• Forum
  • Lounge
  • Why do computers even need virus protect

 
Why do computers even need virus protection?

Pages: 123
If you download and run a random exe like an idiot, won't your computer be screwed anyway? Can a website just give you a Trojan from nothing? Is it possible to get any malicious software on your computer from data files like txts, mp3, jpegs?

Can a website put anything malicious on your computer without you knowing?

I ask this because I never have put virus protection on my pc and I have never got a virus. I also see many people with virus protection and many Trojans+slow memory+"free smileys"
If you download and run a random exe like an idiot, won't your computer be screwed anyway?


Yes

Can a website just give you a Trojan from nothing?


Theoretically, if they exploit a browser issue.

Is it possible to get any malicious software on your computer from data files like txts, mp3, jpegs?


Maybe, but it'd be way harder than just getting someone to run an exe.

Can a website put anything malicious on your computer without you knowing?


Yes, see above.
yes,yes,and yes. and you could have a virus and not know it, have you ever read about keyloggers running in the background? common viruses exploit features made by an os's library.
Last edited on
So what does the virus protection do?
Is it possible to get any malicious software on your computer from data files like txts, mp3, jpegs?
Google "windows xp png vulnerability". Long story short: buffer overflows are bad news.
Is it possible to get any malicious software on your computer from data files like txts, mp3, jpegs?

Yes - google for "jpeg exploit" (similarly for mp3, jpeg, pdf, ...) to see various web pages discussing the problem.

One type of approach exploits flaws in the code processing the image, etc. by overrunning a buffer when data is copied. If the data copied is valid machine code, and it can be copied to the right place in memory, then it will be run instead of the original code. As I understand it, the buffer is on the stack and the data has to overwrite the function's return statement so instead or returning as usual, the new code is run.

See the following wiki page for a longer, (more) coherent explanation:

Stack buffer overflow
http://en.wikipedia.org/wiki/Stack_buffer_overflow

Andy
Last edited on
I made a keylogger and server/client connection that didn't trigger any of my antivirus programs. sent myself a file that contained every key I pressed.
You may not remember, but in the late 90s/early 2000s it was pretty bad. Operating systems weren't really protected against viruses and people were really dumb. It's actually been relatively recent that OS's have been secure against viruses. Hell I don't think Windows XP had a firewall on by default, so tons of people got infected from just downloading random pictures or screensavers. But each year computers get harder and harder to infect, and most store bought PCs come with anti-virus installed. I think in the last 4 years I've only had one known virus, and it was a real pain in the ass to get rid of.
Hell I don't think Windows XP had a firewall on by default, so tons of people got infected from just downloading random pictures or screensavers.
Firewalls don't work that way.

It's not really that there's fewer viruses. It's just that current viruses don't focus on destruction or disruption of the host, but instead on using the host for some nefarious end. Often spamming and/or DDoS.
...there's an antivirus advertisement on the bottom of this thread as I write this.

Anyway, antivirus programs are helpful for situations where... well, I believe the title for such things is "scareware." Essentially, particularly-malicious software can actually run through advertisements, doing things such as minimizing your internet browser and redirecting you to an alternate page that includes the virus. At that point, you're pestered about having viruses, and any click on the screen whatsoever initializes the download. To say the least, viruses like that can be quite, quite nasty.
Why would you not want antivirus protection?

Men who use condoms still have a chance to impregnate women. Does this mean they should stop using condoms altogether?
So what does the virus protection do?

When a file is about to be opened/executed/shown, the system doing that (OS, browser, etc) calls a routine that compares the content of the file against known signatures of viruses, and in case of match aborts/blocks the access. That is active AV.

Passive AV is to explicitly go through files on the system and recheck them.
Daleth wrote:
Men who use condoms still have a chance to impregnate women. Does this mean they should stop using condoms altogether?
What a fantastic analogy.

@OP
It might seem silly, or like everyone in the world is overreacting to a threat you've never experienced. I get that. I used to have the same mindset. I've been working at a computer repair shop for the past several years, and I can tell you with certainty that this
Can a website put anything malicious on your computer without you knowing?
Is 100% possible.

But it's not often the websites fault. (i.e., if a virus came in via facebook web traffic, facebook as a company isn't (necessarily - conspiracy theorist) the one doing it).
It's happened to me personally (work and home), where all of the sudden "Windows 7 Antivirus Plus!" Or something pops up for no apparent reason and starts closing out other applications. So yeah, it's necessary to have antivirus programs that detect these things because
1.) We can't rely on Microsoft to modify their operating system to render these attacks useless. I suppose it would be wrong to expect them too as well. The same thing that makes Windows so susceptible to malware is the same thing that makes it greatly customize-able.
and 2.) We [/i]can[/i] definitely count on the malicious intend of other people/groups.

