Would antispyware or antivirus programs be useful to me?

March 5, 2013 at 00:05:42
Specs: Win 7
I'm using Windows Firewall. The Gibson Research Corporation
website www.grc.com scan of "All Service Ports" (the first 1056
ports on my computer) shows that they are all "stealthed" --
invisible to the scanner. I don't see any way that any kind of
malware could get onto my computer. As far as I know, my
computers have never been attacked in the 17 years I've been
connecting to the Internet and using e-mail. So it isn't apparent
that antispyware or antivirus programs would do anything for me.
Is there some good reason to think they would? I've been trying
(off and on) to understand this for a long time.

-- Jeff, in Minneapolis


See More: Would antispyware or antivirus programs be useful to me?

Report •

#1
March 5, 2013 at 00:58:22
Depends,

Do you surf randomly? Do you install random apps? Toolbars? Only you know.

I ran my windows 7 machine with out an antivirus for about a year with no problems. Then I scanned it just to see if I had anything hiding in the corners, and I found nothing.

So it's up to you. But I will tell you that about 90% of the computers that I see on a daily basis have some sort of virus, malware, adware, crapware, you name it. And it is mostly the end users fault, or their kids. You have to remember though, even if you do everything right, there maybe some exploit you don't know of that will bite you in the end.

My 2 cents


Report •

#2
March 5, 2013 at 00:58:55
"I don't see any way that any kind of malware could get onto my computer."

An open port is not necessary for malware to get onto your computer. Do you ever visit websites? Do you ever open attachments in emails? If the answer to either of those questions is "Yes" then it would be advisable to use anti-malware software.


Report •

#3
March 5, 2013 at 03:01:24
Gretti wrote:

"And it is mostly the end users fault ... You have to remember
though, even if you do everything right, there maybe some
exploit you don't know of ..."

Yes, this is why I'm asking. I'm doing what I think is right, but
other people say it isn't enough. Is it because there are kinds
of exploits I don't know about? If so, what are they?

Gretti asked:

"Do you surf randomly? Do you install random apps? Toolbars?"

ijacack asked:

"An open port is not necessary for malware to get onto your
computer. Do you ever visit websites? Do you ever open
attachments in emails?"

I suppose it depends on what you mean by "random". I visit
websites that I know nothing about other than that they look
promising in a Google search result. What does that matter?
How can a malicious website attack my computer? I've visited
thousands of websites, and many, many thousands of pages,
with no sign that any of them have contained malware, though
many had videos or JavaScripts or other things that produced
annoying behavior, such as making the "Back" button useless,
or constantly reloading a page, or making me wait for everything
else to download except the desired content.

I've never installed a toolbar. Interesting apps seem to be
disappearing. I've seen fewer and fewer of them. Maybe I just
don't know where to look anymore. Or maybe they're just all
too huge for me to download. I haven't got broadband yet, for
a variety of reasons.

When an e-mail that appeared to be spam had an attachment
that was an .exe or .scr or the like, I just deleted it. Sometimes
looked at the attachments that were .jpg images, but they almost
always turned out to be either selling viagra or penny stocks.
Apparently it was a way to get past spam filters. I haven't seen
any of those in a long time. I was always hoping that some of
what were claimed to be racy photos would turn out to be racy
photos. Never happened. For the last decade, the majority of
spam has been variations on Nigeria letters. Some of those
I've bothered to read have been really funny. Usually now I just
delete them when I see that they're from "Mr. or Mrs." Whatever,
or address me as "Dearest".

So are there kinds of exploits I don't know about? Are there
exploits that could actually get into my computer and do anything
besides take up disk space?

-- Jeff, in Minneapolis


Report •

Related Solutions

#4
March 5, 2013 at 04:06:06
"So are there kinds of exploits I don't know about? Are there exploits that could actually get into my computer and do anything besides take up disk space?"

The answer to both of those questions is "Yes". There are many known exploits that take advantage of security failings in Flash, Java, and JavaScript and, no doubt, other scripting languages. And these are not exlusive to Windows; OS X is equally vulnerable. Companies as well-know as Microsoft and Apple have suffered security breaches because of such malware. If it can happen to them, with all their resources, it would be foolish to suppose that it could not happen to you becasue you are running a simple firewall on your router.

