Recommended security add-ons
Resident insomniac
Thread Starter
Join Date: Aug 2005
Location: N54 58 34 W02 01 21
Age: 79
Posts: 1,873
Likes: 0
Received 1 Like
on
1 Post
Recommended security add-ons
My elderly computer has decided to refuse to boot (cannot find OS) so I now have a brand new one (it was on the cards anyway) - but I need to install all the (free) anti-virus and malicious software tools that I had acquired (but cannot remember what they all were - one was Kaspersky).
Can someone prompt me with a few names that I might recognise?
Not having the ability to read these off the list of programs on the (now defunct) menu I'm struggling to find what I want.
There was another program that I remember - Malwarebytes - which I have now downloaded, but any recommendations as to what to have to protect from evil will be considered.
Thanks.
(and then there's all my browser favourites!)
Can someone prompt me with a few names that I might recognise?
Not having the ability to read these off the list of programs on the (now defunct) menu I'm struggling to find what I want.
There was another program that I remember - Malwarebytes - which I have now downloaded, but any recommendations as to what to have to protect from evil will be considered.
Thanks.
(and then there's all my browser favourites!)
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes
on
0 Posts
The answer must depend on what kind of outside communications you do.
If you just browse major websites (e.g. bbc.co.uk) then you don't need antivirus software, and if you are behind a NAT router then nothing is going to get you from the outside.
If you go to dodgy websites (which includes pilot forums
because they are quite frequently infected) then you need some antivirus software. I use Kaspersky, which has never caused me any problems, over a number of PCs I look after at home and work. Avoid anything from Symantec (Norton).
If you use email then you need to be altogether more careful. Especially if like most people you use Micro$oft email software (Outlook or Outlook Express). Again AV software is a must.
If a teenager has access to your PC, you can forget it. The battle is lost
If you just browse major websites (e.g. bbc.co.uk) then you don't need antivirus software, and if you are behind a NAT router then nothing is going to get you from the outside.
If you go to dodgy websites (which includes pilot forums
because they are quite frequently infected) then you need some antivirus software. I use Kaspersky, which has never caused me any problems, over a number of PCs I look after at home and work. Avoid anything from Symantec (Norton).If you use email then you need to be altogether more careful. Especially if like most people you use Micro$oft email software (Outlook or Outlook Express). Again AV software is a must.
If a teenager has access to your PC, you can forget it. The battle is lost
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
If you just browse major websites (e.g. bbc.co.uk) then you don't need antivirus software, and if you are behind a NAT router then nothing is going to get you from the outside.
I suggest anyone reading this thread ignores that paragraph, and we'll leave it at that out of politeness.
Since a gram of prevention is worth a kilo of cure, I'd suggest using Firefox as default browser, with the Noscript add-on, and AdblockPlus.
NoScript will prevent drive-by downloads (from infected webpages) from even recognising that your browser is there.
I also use Avast, have MBAM and SAS (superantispyware) available for Bad Times (hasn't happened in a few years, now) and Secunia PSI, to monitor any out of date or vulnerable software. Windows and other software installed is kept scrupulously up to date. Windows firewall has proved more than adequate with this setup.
Some kind of imaging software and an external drive is worthwhile. Macrium do a free one called Reflect. Others include Acronis, and the old but reportedly good Norton Ghost.(or Norton Go back.)
In the event you get an actual infection and need to use tools to clean it, I'd suggest getting those, under knowledgeable guidance from a helper at a security forum, at the time they are needed.
NoScript will prevent drive-by downloads (from infected webpages) from even recognising that your browser is there.
I also use Avast, have MBAM and SAS (superantispyware) available for Bad Times (hasn't happened in a few years, now) and Secunia PSI, to monitor any out of date or vulnerable software. Windows and other software installed is kept scrupulously up to date. Windows firewall has proved more than adequate with this setup.
Some kind of imaging software and an external drive is worthwhile. Macrium do a free one called Reflect. Others include Acronis, and the old but reportedly good Norton Ghost.(or Norton Go back.)
In the event you get an actual infection and need to use tools to clean it, I'd suggest getting those, under knowledgeable guidance from a helper at a security forum, at the time they are needed.
Read "The Time has come" thread from June 2011. All you need on there.
Mr Mike of the bracknell world must be tired of repeating his advice.
My local techie guru fully agrees with him.
