First  Prev  1  2  3  4  5  Next  Last
Post Reply Do you use any type of security software on your PC?
1150 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 7/3/16

kamilion wrote:

Wow. Seriously. Wow.

People still use on-access virus scanners.

Why not use fifty at the same time? Without installing any of them?

Go get process explorer from microsoft.
https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

Go into the options menu.
Go into the Virustotal.com menu.
Checkmark "Check Virustotal.com".
A dialog will pop up the first time, asking you to accept virustotal's terms of service.
It will redirect your browser to their terms of service page. Read it or don't, then close the tab, and go back to process explorer.
Go back to the virustotal.com menu, and checkmark 'Submit unknown executables'.

How does this work? Process Explorer will take a SHA1 hash of the running .exe, and submit that hash to virustotal, and return the count of virus scanners that processed the file, and how many didn't like the file.

Checkmarking 'submit unknown executables' will, as the description says, submit an executable if virustotal reports that it has never been scanned before.

JUST BECAUSE VIRUSTOTAL HAS *A* VIRUS SCANNER OR TWO THAT THINKS A FILE IS 'SUSPICIOUS' DOES NOT MEAN IT IS DANGEROUS.

http://puu.sh/pOMRM/7bcb1dd048.png

You can see here that virustotal thinks steam.exe is suspicious, with 1/55 . If you click that, you'll be taken to the virustotal page on that file.

https://www.virustotal.com/en/file/8f63147eed8ccd5ce076491c78559ecb1a3953769f56b3191167e6c549ce8129/analysis/

You can see that none of the virus scanners declared it suspicious, but some random jerk user voted it 'malicious'.

Here is an example of a submission that has no doubt of being malicious (The "Locky" cryptolocker ransomware):
https://www.virustotal.com/en/file/17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2/analysis/

On the other hand, this is a harmless keygenerator tool's report:
https://www.virustotal.com/en/file/f54d1cfc816e1a78d2c4edfe85a2d14064dfb796a3f7e67f8420a7b29219a3e3/analysis/


Tip #2:
Get rid of your old junky .zip program! (Unless you *PAID* for winrar... or you know what a solid archive is and what 5% recovery data means)

Go get 7-zip!
http://www.7-zip.org/
Once you have it installed, to create the file associations, open the start menu, find it, right click it, 'run as administrator'.
Edit menu, Options. Press the right hand + button to have 7zip take over for all the types of compressed files it can handle.
http://puu.sh/pONjT/a3bf803d7f.png


It opens up and extracts almost every kind of archive there is, including compressed .EXE files...
http://puu.sh/pONFA/4a4bc3550f.png

And self extracting EXEs...

But the biggest help?
http://puu.sh/pONrC/05624ac2c5.png

If you look inside an .exe, you should find a "CERTIFICATE" entry, if it has been signed by someone.

The biggest source of malware? Some twerp wrapping a safe .exe with a malware dropping wrapper.
You double click it, you get the scary yellow box:
http://puu.sh/pONfU/7e93c43505.png

instead of the box you should normally be expecting (when a program runs as an admin user)
http://puu.sh/pONhT/75af5ba7e1.png


Tip #3: Cleaning up old windows patches...
Go get patchcleaner, and have it move all the orphaned windows update patches (lots of old MSoffice gunk builds up!) out to some other folder. Sometimes 20-30GB worth if your PC's been running for a couple years.
http://www.homedev.com.au/free/patchcleaner

Havn't gotten updates in a while? Got problems getting windows updates?
Windows update says you haven't gotten a patch since 2014 or 2015?
Computer's really slow, svchost.exe uses lots of CPU in task manager?
http://superuser.com/a/997067/288614
Follow the instructions here to manually kick windowsupdate in the groin and get it working again.

Google chrome is honestly my personal choice for a browser, mainly due to the auto-update mechanism, and the extensions I have.
Adblocker: UBlock Origin: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
Connection Blocker (Warning, hard to configure!) UMatrix: https://chrome.google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf?hl=en
Social Network Widget Blocker: https://chrome.google.com/webstore/detail/disconnect/jeoacafpbcihiomhlakheieifhpjdfeo?hl=en
Cookie Control/Blocker: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp?hl=en

*DO NOT ALLOW ADVERTISEMENTS ON YOUR SYSTEM.*

Even the big advertising networks like Yahoo screw up and allow malicious ads to be served to innocent users from time to time.
http://www.theregister.co.uk/2015/08/27/malvertising_feature/

That cryptolocker I mentioned earlier in the virustotal stuff?
http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/
Spread through ad banners from visiting New york times, BBC, AOL, MSN.

