Quote:Original post by Extrarius
iMalc: I've been in the same situation as the OP for a while now (no idea how long, but a year at least), except that I use online scanners every few months just to be sure, and I run ad aware and S&D every once in a while to check up on things, and so far the worst I've had is tracking cookies, which aren't really all that bad ("OMG COOKIES!").
Most viruses these days basically just ask you to run them, and the few that don't abuse people that have bad IE or OE setting or habits (ie autoinstall=on or clicking 'yes' to install an active x control, etc)

I'm not sure if I've head of online scanners. The whole idea sounds dodgy, and unlikely to be able to detect everything that a proper installed virus scanner can.
Agreed, tracking cookies aren't that bad.

I admit that it's possible to go quite a long time without being affected depending on your habbits. But every once in a while something pops up which exploits some newly found vulnerability and causes mass-infection without users doing anything.

Quote:Original post by Extrarius

Quote:Original post by Telastyn
I've never bought into the limiting access trend. Even if you limit a user to 'user' [rather than root/admin] they can still write to their own files. Joe User will still raise hell with IT if their files disappear, which a virus/worm/stupid user can still do, even without admin rights.

In a properly designed system (Which I'd say doesn't exist right now), the IT person would give _user_ access to execute (for example) the word processing program and the internet browser, permission to create/read/write/delete files/folders in their own directory, and nothing else. Safe computing practices wouldn't matter since they are not allowed to unintentionally run deltree c:

The only hole left would be software bugs, and many of the bugs that appear currently could be easily eliminated by some proxy software (to prevent viruses coming in/out), UI-control software {automagically closes the word processor's macro editor if it ever opens, for example}, and simmilar freedom-limiting software.

Like I said, if you can't do something, you can do it wrong.

Point -> Linux/some unixes. (not sure about the unixe's).

If the linux fights were implememted perfectly (which there not), and it is Impossible to acess another users login account, including root.
Then this would be ideal.
They pretty much have acess to the stuff they make only.
When there not root, its hard/impossible to actually destroy your computer.

IIRC of cource. its been ahwile since i've last remembered that.

From,
Nice coder

How about if the user Nor any Software running on behalf of that user, could automatically startup without permission?

Now if you used a linux type approach, what you would have is a file, which specifies what programs to autoexecute. that is readable by that user and root ONLY, and is writable by root ONLY.

Now if it can't startup, then how could it cause spyware?

With viruses, that could be integrated into the os, so that whenever an exe is wrtten to, it arouses suspicion. So that, without the user having to do anything, the file is automatically run in quarentine, to make sure it doesn't do anything its not supposed to. its also "red marked", which prevents it from doing things that normal programs could do, like hooking api calls, and other things which viruses shouldn't be allowed to do.

This would stop the spread of any virus to at most 2 generations.

From,
Nice coder

Quote:Original post by iMalc
[...]I'm not sure if I've head of online scanners. The whole idea sounds dodgy, and unlikely to be able to detect everything that a proper installed virus scanner can.
Agreed, tracking cookies aren't that bad.

I admit that it's possible to go quite a long time without being affected depending on your habbits. But every once in a while something pops up which exploits some newly found vulnerability and causes mass-infection without users doing anything.

Onlnie scanners are put out by quite a few respectable anti-virus companies. They're just the scanner engines wrapped into an ActiveX control, pretty much. I do admit that I can't prove they work well since they've never detected a virus on my machine, but then again when I had a normal virus scanner the only thing it detected was a virus in a zip file on a backup I made in 1998 (that was when I was learning assembly so I had tons of zips with txt + com files to demonstrate stuff and apparently one of the .com files was infected before I got it).

I also check the registry, start -> startup folder, services, and running processess once in a while, so if it started anything unusual it seems like I'd notice. The only thing I'm actually relying on the antivirus for is programs that actually infect other programs, and those are really rare these days.

Quote:Original post by Zipster
[...]You say you've done quite well without antivirus or a software firewall, however keep in mind you have a hardware firewall and Firefox. The hardware firewall does a great job eliminating all incoming network traffic that isn't on a handful of common ports (HTTP, FTP, etc.), while Firefox eliminates any infection due to browser holes.[...]

I have my router set to DMZ my computer (so all incoming connections go to my PC), and I've disabled the software firewall in XP. I also use IE exclusively.

Quote:Original post by Zipster
[...]Of course, but that wasn't my point. He was suggesting that the primary source of problems people have with their computers (related to viruses and spyware) was due to user ignorance, and I was saying that a lot of the time user ignorance isn't to blame - "ignorance" as far as their behavior is concerned (choosing to install strange programs etc.) Switching software or hardware is a solution, but I was addressing the implication made by the examples in the original post, that it is a behavioral issue.

From my experience, I say it is exclusively a behavioral issue. I run Windows XP Pro without any kind of firewall, without any antivirus(essentially), and I use MSIE, and the worst thing I get is tracking cookies.

Maybe I'm the luckiest person on earth, but it sounds like my machine is ripe for the taking. I can't understand why I haven't had any problems if it really is so dangerous to run as I do. Surely being on a popular ISP in my area would ensure I get plenty of crap broadcast to me..?

Quote:Original post by Kylotan

Quote:Original post by Zipster
As has already been mentioned, a lot of the time it isn't a matter of a user's rights on their own machine or other local security systems. Tons of viruses and spyware these days take advantage of software holes in the operating system - or internet browsers like Internet Explorer - that the user simply can't stop or prevent, no matter how computer savvy they are.

However you can choose a more secure operating system, browser, email package, etc. One major reason why I stick to Win98 rather than WinXP is because I am prepared to give up a little stability for security. That, a little knowledge about network security, and careful use of my software, has meant I've not had a virus or malware in all my PC-owning time.

Win98 is more secure than XP? I had no idea. Well, with my XP I've never had a virus either.