Mr Mike of the bracknell world must be tired of repeating his advice.
My local techie guru fully agrees with him.
Join Date: May 2009
Location: Bradfield CO11 2XD
Age: 81
Posts: 174
Likes: 0
Received 0 Likes
on
0 Posts
ARO 2011
Does anyone use ARO 2011 from Sammsoft? I've been using it to clean and optimise my laptop since the System Tool virus last January.Last Thursday my laptop downloaded 10 updates from Windows and since then I've been unable to open the programme and Windows is telling there is a problem with it.Thanks in advance.
Colin
Colin
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
Mr Mike of the bracknell world must be tired of repeating his advice.
My local techie guru fully agrees with him.
My local techie guru fully agrees with him.
Saab as this subject keeps cropping up is it worth making this into a sticky?
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
ARO 2011 from Sammsoft?
Let me guess, did you per-chance find out about this "useful" software through your web browser one day ?
Never heard of it. But it's never good when Google auto-complete suggests "scam" as the second word and you get 25,000 results
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes
on
0 Posts
I suggest anyone reading this thread ignores that paragraph, and we'll leave it at that out of politeness
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
IO540,
I assumed from your prior postings on this forum where you demonstrated a good level of computing experience that it would be un-necessary for me to expand further because you would probably understand the reasons for my post being the way it is. So perhaps I just got your username mixed up with someone else's in my mind.
I'm a bit busy at the moment, but I will return to the forum later today and post and expanded explanation for the benefit of the public as requested.
As I have explained before here on Computers & Internet. I'm not out to catch anyone out, and I'm certainly not out to take the p1 out of people. It's just that I'm a busy individual, who has pretty much "seen it all before" when it comes to IT/Telecoms ... and therefore some of my replies can be, short & sweet, shall we say..... particularly when a post such as the first paragraph of yours earlier goes so much against the grain that I find it difficult to comprehend why such a view was held.
But I digress. I offer you my apologies if my post was misinterpreted.
Bye for now, but I'll be back to expand as requested.
I assumed from your prior postings on this forum where you demonstrated a good level of computing experience that it would be un-necessary for me to expand further because you would probably understand the reasons for my post being the way it is. So perhaps I just got your username mixed up with someone else's in my mind.
I'm a bit busy at the moment, but I will return to the forum later today and post and expanded explanation for the benefit of the public as requested.
taking the p1ss out of somebody but without any information content
But I digress. I offer you my apologies if my post was misinterpreted.
Bye for now, but I'll be back to expand as requested.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
All about NAT.....
Let's start by addressing your statement that "nothing can get you when you're behind NAT".
Two irrefutable counter-arguments :
"Phone home" software that sends data/information about your computer/network to the outside world.
Software with mechanisms to bypass or work-around NAT (legitimate examples of this include Skype, GoToMyPC, Teamviewer etc.). Products such as Teamviewer provide you with full remote-control of your computer without any need to open any inbound ports on the firewall perimeter of your network.
It doesn't take much imagination to realise what can be done by people with malicious intent.
One source of further reading on this is the activities and presentations of the Jericho Forum.
I'll leave you with two facts :
(1) RFC1631 (aka NAT) was never designed as a security mechanism. It's role in life was always, and will always be to address the problem of address depletion and scaling in routing. That's it. The fact that your IP address gets masked in the process is a byproduct of the way the NAT mechanism was designed and consequently implemented.
(2) That today's internet is not a very pleasant place. There is an ever growing number of mechanisms at the disposal of the mischievous to bypass security, and the only way to address these effectively is to build a layered security model, not just relying on one piece of infrastructure to protect you.
You might be of the opinion that "oh, I'm just a boring home user, with no nuclear secrets on my ageing PC.... why should I bother". To that, I say remember zombie botnets and spam.... the miscreants want you to be a small piece in their large cog. It's your duty as an individual connected to the internet to do your small bit to help deflect the damage they cause. If you don't believe me on the damage front, I'll leave you with a little quote from a recent ticketing system notification message :
Two irrefutable counter-arguments :
"Phone home" software that sends data/information about your computer/network to the outside world.
Software with mechanisms to bypass or work-around NAT (legitimate examples of this include Skype, GoToMyPC, Teamviewer etc.). Products such as Teamviewer provide you with full remote-control of your computer without any need to open any inbound ports on the firewall perimeter of your network.
