A driveby infection is possible. You can use WOT (WebOfTrust) to flag bad sites.
Cameras that make great holiday gifts
Let them start the new year with a step up in photo and video quality from a phone.
Is another good browser plug-in to use to block potentially bad advertisements that can at least invite malicious servers to attack you from the browser data files. No Script is another good rivet in the armor of a blended defense. I will not go into all the them here.
If you run as a restricted limited user (standard) account and do the other things suggested by others in this thread in keeping up with all operating system and application updates, you will go far in at least greatly mitigating the risk. Running CCleaner by Piriform with all pertinent check boxes filled, will help clean app data and other temporary files between page loads, browser sessions, or at least before logging off, restarting, or shutting down.
The pro version of Malwarebytes - Anti-malware (MBAM) will also let you know when you've caught one of these pesky files, as it will block malicious web servers in the first place, and tip you off that the website may not be using proper oversight of its ad server sources. In fact it will usually block the transfer of such files from the ad server in the first place!! Bear in mind that this has become very common, as suggested by others here, so even with all these protections the chance is, that you will still get a drive by - HOWEVER!! - if you go by at least these rules, you have gone a long way to lowering the threat profile to the minimum. Just don't click on just any email, and in fact don't trust shady looking emails or attachments from friends - that is the number one source of really bad attack vectors for malware today.
Of course java-script can be abused in the same, way as flash ads, so there is more than one way to receive a drive by - but then again, these above mentioned steps will make the difference. Some people have gone to the extreme of disabling java-script in their browser, and never installing any flash or java applications on their computers, but this can be an impractical solution for many of us that need web and application functionality. CNET also has some very good free utilities that can go the extra step in protecting the Internet Explorer and other browsers, but I'll will only mention one freebee here as in SpywareBlaster. It's main forte is PASSIVE real time protection in writing active x protection in the Internet Explorer browser - the company (Brightfort) also claims to have settings in Chrome and FireFox that can help protect those browsers, but I'm not as familiar with those claims. Of course good software and hardware firewalls can go a long way as well, but I've gone far enough with this post - I could go on and on ad nauseum, and probably already have. Thanks for you patience!
Please be advised that if MBAM warns you are being attacked, immediately close the browser and run CCleaner on the limited user account you are browsing the web on. Otherwise if you ignore that warning the anti-exploit kit could end up getting into a very nasty battle with the malware and end up borking the entire installation of Windows - especially XP.
I've had at least one instance of that, and the client lost everything because he/she would not listen to my warnings on this. I was not even able to see files on the hard drive after this disaster, so it was the worst instance like this I have EVER seen!
Thanks for that. It is not an instinctive reaction because closing the browser seems like running away from the problem. Some of us (me) tend to remain on the page staring fascinated at the evil like a paralysed victim staring at a hooded cobra.
Get a message: close the browser, run CC. Good tip. Thanks.
JCitizen: That’s quite a lot of information, and you’ve obviously have done a lot of research to even know about these solutions and products even more to know which ones do what, how they work, and how they measure up to the competition. On that you’ll get no argument here – I’ve just used MS Security Essentials Since Windows 7, and now with 10, Defender. This has worked for me, but my profile only consists of a limited number of emailers and websites and I rarely go to places I’m not sure about. That’s not because of security concerns, it’s just what I do as a matter of course.
I may be missing the point, but it seems that you are saying that in order to be completely protected, you have to have this multi-pronged approach. But shouldn’t we be moving towards more simplicity, and not more complexity? Everything else is – we have our router with default firewall settings, we have the OS with its default protection, and we let the OS just update itself when it thinks it needs to, to plug the holes. With all this, are all these various apps really necessary to monitor and scan for virii, this-ware, and that-ware. And if we really do need these things, then why isn’t there a single-solution program that takes care of it all? And I’m not even talking about a suite of apps from a single company – just one program. Overly simplistic, and maybe while this would be nice, it just doesn’t exist? They all claim to be comprehensive, but if they’re not and they know it, what else aren’t they telling us? I’m a skeptic, yes. Especially, when there are always at least three of these apps running on TV (way more on the web) that all claim to detect *.ware that the others can’t. Do we really know that at least some of these just show us a few malicious or just annoying scripts that got into our systems, that really aren’t there, they just make em up. And we pay the fee, it cleans our drives and our machines actually seem to run faster and we’re happy and tell our friends.
I can't help notice your nom de guerre is an impossibly long number, so I assume you take privacy seriously as well. I wish most folks had your attitude. Actually I am adopting something close to your approach - but the reason I am, is that Microsoft has been improving the NT 6 drive geometry and security(now NT 10 with the latest OS), and the hardware in new PCs is growing better with it; so I can simplify the basic requirements in modern systems.
The first question I ask a client, is "how much do you have to lose?". If they EVER enter a Social Security number into the keyboard or credit card, or shop online, or do banking or other financial activity on the PC - the requirements go up. So if you do have something to lose, this is my minimum requirement list:
1. Create an use only a limited (local) account for everyday use. Only go to the local administrator to download updates or install programs and applications. I don't recommend using the cloud based account system Windows 8 & above, forces you into - read CNET for the way to create a local account.
