I don't think you're wrong about the main point. No-one's too advanced to be hacked. Problem exists between keyboard and chair, and all that - the issue (including at the various agencies that get hacked) tends to be behavioural. The intrusions reported recently afaik are all the result of spear phishing (which unless you lock everything down from everyone is always going to be a possibility - there's a trade off in most organisations between making everything secure and making it usable).

Do bear in mind there's plenty of open source software available on Windows (as you acknowledge). There's always a technical risk in downloading closed-source stuff that doesn't come widely recommended. Even with open-source, you'd have to be pretty well versed in the code and have plenty of time available for that to make a difference. I guess people might check an md5 sum on the occasional download package, but really everything works on trust. I rarely if ever download stuff that isn't recommended widely. If I did, and if it was on a machine that mattered, I'd consider sandboxing it one way or another. Consider, too, (and this is anecdotal/speculation on my part but I bet I'm right) that most malware payloads exist either in pdf attachments to emails, as drive-bys on compromised servers, or at the end of malicious links in emails. Compromised third-party Windows apps aren't a particularly common threat, in relative terms (save for all the rogueware out there - which anyone with a bit of sense should be able to identify and avoid if they take the time to think about it - just google stuff first ffs).

Bear in mind, too, that any half-decent antivirus package will rely on heuristics. This is one of the ways in which they develop resilience against failures to scan every binary, as you put it.

I didn't, no. And I never had any serious issues with malware, either. Not on my machine. I run in a limited account on 7 because it would be dumb not to, but I think browsing / email habits and common sense are the most important differentiator between people who get malware (especially regularly) and those who don't. That is, of course, a generalisation, but in my experience (and despite what all the "omg I've been hacked" people say about never clicking on phishing links and having strong passwords) I think in the main it holds good.

Do you ever read the security bulletins that come out from Microsoft when they release their "critical security updates"? That'll scare the hell out of you. "Fixes hole in <halfass application> which will allow an attacker to gain control of your system, steal all your data, reformat your hard drive, empty your bank accounts, and steal your identity". These things come every few days, for YEARS, so what the hell have I been using??? Oh, and I dutifully install every damn one of them BTW, for all the good it does.

I haven't had any serious problems either until now. I can guarantee you that I never click on any links in emails, yet somehow my google search links are being redirected. I fell for the aforementioned "close the popup window" thing, but I really don't understand how this works. Why does it need me to click anything to do damage? If it is already running, why doesn't it just do what it wants, in which case I really had no control over it? Why would right clicking close on the taskbar be any safer, doesn't that just send an event to the window destructor object which is ITS CODE? And why didn't my popup blocker block it like it usually does? And how could it run executable code if I have security settings set to prompt me before running scripts and active X controls?

I've been seeing quite a number of these google override complaints recently, but no pat solutions as of yet. I've got some experts looking at my logs though, so I'll update this when I find out more. I don't really expect to ever find out what happened though.

Wtf. Of course I do. However, the way those vulnerabilities affect you doesn't tend to be that your machine is happily sitting in your home doing nothing and KERPOW you get omg haxx0red.

There's a reason for this emoticon, you know:

Oh come on. Look at your firewall log and tell he how many times an hour you are getting hacked. If you never run anything useful and just sit there with your hands neatly folded, I agree you might not get violated, assuming you don't have the wrong thing resident.

Probed is different from successfully hacked. And can someone else pitch in here, too, please? Have I had this completely wrong for so many years?

Vulnerable applications of themselves don't suddenly render your firewall and other security measures useless. You tend to need to be using the vulnerable app. For example, the last few years have seen plenty of XSS exploits, mainly using vulnerabilities in Javascript. You still need to browse to a compromised server, be unpatched, and allow scripts to run, in order to suffer. Being unpatched on its own doesn't automatically mean every hacker in the world can see your machine and get at you (although in practical terms it's always -EV not to stay completely up to date).

This all sounds horribly in need of that tinfoil hat. Disconnect your machine from the internet, or run your browser in a sandbox. That will probably cut your stress levels considerably!

And going back to patches for vulnerabilities, and the associated security bulletins. Do bear in mind that holes in the most part are fixed within a few days of discovery (there are a few software vendors who let the side down regularly, but M$ isn't usually one of them). Every time you read a security bulletin you shouldn't be thinking that hackers have had five years of exploiting that hole to get at you. They almost certainly didn't know about it either. Anything widely exploited gets detected pretty quickly.

What your software firewall is trying to sell you as an attack, is not necessarily an attack and the chances that such an "attack" would be successful on a properly secured system are close to 0.
That's at best botnets scanning for computers with Windows XP without service packs and IE6.
Hell, sometimes it's just your ISP looking up your modem connectivity and you get a huge warning like "omg omg omg intrusion prevention successfully prevented you from hackers".

