Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Real current security threat level


  • Please log in to reply
39 replies to this topic

#1 lukyff7ac

lukyff7ac

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Porto Alegre, RS - Brazil
  • Local time:02:04 PM

Posted 10 January 2017 - 02:22 PM

Hello to you all,

Firstly, and I'm not sure if this is important at all, but this isn't my first post, this is just another account due to e-mail access issues.

I guess this question may have already been made in the past, but as the matter is quite vague, I couldn't find any previous posts related to this from my searches, so I apologize in advance if it's a repeated questions.

I wanted to ask to people here who works with security or that have enough knowledge in the matter, the real current threat to security of computers of average/home users (not in a production/company environment).

I always see a lot of warnings in computer blogs and forums about keeping Windows Update or other form of updates for OSs activated and about always being better to run a computer from a limited user kind of account, even for experienced users.... I wanted to ask how much of that is real, how much is necessary.

 

I mean, let's not take in account the average "40-something already a parent user who would click on a 'get iphone here' e-mail and just use excel, outlook and facebook", but the kind of user who would normally read computer blogs and forums. Let's call it a power user, even though this term has many meanings, most erroneous.

Considering a Power User
- would know better to pick trustworthy sources for new software (like Sourceforge),
- know not to open obvious, and even not so obvious strange email (like well-made bank phishing emails from banks that the user      don't have an account on - happened to me, almost believed in one)
- know how to use secure websites and not to click on advertising, to block pop-ups and other basic security measures when surfing the web
- have a good, although free antivirus, like Avast or AVG, and use some kind of sandboxed browser to use banking websites (like that of Avast)
- wouldn't utilize any form of piracy
- have the patience to read at each screen on a install wizard and NEVER use a download manager (like when you go on a website for new software, and this software have 500mb but when you download is just a 1,3mb download manager that fills your PC with bloatware)

Considering all of that above... is it really necessary to keep Windows updated so much? Does high skilled hackers really try to crack into an average home user computer through some kind of security breach that Microsoft somehow didn't yet discovered? Or is it just malware risk? 
From the IT sector of my previous company I learned how much companies of any size are attacked... like, every day, every hour. I guess that can get these professionals scared and make them advise people this way, but for users who can take the measures above (which I think are pretty basic), on their home PCs, are they really risking that much using an admin account with privileges to install software.

Please, I want this answer to be honest, with real life examples if possible, not an exagerated one... because I never met home users which had backdoors on their PCs or that their PCs just started installing software on their own... it was most likely the usual "baidu" stuff of installing bleepty software filled with bloatware.

I thank in advance anyone who might read this, and even more those who provide an answer.
Best Regards,
Lucas Almeida



BC AdBot (Login to Remove)

 


#2 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:04 AM

Posted 10 January 2017 - 02:42 PM

Hello, I'm an IT Auditor, meaning i break into systems and report the flaws so they can be fixed/patched. 

 

from what i learned in my "Organizational Data Security" course is that.  

 

1. No matter what you do there is always going to be a flaw somehow somewhere (that's where people like me come in, to test it before it is released to the public) 

2. The best practice to avoid "over the shoulder" snooping is to, log out before you leave your computer, and to practice "defensive" computing, meaning, if you are working on a project that someone was interested in and they're trying to "steal" your information (info meaning what you are working on) call them out on it, most companies DO NOT appreciate snooping. 

 

 

And yes, even if you have 300 layers of security you can still, to this day, misspell www.google.com and get re-directed to many, many site, that have pop-up voices, ads, whole bunch of nasties, if you let it run longer 15 seconds you will get infected, however I myself am pure linux, so when i try to go to that site, literally nothing happens (i am NOT putting the site in here because some people may click on it) 

 

also, you are correct about "odd sounding phising emails" it sound juvenile and childish, but say the website/anything in question out loud. 

they may look correct to your eyes, but when you read it out loud you may notice simple spelling errors. or it's not "correct" english. 

 

like you may come across a site that says blahblahblah."websites here".blah, that may look okay, but it is not, it should be "website here" simple little things like that can screw someone over if they happen to click it. 

 

Most Casual users don't notice things like that, so it looks "Okay" to them, though an experienced user will question it. 

 

and yes, those checkboxes in the installation wizard can be gruesome.