You may have been lucky and never encountered one of these items of malware. On the other hand, you may already be sending every keystroke that you type to a gentleman in Russia or Nigeria, including your bank account details, logon names, and password. Unless you scan your computer at regular intervals or (preferably) run software that inspects ever piece of data downloaded to your computer you just don't know. Some malware can be extremely difficult to trace and deal with once it has established itself.

Personally, I don't see any point in taking that risk, even if it is a fairly small one. At the expense of a slight performance hit I prefer to know what is happening when I communicate with remote computers.


Report •

#5
March 5, 2013 at 04:24:04
There are literally tens of thousands of exploits. There are even jpg exploits in email or web pages. There are even zero day exploits that no one even knows about out there lurking around. Hell we just had another zero day java exploit pop up. Now a day everyone needs to be a security pro, or they will eventually get something, especially on a windows OS not so much on Linux, Mac, Android, IOS, yet. Even with an anti-virus installed you are still vulnerable. It's making good computing decisions to minimize your exposure to risk that will keep your system running well.

Here are some exploits for you to run through, feel safe?

http://www.cvedetails.com/


Report •

#6
March 5, 2013 at 06:02:39
Good security always uses a multilayer approach.

A firewall is one layer but it alone isn't good enough. There are other entrances to your computer that it can do nothing about.

Keeping your computer up to date with the latest security updates are another layer. But that isn't enough either. XP has known security issues that will never be fixed because the fix would break popular software. Later systems likely have similar issues, even if they aren't known yet.

Being careful about the software you use and the websites you visit is another layer. But that alone isn't enough either. Even trusted software and websites may be carrying malware, even if unaware.

Using anti-malware software is another layer but that alone isn't enough. The creators of malicious software have become very sophisticated in their approach. They are well aware of how these programs work and are working hard to evade their protection.

Never installing new software and never using the Internet would be a big help but few people would be willing to go that far.

No one security layer is enough but by using all of the above you can greatly increase you level of security. Not to 100% but that is not possible to achieve.


Report •

#7
March 5, 2013 at 14:09:50
ijack wrote:

"You may have been lucky and never encountered one of these
items of malware."

Does that seem plausible to you? I keep hearing how computers
are attacked, on average, within minutes or seconds of connecting
to the Internet. Going online for hours almost daily for 17 years,
is it plausible that sheer luck kept malware out of my computers?

"On the other hand, you may already be sending every keystroke
that you type to a gentleman in Russia or Nigeria, including your
bank account details, logon names, and password."

I don't see how. If every keystroke I type while online were sent
to a third party, it would be a doubling of the amount of data sent.
If every keystroke I type on the computer in total were sent, that
would much more than double the amount of data sent. I don't
observe that happening. The only time I see data passing from
my computer to the Internet is when I send it, and it seems to be
in appropriate amounts.

I did once have an unexplained, unauthorized withdrawl from my
checking account, of less than ten dollars. It went to Arizona,
where I'd never been and didn't have any business. But that was
more than 17 years ago, before I started using the Internet, and
although my bank keeps asking me to do so, I've never set up
online banking with them. I don't see any advantage to me.

"Unless you scan your computer at regular intervals or (preferably)
run software that inspects every piece of data downloaded to your
computer you just don't know. Some malware can be extremely
difficult to trace and deal with once it has established itself."

Essentially you are saying that malware could be running on my
computer without ever affecting anything. Does that make sense?

"Personally, I don't see any point in taking that risk, even if it
is a fairly small one. At the expense of a slight performance hit
I prefer to know what is happening when I communicate with
remote computers."

Is the risk small? People say it is big, but I don't see effects.
Do you know what is happening when you communicate with
remote computers, significantly better than I know?

Gretti wrote:

"There are literally tens of thousands of exploits."

If there are so many, and most of them are different from one
another, then it must be pretty much impossible to check for
all of them in a reasonable amount of time.

"There are even jpg exploits in email or web pages."

So, why am I not seeing them? I download JPGs from sites I have
never visited before almost every day. Do you agree with ijack's
guess that I've just had good luck?

"Now a day everyone needs to be a security pro, or they will
eventually get something ..."

That's why I started this thread -- not to become a professional,
but to learn enough to understand what my actual vulnerabilities
are, so I can prevent or defeat attacks appropriately.