It doesn't take much imagination to realise what can be done by people with malicious intent.
One source of further reading on this is the activities and presentations of the Jericho Forum.
The Jericho Forum began in 2003 when a group of global corporate CISOs came together informally to discuss an issue that no one was addressing – de-perimeterization – the erosion of the network perimeter. Concerned that the industry was valiantly trying to shore up an ever-crumbling corporate perimeter while trying to securely conduct business via the Internet.
I'll leave you with two facts :
(1) RFC1631 (aka NAT) was never designed as a security mechanism. It's role in life was always, and will always be to address the problem of address depletion and scaling in routing. That's it. The fact that your IP address gets masked in the process is a byproduct of the way the NAT mechanism was designed and consequently implemented.
(2) That today's internet is not a very pleasant place. There is an ever growing number of mechanisms at the disposal of the mischievous to bypass security, and the only way to address these effectively is to build a layered security model, not just relying on one piece of infrastructure to protect you.
You might be of the opinion that "oh, I'm just a boring home user, with no nuclear secrets on my ageing PC.... why should I bother". To that, I say remember zombie botnets and spam.... the miscreants want you to be a small piece in their large cog. It's your duty as an individual connected to the internet to do your small bit to help deflect the damage they cause. If you don't believe me on the damage front, I'll leave you with a little quote from a recent ticketing system notification message :
We experienced a large scale distributed denial of service attack
starting at 17:34 this evening targetted at one of our customers. This
attack resulted in an unprecendented load on our routers and some
interlinks.
The attack is still on-going but we have mitigated most of its effects
by way of filtering traffic on our network border.
As a result of the volume of traffic, customers will have seen some
packetloss until we put in place systems to filter the attack.
We are still seeing a high level of inbound traffic however the
filters which has been in place for over 40 minutes appears to
be successfully mitigating most of its impact. We are continuing
to monitor the network closely.
starting at 17:34 this evening targetted at one of our customers. This
attack resulted in an unprecendented load on our routers and some
interlinks.
The attack is still on-going but we have mitigated most of its effects
by way of filtering traffic on our network border.
As a result of the volume of traffic, customers will have seen some
packetloss until we put in place systems to filter the attack.
We are still seeing a high level of inbound traffic however the
filters which has been in place for over 40 minutes appears to
be successfully mitigating most of its impact. We are continuing
to monitor the network closely.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
A few words about major websites....
In terms of "only visiting major websites"......
What if someone, or something (virus etc.) edited your hosts file ? Changed your DNS settings to point you to mischievous DNS servers ?
What if someone, or something setup an inline HTTP proxy to alter your BBC browsing experience ?
What if someone hacked the BBC and put some malicious files up ? (don't say it will never happen, I can point you to lists of many "major" websites). Plus there's always the prospect of the "inside job".
What if a page on the BBC site had an iFrame ? Displaying content from a remote site in a BBC border.... what happens if that content becomes malicious ?
What if you received an email purporting to be from the BBC telling you to visit their website to read something of interest to you ?
Variations on the theme include cross-site scripting attacks etc.
In summary ..... treat the internet..... the WHOLE internet.... as untrusted, and keep your wits about you at all times.
What if someone, or something (virus etc.) edited your hosts file ? Changed your DNS settings to point you to mischievous DNS servers ?
What if someone, or something setup an inline HTTP proxy to alter your BBC browsing experience ?
What if someone hacked the BBC and put some malicious files up ? (don't say it will never happen, I can point you to lists of many "major" websites). Plus there's always the prospect of the "inside job".
What if a page on the BBC site had an iFrame ? Displaying content from a remote site in a BBC border.... what happens if that content becomes malicious ?
What if you received an email purporting to be from the BBC telling you to visit their website to read something of interest to you ?
Variations on the theme include cross-site scripting attacks etc.
In summary ..... treat the internet..... the WHOLE internet.... as untrusted, and keep your wits about you at all times.
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes
on
0 Posts
That is all true, but the software which accesses external sites had to arrive at your computer from somewhere to start with.
If you install Skype, and it goes to your firewall and opens up the ports it needs, and then it goes to your router and (with UPNP?) opens up the ports in that also, that is not good, but I did say to the other poster
If he does all kinds of other stuff too then his machine can be compromised.
And if you then go and block those back doors using a firewall, then Skype will stop working...
