My concern is that the infections I have come across
on already infected PCs were never detected by AV software.
OK, any half respectable trojan will disable the AV software anyway (sometimes this is evident in that updates stop working, and other odd things start happening) and this is why scanning the hard drive rarely finds anything (other than objecting to files called keygen.exe
) but even when I have done e.g. a TrueImage image of a definitely infected HD, copied it to a blue ray DVD, and mounted that image (using TI) on another (clean) machine, and scanned that entire resulting logical drive, file by file, with e.g. Kaspersky, the AV software still failed to find the virus among the files.
Malwarebytes also failed to see anything. In fact it has found nothing at all when I have run it - except in one case of a laptop on which it found 13 trojans
So, to me, it appears that the really nasty infections are usually not detected by common AV software - unless it comes as an email attachment, or appears on an infected website (SQL injection, or whatever?) which silently redirects to some site in China. Kaspersky is pretty good at detecting those.
I have seen a number of web infections (two well known pilot forums among them, and in neither case was it publicised so people could check their PCs) and Kaspersky detected the attempted redirection on those.
Since we started using Messagelabs for email filtering we have not had anything remotely resembling a dodgy attachment.
AFAIK, none of the PCs used by me, my family at home, or at work, have ever been infected.
And the webmail services (yahoo, hotmail, etc) have come a long way since the days when you set up a hotmail account and looked in there the following day and there would be 100 spams in there. They all do spam and virus checking, to a pretty good degree. Still won't stop clever hacks done with malformed PDFs or Jpegs, but those are pretty rare attacks.
yes I have seen insecure PCs behind NAT become part of a botnet, and the effects on traffic are horrendous.
Were they infected while sitting there switched on, with nobody using them?
How does one access a PC behind a NAT router, which has no open ports?
And if you get through the router, the PC (assuming it is running windoze with the main patches applied) will still present the attacker with a login prompt, or the attacker will need login credentials if you are going in via a LAN. That's if the PC has been configured to ask for a login+password. If not, one important element of security has been lost.