"Here are some exploits for you to run through, feel safe?

http://www.cvedetails.com/"

I wish all web pages downloaded as fast as that one!

The level of detail there isn't really suitable for my needs.
I want to understand what the vulnerabilities are. That website
is apparently a sort of catalog of exploits, but it isn't obvious
how it can help me understand. If it is only intended to scare
me, at least I can read the counts of different exploits that
they have assigned different risk assessments.

I had to look up (via Google and Wikipedia) the meanings of
the two main initialisms used on that page:

CVE = Common Vulnerabilities and Exposures
CVSS = Common Vulnerability Scoring System

They were not explained on the page, as far as I could see.
The website appears to be for getting info on specific exploits,
and statistics on those expolits. What I'm interested in getting
is understanding of how malware could enter my computer.
The website doesn't appear to be designed for that.

I remain skeptical that there is any way it could get in.

LMiller7 wrote:

"Good security always uses a multilayer approach.

A firewall is one layer but it alone isn't good enough. There are
other entrances to your computer that it can do nothing about."

Okay, what are those other entrances? If such enterances exist,
why does nothing appear to be entering them? Luck?

"Keeping your computer up to date with the latest security updates
are another layer."

After using Windows 7 for over two years, I got Service Pack 1
on disk and installed it last August. That's the only update.

"Being careful about the software you use and the websites you
visit is another layer."

Being careful is pretty subjective. But what difference does it
make whether I'm careful about which websites I visit? How
could a website put malware on my computer? If it could,
why have I not seen it happen?

-- Jeff, in Minneapolis


Report •

#8
March 5, 2013 at 14:14:40
You can do what you want, it's your property, but it does seem like you are trolling.

Report •

#9
March 5, 2013 at 15:09:32
1. Your analysis of how a key logger sends data to a remote site is flawed. Unless you are telling me that you monitor each packet as it leaves your computer I don't believe that you know what data is being sent and when it is sent. Your statement shows a misunderstanding of the basics of networking.

2. I am saying that malware can be running on your computer without your being aware that it is affecting anything. Does that make sense? Yes, it does. Malware that makes its presence obvious is not going to last long; the writers of these thing have a degree of sophistication greater than yours. They design malware to be invisible to the user.

3. Is the risk small? Yes, it is fairly small - but it is not non-existent. The longer you run an unprotected computer the greater the chance that it will be infected.

4. "That's why I started this thread -- not to become a professional, but to learn enough to understand what my actual vulnerabilities are, so I can prevent or defeat attacks appropriately." It is something of a shame that having asked for advice you dismiss so readily the exeperience of those who have been dealing with this subject, on thousands of computers, for many years.

5. "How could a website put malware on my computer? If it could,
why have I not seen it happen?" Difficult to answer adequately without knowing your level of knowledge, but as you question what is being said let us assume that you are doing this from a basis of knowledge rather than ignorance. Buffer overflows are a common vector for such attacks. What makes you so sure that your computer could not be infected via a buffer overflow? As to why you have not seen it happen, at what level are you competent to monitor your computer - can you detect a rootkit which hooks various vectors to hide its presence? What tools are you using to do this investigation apart from the packet sniffer that is examining each packet arriving at your computer and leaving it?

6. There was a famous case here in the UK a couple of years ago when a journalist challenged hackers to hack him. The next day a £250 donation was made to charity from his bank account. Having an admirable sense of humour, and humility, he did not pursue the matter with the Police but accepted it as the price of learning a valuable lesson. Don't be complacent about computers.

7. Do I care if you believe me or if your computer is infected? Not really.

8. Am I going to waste any further time on this topic? I doubt it.


Report •

#10
March 5, 2013 at 16:14:02
Malware comes in many forms and not all have obvious effects. Those that do get all the publicity because they are known to their victims. Others take a low profile, doing nothing that might make their presence known. They might be sending personal data to their creator, but they will not do it in large blocks but in short squirts, possibly during periods of other Internet activity. There is one form of malware , sometimes called a bomb, that does nothing until some event occurs such as a specific date is reached. Then it springs into action with obvious, and sometimes very nasty results.

Malware writers of necessity know a great deal about computer security and in recent years have become very sophisticated. Underestimate their capabilities at your peril.