At work we run an email server and we used to get about 10k spams per day, not to mention regular dictionary attacks on port 443 (router config port) so I have no illusions about nice people out on the internet. Even after we went to Messagelabs for incoming email filtering we still had spam delivered to our IP via SMTP, and we had to set up the email server to accept emails only from the ML IP ranges to stop that.
But I still maintain that somebody who uses a computer, at home, for pure web browsing on major websites is going to be fine.
That is not the same as doing exactly the same while working at say Cisco, whose IT systems will be subject to hundreds of not thousands of attacks concurrently.
I have configured PCs and laptops for loads of people over the years and every case of a trashed machine I saw was caused by some trojan which fairly obviously came down email, instant messaging (usually a message containing a URL) or from an infected website. In most cases, on machines used by kids, who tend to click on everything that pops up
The worst one I ever had was a PC I built for the child of our postman. As far as I could tell that kid, about 10, only ever used a web browser, but the machine was almost unbootable. When I saw the websites he was clicking on, it was not suprising. He simply clicked on every link he saw. But still no evidence of a highly technical attack.
There are many infected websites etc but I just don't see significant resources going into hacking typical homeowner PCs behind NAT routers. Do you have evidence that the bot nets are set up in that way? I have seen a few zombie PCs (including one belonging to my son; he lives with the ex) but all of them were used in a manner which would have guaranteed instant infection.
If you install Skype, and it goes to your firewall and opens up the ports it needs, and then it goes to your router and (with UPNP?) opens up the ports in that also, that is not good, but I did say to the other poster
If you just browse major websites (e.g. bbc.co.uk)
And if you then go and block those back doors using a firewall, then Skype will stop working...
At work we run an email server and we used to get about 10k spams per day, not to mention regular dictionary attacks on port 443 (router config port) so I have no illusions about nice people out on the internet. Even after we went to Messagelabs for incoming email filtering we still had spam delivered to our IP via SMTP, and we had to set up the email server to accept emails only from the ML IP ranges to stop that.
But I still maintain that somebody who uses a computer, at home, for pure web browsing on major websites is going to be fine.
That is not the same as doing exactly the same while working at say Cisco, whose IT systems will be subject to hundreds of not thousands of attacks concurrently.
I have configured PCs and laptops for loads of people over the years and every case of a trashed machine I saw was caused by some trojan which fairly obviously came down email, instant messaging (usually a message containing a URL) or from an infected website. In most cases, on machines used by kids, who tend to click on everything that pops up
The worst one I ever had was a PC I built for the child of our postman. As far as I could tell that kid, about 10, only ever used a web browser, but the machine was almost unbootable. When I saw the websites he was clicking on, it was not suprising. He simply clicked on every link he saw. But still no evidence of a highly technical attack.
There are many infected websites etc but I just don't see significant resources going into hacking typical homeowner PCs behind NAT routers. Do you have evidence that the bot nets are set up in that way? I have seen a few zombie PCs (including one belonging to my son; he lives with the ex) but all of them were used in a manner which would have guaranteed instant infection.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
Now, y'see, this is an interesting quandary because I agree with both of you to a certain extent.
Mixture is right that it's dangerous to state that using no firewall or AV you'll be safe behind a NAT-only router browsing places like the Beeb. The reason behind this is that NAT opens a bunch of ports, down which a bunch of hijacked traffic can travel, and if you're not doing anything about sanitising that traffic or even checking your PC once it's arrived on it, then there's no hope for you really.
However, IO540 is also right to a certain extent by saying that you needn't go overboard with your defences. This is because the workload of keeping them all up-to-date and reliable would outweigh the workload saved by not having half of them.
Personally, I would go, as I have shown, with the golden rule of:
1) A SINGLE antivirus ONLY package (none of these all-in-one-AV-plus-firewall packages)
2) A NAT/SPF router
3) Malwarebytes pre-loaded
4) Windows Firewall
The reasons are (and the numbers correspond to above)
1) You should NEVER run more than one AV package with realtime protection at any one time (because they find each other and fight....slowing your computer down to a crawl and breaking it). You should never run a software firewall unless you know EXACTLY what you're doing with regard to blocking and unblocking certain types of traffic (and to this extent those who DO know how to run a software firewall should in no circumstances suggest that those who don't should).