 

All-in-all if you keep doing what you're doing you should be fine. :)


    IT Auditor & Security Professional

hQBT2G3.png


#3 RolandJS

RolandJS

  • Members
  • 4,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:11:04 AM

Posted 10 January 2017 - 03:28 PM

Thread starter mentioned Windows Updates -- are such important to security?  I thought I had a ready answer, however, in thinking it over, I'm not sure anymore.  I'll wait til others comment of WUs.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:04 AM

Posted 10 January 2017 - 03:32 PM

Thread starter mentioned Windows Updates -- are such important to security?  I thought I had a ready answer, however, in thinking it over, I'm not sure anymore.  I'll wait til others comment of WUs.

For those that use windows, YES keep the updates enabled. if you don't you could be vulnerable. 

and to the OP, Normally, No, Good hackers will not usually go for personal computers unless you upset them something fierce. 


    IT Auditor & Security Professional

hQBT2G3.png


#5 lukyff7ac

lukyff7ac
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Porto Alegre, RS - Brazil
  • Local time:02:04 PM

Posted 10 January 2017 - 03:50 PM

Viper and Roland,

Thank you so much for your answers

I know this matter can be discussed endlessly because there are thousands of ways to protect your computer as well as there are a billion (I'm thinking even more) variants of viruses and worms and other infections, so we would never be able to cover it all here

Windows Update and UAC are excellent examples of my first post.

There was this blog post about how people were unabling WU because of the GTX when Windows 10 was still free and people were complaining of automatic updates.

The blog stated that hundreds of thousands of people were choosing to be exposed to infections over getting accidentally updated to Windows 10, like the PCs would explode the moment they turned WU off...

I mean, is it really? Are these breaches on excel macros or internet explorer or cortana or other microsoft product really so a dangerous potential for infection that you can'turn it off a few months, given you keep at least an AV running?

And what about UAC? I know it's not wise to advise people to turn it off because many times they think they know what they're doing but they really don't and then it's the guys at BleepingComputer who must clean the mess :P... But I just think posters should be more honest about how much a threat it is to turn UAC off... Means that, if you don't know the full consequences of this, like, what will be done without asking for permission, you shouldn't do it

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 10 January 2017 - 04:41 PM

Important Fact: No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing and stay informed. It has been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.The user is the first and last line of defense and security is a constant effort to stay one step ahead of the bad guys.

Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication.

Krebs on Security

Security begins with personal responsibility and includes a comprehensive approach. Common sense, good security habits, safe surfing, understanding security and safe computing are essential to protecting yourself from malware infection.The end user needs to constantly educate about the latest malware threats and those recommendations by security experts on how to protect themselves. If the user is an employee of an organization, that also means following policy and procedures for the use of computer equipment and related resources implemented by the agency IT Department. Knowledge and the ability to use it is the best defensive tool anyone can have.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:04 AM

Posted 10 January 2017 - 04:49 PM

Spoiler

 

Agreed, many more details on what i have said. Best defense= Get educated in safe browsing/computer use habits


    IT Auditor & Security Professional

hQBT2G3.png


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 10 January 2017 - 05:20 PM

Any particular reason you want to turn Windows Update and UAC off?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 lukyff7ac

lukyff7ac
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Porto Alegre, RS - Brazil
  • Local time:02:04 PM

Posted 10 January 2017 - 05:51 PM

Didier, quietman

Thank you for your replies.

Summing up everything, I now understand perfectly the reason for these kind of advices that I was confused as to why they were given.

It is simple, getting infected by malware is, in most cases, the user's fault, not the security software's.

So, you should constantly advise safe use of a computer so people don't get confident enough as to get careless.

That's great, and I agree with that practice.

My question with the first post, the reason to open the thread was directed towards practical example, towards explanation. Safe computing advice is given in a company's view way that's almost arbitrary, authoritative, like and order. People see that and are bound to try to experiment out of it some time.

I think safe computing, and computer in general should be advised in a more friendly manner, explaining exactly what could happen. Like, what are the chances of really getting an infection JUST because you turned updates off? None, probably. You'll get infected for downloading a suposed tv show from that website your friend told you about or something like that. You'll click the button, you'll download the virus, and then, only then, it'll seek a breach of security on your computer. That's what you should talk about, because it seems that if you, for an example, turn updates off, someone will SURELY seek out your system, use the security breaches you didn't patch and explode your computer... It's not like that and you shouldn't act like so, I think.

