Any need for virus scanners anymore?

[Guest2]

Not really. just use webscanners like scansafe. At my work we use Scansafe and Sophos as a software scanner

You probably have a load of hidden viruses on your machine loggin keystrokes and sites you go on. Be prepaired for your bank account to be rinsed, your house burgled when you go on holiday and your identity stolen!

 

[m4cc45]

It does make me lol when you read 'my mate works for barclays doing IT' well with that comment for all we know he could be a developer!

I guarantee you, 100%, that Barclays use an AV. If he doesn't at home then that's his business however how someone can say, definitevly, that they have been virus free for 2 years without having something that can actually detect a virus is a very absurd comment to make.



M.

 

[Ninja Please!]

Isn't it true that the majority of viruses are not x64 compatible? I dunno where I read that but... Anyway.

I understand where the op is coming from. Like me for example, I have no passwords on here, I don't use credit cards to shop online or check accounts online etc (outside of Paypal which has insurance). There isn't anything data wise too sensitive on my pc so as long as I'm careful there is no possible way to get a virus, assuming I have to accept some sort of download, message, or pop-up. Even if someone was good enough to still give me a virus like I said it's not even a big deal to rebuild if necessary.

However, some people do save passwords and shop online with credit cards etc, and maybe are easily fooled by the windows looking pop-ups that are indeed the viruses themselves claiming to be anti-viruses (how genius really, has gotten my wife twice, and my dad once) but anyway you may prefer to have the anti-virus even at the expense of extra clock cycles (which I have seen older pcs that really get slowed down by anti-virus programs). Anyone with sensitve data on their pc should have anti-virus for sure.

I have been running without anti-virus for quite a while though I will run superantispyware occasionally, I don't run it in the background.

 

[n3vrmind]

Tinfoil hats don't come into it. It depends on what your PC is used for, and the level of risk you're willing to accept.

I run trading software on my Vista install. If malware gets hold of my account details, and the attacker places some losing trades on my behalf, imagine how it would look if I subsequently went to the exchange operator and said "Wasn't me".

Then quite frankly running firefox under another user id is a little weak protection, any malware is already on your pc by the time the browser loads it. If its that critical then you should be accessing the net via proxy that virus scans before it reaches your pc. also given the number of posts its taken to advise on how to create a shortcut for doing this. forgive me but i dont think you have the same level of technical skills

that they have been virus free for 2 years without having something that can actually detect a virus is a very absurd comment to make.

Given the proliferation of viruses and malware its not a claim to be made lightly, i havent been 'infected' as such by anything in years. The one exception is i knowingly copied a virus from an infected machine and ran it on my laptop while monitoring it so that i could track what it was doing when it first ran and what extra bits it downloaded. The reason for this is the AV on the machine i was fixing did a half ass job of removing it, but thats part of my reason for not bothering with AV.

Isn't it true that the majority of viruses are not x64 compatible?

So your 64bit install of windows will run your 32bit games and applications but not your 32bit viruses? not all viruses rely on processor specific instructions or exploits found in 32bit builds of dlls

 

[eXor]

After I have typed the password, it just brings up a command prompt labeled:

Copy and paste this.

C:\Windows\System32\runas /user:fred.web "cmd /c start \"\" \"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe\"

 

[Fire Wizard]

Hardly worth a tinfoil hat or some of the other measures discussed in this thread.

Running your web browser as a low integrity process isn't over the top at all. The principle of running your web browser with rights even lower than that of a standard user is great form of mitigation against malware. This is why Internet Explorer running under Windows Vista and Windows 7 is a very secure browser to use. The fact that it runs as a low integrity process with only write access to a very small amount of specific locations which are also low integrity, means that any kind of malicious attacks that are exploited through the web browser, the amount of damage that can be caused is severely limited.

also given the number of posts its taken to advise on how to create a shortcut for doing this. forgive me but i dont think you have the same level of technical skills

I'm sorry but that's not quite fair. eXor is kindly helping me out. It's simply because of the lack of understanding on my part regarding this as to why it's taken a number of posts by eXor to try and explain getting Mozilla Firefox to run as a different user. There were a couple of typos in the posts between myself and eXor. Though, everyone is more than capable of doing them, certainly not the end of the world.