You have been lucky to have gone 17 years without a malware problem. Or maybe not. There may be a software bomb in your computer - waiting for it's day. It might be tomorrow.

You have asked if anti malware software would be useful to you. You have been given good advice. Now it is up to you.


Report •

#11
March 5, 2013 at 16:48:26
Re #3

"they almost always turned out to be either selling viagra or penny stocks"

Which shows that your control is far from perfect or you wouldn't be getting them, or would at least know why. Viagra, penny stocks and similar email spam doesn't arrive out of normal browsing and purchasing (unless you deal with very dodgy suppliers). I doubt, for example, that you can stop others multiple addressing email without using BCC and thereby blazing your email address to all recipients.

Ever googled your email address to see if it is visible? If so, change it.

On a very recent post you said:
"once I finally get broadband Internet".
Be aware that the "nasties" take advantage of faster speeds too.

Whatever, as said, you do whatever you like but I have job to understand why you are trying to seek justification from others for not having safeguards. Maybe you'll stay lucky, maybe not - nobody on here or anywhere else can tell you.

Always pop back and let us know the outcome - thanks


Report •

#12
March 6, 2013 at 09:44:57
Gretti replied:

"You can do what you want, it's your property, but it does seem
like you are trolling."

I didn't ask what to do. I asked whether and how malware might
be able to gain access to my computer. I want to understand the
potential vulnerabilities of my computer. I'm not asking you to
tell me what to do about them.

ijack replied:

"1. Your analysis of how a key logger sends data to a remote site
is flawed. Unless you are telling me that you monitor each packet
as it leaves your computer I don't believe that you know what
data is being sent and when it is sent. Your statement shows a
misunderstanding of the basics of networking."

I don't monitor each packet, but I do notice when packets are or
are not being sent. For example, from the time this page finished
displaying to the time I read to the end of your paragraph #1,
there were no packets sent or received. If packets were sent at a
time that I wasn't expecting any to be sent, there is a fair chance
I would notice. Maybe not the first time, or the second or third,
but eventually. Over the course of 17 years, I should catch such
behavior if it were happening frequently.

"2. I am saying that malware can be running on your computer
without your being aware that it is affecting anything. Does that
make sense? Yes, it does. Malware that makes its presence obvious
is not going to last long; the writers of these thing have a degree
of sophistication greater than yours. They design malware to be
invisible to the user."

If it doesn't do anything that I can detect, is it malware? If it
doesn't steal anything, doesn't send any info to anyone, doesn't
alter any data or programs, doesn't interfere with anything, is it
malware? Is it common for malware to do nothing harmful?
Could my computer be infected by lots of viruses and worms
that are harmless, but not infected by any that do damage?
Is that likely?

"3. Is the risk small? Yes, it is fairly small - but it is not non-
existent. The longer you run an unprotected computer the greater
the chance that it will be infected."

When people say that, they generally mean minutes, hours, or
days, don't they? What am I to make of going for 17 years with
no antivirus program, and yet apparently no infections? The one
time I checked for malware was with Malwarebytes, a couple of
months ago, after four months of using the Internet almost daily
(August through December), and it didn't find anything.

"4. "That's why I started this thread -- not to become a professional,
but to learn enough to understand what my actual vulnerabilities are,
so I can prevent or defeat attacks appropriately." It is something of
a shame that having asked for advice you dismiss so readily the
exeperience of those who have been dealing with this subject, on
thousands of computers, for many years."

I did not ask for advice. I asked for information. I want to
understand what my actual vulnerabilities are. I asked for an
explanation of the potential vulnerabilities of my computer.

What "experience" do you think I dismissed? I have no doubt
that other people have experienced attacks by malware. My own
experience is a lack of attacks. That experience is part of what
I am trying to understand. If you told me that I am vulnerable
to contracting malaria, I would want to know why, since as far as
I know, I've never met anyone who had that disease.

"5. "How could a website put malware on my computer? If it could,
why have I not seen it happen?" Difficult to answer adequately
without knowing your level of knowledge, but as you question what
is being said let us assume that you are doing this from a basis of
knowledge rather than ignorance. Buffer overflows are a common
vector for such attacks. What makes you so sure that your computer
could not be infected via a buffer overflow? ..."

