Should i upgrade to 7 over security concerns?

The best way to avoid a Flash activex scam, is to use Google Chrome. As it comes bundled now, you would know instantly there was something fishy going on.

A lot of internet use is all about being sensible really. A lot of people do silly things on the net, and get themselves infected.
 
thedoc46 said:
Its just not right to say, not possible to get so and so without so and so.. I also agree in the last 12months the problem has got worse. Even expert careful users can get caught.
Click to expand...

Devil is in the details - which I didn't go into :)

It's perfectly fine to state that Windows/nix etc are secure providing the operator uses secure computing practices.

PS: The Flash & Acrobat flaws (amongst 99.9% of others) are easily mitigated on Vista / W7 by not running with a split-token administrator account. Use a standard user account and use the advantages of UAC to elevate applications only when you need to.

The split-token account is great and all but it is still a compromise.
 
that malware will get you, no matter of the OS remember these scumb bags will "update" thier program so it can infect w7 /vista or whatever, the only one you are safe from most os OSX and linux but even they are valnerable...

a good "know whats safe" policy would apply basicly its not the fool who uses the admin account or turns of UAC its the fool who falls for "you need this to do this" when you know you already have it
 
Interesting though this discussion is, you're all sidestepping the problem im trying to solve here.

My computer is very unlikely to be infected for various reasons. Mostly related to my willingness to spend great lengths of time finding out how computers work. I daresay the same is true of most people on this forum.

However most of us know people who are less paranoid. My dear lady will connect to any network that will let her search google, and maintains an unencrypted passwords.doc file for good measure.

Any thoughts on keeping a computer secure in spite of the user?
 
To the OP, well for starters you should teach her safe practises. I personally never have anything confidential on my machine EVER. It all gets saved to an external USB pen, every doc/spreadsheet is password protected with a very long non-dictionary password, that also gets backed up to an external HD and that is only ever on during the quick robocopy backup. So unless someone physically gets into my house, my files are pretty safe. Even then, they have zero to no chance of retrieving anything confidential as the password is most probably unbreakable. Have an image ready incase you get caught out, to get you back up and running as quickly as possible..

Yes you can go to greater lengths such as only using a user account, but i do not have the patience to be dealing with that on my own comp. I keep UAC on even so, even though I hated it at first, i've just forced myself to get use to it..

Other than the above, there's really not much else you can do ! Good firewall, NAT, AV, password protect everything thats important, keep it off your HD so that it's not accessible by a hacker, and only then can you consider yourself truly safe.
 
If she uses Mozilla Firefox of Google Chrome then Flash Block is a very useful extension!

I've been using it for ages now, it basically stops any flash video from loading until you want it to. It's an extra button click but well worth it IMO as you only have to allow the flash video you want, so any others that have been embedded into a webpage (even the hidden ones designed to infect your machine) can generally be ignored (unless its one of them sites that's built entirely out of flash)
 
That Malware is manually downloaded by the user as it disguises itself as another update / programme.

You HAVE to click the link.

I had this recently but to be honest, it is a doddle to remove.

I was quite embarrassed that I fell for it. Was disguised as a Firefox update. :o
 
thedoc46 said:
Hands up though who actually just uses a user account? I don't have the patience.
Click to expand...

Me. :o

I also use a Software Restriction Policy, which means that nothing can run from any location other than \Windows or \Program Files. If I want to run an installer, I download it from the author's site and verify the ShA1 / MD5 hash ( when available ).

I then :

1. Right click and "Run as Administrator"

or

2. move it under \Program Files and run it from there as a Standard User. IF it's a well written installer that doesn't demand Administrator rights unnecessarily. The complexity of modern software means that such installers are rare, though. :p


Luckily everything I use behaves under UAC, so I don't find it inconvenient to work within such a restrictive environment.

thedoc46 said:
Yup and i agree given the way these came aboard it was probably via a flash activeX scam .. I just leave flash and adobe to automatically update in all honesty. But you know, they don't send out updates until vunerabilties appear..

Its just not right to say, not possible to get so and so without so and so.. I also agree in the last 12months the problem has got worse. Even expert careful users can get caught.
Click to expand...

I don't know if the ActiveX / Flash components of browsers can write to locations that require higher privileges than the privileges that the browser was launched with. I'm guessing they can't, in which case running IE in Protected Mode ( or e.g. Firefox as another User ) from within a Standard User account, should severely limit the damage these exploits can inflict.
 
thedoc46 said:
:rolleyes: So ok there are no exploits found in software... Why do you think patches come out? Before the event? Stop talking crap.
Click to expand...

Except most of the people exploited are using software that has had patches out for days or even weeks, in some cases months. In fact most of the major exploits have been due to people not patching quickly enough e.g conflicker or hell even the old MS Blaster worm which had a patch out for months and yet tons of people still got hit by it. Very few people are actually affected by 0 day exploits.
 
Broken Hope said:
Except most of the people exploited are using software that has had patches out for days or even weeks, in some cases months. In fact most of the major exploits have been due to people not patching quickly enough e.g conflicker or hell even the old MS Blaster worm which had a patch out for months and yet tons of people still got hit by it. Very few people are actually affected by 0 day exploits.
Click to expand...

I think you'll find that most people just leave the updates on recommended settings, which is as soon as a patch is availible it will automatically download and install itself. Perhaps not in the past, but this day and age, with internet scams more rife than ever you'd be a fool not too... My guess is that it probably takes a few days for companies such as Microsoft, all the AV companies and Adobe to come up with a countermeasure and thats when you get caught with your pants down !
 
thedoc46 said:
I think you'll find that most people just leave the updates on recommended settings, which is as soon as a patch is availible it will automatically download and install itself. Perhaps not in the past, but this day and age, with internet scams more rife than ever you'd be a fool not too... My guess is that it probably takes a few days for companies such as Microsoft, all the AV companies and Adobe to come up with a countermeasure and thats when you get caught with your pants down !
Click to expand...

Adobe software seems to have a minimum update check interval of 7 days which is too long IMO, you could be left for a week with a vunerable piece of software even if the patch is available.

Personally I check sites like www.filehippo.com and the security forum at www.dslreports.com at least once a day so tend to be able to get updates pretty much immediately.

In all my years of using computers I haven't been infected or exploited yet.
 
Broken Hope said:
Adobe software seems to have a minimum update check interval of 7 days which is too long IMO, you could be left for a week with a vunerable piece of software even if the patch is available.

Personally I check sites like www.filehippo.com and the security forum at www.dslreports.com at least once a day so tend to be able to get updates pretty much immediately.

In all my years of using computers I haven't been infected or exploited yet.
Click to expand...

Good luck with all that. In the very unlikely event of getting one again, I'll just remove or worst case recover.

What I'd like to see is a better effort from these mega rich corps doing more to close down these dodgy outfits.. At the end of the day they take money from the unsuspecting.. That money has to go into an account of some kind.. How much effort would it take to get to the bottom of who's behind all of this? Probably some Russian organized crime outfit? Who knows, find them, close them down. FFS.. Can't be that hard if someone with the power took the initiative...
 
You must log in or register to reply here.
Back
Top Bottom