Virus attack experience: What more can we do?

[catilley1092]

Welcome to the Lounge!

Chrome and Mozilla-based browsers use Google's Safe Browsing feature which seems to be much better (or at least more frequently and thoroughly checked) than IE's SmartScreenFilter protection at giving an advanced warning of a known attack site (I'm not sure that Safari and others have an equivalent).

Integrated 'full protection suites' are perhaps of lesser value than a well thought out and implemented layering protection, using the best available active and passive tools from multiple (even free) makers.

Go on, tell us who 'protected' you

A couple of years ago, the nastiest virus/malware attack of my life happened using Google's "Safe Browsing" that Safari (at that time) had. It was the very first & last time that I used Safari also.

At the time, MSE was my AV, with MBAM as a scanner. Windows 7 Pro x64 w/all updates. Still, not good enough. It was one of those attacks that stopped everything in my arsenal to scan with. Couldn't even run the MRT tool from the Start Menu.

Finally, I rebooted into XP Pro beside of Windows 7, started scanning with MSE, it went right to cleaning. I ran it 2 times. MBAM also found some things. Ran it twice. By that time, I was tired, and went to bed.

The next morning, when I booted into Windows 7 to check my email box (my daily routine), there was a box, it looked exactly like a MSE box. Said something to the effect that my system wasn't totally clean yet, to click it to finish. So I did. And BOOM! It started all over again.

I wasn't going through that crap again. Being that it was a TechNet install, it wasn't backed up. I simply booted from my Mini Tool Partition Wizard partition disk, formatted the space, then deleted the space, then did a DOD (3x) wipe of the space. Then started over again with Windows 7 Pro. Whatever it caught was finally gone.

As a result of this, I had to review my security stance. Went with ESET NOD32 AV & MBAM Pro, haven't been infected since. Early this year, when my NOD32 subscription ran out, I switched to ESET Smart Security 5, along with MBAM Pro. Still no problems to this day. I'll stick with this regime until something happens (I hope that it won't).

But Google's Safe Browsing or Safe Search as it was called in Safari, isn't perfect.

Cat

[satrow]

A couple of years ago, ...

That alone makes a big difference; for example, an antivirus program is only as good as the latest definitions - and on rare occasions, they're pretty troublesome in themselves!

Quite how the SmartScreen/SafeBrowsing type web reputation checkers are going to detect the latest round of exploit kits that don't attempt to load unless mouse movement is detected I don't know.

[catilley1092]

That alone makes a big difference; for example, an antivirus program is only as good as the latest definitions - and on rare occasions, they're pretty troublesome in themselves!

Quite how the SmartScreen/SafeBrowsing type web reputation checkers are going to detect the latest round of exploit kits that don't attempt to load unless mouse movement is detected I don't know.

You're correct, only difference between now & then (2 years ago) is that there are now more threats than ever! MSE, although free & used by many (still use version 4 Beta on XP Mode), is not the most optimal security solution available.

That's why, after a few scans with the free ESET Online Scanner, I realized just how much trash that MSE ran by & missed. And I was keeping MSE updated & running scheduled scans. MSE is good for those who uses their computers for school work & general web viewing, but in good faith, I cannot recommend it for those who makes transactions, or otherwise has to reveal personal information on the net.

Just like everything else, we get what we pay for. But even with a top notch IS like ESET + MBAM Pro, all is no good with careless computing habits. That was not my problem on the night of the attack. I don't know why it happened & probably never will. The only thing that I done different was to try Safari, & their "Safe Search" out. Mabye that was the problem.

Cat

[ruirib]

As several Lounge members have said in the past, you really should not rely on a single protection layer, such as an AV or anti-malware app. I have always run what sometimes is described as an OS firewall, integrated or running in parallel with a malware of AV solution. There are such firewalls that will stop any unknown app from running in your system, until you authorize it, giving you the final say about it. Doesn't matter whether waht is trying to run is unknown. if it is known, and used by many users, it may even be allowed, but if it is unknown, it will never run. That provides a last line of defense against just about anything.

I have gone through several products of this type. In the very early days I used NIS (or whatever it was called then), then ZoneAlarm, currently Online Armor. I also changed by AV / malware package. I have used Vipre, which was pretty light until the manufacturer ruined it (in a typical development for that manufacturer products), then went with MSE, but even MSE can get heavy, especially when you are not using an SSD (which is my case). I now run Emsisoft AM and it has improved in terms of the disk load enormously when compared with MSE. It also ranks on top of most comparative analysis where it is included.

Regardless of the products used, however, what matters is to have multiple lines of defense. Of course, in some cases, it's the user who needs to take a decision, which for some users may be hard. It works for me, though and I wouldn't run any computer without this type of malware defense strategy.

[WSLfan]

I tend to agree. However we are all vulnerable to attack, no matter what strategy and tools we use to protect ourselves. As I discovered, whatever strategy and tools we use we will still get attacked one day, it's just a question of time. The attackers are changing their targets and tools all the time, they are becoming more sophisticated. My defenses, which I was quite happy with, failed completely. So what do we do to prevent the same happening again ...

[ruirib]

I tend to agree. However we are all vulnerable to attack, no matter what strategy and tools we use to protect ourselves. As I discovered, whatever strategy and tools we use we will still get attacked one day, it's just a question of time. The attackers are changing their targets and tools all the time, they are becoming more sophisticated. My defenses, which I was quite happy with, failed completely. So what do we do to prevent the same happening again ...

I thought you just said it couldn't be prevented...

My view is that you should use the best protection available, multi layered, and keep a decent backup strategy, that should include full disk imaging.

[catilley1092]

I thought you just said it couldn't be prevented...

My view is that you should use the best protection available, multi layered, and keep a decent backup strategy, that should include full disk imaging.

That's exactly what I do. ESET Smart Security 5 is one of the leaders when it comes to securing a computer. MBAM Pro effectively blocks known malware sites (so does ESET). And I backup on a scheduled basis, data weekly, imaging monthly (right before Update Tuesday), or before making any major changes.

And quality security doesn't have to cost a fortune. Sign up at Newegg.com, & there will be promotions for many quality AV/IS suites, as well as MBAM. They can be bought there for a fraction of the cost that the brand site offers. I never pay full price for brand name software.

Cat