And this isn't new, it's been happening for years, and only been getting publicity more recently.
http://www.wired.com/insights/2014/11/malvertising-is-cybercriminals-latest-sweet-spot/

It doesn't matter who begs you, yells at you, threatens you, or claims they'll sue you.

DO NOT TURN OFF YOUR ADVERTISEMENT BLOCKER FOR *ANY* SITE.

You own your computer. It is your property. You and you alone are responsible for making decisions on what executes on your processor, consuming your electricity and your internet/cellular bandwidth.

Some sites will allow you to compensate them some other way, like crunchyroll's premium.
Do them a favor and pay for the bandwidth you consume.

If you actually use today's development tools to measure some 'average' webpages, you'll find that the advertising content ends up to be somewhere between one and ten megabytes, while the actual text you wanted to read in the page is only 4-5 kilobytes, with another 40KB of CSS, half megabyte of jquery and javascript code to make the menu dance, and a megabyte or two of site images (which your browser will cache and reuse if given half a chance).

Server bandwidth costs money, and those advertising companies need to recoup the costs of serving you those ads.
But here's the thing... Just like anything, in bulk, it's cheap.

If you colocate a server computer at hurricane electric's data center in california, you can easily get an 'unmetered' 1 gigabit ethernet connection right to a backbone switch on the heart of the internet for only a few hundred dollars a month. That's 9.82 TiB/day!
Way different than your average comcast consumer with a 250GB limit (If it's even enforced in your area) per month, or a verizon 4G customer with 6GB/mo! You could be paying the same price for a high performance server as you would a heavily abused smartphone plan.

As someone who hosts websites myself; I much prefer incoming 'donations' via microtransactions to accepting dirty advertising revenue.
(Also, click-fraud on advertisements means y'don't even really make much money at all for an impression... Google 'alladvantage.com' if you want to have a laugh at how far we've come.)

Good luck out there. Stay safe. Stay frosty.

And if all else fails... Boot linux from USB!
https://github.com/kamilion/kamikazi-core

Does rkhunter count?
35126 cr points
Send Message: Send PM GB Post
33 / M
Offline
Posted 7/5/16

Radraymond01 wrote:
Does rkhunter count?


Not exactly an on-access scanner; but still helpful! Especially if you're already infested.
1150 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 7/6/16

kamilion wrote:


Radraymond01 wrote:
Does rkhunter count?


Not exactly an on-access scanner; but still helpful! Especially if you're already infested.


I get 20k+ logins per day, and occasionally get rooted. It's pretty crazy.
27365 cr points
Send Message: Send PM GB Post
39 / Inside your compu...
Online
Posted 7/6/16

kamilion wrote:

Wow. Seriously. Wow.

People still use on-access virus scanners.

Why not use fifty at the same time? Without installing any of them?



The reason for on-access scanners is to prevent execution.

Post-execution detection is useful but execution prevention is also useful; It's good to stop something from running in the first place. By the time you have detected something using a post-execution tool, that thing has already been run.
56052 cr points
Send Message: Send PM GB Post
25 / M / In my secret hide...
Offline
Posted 7/6/16 , edited 7/6/16
Kaspersky is probably the best technical piece of antivirus software on the market, as long as you don't care if the Russian government has legal access to anything on your computer (odds are you don't have anything they want). I like Malware Bytes 'cause it's free and decent for picking up things that have made suspicious registry entries. If my computer starts running slowly, then it's time for a bit of DCI/Hunt to figure out what's borking it.

If you want to be super paranoid about it you could run all your web browsing in a virtual machine and use the Windows SysInternals (RegShot) to take a snapshot of your registry before you log in and out.

The people who are saying that you've probably got something on your computer anyway are right though; you're never going to cover every eventuality. There's malware that is VM aware, and can break out of a virtual machine sandbox. There's malware that starts up in memory from a drive-by javascript executable built into a webpage and runs entirely in memory until you reboot without ever dropping a file on your box. Virus Total is great, but the MD5 hash of a file changes completely with the addition of a single space, so you won't get an immediate match on anything that mutates, especially if it's packed properly.