Didier, I don't want to, it was an example. (ok, I did turn them off... The reason was because I grew up using XP and didn't want my system asking me if I wantes to copy a file into the C folder all the time... Not had an infectiom so far, and that can't be just dumb luck)

#10 lukyff7ac

lukyff7ac
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Porto Alegre, RS - Brazil
  • Local time:02:04 PM

Posted 10 January 2017 - 05:57 PM

Sometimes I see people asking simple questions on forums, like "I'm having some pixels out of place in the corner of the monitor. Anyone?"

And admins or moderators enters guns blazing " WHAT ANTIVIRUS DO YOU USE? IS YOUR WINDOWS UPDATED?" POST THESE TEN LOGS BEFORE SAYING ANYTHING ELSE"

And the guy just punched his monitor and they won't even talk to the guy... I mean, have everyone really fallen for Baidu malware to act like this?

#11 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:04 AM

Posted 10 January 2017 - 06:08 PM

Spoiler

 

Not sure who that was directed too but NONE of us said that in the least bit. even browsing the internet can increase your chances VIA ads. granted not all ads are malicious, but some are, eg,  even if you just scroll over it for a second, the script is already running. 

 

adblock can decrease your chances yes, but there are as you said billions of variations of malware,viruses, trojans, etc. 

and for someone to "explode your computer" yes, it can happen, BUT someone with great skill would need to do that, and why would someone with that much skill waste their time on a casual user? 

 

Also, it seems like you are getting frustrated. there is NO need for that. we are just answering your question. 

 

And there really is no "official" way to practice safe computing, even posting here your IP is going back and forth, that in itself is a "risk." which is why some big sites use cloudflare, and that's fine and dandy. 

 

Example: if one were to take down cloudflare, all those sites are now 10X more vulnerable. 

 

if you turn off windows update, you will not get security updates that eg, stops Command and Control execution. if you don't have that/those updates, again, you are more vulnerable. 


Edited by Viper_Security, 10 January 2017 - 06:20 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 10 January 2017 - 06:15 PM

...And admins or moderators enters guns blazing " WHAT ANTIVIRUS DO YOU USE? IS YOUR WINDOWS UPDATED?" POST THESE TEN LOGS BEFORE SAYING ANYTHING ELSE"...

I know sites like that but Bleeping Computer is not one of them. This is a General Security discussion forum where logs are not typically asked for.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 10 January 2017 - 06:20 PM

It all depends what you use your computer for and how you use it.

 

For example, if you use Internet Explorer or Edge to surf the Internet, then it is important to keep them updated, and you do that via Windows Update. If you use Windows 10, then your updates are monolithic: it's all or nothing.

Practical reason why: to protect your machine from exploit kits. Exploit kits try to compromise your machine via the browser without any user interaction.

Exploit kits can be found on compromised web servers. Web sites with a high Alexa rank are well protected against this, but there have been exceptions, and that will not change in the near future.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 lukyff7ac

lukyff7ac
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Porto Alegre, RS - Brazil
  • Local time:02:04 PM

Posted 10 January 2017 - 06:24 PM

Viper,

I did pass the wrong message, and you guys have been kind in answering the question, so I'm very sorry, I used bad examples. And thank you guys for your answers.

I understand the vulnerabilities, yes. Like the title of the post, the question was "how easy it is to be infected now, and how do that happens if you take some measures"

Now I know how, the issue is still the users, so it's better to keep promoting safe computing.

I guess my question is answered and if a moderator would like to, this post can get closed as it is resolved. Or if they think it can still be useful for discussion and kept open, I will be happy that it does.

#15 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:04 AM

Posted 10 January 2017 - 06:43 PM

No worries, i didn't think it was meant to be that way. 

 

and yes, most of the time, it's Operator Mistake, may be an accident. but unfortunately these authors of the malware,viruses, are soulless. they do not care who they have "acquired" if you will, they just want money. 

 

that's where people like us (Bleeping computer community) pitch in and make decryptors (not all ransomeware is decrytped because they just keep coming)


    IT Auditor & Security Professional

hQBT2G3.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users