Why do I need security software?

[think2]

A few questions.

On Windows XP (fully patched) with a Linksys router and Windows firewall enabled, supposing I use only google chrome and I visit only mainstream websites and I don't install or download risky software, why would I need internet security software?

Does free software such as Avira or Microsoft Security Essentials do anything more than scan for malware once it's actually on my PC? How would malware get on my PC in the first place?

Thanks for any insight.

 

[postmortemIA]

A few questions.

On Windows XP (fully patched) with a Linksys router and Windows firewall enabled, supposing I use only google chrome and I visit only mainstream websites and I don't install or download risky software, why would I need internet security software?

Does free software such as Avira or Microsoft Security Essentials do anything more than scan for malware once it's actually on my PC? How would malware get on my PC in the first place?

Thanks for any insight.

some ads on regular can be hijacked to have malware in them. you could open bad pdf. In both cases, MSE or Avira should be able to detect it while it is in your temporary internet files folders.

 

[Bill Brasky]

Does free software such as Avira or Microsoft Security Essentials do anything more than scan for malware once it's actually on my PC?

The reason I use Avira is for *real time* protection. That's quite a bit different than getting a bug and not finding until you scan 36 hrs later. What if you do any business or commerce on your computer before the scan?

 

[Gamingphreek]

On Windows XP (fully patched)

You could have stopped right there for your answer Seriously though, XP is one of the most insecure OSes on the planet. Additionally, fully patched means you have the latest bug fixes. What about bugs that aren't fixed? What about Zero-Day exploits? But even if you had the most secure OS on the planet, you still need a multi-layer/level security setup.

Linksys router

Bet ya it doesn't do full SPI (Stateful Packet Inspection). Even still, how secure do you think a basic, run of the mill, router actually is? Any exploits for it? Are all the ports properly stealthed if not completely closed? The list goes on and on just with your router...

Now what about things you can't control? How do you know your DNS hasn't been poisoned and now directs you to a compromised website. How do you know someone isn't injecting packets into a given stream and returning false data (MITM Attack)? Are you sure none of the images you see anywhere haven't been compromised in such a way that they launch embedded code?

I could go on and on. Basically, if you are connected to the internet, it is gross negligence to NOT have any sort of security implemented - the law will back that up should your system get compromised. The only safe computer is one that is completely unplugged from anything/everything.

-GP

 

[VirtualLarry]

Bet ya it doesn't do full SPI (Stateful Packet Inspection).

Every router on the market does that. At least, they no longer mention it as a feature because they all do.

 

[smakme7757]

It's also important to understand that if you request a packet then it will bypass your firewall/router. Just browsing to an infected website is enough to get you infected as you have requested the contents of that website so your firewall will not block it. If you want to run without any security software at least update to Windows 7 and turn on UAC at its highest level.

I'ts been months since i last had Eset pop up and tell me it stopped a threat so in theory i could run without an AV running and be ok. But in reality running without an AV will be bad in the long run.

 

[LiuKangBakinPie]

A few questions.

On Windows XP (fully patched) with a Linksys router and Windows firewall enabled, supposing I use only google chrome and I visit only mainstream websites and I don't install or download risky software, why would I need internet security software?

Does free software such as Avira or Microsoft Security Essentials do anything more than scan for malware once it's actually on my PC? How would malware get on my PC in the first place?

Thanks for any insight.

I can give you a million reasons and get into the technical stuff but I'm going to make it simple. Everything you click on has admin rights to your pc if your running it in a single user/admin account. You can imagine the rest

 

[SonicIce]

you can either have your pc slowed to a crawl by a malicious virus once a year, or have it slowed to a crawl 24/7 by av

 

[think2]

Now what about things you can't control? How do you know your DNS hasn't been poisoned and now directs you to a compromised website. How do you know someone isn't injecting packets into a given stream and returning false data (MITM Attack)? Are you sure none of the images you see anywhere haven't been compromised in such a way that they launch embedded code?

What is a compromised website? How can it hurt my computer?

How can code embedded in an image get launched on my computer?

It should be a simple matter for a browser to prevent the execution of downloaded "native code" unless I explicitly give permission. Similarly the browser should never modify or delete files on my computer (other than cookies etc.) unless I explicitly give permission.

 

[Bill Brasky]

you can either have your pc slowed to a crawl by a malicious virus once a year, or have it slowed to a crawl 24/7 by av

LOL

But really, real time anti-virus with Avira doesn't slow down my system to *any* noticable degree. Just sayin'

 

[LiuKangBakinPie]

What is a compromised website? How can it hurt my computer?