Instead of investing any cent (or even wasting 1mb of hdd space for a free solution), read up or pay a network specialist to properly set up an hardware firewall (router),

A software firewall can't work per definition, they just can tell you that some bad packets are now on your computer, but if that happened, it's already too late.
Software firewalls are of use in large business networks so **** doesn't spread internally if someone managed to infect a system somehow.

It's the same principle as to forecast the temperature with a frog in a jar and a tiny ladder. Might have been a great gimmick in 19th century, but doesn't work. (The frog moves up when it gets warm and moves down when it gets cold, but it obviously only reflects the current temperature)


//edit: To add to the previous discussion, the bug/vulnerability list of some Linux distributions and MacOS reads exactly as scary as the security bulletings from MS. As long as you have Adobe Reader on your system, you're doomed anyway.
An open vulnerability doesn't necessarily mean that someone can do any harm to your system. Without gaining admin rights over your system, he can't do ****, to be exact. The buglist for nearly every software besides some really matured open source programs like www.keepass.info and www.truecrypt.com is nearly endless.

Thanks for the advice. I never read that there was a significant drawback to the software firewalls in terms of their blocking effectiveness. I will do it.


So you're saying that if that's all I have, then I *can* get hacked. Especially if I'm in XP user mode. Is using limited mode in XP going to be a pain in the ass for me? Aside from just installing software I mean.


Um hang on...what do you mean by this exactly? Do you mean I should not use Adobe reader? Or just that I need to only use it in user mode? What if I just disable javascript in it? What do I use to read pdfs?

I have actually been using it much more just in the last few days, so maybe this is the source of my problems.


*sigh* Sadly, I know. It's the way the software culture is. You can be an SEI level 5 outfit with a major bug in every 10 lines of code. I write firmware, like what's in your adsl modem or graphics card. The difference between software and firmware is debatable, but one is that firmware usually works the way it's supposed to, and software NEVER works as it's supposed to. There's also an adage about the people who develop them, but I don't want to insult people.


I understand. Just like the axe murderer trying to chop down your front door is different from the one who is actually in your living room. So just relax and ignore him.


Right. Don't run javascript, don't run Adobe Reader, don't allow remote connections, don't use file sharing, don't use IE, don't download screen savers or smileys, don't download freeware, don't click on unknown links, don't surf for porn, just sit there and have a good time.


They don't work, we use RF blocking films on the windows instead. I don't think companies would spend millions on that if everything could be stopped with a few clicks of the mouse.

It's not paranoia when they really are out to get you.

The support for windows XP ended in 2009 officially. Get rid of it as soon as you get the chance. Wndows7 is like the first OS MS ever produced besides DOS that actually works. And yes, running XP as Admin is pretty much an unbearable PITA if you're not a really patient person. It's not really convenient in win7 either, but after a week or two you will get used to it and it improves security by a drastic factor.


Get rid of Adobe Reader. Now :>

Sumatra PDF is a frightening good piece of software. Don't be disgusted by the ugly and simple page. The guy is pretty much a genius imo.

You'll have every tool you need to read and study .pdfs but like a tenth of the startup time of Adobe Crapper and none of the completely ridiculous security holes in the bloatware that Adobe Reader is.

You're silly.

Download, install and run Secunia PSI. It's a useful program which will tell you whether your installed software is properly patched. In particular, it'll help you keep Adobe products (particularly Reader) as they should be.

Wellju was hinting at the fact that Reader is a notoriously common vector of infection. There are a number of good, free alternatives. I use Sumatra PDF.

They're really not out to get you. They're out to get an easy target. Your risk of suffering any serious malware/hacking episode is minimal. You can keep it that way by running in limited user modes when possible, keeping all software properly patched, not downloading or clicking on things (in particular links in emails) that an objective person wouldn't trust, installing a good antivirus solution and occasionally using on-demand scanners like MBAM and SAS.

If you are having some serious trouble with redirects still, have you followed the steps in the sticky thread and posted your OTL logs? This is all a bit off-topic and shouldn't cloud this more general thread, but if you haven't then please do so and start a new thread.

With all due respect, that's what they said about 95, 98, ME, 2000, NT, and XP. You can only piss on my head so many times and expect me to believe it's raining. (They can I mean).

I liked DOS because I always knew exactly what the hell it was doing. They should have quit there IMO.


I assume you meant running in limited mode. Can you quickly brief me on the kinds of inconvenience I would suffer?


OK, thanks for the alternative. I'll download sumatra immediately. But why would this be necessary if I'm not in admin mode? I thought you said that they can't do anything to me.

If I'm not in admin mode, can I click indiscriminately on any link on the internet without fear if my security settings are set to prompt before running any script? I suspect the answer is HELL NO, but why not?


