscurity in that as long as Linux remains a niche OS it won't attract the bulk of virus making.
(snip)
Now if he had said "I run BeOS", the yeah, he'd be safe. Nobody is ever going to bother writing a virus for that. :p

I run OpenBSD with sysctl kern.emul.linux=0, so don't care about Linux viruses. :)

But at least with Linux, etc. you can take extra measures to prevent viruses from gaining root, or even surviving between reboots. For example, some distros like TinyCore don't install the OS to writable media but instead boot from CDROM and run in memory.

[ducon]

I run Debian, and I’ve never seen a single virus, except as attached files.
My wife runs XP, I update it, installed MSSE, Antimalware, CCleaner and Adaware. At work, ditto but without Adaware. It’s enough.

[Maes]

The key behind virus/malware proliferation is profit potential. OK, let's say that you're an ultra-1337 hacker that was able to hack e.g. SunOS and totally make it your bitch. Now what? What's in it for you? Chances are you just caused a headache to some IT Dungeon dweller or Helldesk Imp, which will be promptly restored via a network image.

Nothing gained, save for some e-peen (which doesn't pay the bills).
Instead, if you take the popular adage that a sucker is born every minute, you piggyback your malware on some lucrative business like online casinos, "free" downloadable games, porn etc. and try to make some $$$ out of it.

[DoomUK]

Maes said:

The key behind virus/malware proliferation is profit potential. OK, let's say that you're an ultra-1337 hacker that was able to hack e.g. SunOS and totally make it your bitch. Now what? What's in it for you? Chances are you just caused a headache to some IT Dungeon dweller or Helldesk Imp, which will be promptly restored via a network image.

Nothing gained, save for some e-peen (which doesn't pay the bills).
Instead, if you take the popular adage that a sucker is born every minute, you piggyback your malware on some lucrative business like online casinos, "free" downloadable games, porn etc. and try to make some $$$ out of it.

Maes you underestimate the destructive power of the bored, basement-dwelling computer wizard who just likes to disrupt people's computers when he isn't trolling /b/ or playing his 999999999999th hour of WoW.

The quote "Some men just want to watch the world burn" comes to mind.

[Maes]

DoomUK said:

Maes you underestimate the destructive power of the bored, basement-dwelling computer wizard who just likes to disrupt people's computers when he isn't trolling /b/ or playing his 999999999999th hour of WoW.

Other than the WoW and trolling /b/ part, the rest is pure 80s/early 90s cyber-romanticism.

Someone like the one you described is more likely to use [insert favourite P2P software here] or CS aimbots/wallhacks than writing viruses, in this day and age. I seriously can't imagine anyone undertaking the oldschool boot sector/.EXE/.COM infection trade and learning about x86 assembly, TSRs, interrupt vectors, etc.

Let alone that modern "viruses" are written in Asian and Russian sweatshops or generated by special malware suites/script kiddies tools.

[chungy]

I find it particularly funny that Maes picked SunOS as an example and not Linux. One thing that's always struck me silly about Windows apologists claiming that Linux doesn't get any viruses because "no one cares", despite the rather large number of Linux servers on the internet (I imagine quite a few Solaris ones too), it would be rather attractive I think to be able to sit on a server and be able to sniff out credit card numbers and all from web and mail traffic.

Why isn't this done more? Oh right, the system might actually have real security built into it (not that it would be impossible, it's just extremely difficult, especially given that any sane distribution does not employ a retarded "patch comes on Tuesday!" model).

[Maes]

chungy said:

I find it particularly funny that Maes picked SunOS as an example and not Linux.

I singled it out as an example of a niche OS that definitively doesn't get used for office desktop applications. But I could have just as well picked up e.g. OS X Server, Windows for Itanium, and whatnot.

chungy said:

Linux servers on the internet....sniff out credit card numbers and all from web and mail traffic.

Why isn't this done more?

It is done, but not with a Javascript popup saying "CLICK HEAR TO DOWNLOAD FREE MAL.... ERR GAMEZ" and which then installs a full featured rootkit with keyloggers, phoning-home client etc. nor with USB autorun viruses that hijack your browser. These approaches piggyback on weaknesses the OS itself, because the typical usage scenario is a local user with full executable permissions. The chance of e.g. a floppy disk boot sector or usb stick autorun virus propagating in a Linux/Unix environment is virtually nil, compared to how easily it would do in Windows, because of different application shipping and launching modes.

Attacks on servers do exist, and from time to time the leaking/theft of some million credit card numbers does make the news, but they are performed differently. Rather than attacking the OS itself (pointless, since no sysadmin would do what the typical Joe Consumer type of user would do, nor is it applicable in most cases) they attack the business-end applications themselves, with SQL injection attacks, XSS attacks, buffer overflows, website defacements etc. why attack the OS when the money is elsewhere?

It's a quite different "problem" with different "solutions", so to speak.