How can code embedded in an image get launched on my computer?

It should be a simple matter for a browser to prevent the execution of downloaded "native code" unless I explicitly give permission. Similarly the browser should never modify or delete files on my computer (other than cookies etc.) unless I explicitly give permission.

when you click on a link you already gave it access. Whats hidden behind it damages your pc. Remeber that page you load get saved on your pc. Its the same as downloading a file with malware attached to it. Only difference is that you already clicked on that page to run

 

[think2]

when you click on a link you already gave it access. Whats hidden behind it damages your pc. Remeber that page you load get saved on your pc. Its the same as downloading a file with malware attached to it. Only difference is that you already clicked on that page to run

I don't believe you. I bet you can't give me an example (or even half an idea) of how clicking on a link could damage my PC using google chrome.

 

[LiuKangBakinPie]

I don't believe you. I bet you can't give me an example (or even half an idea) of how clicking on a link could damage my PC using google chrome.

RAT
make a video bout a crack , like For Adobe Photoshop , VB.Net , Teamviewer ,(These were just the examples) or any Games , then get your virus FUDand Make a video and post. Now , i know alot of people do this , but they dont do 1 thing right. SPreading the video.

GO to www.site.com and click on Videos , then click on Most Viewed , and then choose All Time

hen go to every single video that has alot of views and post this:
Wow look what i found click on my name and watch the video , it will get ur free shit etc etc.. .

Then you will get loads of people on your RAT.

No I wont explain to you what I did before hand coz I dont want to give people ideas. Above is just a example

 

[think2]

As before, you're talking gibberish.

 

[LiuKangBakinPie]

As before, you're talking gibberish.

Am I
http://www.marthas-web.com/eula.htm

Some 0day vulnerabilities are undisclosed for months/years, and are exploited by the bad guys all the time. They develop exploits for those undisclosed vulnerabilities and they serve malware (making use of those exploits) through all kinds of websites, even those that you wouldn't expect to be "suspicious". The recent incident with Gizmodo's ads is just one example in a million.

Tell me do you update your Java?

your machine may still be vulnerable to attacks if you never bother to uninstall or remove older versions of the software...a malicious site could simply render Java content under older, vulnerable versions of Sun's software if the user has not removed them....

Then

http://en.wikipedia.org/wiki/Clickjacking
http://www.cgisecurity.com/xss-faq.html
http://en.wikipedia.org/wiki/SQL_injection

Also
http://news.cnet.com/8301-1009_3-10255226-83.html?part=rss&subj=news&tag=2547-1_3-0-20
http://newsinfo.inquirer.net/breaki...ets-infected-by-virus-every-5-seconds--Sophos

 

[think2]

I don't even have the chrome java plugin installed, but even if I did, chrome would ask my permission to run it.

http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=1247383

Clickjacking - nothing there that's going to damage my computer.
xss - doesn't damage my computer
SQL - I don't understand what the problem is here but I don't run SQL server.

Regarding news.cnet.com google chrome already warns me about suspect websites and if chrome actually had a vulnerability, google are going to fix it just as quickly as any security software is going to protect me.
Regarding sophos - there's no detail that tells me how a hacked webpage could damage my computer.

 

[LiuKangBakinPie]

I don't even have the chrome java plugin installed, but even if I did, chrome would ask my permission to run it.

http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=1247383

Clickjacking - nothing there that's going to damage my computer.
xss - doesn't damage my computer
SQL - I don't understand what the problem is here but I don't run SQL server.

Regarding news.cnet.com google chrome already warns me about suspect websites and if chrome actually had a vulnerability, google are going to fix it just as quickly as any security software is going to protect me.
Regarding sophos - there's no detail that tells me how a hacked webpage could damage my computer.

Your misinformed. Seriously. You don't install the chrome java plug in it installs when you install java. Go to tomshardware and disable java script see if you are able to browse it freely. A lot of sights you cant browse without it. If you do not uninstall older versions your vulnerable. How can't clickjacking not hurt your data. If a RAT is behind that link your pc's data in in someone elses hand. What about Zero day exploiits? How will chrome a simple browser stop it? It doesn't have HIPS.

 

[Zorander]

What is a compromised website? How can it hurt my computer?

How can code embedded in an image get launched on my computer?