 

[eXor]

Then quite frankly running firefox under another user id is a little weak protection, any malware is already on your pc by the time the browser loads it. If its that critical then you should be accessing the net via proxy that virus scans before it reaches your pc. also given the number of posts its taken to advise on how to create a shortcut for doing this. forgive me but i dont think you have the same level of technical skills

Running the browser as another user is a layer. One of several. The malware that gets through has no easy way of touching my user profile. A proxy is an interesting idea, but again it's one layer. How would a proxy defend against malware that is not in its definition database?

As for technical skills, I made a mistake by introducing a couple of typos while recalling what I had done, in an informal discussion. Obviously you can't relate because you never make mistakes.

 

[JimAroo]

Used to use Nod32, but after running it for years and not getting any viruses I decided to just not bother with it.

I've been going commando now for about 1/2 years. All I do is run Hijackthis scans every now and again.

 

[Fire Wizard]

Copy and paste this.

*snip*

Superb stuff. All sorted now.

Thank you ever so much eXor for taking the time out to explain what we have just gone through. Very much appreciated.

I very much apologies for taking this thread in a slightly different direction. All though, those that are interested in running Mozilla Firefox as a low integrity process but also run Firefox as a different user due to the reasons outlined in this post here by eXor, the information is all there. It's another layer of protection that is very worthwhile.

If you don't really want to look through all those posts though, the following is a summary on what you need to do to run Mozilla Firefox as a low integrity process and as a different user. I have compiled all of the important information that you need to run Mozilla Firefox as a low integrity process and as a different user. I have also just added a bit like for example, to check that the process is running as low integrity and as different user just to help people out.

The user accounts in this example are as follows:

homer - A member of Administrators

lisa - A Standard User

lisa.web - A Standard User

Lisa is our day to day account, where we spend most of our time.

We log in as homer and create a new, passworded, standard user account. We can give it any name. In this example, lisa.web

If you're using the Protected Administrator account as your daily account, you will need to also create the lisa account.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you haven't changed any integrity levels of things on your system, you can skip this next bit. Go straight to the part under the lines.

Mozilla Firefox needs to be initially started with medium integrity because it needs write access to a medium integrity directory, in order to create the user profile directories. If it is set to low, start an Administrator Command Prompt and change it back with the following command:

icacls "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" /setintegritylevel medium

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

We log in as lisa and modify the existing Mozilla Firefox shortcut (or create a secondary one):

Target: C:\Windows\System32\runas /user:lisa.web "cmd /c start \"\" \"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe\"

Start in: C:\Program Files\Mozilla Firefox

We run Mozilla Firefox by clicking the shortcut. When prompted, type lisa.web password.

Close Mozilla Firefox.

Log in as homer, open an Administrator Command Prompt, and enter the following:

icacls "C:\Program Files (x86)\Mozilla Firefox" /setintegritylevel(oi)(ci) low /t

icacls "C:\Users\lisa.web\AppData\Local\Temp" /setintegritylevel(oi)(ci) low /t

icacls "C:\Users\lisa.web\AppData\Local\Mozilla\Firefox" /setintegritylevel(oi)(ci) low /t

icacls "C:\Users\lisa.web\AppData\Roaming\Mozilla\Firefox" /setintegritylevel(oi)(ci) low /t

icacls "C:\Users\lisa.web\Downloads" /setintegritylevel(oi)(ci) low /t

The /t switch causes the command to apply the settings recursively on objects within.

Note: There seems to be something funky going on as to how it is displaying some of the commands in the post. As you can see, on the third command, there is a space between Firef ox even though when creating the message, there isn't a space, it's perfectly fine. Before carrying out the command in a command prompt, make sure it reads as Firefox and not Firef ox.

And also, on the forth command, the " after Firefox is spaced out, make sure it reads as Firefox" and not Firefox " otherwise it won't work.