I'm asking how it could be infected via a buffer overflow.

I have some idea what a buffer is, what it does, and how it works.
I have less idea how a buffer can overflow. Maybe if it is badly
coded. I have decoded (from assembly language) one program
which used a buffer, and it seemed to be well-written, only adding
data into the assigned memory. I'm not sure what a badly-written
one would look like, but I can vaguely guess. It sounds like the
exploit would depend on a buffer existing that a web page can
write to; the program controlling the buffer being seriously
faulty, so that it writes into memory beyond the buffer; and that
part of memory subsequently being executed.

My questions, then, are how a website could write to such a buffer
on my computer, and why it has apparently never happened in
the 17 years I've been accessing websites, under various different
operating systems, mostly without a firewall.

"As to why you have not seen it happen, at what level are you
competent to monitor your computer - can you detect a rootkit
which hooks various vectors to hide its presence? What tools are
you using to do this investigation apart from the packet sniffer
that is examining each packet arriving at your computer and
leaving it?"

Why is it that in 17 years, during which my computers running
various operating systems must have been attacked thousands
of times over, all the attacks were of such a nature that they had
no obvious effect? Why is it that every last one of those many
thousands of attacks were so stealthy that they would require
advanced techniques to notice? Did a stealthy virus infect the
computers and then prevent all the less-stealthy malware from
downloading, so as not to give away the fact that it was present?
Or what? Do you think it was luck, as you suggested, that out
of thousands of exploits, not one ever did anything to harm
my computers in a way that was obvious?

-- Jeff, in Minneapolis


Report •

#13
March 6, 2013 at 09:52:53
LMiller7 replied:

"Malware comes in many forms and not all have obvious effects.
Those that do get all the publicity because they are known to
their victims. Others take a low profile, doing nothing that might
make their presence known. They might be sending personal data
to their creator, but they will not do it in large blocks but in short
squirts, possibly during periods of other Internet activity. There is
one form of malware, sometimes called a bomb, that does nothing
until some event occurs such as a specific date is reached. Then it
springs into action with obvious, and sometimes very nasty results."

So you are suggesting that my computers may have been attacked
by many thousands of exploits over the last 17 years, but it was
my good fortune that all of them either kept a low profile or were
bombs that haven't gone off yet.

"You have asked if anti malware software would be useful to you.
You have been given good advice. Now it is up to you."

I didn't ask for advice, though. My goal is to understand the
asserted vulnerabilities. I'm asking for information that will
provide that understanding.

-- Jeff, in Minneapolis


Report •

#14
March 6, 2013 at 09:58:58
Derek replied:

"Re #3
"they almost always turned out to be either selling viagra or
penny stocks
"

Which shows that your control is far from perfect or you wouldn't
be getting them, or would at least know why. Viagra, penny stocks
and similar email spam doesn't arrive out of normal browsing and
purchasing (unless you deal with very dodgy suppliers). I doubt,
for example, that you can stop others multiple addressing email
without using BCC and thereby blazing your email address to all
recipients.

Ever googled your email address to see if it is visible? If so, change it."

I've been using the same e-mail addresses for 17 years. I have given
them out to uncountably many people. One of them is the feedback
address for my website. I posted it unobscured on my website
before I learned that doing so is a bad idea, but it hasn't been a
problem, and I left it as it was.

I do not filter my e-mail. Instead, my e-mail provider uses a
rather unusual method of reducing spam which is somewhat
leaky, but does not look at the content. Once about a year ago
I asked my provider about the unusually large number of spams
that got through that day -- about a dozen, I think -- and was
told that 56 other spams had been blocked. So I'm satisfied
with the method.

"On a very recent post you said:
"once I finally get broadband Internet".
Be aware that the "nasties" take advantage of faster speeds too."

So I've been told before. But tell me: Does that mean viruses
and worms are able to detect the speed of my connection before
they decide whether or not to download to my computer?
Because I never see them download to my computer.

Or are you saying that I have missed seeing them download, but
once they install themselves on my computer and are running,
they then detect the speed of my connection and decide whether
or not to do their business?

"Whatever, as said, you do whatever you like but I have job to
understand why you are trying to seek justification from others
for not having safeguards."