2) NAT might not be 100% safe, but it's 10000000% safer than a modem, and is probably the reason why the internet still actually operates rather than having ground to a halt with all the numpties and their kids running infected computers behind modems. An SPF firewall in hardware is going to affect your computer MUCH less than a software firewall, and it means your computer isn't useless when you pick it up and use it in someone else's network (but of course you should be careful before connecting to theirs willy-nilly).
3) Malwarebytes Anti-Malware is STILL one of the very few pieces of software that I can instruct someone with a highly-infected PC to use to clean it themselves. However, the viruses ARE getting worse, and one day it'll be useless.
4) Windows Firewall is great. It's very unintrusive, and most importantly it's very hard to accidentally cock up the settings. The later versions in Windows Vista/7 DO provide outbound rules, and even better it's centrally controllable via GPO when in a business setting. Any other software firewall is likely to be none of these things, and as i've said on countless previous occasions, a badly-configured firewall is worse than no firewall at all.
So, why MS Security Essentials I hear you cry? Well, I'm persuadable for you to change that requirement to any of AVG/Avira/Avast/Kaspersky/F-Secure. However, if you pay for your package you need to understand that the virus definitions are likely to have been gleaned from others who will have paid for their package....and given that the FAR greater number of people who DON'T pay for their package are the ones who will be providing the free AV vendors their definitions, you can see why it would be better (and cheaper) to go free. Oh, and any of the other vendors of AV software out there had better seriously beef up their offerings if they want to be taken seriously. The likes of Trend/McAfee/Norton get immediately uninstalled from any PC I deal with, and that's unlikely to change at present.
oh, p.s. - yes I have seen insecure PCs behind NAT become part of a botnet, and the effects on traffic are horrendous. I would add one other item to the list above, and that's to educate yourself on the workings of viruses, and how to spot them or how to have a sneaking feeling you might have been infected. THAT would lower the infection rates!
Mixture is right that it's dangerous to state that using no firewall or AV you'll be safe behind a NAT-only router browsing places like the Beeb. The reason behind this is that NAT opens a bunch of ports, down which a bunch of hijacked traffic can travel, and if you're not doing anything about sanitising that traffic or even checking your PC once it's arrived on it, then there's no hope for you really.
However, IO540 is also right to a certain extent by saying that you needn't go overboard with your defences. This is because the workload of keeping them all up-to-date and reliable would outweigh the workload saved by not having half of them.
Personally, I would go, as I have shown, with the golden rule of:
1) A SINGLE antivirus ONLY package (none of these all-in-one-AV-plus-firewall packages)
2) A NAT/SPF router
3) Malwarebytes pre-loaded
4) Windows Firewall
The reasons are (and the numbers correspond to above)
1) You should NEVER run more than one AV package with realtime protection at any one time (because they find each other and fight....slowing your computer down to a crawl and breaking it). You should never run a software firewall unless you know EXACTLY what you're doing with regard to blocking and unblocking certain types of traffic (and to this extent those who DO know how to run a software firewall should in no circumstances suggest that those who don't should).
2) NAT might not be 100% safe, but it's 10000000% safer than a modem, and is probably the reason why the internet still actually operates rather than having ground to a halt with all the numpties and their kids running infected computers behind modems. An SPF firewall in hardware is going to affect your computer MUCH less than a software firewall, and it means your computer isn't useless when you pick it up and use it in someone else's network (but of course you should be careful before connecting to theirs willy-nilly).
3) Malwarebytes Anti-Malware is STILL one of the very few pieces of software that I can instruct someone with a highly-infected PC to use to clean it themselves. However, the viruses ARE getting worse, and one day it'll be useless.
4) Windows Firewall is great. It's very unintrusive, and most importantly it's very hard to accidentally cock up the settings. The later versions in Windows Vista/7 DO provide outbound rules, and even better it's centrally controllable via GPO when in a business setting. Any other software firewall is likely to be none of these things, and as i've said on countless previous occasions, a badly-configured firewall is worse than no firewall at all.