I'm not quite sure why it's displaying differently.

Log in as lisa and run Mozilla Firefox by clicking the shortcut. Test to see that it behaves as expected.

You can check that Mozilla Firefox is running as a low integrity process by downloading Process Explorer. Once it is installed, make sure it is set to show the "integrity level" tab by just clicking on where it saids "Process" along the top (or anywhere along that toolbar) and the "firefox" process should be shown as running as "low".

You can also check to see if Mozilla Firefox is running as a different user by running Porcess Explorer again, double clicking on the "firefox" process and under the "Image" tab and near the bottom, it will say "User" followed by which user that process is running as.

I have just gone through the above again to make sure the commands worked, which they did, I didn't have any problems at all. Just make sure, if you're copying and pasting the commands, you take note of the following:

Note: There seems to be something funky going on as to how it is displaying some of the commands in the post. As you can see, on the third command, there is a space between Firef ox even though when creating the message, there isn't a space, it's perfectly fine. Before carrying out the command in a command prompt, make sure it reads as Firefox and not Firef ox.

And also, on the forth command, the " after Firefox is spaced out, make sure it reads as Firefox" and not Firefox ".

The above is written in the main quote but just wanted to make sure everyone was aware of it.

Thank you again eXor.

Testing:

Mozilla Firefox:

Target: C:\Windows\System32\runas /user:username "cmd /c start \"\" \"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe\"

icacls "C:\Program Files (x86)\Mozilla Firefox" /setintegritylevel(oi)(ci) low /t

icacls "C:\Users\username\AppData\Local\Temp" /setintegritylevel(oi)(ci) low /t

icacls "C:\Users\username\AppData\Local\Mozilla" /setintegritylevel(oi)(ci) low /t

icacls "C:\Users\username\AppData\Roaming\Mozilla" /setintegritylevel(oi)(ci) low /t

icacls "C:\Users\username\Downloads" /setintegritylevel(oi)(ci) low /t

 

[AMG]

you can do but its not recommended, as nasties can hide themselves as a trusted app or driver or what not

 

[Totality]

I do dabble in the slightly less safe parts of the Internet, and just using a bit of common sense I have avoided everything.

So, yeah. Don't bother with virus scanners. Think of the CPU cycles I've saved in a year!

Oh dear lol. You do know that genuine sites get injected with malware? If you have no virus scan and said malware takes advantage of a security flaw then you get infected and you'll never know about it!

Websense at work blocked a legitimate site that user's often used. Turns out the site was hacked and had malicious code injected into it. So no, going to known URLs isn't a good idea.

I just wish I had a virus scanner for my ex! She seemed like a nice girl and a safe URL, but little did I know she was a dirty malicious trojan whore lol.

 

[goujon945]

I just wish I had a virus scanner for my ex! She seemed like a nice girl and a safe URL, but little did I know she was a dirty malicious trojan whore lol.

Lol!

 

[Fire Wizard]

Out of interest, those that are not running any kind of anti-virus programs, what sort of other protection are you using?

Similarly, those that are running an anti-virus program, are you actually protecting it by running as a standard user?

 

[Spooter]

This sort of question really does show the level real life experience on the forums. This sort of question posted on the Technet forum would get nailed to the wall.

 

[theheyes]

This sort of question really does show the level real life experience on the forums. This sort of question posted on the Technet forum would get nailed to the wall.

To be fair, technet is for Windows professionals whereas this forum is merely a sub-forum of a larger site. However I think there are enough people around here who know what they are talking about to not let mis-information to run away with itself.

At the end of the day we're all here to learn, impart advice and discuss things and I do think people learn from these sorts of threads.

 

[Spooter]

To be fair, technet is for Windows professionals whereas this forum is merely a sub-forum of a larger site. However I think there are enough people around here who know what they are talking about to not let mis-information to run away with itself.

At the end of the day we're all here to learn, impart advice and discuss things and I do think people learn from these sorts of threads.

Agreed