I have been under the impression that a computer user must visit a page or open a file in order for the computer to be infected by malware of any kind. But I’ve seen a few comments lately to the effect that an unprotected computer will be infected just by being online, regardless of whether it is actually being used to surf the web or download content. Is this true?
-FrL-
A system nakedly exposed to the Internet is vulnerable, even when not being actively used.
An event I’ve seen more than once: A user connects a new XP laptop to the Internet in a domain that miscreants like to target (it’s under the .gov TLD.) 10 seconds later, said user has a nonresponsive brick. Next steps: wipe disk clean, reinstall XP fresh, get behind a firewall, install patches, then try again.
It is definitely true, but is becoming more and more unlikely now than it used to be, because of better security features. Some years ago, if you plugged a windows installation without firewall to the internet, it would be infected within 5-10 minutes by some nasty critter.
At the height of the Blaster Worm it took seconds.
(Warning: Gross oversimplifications ahead)
The thing you need to understand, Frylock, is the Internet is a two way street. Any system on it can touch any other system on it. If a system is connected the Internet and there’s some aspect to it that allows a person to both access it and run software on it (a security flaw in the operating system to use the typical problem) then another PC could connect and install it’s own malicious software.
Because of high speed Internet connections a system compromised this way could touch thousands of random locations on the Internet an hour checking each one to see if it was vulnerable to its attack. There’s a geometric progression to this as well; one system infects a second; two infect four; four infect eight and so on until you have potentially millions of compromised computers out there trying to infect other computers and testing effectively every address on the Internet once every few hours.
These days most people exploiting security holes like that don’t go for simple worms. Instead they’d rather use the bandwidth that could go for trying to spread the infection to send spam or run a phishing website. The principle remains the same.
In many years of computing I have never used antivirus and I have never had any kind of infection. I have come to the conclusion that AV software is more trouble than it is worth and it does not entirely protect the computer.
I have seen computers slow down to a crawl by antivirus. That means I would have to get rid of all my computers and buy new ones. Not to mention the cost of the AV itself.
My boss who is totally computer ignorant says he will not go without AV. Good for him. Except that his computer, which has much faster hardware than mine, is slow beyond belief. Mine flies like an arrow compared to his.
He keeps sayng that the AV keeps popping up saying it has detected something nasty and is cleaning it. I don’t believe it. I regularly visit the different online AV sites just to check that I am clean (and to check that I have all the patches up to date) and I regularly get a few notices that I am infected but when I check closely I am not infected. That software has as a primary goal to scare users. They give as infections cookies or entries in the hosts files which are perfectly legitimate and which I WAT to be there. If the AV removes that they are making me less secure.
Not to mention that my boss, with all that expensive AV software, has been known to send me a virus or two. Which I caught just by looking at the email. An ounce of common sense will stop more viruses than all the software in the world.
You can check individual files online or be sending them by hotmail.
Here is what I do:
1- Tighten the browser security so it runs pretty much nothing without asking first. A few trusted sites go into the trusted site group (like the bank etc). The rest do not run crap on my computer without my explicit permission.
2- Keep OS and browser patched up to date.
2- Run Zonealarm
3- My router at home does NAT and runs a firewall so I am, in fact, behind two firewalls.
4- My few sensitive files are encrypted using PGP. (I am in the process if designing improvements on this because the key is on the same machine. I may start keeping the key on a pendrive and even keep the files on a networked drive placed in a safe box. That way if they break into the house and steal the computer they still did not take the information. I may open a thread to discuss this.)
5- Regularly make copies of the partition to another disk. That way if the worst were to happen I can just restore the partition to the last backup. (I admit I should do it more often.) The risk of losing data is not only from virus but more likely from the disk becoming inaccessible due to malfunction, burglary, fire, water, etc. having backups protects against all; having AV software may protect against one.
Those are my policies and they have served me well. For different reasons I still use some really old and slow computers, some running Win98se, and they work fine for my needs whereas they would not even begin to move if I ran AV software. The secret is to run only the strictly necessary software and disable the rest. These days anything you install seems to contain crap. Every software seems to want to run some update permanently in the background. Shame on all of them.
As they say: The best antivirus is between your ears. Use common sense.