2. Install IBM's end point security browser protection called Rapport. This will definitely block all screen, video, and keyboard capture events. This is the only solution that has passed all six tests of the AKLT kit for testing keylogging and other spy threats. This will work in an infected environment, and updates itself most of the time.
3. Install Web of Trust (WOT), as discussed elsewhere in this thread.
4. Install CCleaner - if you set this utility up correctly and run the cleaner section just before reboot, shutdown, or before sensitive activities, it will delete any malware that can run with user privileges during that boot session.
5. Browser plug-ins are going away, but you will always have an app that can do the same thing as Sqript-Safe, No Script, or AdBlock Plus to hopefully block any drive by attacks by bad links or advertisements on even legitimate sites.
6. Activate Defender - I'm talking about the new one that came out with Windows 8, that is an anti-virus as well as an anti-malware. It doesn't hurt to add MBAM to this, because of its malicious server blocker in the paid version, but a good host file could do the same thing, if you can find one that auto updates - see CNET reviews.
7. Download the free version of Malwarebytes Anti-Exploit - if you were using EMET before, you may have to uninstall it. I feel that this utility works better than the glitchy EMET from Microsoft.
8. Use a password manager that for no other reason, at least encrypts the password on your hard drive. Many apps have a bad habit of recording all keystrokes and putting them on the hard drive where the bad guys don't even need a keylogger to find them. I have tested this, with a program available on CNET and was shocked to find many sensitive files in less that fifteen seconds!!! I'm serious about this one!
I will end the list there with one caveat - you really do need to keep all applications and operating system fully updated on the day the updates come out to plug vulnerabilities and prevent zero day drive by take overs of the operating system. To do this is easier - you can sign up for email alerts on CNET for your favorite applications, and make sure Windows Update is on automatic. I can recommend a couple of other utilities that make this much easier: One of them is Secunia PSI - it supposedly tries to do the updates automatically, but the more important feature is that it will usually pop up on Win7 limited accounts and tell you when you need a manual update. Bear in mind by this time, it has probably been at least two days to a month after the actual update came out. File Hippo's Application Manager can get you closer to zero day protection, but you have to log onto the Administrator to run it - if you put a desktop icon to all accounts, and run them as administrator you could short cut this task. Even the CNET alerts are late when it comes to flash. Adobe is not very good at auto updating flash - so if you can do without it, then don't install it - YouTube doesn't need it, and most sites use HTML-5 flash ability to bypass the need for it to be installed. If you have to - only use Chrome, as it definitely does not need flash at all. The other browsers are trying to catch up to this goal. The only source of zero day alert for Adobe flash, that I've found is to sign up for email alerts at Krebs on Security - he is the only way to get the alert on the day it is issued - sorry! CNET is always at least two days or more, late on this.
With the exception of flash - Internet Explorer is getting amazingly good at blocking threats all by itself!! I used to run a ******** lab, to test against malware invasion, and it was next to impossible to test my other defenses using IE-11 or better. The browser actually blocks about 85% of all threats on its own, and even switches from 32 bit to 64 bit automatically depending on web site requirements, which gives it even more protection. I have had to switch to sampling email spam to test against threats now, and even this can be difficult when your email is properly setup to exclude untrusted sources, or blocks active content in the inbox. Flash is the only vulnerability on this, so I hope most web sites will work for everyone just using the HTML-5 version of Internet Explorer - unfortunately there is no promise that Spartan or whatever Microsoft is going to call its new browser, is going to support extensions or apps of any kind. like password managers, or other things that used to be called plug-ins.
In addition I suggest you never download software from anywhere but the site of the author or some place you know and trust like the big box stores (e.g. Amazon, Best Buy, Micro Center, Target, etc.). Also be sure you have good antivirus software that is kept up to date, and try to limit the no. of sites you visit that you don't know anything about.
The general answer is that you don't need to click on a link. Just opening a page is enough. Just opening an email, is enough. And, others may disagree, opening even a photo or Microsoft document can also have bad results. Knowing the history of malware can give you insights into what is out there.
I gave you a thumbs up! You gave a great general description of what actually goes on in a web browsing session; but please have mercy on us IT road warriors and don't encourage folks to even THINK about putting anything McAfee on their computer! PLEASE! McCr@ppy gives me great heart burn!
I would closer describe them as DIS-reputable to say the least!
I don't specifically "endorse" any specific a/v (I really should say "Anti-Malware") product. However, I just wanted to give the OP some examples. Many people don't like the BIG packages like McAfee and Symantec for a host of reasons. I used the example of Symantec because I know what it does and it does provide some protection against malicious websites.
I would add that, in terms of REALTIME protection, it is advisable to only have one product running in the background; however, it is always a good idea to have a few different on-demand scanners around since none of the catch everything. Spybot is a great solution for scanning for spyware. Malwarebytes is good too. It is really a case of those who have been around and have tried various things know what is best for their own computers and the way that the user works with it. My opinion is that "something" is a lot better than "nothing" especially if you keep valuable information on your computer (like your social security number, banking information or even the names and addresses of your friends and family.
