Why People Keep Getting Infected By Rogues

[DonZ63]

For individuals who keep asking why they got nailed by XP SECURITY 2012 and the other numerous rogues in the wild, I saw a great comment made by a MBAM moderator on their forum that sums it up nicely:

One of the things these malware creators do is scan their new, unreleased versions with security products, like Malwarebytes, to see if it gets detected or not, and if it does, they then modify the file until it is not detected any longer. We work very hard on our heuristics to make this more difficult for them, which does often work, but not always.

Samuel E Lindsey

Bottom line - some one or many will get nailed by the lastest malware creation in the wild. That someone could very well be you.

How can you prevent getting infected? Find good host protection intrusion system software, learn how to use it, and resign yourself to the occasional alerts it will produce.

[Pondus]

well...that is not exactely new info.....that the bad guys have  copy of every AV found on VT to test with before they release it

[Gargamel360]

How can you prevent getting infected? Find good host protection intrusion system software, learn how to use it, and resign yourself to the occasional alerts it will produce.

Sorry, but that will never work.  I mean to say, sure, a good HIPS will protect you if you know how to use it.....but if you are that smart, most of the crap that suckers people into getting infected to begin with, you are going to see it for what it is right away.

The problem is not how to protect the smart or savvy users....its how to protect the naive and casual users.  And they will either reject a HIPS out-of-hand because they do not understand it, or start blindly clicking Yes/Allow.

[DavidR]

Many of these infections require a degree of complicity but the user. The most common reason for getting hit is being duped into doing something, social engineering, opening a link to some unbelievable offer, etc. here you need a healthy dose of common sense and suspicion.

Some can be just bad luck arriving at a site that has been hacked and you get hit by a driveby download. But for the most part your security software and proactive measures show go a long way to protect you, but nothing is 100% and now you need a backup and recovery strategy (hard disk imaging software).

Avast's web shield and network shield provide good protection against hacked sites and known malicious sites and the script shield against malicious scripts, but as mentioned nothing is 100%.

So you have to have pro-active measures, do you run your browser sandboxed, do you run it with limited rights, both of these could help limit the potential damage should you get hit. You can go a step further in your choice of browser and the security add-ons for it, e.g. Firefox with NoScript (helps prevent driveby download as they are usually script tags to run them) or NotScript for Chrome, that blocks all scripts unless you specifically allow it on the site.

Other add-ons: AdBlockPlus, whilst many think how will blocking ads help against malware, well it also has lists that can be added for Malware domains. RequestPolicy (firefox add-on), this is like NoScript but for Cross Site Scripting, which is commonly used in driveby downloads, a link in the site you are visiting has a link to another site (the cross site bit) to run a script to handle the download, etc. So like NoScript you have to explicitly give permission for 3rd party sites to run scripts or import data, etc.

The RequestPolicy add-on is more intrusive than NoScript and may not be acceptable for everyone, but NoScript has a basic cross site scripting block, so that would still help against cross site scripting.

HIPS as mentioned helps, many firewalls come with HIPS functionality built in (mine does), but some can be very intrusive. There is also WinPatrol which is very handy for prevention of unauthorised changes to system settings, etc. The plus version is better and that is a one off subscription.

[DonZ63]

The problem is not how to protect the smart or savvy users....its how to protect the naive and casual users.  And they will either reject a HIPS out-of-hand because they do not understand it, or start blindly clicking Yes/Allow.

That is the issue; "the casual and naive users." PC operating system development since it's inception has been grossly irresponsible when it came to security among other areas. That is where the problem lies. Will that be fixed before I die - probably not. Greed will always triumph over security.

Until there is a secure OS, the best one can do is self-defense. PC self-defense is no different than personal self-defense; it takes work and effort to become proficient. If a person doesn't want to do that, they have no business using a PC. They certainly have no business complaining how and why they got infected.

[Gargamel360]

That is the issue; "the casual and naive users." PC operating system development since it's inception has been grossly irresponsible when it came to security among other areas. That is where the problem lies. Will that be fixed before I die - probably not. Greed will always triumph over security.  Until there is a secure OS, the best one can do is self-defense. PC self-defense is no different than personal self-defense; it takes work and effort to become proficient. If a person doesn't want to do that, they have no business using a PC. They certainly have no business complaining how and why they got infected.

Well, thats spot-on....to a point.  But the way you word it, it sounds like you want the users to get smarter, or GTFO of the Web.  And call me pessimistic, but the world has always had, and will continue to produce, people who are not that smart.  And that in no way makes them bad people who deserve to get victimized....either by malware creators...or PC makers, who have sold them on an idea without filling them in on the risks. 

People should not have to learn a self-defense course to safely walk down the street....nor should they have to learn how to use a HIPS to be safe on the Web.   The only secure Web (from outside attack) is one that would be owned and totally controlled by a central authority.....same with the world.  And that opens you up to a whole new kind of devil....total vulnerability to attack from within.

I realize, looking back, that you offer a solution, and I just offer reasons why your solution is wrong without having one of my own....but I can't agree that people who don't know how to use a HIPS deserve to be infected, or forfeit all rights to complain when it happens.