How can I protect against becoming part of a bot net?

[polonus]

Hi malware fighters,

Well a good av-scanner should do it. Then use your common sense, the biggest risk factor is between the keyboard and the chair, so do not open attached files in mails of unknown origin. Don't click links in spam mail. Let your firewall run, see that all your software is updated and fully patched (Secunia PSI 1.0). Well, don't let your computer run all night long, because when the cat is away the bots will play!

polonus

[matt231]

You can also use Trend Micro RUBotted - http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

[polonus]

Hi matt32,

That is Trend Micro's beta, and does not give too much information on detects, only opens up to propagate their Online Scanner. By the way I run it as well, and it actually works I can say.
For the people that really want to investigate there is BotHunter, an analysis tool, get it from here: http://www.bothunter.net/

polonus

[FreewheelinFrank]

Well a good av-scanner should do it.

C'mon Polonus, you know that's not true.

Do AntiVirus Products Detect Bots?

Less than half the time in practice.

http://blog.fireeye.com/research/2008/11/does-antivirus-stop-bots.html

How can I protect against becoming part of a bot net?

The typical scenario for a web-driven bot is that you accidentally brush up against a compromised website that has had an <iframe> inserted which brings you (possibly via a chain of other sites) into contact with an exploit server which delivers you some malicious javascript (usually) that exploitsyour browser to take control of the machine.  At that point, the payload will download a number of binaries (sometimes just one, but often more) which perform the various bot functions.

(Same link, my emphasis.)

An anti-exploit scanner like avast!'s WebShield is a good idea, but there's no subtitute for keeping your browser up to date.

The worrying thing about the above report is that it was about viruses found in web traffic at various companies, not found by a honey monkey set up (which typically uses out of date browsers on purpose).

Why were these companies running out of date and vulnerable browsers, I wonder?

[TheSpirit]

Why were these companies running out of date and vulnerable browsers, I wonder?

Because the quality of some browser(s) is so low, that keeping up with the constant stream of so-called security updates is a very expensive and time-consuming process, which causes a lot of interruptions for the employees. Elementary.

Only nerds like me (and...) can spend the time necessary to be constantly updated. 

Update: By the way, I think that NoScript is absolutely essential here. I remember reading somewhere that you either recommend it or don't recommend it, but I don't remember which.

[polonus]

Hi TheSpirit and FwF,

The use of Secunia PSI is handy to enable Windows computers to have the latest updates and patches.
NoScript is essential in-browser security against all sort of malware vectors, as I find RedirectPolicies also very effective.
FwF, you are right, but this is the vision as I found it on the Internet, that is what they hold out at the average user, and you and I know there is more involved in keeping a computer secure. I like to see your reactions to these apparently semi-truths,

polonus

[alanrf]

Just a thought on NoScript. 

When it is tough to get the average computer user (who wants her/his computer to be fun to use and not like doing housework) to run an avast scan regularly or worse yet to do a regular system backup then NoScript is not going to get off the launching pad in any way at all.

I have been trying it for the last couple of weeks and I am still finding the effort of spoon feeding it a real pain in the rear.  Security solutions work for the average user when it can be a "set it and forget it" and "only bug me when there is a real problem".       

[alanrf]

Let me add ... for emphasis ... my humble opinion that most of the advice posted here is excellent.  I also believe that it is security nerds posting to security nerds. 

I do not wish to offend those proffering the best information available but ... for those of us trying to work daily with the average users of the world ... any thoughts on how we make all this great advice palatable to the those folks who do not want security to be an interruption to the use of the machines they purchased (following all the advertisements) to enjoy?