Page 1 of 1

What's your virus/security procedure?

Posted: Tue Jul 28, 2015 3:56 pm UTC
by King Author
I don't have any antivirus software on my old XP netbook I use for random web surfing.

It's fine 'cause I don't have any sensitive files on the disk, I don't log into anything personal or sensitive on the web, and I'm on Wifi so I'm not vulnerable to direct attack unless someone's physically close enough to pick up my Wifi signal, and I'm not too worried about that.

However, just for the sake of it, I wanna try running some stuff, see what it finds, if anything.

What free, XP-compatible software would you recommend?

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 6:36 am UTC
by WanderingLinguist
To be honest, my security procedure for XP is not running XP.

Seriously, XP is very old and support has officially ended; there will be no more security updates (haven't been any for a year now). So connecting an XP system to the internet is pretty much at-your-own-risk. As time goes by and more un-patched vulnerabilities come to light, it will become more and more risky. It will become less a matter of if the system will be compromised and more a matter of how quickly.

XP aside, my security procedure is basically:
1) Staying up to date on all the latest patches as soon as they come out (I generally try to update the day patches come out; I don't use the "postpone" button if I can avoid it)
2) Only installing software from known reputable sources

Problem is, #1 is no longer an option on XP...

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 10:15 am UTC
by King Author
-_-
*siggggn*

How did I know that was gonna be the response? Like, 90% of my tech problems receive utterly unhelpful "do something different" responses first-off.

"I'm learning BASIC -- how do I jump back to the main code path after GOTOing somewhere else?"
"Lol, first off don't use GOTO, second of don't use BASIC, lololol."
"..............."

"GOM Player won't play certain codecs of FLV right for me. It plays them at double speed. Any help?"
"Yeah, don't use GOM Player, VLC is so much better."

Can you not see how unhelpful and jerk-y that is? I can understand offering an opinion alongside the requested information...

"Well, BASIC is a pretty cruddy language and you should think about converting to such-and-such, but anyway, what you do is..."
"Go into Settings and change blah-de-blah, that should work. VLC is better than GOM, though, you won't run into these kinda problems."

...but what's the point of purposefully being unhelpful? Seriously, I want you to answer me, WanderingLinguist -- what specific thought process went through your head that lead to you making that post?

(I'll look elsewhere for help, since I'm clearly not gonna get it here, but at this point I just wanna know why you thought being an asshole was a great idea.)

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 10:34 am UTC
by Quercus
I use avast free version on my windows 7 box, which seems to do pretty well in the tests that I've seen. They have pledged to support xp till at least 2017, so that might work for you*. Malwarebytes also claims to have xp support, and seems to be lots of peoples go to choice for standalone scanning, or if they suspect they might already have an infection (I've never used it as I tend to just reinstall windows if anything makes me suspicious).

I do agree with WanderingLinguist that it's simply not possible to run a copy of Windows XP securely any more. Antivirus is very much a secondary security measure after updating religiously and sticking to trusted software, not opening files of untrusted origin etc. As you state that you don't particularly mind if this PC is compromised however, I guess that doesn't matter.

I suppose one could argue that it's a bit irresponsible to knowingly run an insecure internet-connected machine that will probably become part of one or more illegal botnets, but I guess that there are so many insecure machines out there that one more doesn't make much difference.

*By work I mean "run and possibly pick up some malware", not "make XP secure". Nothing can do that.

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 11:44 am UTC
by Dthen
WanderingLinguist isn't deliberately being mean. XP genuinely is a terrible, unsupported security risk these days. It looks to me like you overreacted considering the thread question is "What's your virus/security procedure?" and not "What should my virus/security procedure be?".

That said, I know from other threads your well-considered reasons for still using it and I won't criticise you for it.
If you're just curious as to what running a scan may turn up, I suggest you run a scan using the free version of MalwareBytes. It seems to be the best at finding and removing malware.

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 11:57 am UTC
by Izawwlgood
I saw this post yesterday, and knew you'd respond this way.

You: "Every time I jam a fork into this electrical outlet, I get shocked! Can someone tell me what fork I should use to not get shocked?"

Everyone else: "Uh, you shouldn't jam forks into electrical outlets"

You: "Siiiiiiiiiiiiiiiiiiiiigh. This is unhelpful why would you possibly be this unhelpful?"

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 12:05 pm UTC
by Echo244
I too have an old laptop, running XP, used as a media toaster and occasional net surfing when I don't want to be at my home desk.

It will always be insecure.

It has no details on I care about - not even my name.

I've got a free antivirus on that still supports XP.

I run trusted programs from trusted sources only.

I won't particularly care if I lose it, or any of the data.

When I'm not browsing, I pull out the network cable.

It's not perfectly secure, but mneh. If I really cared, I'd install a free, up-to-date, secure OS/antivirus and get it up and running with that, but I wouldn't call that fun, these days. The laptop does what I want it to, the risks and consequences of <Bad Thing> are low, it's not worth doing more than that.

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 2:25 pm UTC
by ahammel
The effectiveness of of AV software these days is questionable.

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 2:37 pm UTC
by Quercus
ahammel wrote:The effectiveness of of AV software these days is questionable.


Even as a strictly supplementary security measure? I debated ditching AV, but in the end I concluded that even if it's only marginally effective then the small amount of overhead is worth it for me, given that it's basically unnoticeable on my PC. I'm very careful to avoid falling into the trap of relaxing my other security habits as a result of having AV.

Although if I ever had performance issues with my PC, AV would be among the first things to go.