The goal is to make yourself a reasonably tough target, and then the fact that you don't have anything anyone wants on your computer takes care of the rest.

Whitelisting applications through a HBSS on your computer is also a good idea, provided the added security is worth the added pain.
33510 cr points
Send Message: Send PM GB Post
21 / M / U.S.A.
Offline
Posted 7/6/16
If I did, I'd still have one.
30236 cr points
Send Message: Send PM GB Post
It doesn't matter.
Offline
Posted 7/6/16
No, why do you ask?
1037 cr points
Send Message: Send PM GB Post
31 / F
Offline
Posted 7/22/16
Norton and Malwarebytes. Norton is asking me to upgrade to a version that is compatible for Windows 10 (Which I do not have, BTW.) I wonder whether that version is compatible with Windows 7.
16847 cr points
Send Message: Send PM GB Post
Hoosierville
Offline
Posted 7/22/16

kamilion wrote:


Radraymond01 wrote:
Does rkhunter count?


Not exactly an on-access scanner; but still helpful! Especially if you're already infested.


Quoting this because I don't want to quote your giant post. Why do you need to use 50 anti-viruses especially considering all the false positives? Sounds like a disaster especially since I typically got around 5 false positives when I was using windows and a single anti-virus. Plus it sounds like you are transmitting data over the internet and waiting for a response, just enough time for an anti-virus to screw up your TCP/UDP protocols.

Though the best way to prevent viruses are to prevent execution access to everything.
5 cr points
Send Message: Send PM GB Post
32 / M
Offline
Posted 7/23/16 , edited 7/23/16
Yes I Use Anti-malware program (downloaded from - http://top5malwaresafetytips.jimdo.com) on my computer to protect my PC from Malware such as adware, browser hijacker, Trojans, ransomware, worms, spyware and so on. It is free and it is capable of detecting the latest malware threats.
Posted 7/23/16
Windows Defender. It's not like I do much on this computer anyway....
8808 cr points
Send Message: Send PM GB Post
AKR
Offline
Posted 7/23/16

dreamy- wrote:

Windows Defender. It's not like I do much on this computer anyway....


Posted 7/23/16

Jophar_Vorin wrote:


dreamy- wrote:

Windows Defender. It's not like I do much on this computer anyway....




....... Anything else = TOO EXPENSIVE! The free stuff is also suspicious! I dunno which one is legit.
8808 cr points
Send Message: Send PM GB Post
AKR
Offline
Posted 7/23/16 , edited 9/30/16

dreamy- wrote:


Jophar_Vorin wrote:


dreamy- wrote:

Windows Defender. It's not like I do much on this computer anyway....




....... Anything else = TOO EXPENSIVE! The free stuff is also suspicious! I dunno which one is legit.


Avira Free Antivirus.
Avast Free Antivirus
AVG Free Antivirus
2303 cr points
Send Message: Send PM GB Post
42 / M
Offline
Posted 7/23/16

BoobiesSprinkle wrote:


jaykirbydudee wrote:

I just use windows defender because I don't go anywhere a virus might be. Also because norton costs money and I'm a cheapo. You make it sound like you're gonna do something to people like me.


Microsoft Security Essential failed me twice, so I don't know how good is the Windows Defender.


Yeah, same here. It's really not up to snuff. I've tested Windows Defender on multiple infections and it never found diddly squat. Half the time I'm not even sure the thing works since it never finds anything and it doesn't find anything really fast. It's got one of the fastest scanners but maybe that's why. It's easy to be quick when you're doing nothing. It's good for finding cookies though lol. Not much else. While Norton doesn't score as high as Bit Defender and it's detection rate isn't as good it's still a pretty decent product especially if you use it's Identity Safe vault. It's nice to have a password manager built in. It's a shame it doesn't work with Edge though but meh, that's what other browsers are for. Works fine with Chrome.

My top 3 list would be something like this:

BitDefender - nearly perfect malware protection. This badbuy can detect nearly everything and is well worth the price.
Kaspersky - almost as good as Bitdefender but a bit pricier. The secure browser is super nice though.
and
Avira - best free AV

Avast is obviously the best free android AV atm.

And I like to use a revolving door of AV's along with some other things just to test them out periodically so D. All of the above for me.
First  Prev  1  2  3  4  5  Next  Last
You must be logged in to post.