Yeah, that's everyone used to say about the possibility of passing viruses in emails. I was one of the first to suggest that this was possible. I had the mechanism exactly right too. Silly was the exact word they used. Now it is one of the most common ways that viruses spread.

Have you been reading wellju's responses? He's confirming that there's a very real reason to be concerned about admin mode, about software firewalls, and about security leaks in programs like Adobe reader even when not in admin mode apparently. So how can I be silly?


God I hate programs who's sole purpose is to babysit other programs. I have more problems with those than the programs themselves. But I'll do it, thanks.


Yes, I have posted logs elsewhere, and will post here if I get no satisfaction there. Apparently this isn't a very simple problem to debug or to remove.

Look, either you're an expert (eg your prescience regarding email-borne viruses) or you're not. I don't mind either way. I'm certainly not one. But I know enough to recognise in your questions a disproportionate concern about malware, which appears to stem from a partial understanding of the issues.

You're right to be cautious about what you install and how you run it. You've also come to the right part of 2+2 for advice.

As for programs that babysit others, I see where you're coming from. But using one program that monitors updates to all your other software is one hell of a timesaver if you care about staying patched. Stops you having to boot up with each individual application's updater running, too!

Lastly, you've done the right thing to post your logs in only one place. Nothing more annoying than an OP who is changing things on his machine (under advice or otherwise) between clean-up steps here. If your other place isn't helping, though, it might be worth telling them you're pausing the request for a while. You could run OTL logs (fresh ones if you've done so already) and post them here. There are some pretty talented people who get to the bottom of most issues. Even if yours is complex, I'm sure the experts like Gabe and others will relish the challenge.

Server2k was a pretty good OS for its time imo, besides the fact that MS thought the Internet is nothing that will stay or have any impact and therefore it was a big security leak as a whole.

I'm no native English speaker, but in my vocabulary, you're either logged in as Admin/root or as regular user with limited rights (access to kernel elements)

About running XP as Admin, the memories are very dark. I don't have my hands on XP any longer and won't ever do so again. All I remember is that it annoyed the **** out of me to a level where I just logged in as regular user with no internet connectivity and just used Linux for internet stuff.

Thread title is still 90%. Some leaks allow a skilled individual to gain admin rights over your system. Especially with any kind of Adobe software on your system. Unfortunately there's no way around Flash yet and we have to wait a couple of years until this ancient framework from the 80's finally dies and rots in hell.

Because the buglist and security vulnerabilities of browsers is endless, and that's a classic attack point for backdoor scenarios/day0 bugs.

I very much agree, Secunia PSI is really only for these users who don't know how to update an application or if they're asked if they want to install an update, they're too scared to click yes and just turn into stone like if Medusa's head was exposed to them.

But don't get me wrong, it's really not bad if you don't know your way around computers.

I'm confused. You're saying ADMIN mode is a pain? That's what I'm in now. You were advising me to NOT use ADMIN mode, so my question was, what pain will I have in LIMITED mode, relative to ADMIN mode. Aside from installing software. Why didn't you have internet connectivity?


AHHHHH HAAAAAAAAA!

I'm not a computer security expert. My expertise is in writing embedded real time firmware that runs on proprietary architectures, usually with an OS that we develop from scratch. However, I haven't said anything that's wrong ITT, and wellju has confirmed everything that I thought.

Your original thesis was that you used ADMIN mode in XP and didn't really think it was that big a deal, and now you use user mode in 7, and so now there is very little to worry about. Wellju just said that these application security holes that I'm talking about can allow an attacker to PUT you in ADMIN mode, and then they can take control of your system.

Hey, I was infected somehow, and I'm not doing anything so extraordinary I can assure you. I mean, I'm not hosting remote sessions with Al Qaida or anything...

Just prior to the original email viruses, there was a chain letter telling people not to open emails with certain titles because they would give you a virus. It was a brilliant case of misdirection. All the intelligent people focused on stopping the chain emails, and told everyone how silly it is that opening an email could give you a virus. This was before links to active content in email had become common. I didn't do anything so extraordinary. I just kept my eye on the ball, and started thinking of ways that emails really could hurt you, that's all.

Maybe I'll become an internet security expert now. I usually study up on things way more than a normal person would just to win an argument. I have a giant book of hacker techniques on my desk that I've been trying to get through for awhile.

Weeeh, I got it wrong again. ****ing dyslexia. Obviously, running XP as standard User is the PITA compared to just run as Admin and be open to every 3 year old hack every 13yr old can find on google ... a little exaggeration, but I hope we're talking about the same now.

However, can't say it often enough and if anyone else reads this:

The single most important factor to one's computer security still remains their online behavior.

You can catch a virus on Linux too if you're utterly ... addicted to open email attachments you didn't ask for.