I don't know what happened exactly but a colleague of mine must have visited one such website (he told me it all started while he was surfing). His desktop was filled with pop-ups that could not be closed (close button greyed out and alt-F4 wouldn't work). The taskbar and task manager were locked out as well and anything resembling admin-level access were unavailable. It was pretty much screwed.

It mattered not that he had read-only EXE access (company policy) and antivirus protection (Norton). The IT dept ended up reinstalling the OS (WinXP btw...).

Granted he was using IE but I wouldn't put too much trust in my Firefox (or Chrome) with the NoScript add-on either. It only takes one permission to allow scripts on such websites to have this calamity visited upon you.

 

[think2]

Granted he was using IE but I wouldn't put too much trust in my Firefox (or Chrome) with the NoScript add-on either. It only takes one permission to allow scripts on such websites to have this calamity visited upon you.

Google chrome runs in a "sandbox" so the permissions available to a javascript script are quite limited. Hopefully that means that there are no obvious ways for a script to modify or save files on my computer. I have no idea whether that means that a script is able to e.g. launch a saved image as an executable but I'm guessing not because google wouldn't go to all the trouble of sandboxing chrome if there was such an easy way to execute malicious code.

With IE, even if you have Java and active X disabled/ set to prompt, it's still dangerous because the way it prompts means that every time you click the mouse, there's a chance you don't click on what you meant to due to the way IE steals the focus with its popup dialogs. I used Firefox with Noscript for a while but now I mostly use chrome.

 

[LiuKangBakinPie]

Here’s a quote from Adobe’s Security bulletin released on April 11

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.”

Google Releases Chrome 11.0.696.57
added April 28, 2011 at 08:11 am

Google has released Chrome 11.0.696.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 11.0.696.57 to help mitigate the security risks.'

And theres many more

 

[LiuKangBakinPie]

appoligies network grrr

 

[VinylxScratches]

The problem is you're using Windows so it's vulnerable no matter what.

 

[Gamingphreek]

Google chrome runs in a "sandbox" so the permissions available to a javascript script are quite limited. Hopefully that means that there are no obvious ways for a script to modify or save files on my computer. I have no idea whether that means that a script is able to e.g. launch a saved image as an executable but I'm guessing not because google wouldn't go to all the trouble of sandboxing chrome if there was such an easy way to execute malicious code.

With IE, even if you have Java and active X disabled/ set to prompt, it's still dangerous because the way it prompts means that every time you click the mouse, there's a chance you don't click on what you meant to due to the way IE steals the focus with its popup dialogs. I used Firefox with Noscript for a while but now I mostly use chrome.

You almost sound like you are asking someone to hack your computer. Head over to Millw0rm or Phrack and be this arrogant and see how far it gets you.

Sandboxes are not perfect in the same way the Virtual Machines are not perfect. There are paths in and out of them that can be exploited.

Additionally, ever heard of Privilege Escalation Exploits? Rootkit? You can give 'R' access all you want and none of the exploits in those genres care in the slightest.

Now let's consider what is out of your control. Say I spoofed a website that you frequent and am doing a MITM (Man In The Middle Attack). You have opened that website and that code is now in transit - your computer has no idea what it is.

Now lets look at all the open ports on your machine. Chances are ports 80, 53, and 443 are open at the minimum. Running an E-Mail client? Why sure, I would love to walk in through port 25, 110, or 143.

-Kevin

 

[Gamingphreek]

The problem is you're using a computer so it's vulnerable no matter what.

Fixed

Windows or Linux makes no difference. There are vulnerabilities for both of them. Just because Linux isn't attacked much doesn't mean it isn't vulnerable.

-Kevin

 

[LiuKangBakinPie]

The JavaScript programming language occupies a central position on the Internet and would therefore be an infection vector. Particularly common in the browser is integrated, client-side JavaScript to improve user interfaces and dynamic websites. Because of the widespread use of Web 2.0, JavaScript has become indispensable.

Use that fact from malware authors. You access to popular, legitimate web sites and leads unsuspecting users to malicious continue undetected sites. The infection takes its course. When users call up the damaged sites, client-side vulnerabilities are exploited by other scripts.

With injected inline JavaScript in the transmission to other Web sites can hide better than other methods, such as Iframe attacks. If JavaScript is injected, hackers can redirect the browser of their victims without being noticed and download from a remote server content and malware. These so-called drive-by downloads, companies and end users from serious security risks.

Then MS knowing about security holes but wait until they are exploited before doing something.
Heres a example
http://nakedsecurity.sophos.com/201...microsoft-knew-internet-explorer-flaw-months/