[chungy]

Who's talking about floppy disks (who even has those anymore? let alone drives....) and USB drives? Or for that matter, a sysadmin intentionally running a random binary?

I was referring to the kind of viruses that self-propagate via real security issues with the operating system.

[Maes]

chungy said:

I was referring to the kind of viruses that self-propagate via real security issues with the operating system.

Viruses don't just magically materialize somewhere inside an OS and work their way from there, they need to be "planted" there by some means, usually involving pre-infected executables. Pure network-only attacks that result in arbitrary code injections are possible but are rapidly patched (usually) and the majority of infections still come from autorun viruses, dialers and pre-infected exes, at least on Windows.

Also, once a virus has been ran once in user space with full admin rights, under ANY OS, it has practically full powers to do as its creator pleases, it needs to exploit no particular security issues to propagate from that point on.

Since the top business for virus writers nowadays is to hijack browsers, display ads and install dialers, they will target OSes whose user demographic makes this worthwhile, and will use whatever means works best. Trying to exploir random computers on random IPs is not as efficient as writing your virus appropriately and letting it do its job as soon as the conditions are right.

Hijacking e.g. some poor dungeon dwelling sysadmin's Lynx or w3 homepage isn't as profitable as hacking Average Joe's IE to display your affiliate's search engine or scamming him into using your dialer software.

[hex11]

Well some OS do have a way to keep even admin-level processes from totally hosing the entire system. For example, there are several Linux kernel patches that provide mandatory access controls (SELinux, PaX+GrSecurity, etc.) where you can define in very minute detail what a particular user can do, or what resources a program can use (inbound & outbound ports, filesystem access, etc.) If the user or program tries to do something that's not explicitely allowed in the permissions list, then it's denied and the attempt is logged. Generally the permissions start with a "default deny" policy and you add only stuff he/it absolutely needs, and nothing else. Then when the MAC system is activated, even root/admin users can't change the policies or disable it.

It's great in theory. The problem is that someone has to manage these access control lists, and it can get quite complicated. I tried the GrSecurity patch for some servers I was managing years ago, and found it too cumbersome and complicated. I think the only way it can work is if you have a fulltime security manager who handles all that stuff (in addition to regular sysadmins who do the regular work).

At the last place I worked, they used RedHat/Fedora Linux that came with SELinux installed. One of the first things the sysamins did when setting up a new box was to disable the SELinux stuff completely. It was hard enough for them to keep the crappy apps running without introducing more variables and complexity...

[Csonicgo]

Maes said:

Hijacking e.g. some poor dungeon dwelling sysadmin's Lynx or w3 homepage isn't as profitable as hacking Average Joe's IE to display your affiliate's search engine or scamming him into using your dialer software.

I wish I could drill this into everyone's skulls.

[Katamori]

In this evil world, where 90% of computer users work with Windows and Windows-based programes (me too), and where Windows is a piece of sh*t and where it means, lot of people would like to destroy your PC system and steal your private information (ATM PIN-code, etc.) you MUST use anti-virus softwares to avoid the tragedy.

As I've heard, Linux and Mac OSX users are in a bit luckier chase.

[hex11]

One of the nice things about open-source Unix-ish systems is that it's very easy to see what's going on. The OS doesn't try to hide anything from the end user, in order to make the experience "novice friendly" or whatever. You can tell at any given time what processes are running, what state they're in, what resources they're using (files, memory, network...) in minute detail, and you can even trace or debug those processes in real time. And this is with the tools that come installed with the OS by default. Heck, you even get a fantastic firewall for free (pf in OpenBSD, iptables in Linux).

To get a similar setup in Windows-land you'd have to buy/warez tools like SoftIce, etc. And even then, you don't have the original source code for the kernel, libraries and userland programs, so it still takes more work to get the same results. Then if you want to try and harden your system, how far can you really go? It's not like you can ever hope to implement all the security measures present by default in OpenBSD, or a Linux distro that comes with patches like PaX, etc. You can't do it because it entails making fundamental changes to the whole system at the kernel level, inside the libraries, and so on...

It's two entirely different worlds...

[Coopersville]

I usually do, but I haven't gotten around to installing anything in the last year,

[robotman5]

yes i use anti-virus software (Avast!)

[Chow Yun Thin]

I use Avira, it seems to work well without hogging up that much resources. I also have COMODO firewall and wonder if I should just use the Internet Security suite.

[deathbringer]

Just AVG free, I'm glad it updates itself these days because I'd only ever do it manually every 6 months, if that. It tends to catch the odd thing but not spy/adware. For them I use Spybot, though I never leave it's "Teatimer" active detection running because that just munches RAM.

[sirjuddington]

Used to use AVG free until it started popping up with "LOL UPGRAED TO PRO VERSION" every few hours. Now I use avast, which is just as good but without that annoyance. Rarely have problems with viruses either way.