I'm not trying to seek justification for not having safeguards,
I'm trying to understand what, if anything, those safeguards are
needed to protect my computer against.

-- Jeff, in Minneapolis


Report •

#15
March 6, 2013 at 11:20:27

Report •

#16
March 6, 2013 at 12:57:28
Years ago in my naive Win 95 days I put my email address on the internet. My junk email eventually increased to 120 per day (they sell each other addresses). After some years I tired of creating email rules, changed my address and have rarely seen any spam since, certainly not that "out of the blue" stuff you mentioned. I don't know your email address but I was certain it was out there because of what you had described. The trouble with spam filtering by your email provider is that it can remove valid emails too - unless it is some crude system that still lets quite a lot of spam through.

The "speed thing" is simply that at higher speeds the "nasties" have an improved timescale to work in to ram home their dirty deeds, not that your speed is monitored in any way.

The hackers are getting cleverer as each day goes by and we are talking about criminal gangs these days, not just naughty boys. Like burglary they prefer to go where there is no alarm fitted. If you think it is your browsing habits or knowledge of computers that is keeping your computer clean then fine, but never let your guard slip and ensure you continue to keep right up to date about what they are up to and their methods. It costs nothing to have a few safeguards.

In a small way you can compare computer safeguards to insurance. You can pay house insurance for a lifetime but your house never happens to burn down. Some folk are happy with that (and the money they have saved). Others feel that IF it did happen they would not wish to be without a home and in financial hardship. It's simply a matter of what risks one cares to take and sometimes you can get away with taking them. I accept that a wrecked computer is hardly life threatening.

Always pop back and let us know the outcome - thanks


Report •

#17
March 6, 2013 at 16:09:28
ijack linked:

"http://m.linuxjournal.com/article/6701"

Thanks! That link went to the Linux Journal home page, but
adding a slash at the end took me to the article, "Buffer Overflow
Attacks and their Countermeasures".

http://m.linuxjournal.com/article/6...

Edit to add:

The article fairly well explains how buffer overflow can be used
to cause dangerous code to execute. However, it says nothing
about the central question: How could a website produce a
buffer overflow. This was also the complaint of the next-to-last
commenter on the article pages, back in 2008. I still have no
information about how malicious code could get from a web
page that I'm browsing into a buffer or any other location that
will be executed.

It is like explaining how temperature-triggered bombs could
be made to explode by being placed inside my refrigerator by
a website, without explaining how the website could place such
bombs in my refrigerator. That's the question: How could such
malware get into my computer? In this particular case, how could
malware which depends on buffer overflow write to a buffer on
my computer just by my visiting a malicious web page?

-- Jeff, in Minneapolis


Report •

#18
March 7, 2013 at 05:23:45
Frankly, I'm running out of patience. Whether you understand how it can happen or not doesn't interest me. The simple fact is that it does happen. Take it or leave it.

Learn how to use Google, or take a course in computer security, if you are not prepared to take the word of those who know. But I am not going to do your research for you. I just hope that your computer is not part of the botnet that has been launching DDOS attacks on various websites recently.


Report •

#19
March 7, 2013 at 16:42:08
ijack replied:

"Frankly, I'm running out of patience. Whether you understand
how it can happen or not doesn't interest me."

That's okay. If you want to try to answer my questions, that's
great, if you don't, that fine, too. But you did reply to my posts,
so I got the idea that you were interested enough to try to
answer my questions.

"The simple fact is that it does happen. Take it or leave it."

No. I did not post here to find out whether malware attacks
computers. I already knew that. I posted here to learn how
my computer might be vulnerable to malware attacks. The
direct evidence I have so far appears to show that it is not
vulnerable. I am trying to understand and resolve the
contradiction between what I read and the direct evidence.

"Learn how to use Google, or take a course in computer
security, if you are not prepared to take the word of those
who know. But I am not going to do your research for you."

I am prepared to take the word of those who know. If you
know answers to my questions and can express them to
me clearly, I would appreciate them. So far I have learned
quite a bit, but not the answers to my questions.

"I just hope that your computer is not part of the botnet that has
been launching DDOS attacks on various websites recently."

That seems unlikely considering that it is not sending anything
through the modem at any time other than when a web page
is downloading or I am uploading a typed post.

-- Jeff, in Minneapolis


Report •

Ask Question