This tiny little site advisor is great. I always keep a lookout on that little colored ring it puts at the top of the page while I type in a URL. So easy to use and growing all the time. It's also good to read the reviews of sites that others have added. Highly recommend for everyone.
Some malware containing sites are rated green and some clean sites are rated red.
<div>Often ratings are based on out of date information, so be sure to pay attention to dates on user comments. This is especially true of user comments blindly quoting other sites.
It is best to check multiple website reputation rating sites. hpHosts is another good one, but it can be a little slow adding sites to its database.
Siteadvisor is usully good as well.
It has been my experience that McAfee and other site advisors miss some of the most dangerous sites. I'd rather have some inaccurate information that none at all about those places. It has also been my experience, that with WOT, if you post contrary information about a site, it can add weight against inaccurate information; the results can be instantaneous if the weight is barely against the site in question.
Fortunately I recognized bad behavior immediately and shut the system down. I have swappable hard drives for my C drive. I keep all of my data on a D drive. I put the other hard drive in the C slot, formatted the infected drive, and marched on as if nothing had happened.
From that experience, and just knowing how fragile storage media is, I do lots of backups onto external hard drives and keep them unplugged from the system after I've completed a backup. I do an image backup from time to time as well.
You simply can not be too cautious. There are so many ways to attack our computers.
If you do get infected with a backdoor program (rootkit, etc), re-partition the discs and reinstall everything. Linux, though susceptible to these same issues, is much safer than Windows. Consider Ubuntu Linux which is easy to run and is free as is all the software you'reliably to need.
The best way to protect your computer's operating system and files from malicious software is education. BS like this is a massive step backwards.
Seriously, it is not that hard:
1. Keep your OS patched and updated
2. Keep your browsers patched and updated
3. Very critical - keep Flash and Java patched and updated!
4. Consider browser plugins/option settings that prevent Flash and Java from running automatically.
5. Windows users - MalwareBytes is excellent, worth the price.
6. Web of Trust is a great add-on. Also, Google will flag sites with malicious software, but there can be a delay here.
Finally - practice skeptical computing. It is 11 years old, but this Ars Technica article (http://arstechnica.com/security/2004/11/malware/) has great information on how to be a smarter computer user. So many exploits involve tricking inexperienced computer users into doing something dumb.
oh - one last thing: learn to spot the difference between sound advise and BS.
I thought I had my PC wrapped up with levels of protection and have always been careful about downloading etc. Yet I believe there are sophisticated bad guys out there who have been advancing to an extent that no protection can keep up with them.
I began typing in a URL when I received a warning from MalwareBytes that the site was bad. In half a second I backed out of it. Then my troubles really started. Apparently in between typing the URL and the warning, the worst of the worst infected my PC--a bootkit. Total takeover from the moment I turned my PC on. It was as if other hands were typing. Wouldn't let me go into safe mode, and that was just the beginning. It was removed by Kaspersky TDSS killer.
The only way that malware reached my PC was in the split second between typing the URL and the malware warning. IMO the hackers are still ahead, and will always be. Tesla has asked Chinese hackers to see if they could remotely control one of their cars, and they did just that. As software spreads into other areas, you can bet it will attract ever more crooks and just plain thrill seekers. We can just do the best we can and keep our fingers crossed.
But at least having as many layers of defense as you can will help survive the attack even if you get hit. As you have related also there are many tools that can help in the aftermath. Hitman Pro is another one. and as others may have posted ComboFix can also come into play. But for newbies it is better to use these things under instruction from a forum like bleepingcomputer or perhaps even CNET. My recommendation is always to run the rescue disk which you can burn on an uninfected machine called Kaspersky's Rescue Disc 10. Once you boot into that Linux environment, you can go to the Kaspersky site using the GUI of this format, and download your tools from the Kaspersky site. This can be accomplished by a newbie if they don't make things too complicated and watch the tutorials on youtube.
I always recommend to my clients to have these tools ready before disaster strikes, and to have a backup made ahead of disaster. This can make recovery so much easier and less stressful. It doesn't hurt to practice running the disk even when not necessary just to get the hang of it - you may even find a rootkit that was hiding from you all that time. This rescue disk was not capable of wireless communication the last time I used it, so Ethernet will be necessary. The disk stores all updates in the root directory of your hard-drive, so don't be alarmed if it writes to the drive. It fares well to get them on there ahead of time, so you don't have to wait so long to download so many updates after disaster strikes. Unfortunately there will always be Advanced Persistent Threats(APT), that can morph at any instant and avoid detection. Sometimes it is advisable to wait at least 24 hours before starting the PC in the rescue environment, so you can kill all processes and update to the latest zero day definitions. It has been my experience to try this with MBAM's anti-rootkit, in safemode after updating and removing the machine from the network. MBAM's solution has a better chance of removing the worst bugs without damaging the boot sector, or system files. I also scan any backup files with Avast before I recover a machine that had to be repaired. Many times I've found the batch-file package from the original attack sleeping in the backup files, and removed it before finishing recovery.
Cameras that make great holiday gifts
Let them start the new year with a step up in photo and video quality from a phone.