Disable Your Antivirus Software (Except Microsoft's)

opethdisciple · 19 Feb 2017 at 00:50

KIA said:
Browser 0days in the wild are incredibly rare, so this scenario is very unlikely to take place.

Attacks against browsers and plug-ins aren't as lucrative as they used to be because vulnerabilities can be patched in a matter of days. Java web plug-in & Silverlight are almost dead, with Flash not far behind.

In my opinion, the one to watch is ransomware.

I agree with you. The big one at the moment is ransom ware.

I've been running MS antivirus since windows vista came out. And I've been hit by a virus once in that time. The website had been hijacked to host some drive by download malware. At the time I was using Firefox.

jpaul · 19 Feb 2017 at 15:41

smogsy said:
Its possible to inject Keyloggers/Trojans another malware into Jpgs/png files. Then once loaded or read they "can" execute the code. it was one of the ways people was infecting .PDF files with trojans it was Jpegs inside the .PDF. but it can exexcute inside a browser

this is why UAC is so important. it can block unauthorized access to areas trojan may want to hide itself

And to make things more crazy, This means any site you visit could infect you. EVEN OCUK through signatures. Have a nice day!

The mechanism to put viruses into jpg, appears to need both the jpg which has code illicitly embedded in it, AND a seperate mechansim to run that code where you click on a something to run the code in the jpg, there is some description here
But (as KIA said) it is still not clear to me how it works, and what to avoid !
I do not see how an OC jpg signature, with such code, would be an issue on its own.
If the on-demand virus scanner checked out jpg to look for redundant information (maybe they do now) then the code/malware could be identified immediately. ?

PDF format genuinely allows bits of code to be run directly to generate the document so seems to be much easier to infect (in a reader/viewer that has security loopholes)

smogsy · 19 Feb 2017 at 15:56

jpaul said:
The mechanism to put viruses into jpg, appears to need both the jpg which has code illicitly embedded in it, AND a seperate mechansim to run that code where you click on a something to run the code in the jpg, there is some description here
But (as KIA said) it is still not clear to me how it works, and what to avoid !
I do not see how an OC jpg signature, with such code, would be an issue on its own.
If the on-demand virus scanner checked out jpg to look for redundant information (maybe they do now) then the code/malware could be identified immediately. ?

PDF format genuinely allows bits of code to be run directly to generate the document so seems to be much easier to infect (in a reader/viewer that has security loopholes)

the on demand virsus scanners May detect this information, depends on the vendor. However What they can do is take the info from their DB's that this image, infected X users in the last X hours. So block the image...
Something if you didn't have a Scanner you would not have that protection.

however you can put said code into a jpg & get it to listen to a command across TCP/UDP ports.

my point is that even if you The choosen one of IT & computers its still possible to get infected. even if you follow rules & browse legit safe sites,

the whole idea at these rules protect you is flawed..
Rule 1. Don't download anything stupid.
Rule 2. If you are going to download something stupid read reviews and from a decent source.
Rule 3. Don't give access to other users to be able to install software.
Rule 4. Get a legit looking but suspicious email with a zip file. Delete it.

KIA · 19 Feb 2017 at 19:35

jpaul said:
I do not see how an OC jpg signature, with such code, would be an issue on its own.

https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/

jpaul · 19 Feb 2017 at 22:33

smogsy said:
the on demand virsus scanners May detect this information, depends on the vendor. However What they can do is take the info from their DB's that this image, infected X users in the last X hours. So block the image...
Something if you didn't have a Scanner you would not have that protection.

however you can put said code into a jpg & get it to listen to a command across TCP/UDP ports.

Interesting - that if you subscribed to right scanner they might get quick feedback on infected sources; this might entice me to pay for a scanner, as opposed to free ones (avast/avrira) - albeit not sure I access material that is commonly accessed, apart from OC's
[i do not use facebook/twitter; I wonder if they have been used as a deployment engine -? for phones too, the holy grail of hacker targets ?]

... the said code has to be executed though - the example Kia just gave, shows a theoretical single-step technique.

smogsy · 20 Feb 2017 at 09:19

jpaul said:
Interesting - that if you subscribed to right scanner they might get quick feedback on infected sources; this might entice me to pay for a scanner, as opposed to free ones (avast/avrira) - albeit not sure I access material that is commonly accessed, apart from OC's
[i do not use facebook/twitter; I wonder if they have been used as a deployment engine -? for phones too, the holy grail of hacker targets ?]

... the said code has to be executed though - the example Kia just gave, shows a theoretical single-step technique.

albeit not sure I access material that is commonly accessed, apart from OC's
DB covers the entire world, their will be people who access the same content you do.

i know
Eset, BItdefender both have These engines, Avast has a reputation plugin that does an overall blanket check of the website then Does the same for .exes

here is Avast reputation plugin
https://chrome.google.com/webstore/...curity/gomekmidlodglbbmalcneegieacbdmki?hl=en

El Pew · 20 Feb 2017 at 09:36

opethdisciple said:
Is this sarcasm?

UAC.

Also technically we should not be using user profiles that have admin privileges. (Including me)

We should need to use like a 'sudo' to gain admin privileges.

Focusing on admin privileges won't fully protect you. A lot of common malware these days will try and run with admin privileges, but if it can't it will have fallback modes where it can do damage with just user privileges. A lot of ransomware, for example, only needs to run in the user context to be able to encrypt that user's files and propagate itself. It can do a lot more damage more quickly if it can elevate itself, but if not it can still do a lot of mischief.

darkwildchild79 · 29 Mar 2017 at 11:08

mrk said:
Yes, Windows 10 is a virus.

Agree with that, but there is nothing you can do if you want an OS that has native Directx 12, accept close all the loops holes in the telemetry data it keeps leaking out. ie stop using cortana for one

Blackjack Davy · 31 Mar 2017 at 12:32

The only infections I've had in recent times came from compromised ad servers that tried to install malware. Its not the site itself that was dodgy it was a well known respected one but the ad server the site used had been compromised. I've since put ad blocker on thats stopped that particular problem but sites are getting starved of ad revenue as a result.