So, why MS Security Essentials I hear you cry? Well, I'm persuadable for you to change that requirement to any of AVG/Avira/Avast/Kaspersky/F-Secure. However, if you pay for your package you need to understand that the virus definitions are likely to have been gleaned from others who will have paid for their package....and given that the FAR greater number of people who DON'T pay for their package are the ones who will be providing the free AV vendors their definitions, you can see why it would be better (and cheaper) to go free. Oh, and any of the other vendors of AV software out there had better seriously beef up their offerings if they want to be taken seriously. The likes of Trend/McAfee/Norton get immediately uninstalled from any PC I deal with, and that's unlikely to change at present.
oh, p.s. - yes I have seen insecure PCs behind NAT become part of a botnet, and the effects on traffic are horrendous. I would add one other item to the list above, and that's to educate yourself on the workings of viruses, and how to spot them or how to have a sneaking feeling you might have been infected. THAT would lower the infection rates!
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes
on
0 Posts
My concern is that the infections I have come across on already infected PCs were never detected by AV software.
OK, any half respectable trojan will disable the AV software anyway (sometimes this is evident in that updates stop working, and other odd things start happening) and this is why scanning the hard drive rarely finds anything (other than objecting to files called keygen.exe ) but even when I have done e.g. a TrueImage image of a definitely infected HD, copied it to a blue ray DVD, and mounted that image (using TI) on another (clean) machine, and scanned that entire resulting logical drive, file by file, with e.g. Kaspersky, the AV software still failed to find the virus among the files.
Malwarebytes also failed to see anything. In fact it has found nothing at all when I have run it - except in one case of a laptop on which it found 13 trojans
So, to me, it appears that the really nasty infections are usually not detected by common AV software - unless it comes as an email attachment, or appears on an infected website (SQL injection, or whatever?) which silently redirects to some site in China. Kaspersky is pretty good at detecting those.
I have seen a number of web infections (two well known pilot forums among them, and in neither case was it publicised so people could check their PCs) and Kaspersky detected the attempted redirection on those.
Since we started using Messagelabs for email filtering we have not had anything remotely resembling a dodgy attachment. AFAIK, none of the PCs used by me, my family at home, or at work, have ever been infected.
And the webmail services (yahoo, hotmail, etc) have come a long way since the days when you set up a hotmail account and looked in there the following day and there would be 100 spams in there. They all do spam and virus checking, to a pretty good degree. Still won't stop clever hacks done with malformed PDFs or Jpegs, but those are pretty rare attacks.
Were they infected while sitting there switched on, with nobody using them?
How does one access a PC behind a NAT router, which has no open ports?
And if you get through the router, the PC (assuming it is running windoze with the main patches applied) will still present the attacker with a login prompt, or the attacker will need login credentials if you are going in via a LAN. That's if the PC has been configured to ask for a login+password. If not, one important element of security has been lost.
OK, any half respectable trojan will disable the AV software anyway (sometimes this is evident in that updates stop working, and other odd things start happening) and this is why scanning the hard drive rarely finds anything (other than objecting to files called keygen.exe
) but even when I have done e.g. a TrueImage image of a definitely infected HD, copied it to a blue ray DVD, and mounted that image (using TI) on another (clean) machine, and scanned that entire resulting logical drive, file by file, with e.g. Kaspersky, the AV software still failed to find the virus among the files.Malwarebytes also failed to see anything. In fact it has found nothing at all when I have run it - except in one case of a laptop on which it found 13 trojans
So, to me, it appears that the really nasty infections are usually not detected by common AV software - unless it comes as an email attachment, or appears on an infected website (SQL injection, or whatever?) which silently redirects to some site in China. Kaspersky is pretty good at detecting those.
I have seen a number of web infections (two well known pilot forums among them, and in neither case was it publicised so people could check their PCs) and Kaspersky detected the attempted redirection on those.
Since we started using Messagelabs for email filtering we have not had anything remotely resembling a dodgy attachment. AFAIK, none of the PCs used by me, my family at home, or at work, have ever been infected.
And the webmail services (yahoo, hotmail, etc) have come a long way since the days when you set up a hotmail account and looked in there the following day and there would be 100 spams in there. They all do spam and virus checking, to a pretty good degree. Still won't stop clever hacks done with malformed PDFs or Jpegs, but those are pretty rare attacks.
yes I have seen insecure PCs behind NAT become part of a botnet, and the effects on traffic are horrendous.
How does one access a PC behind a NAT router, which has no open ports?
And if you get through the router, the PC (assuming it is running windoze with the main patches applied) will still present the attacker with a login prompt, or the attacker will need login credentials if you are going in via a LAN. That's if the PC has been configured to ask for a login+password. If not, one important element of security has been lost.