Because you've never been hit with a virus doesn't mean that viruses don't exist. I can almost guarantee that one day you'll wake up, turn on your computer monitor and be like "Oh shit they were right."

But yeah, not being an idiot helps with keeping the viruses away as well. That is, porn (y'know, the kind that you view in your browser without sandboxing it..), run-down game sites, things like freeze.com that offer you "FREE MP3 SONGS", bearshare or limewire or frostwire or whatever they call it nowadays.. You get my point.
Hi,

The reason we need AV solutions & Firewall solutions is due to the fact most Trojans\bots do not screw your computer they simply perform illegal deeds without your consent such as:
[-] Stealing Bank Details [-] Capturing your Keystrokes
[-] Stealing Other Personal Information [-] Open doors for new Malware's
[-] Stealing Identity of you [-] Selling your Identity
[-] DDOS
[-] Spam
[-] Propagation
[-] Click Fraud
[-] Use to store illegal Data


These are just few examples, I can think a dozen more. These are far more dangerous than destroying your Computer.

And yes Websites can easily download Malware into your system without your knowledge by downloading via already known exploits which exploit browser[s].

Java Drive By's these are some of it.


The most used technique to spread malware is to hack into a website using LFI,RFI,SQLi, Other Attack Vectors then using that website to redirect it to a bogus website which will download Malware on to your system.

Of course you can get Malware out of jpeg,txt and such files.

This happens when a EXE file either binds into the file via using PE. Or finding a Code Execution Vulnerability in a File type then exploiting it then simply exploiting it then spreading your Exploited File.


Most Malware[s] today are quite easily removed simply editing Registry, ACLS & DACLS, Files.

But there are some nasty Malware[s] which uses root-kit's to hide itself using advanced methods such as hooking & EIP redirection.

This is why it is important to have a AV installed becuase the AV works in the RING0 and has complete control over system and can see if any Hooks are placed in the system if so it will remove it then use GetTcpTable() FindNextFile() to remove the Malware.

Of course Hooking is not all bad in fact AV's thenselves use it to make sure no malware can kill it. Not only that but other products use it make sure it is hard to hack and crack.

I am currently working on a Ring3 AV, for learning purposes.

I personally hate these Malware Writers. I also advise you get a AV soloution as some worms spread via RPC DCOM, LSASS. Which are remote exploits meaning they need no interference from the future victim to spread so right now you could have been infected by a Remote Exploit but due to the exe having Rootkit's and such features you do not notice.
And there is Linux/MacOS users who honestly does not understand what this thread is about
(I am talking about normal desktop blockers/trojans/viruses. Targeted enterprise level attacks is another story)
helios wrote:
Firewalls don't work that way.

? Windows has a built in firewall that restricts access to the machine. In XP, said firewall was either not present or was not on by default, which is not the case today.
@ResidentBiscuit
XP as the first windows version that came with built in software firewall, IIRC the install asks if you want it on (could be wrong, it's been awhile since I installed XP).

Helios was saying firewalls don't prevent infections, but they can prevent (or at least alert to) spamming and bot nets.
@ naraku9333: the built-in firewall of Windows XP made its appearance in Service Pack 2.

Also it sucks. Very rarely does it actually ask you whether or not you want to block a connection, most of the time it just silently allows outgoing traffic. I don't even know how to monitor which programs use the network, without the help of a third party application specifically designed for that purpose!

Anyway, on the topic of antiviruses: I dislike them. I prefer using pure breed traditional antiviruses (aka virus scanners) instead of having a resident, nagging, resource wasting real-time scanning antivirus.

Kaspersky offers a good scanner.
http://www.kaspersky.com/antivirus-removal-tool?form=1

Avast used to as well, but that was long ago, and not anymore. (Let me know if you are aware of other scanner tools.)
But yeah, not being an idiot helps with keeping the viruses away as well. That is, porn (y'know, the kind that you view in your browser without sandboxing it..)


Speaking of sandboxing, does anyone know any good free sandboxing software for Windows?
(If I you can sandbox your browser, you would rarely need an AV)
Last edited on
Kaspersky offers a good scanner.
(Let me know if you are aware of other scanner tools.)
I prefer AVZ. Man who made it works for Kaspersky now, but it still searches for rootkits better and allows system repair after desructive virus attack.
English version: http://support.kaspersky.com/common/service.aspx?el=1698

Also there is DrWeb CureIt: http://www.freedrweb.com/cureit/?lng=en

And open source HijackThis which intended for experienced users: http://sourceforge.net/projects/hjt/
Pages: 123