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 2:50 pm UTC
by Dthen
ahammel wrote:The effectiveness of of AV software these days is questionable.


Eh, Symantec make Norton, so I'm disinclined to trust or believe anything they say.

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 2:52 pm UTC
by Izawwlgood
I think it was Norton that warned me it had found itself as malicious activity.

So... Good job Norton?

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 3:08 pm UTC
by Quercus
At least it's honest

Re: What's your virus/security procedure?

Posted: Wed Jul 29, 2015 3:34 pm UTC
by SecondTalon
I disagree with Izzy's analogy.

I think a better one would be

KA "I like to store my oily rags and open containers of kerosene and gasoline in this poorly ventilated wooden shed with large southern facing concave windows."

Everyone "That's a terrible idea"

KA "Whatever"

*later*

KA "So, I'm just curious as to how effective these sprinkler systems are, and want to have one installed in my poorly ventilated wooden shed to see if it goes off. I'm pretty sure it's fine, but honestly, it's kinda hard to look directly at it, due to the intense glowing from some unidentified chemical reaction producing a glow as well as heat and smoke. Anyway, anyone able to recommend a good installation company?"


Because, seriously, that laptop is in a botnet. It's got the malwares and the spywares and the everything.

...

But yeah, Avast or AVG and mbam. Run those, maybe run copy of spybot search and destroy too. All those are freeware for private use and, if you can't find a current version that works on XP, you should be able to find a prior XP friendly version on OldVersion

Re: What's your virus/security procedure?

Posted: Thu Jul 30, 2015 4:50 am UTC
by WanderingLinguist
King Author wrote:-_-
Can you not see how unhelpful and jerk-y that is? I can understand offering an opinion alongside the requested information...


I honestly wasn't trying to be a jerk.

I really don't think there's a way to do what you want to do. Back in the day, I'd have said "just don't open any suspicious e-mail attachments". But really, as the number of known vulnerabilities in XP grows, there will probably come a day when it's "don't use a web browser" and then maybe someday "don't connect it the internet" or "don't plug in anything on USB".

Seriously, any software that is no longer being maintained (that no longer gets regular updates and security patches) is going to be a security risk. The more popular the software is, the more widespread the usage, the more of a target it will be. XP is a pretty big target.

Just to give you an idea of some vulnerabilities that Microsoft has patched in the past: Ability to run arbitrary code when opening a JPEG image (read: visiting a web page). Ability to run arbitrary code when displaying text in a TrueType font (web pages can embed TrueType fonts, so...same thing). Now, these are patched vulnerabilities, so you don't need to worry about them. But Windows is large and complex; the change of more similar vulnerabilities coming to light in the future is nearly 100%. It will happen, and they won't get patched. And no matter what anti-virus software you have, it won't be safe to connect to the Internet.

It's technically possible someone could make some kind of firewall that protects your otherwise-vulnerable XP system from exploits before they reach it, but I've not heard of such a thing, and it doesn't seem like it would be worth the effort: Such a system would require constant updating and cost money. When you can just upgrade to a newer, supported version of Windows, there doesn't seem much motivation for a company to develop that kind of solution.

I'm not trying to be a jerk; I really seriously think keeping an XP system connected to the internet is a very bad idea and very risky.

Edit:
SecondTalon wrote: But yeah, Avast or AVG and mbam. Run those, maybe run copy of spybot search and destroy too. All those are freeware for private use and, if you can't find a current version that works on XP, you should be able to find a prior XP friendly version on OldVersion

Thing is, it's unlikely these are being actively updated for new vulnerabilities discovered in XP (especially stuff from OldVersion, for obvious reasons), so as time goes on they really won't protect you much.

Edit 2:
King Author wrote:(I'll look elsewhere for help, since I'm clearly not gonna get it here, but at this point I just wanna know why you thought being an asshole was a great idea.)

Hmm, somehow missed this one on the first read through. I wasn't being an asshole, although I see how the way I phrased it could've been taken that way. Let me rephrase: There is no safe way to use Windows XP. My thought process for trying to dissuade you from using Windows XP would be similar to my though process for trying to dissuade someone from driving drunk: It's dangerous behavior. You have to assume there could be a keylogger sending everything you type instantly to someone with malicious intent. Even if you don't using the computer for anything sensitive, it's really incredible how much personal information you can reveal indirectly. And there's no way to secure yourself against that any more.

Okay, okay, my practical advice for using XP safely: No internet. Without any connection to the outside world, it's relatively safe. Relatively.

Re: What's your virus/security procedure?

Posted: Thu Jul 30, 2015 7:39 am UTC
by PM 2Ring
FWIW, I have XP on this machine for those very rare occasions when I need Windows, but since XP was discontinued I turn off my ADSL modem before booting into XP.

Another useful anti-malware program that still works on XP is AdwCleaner - it can occasionally find things that MBAM misses. Obviously, I don't need it for this machine, but I was impressed with it last Christmas when I was cleaning up my sister's badly infected Win 7 box.

Re: What's your virus/security procedure?

Posted: Thu Jul 30, 2015 6:51 pm UTC
by Shro
Not only do you haven't to worry about being under direct attack with your information stolen, you have to worry about the botnet angle; your computer could be used to send out spam, execute DDoS attacks, etc. To expand on SecondTalon's analogy, not only are you storing oily rags and kerosene in a poorly ventilated wooden shed, your wooden shed happens to be next to a lot of other building that could be effected if you don't stop what you're doing. Your computer is insecure, you don't care it's insecure, fine. But you need to know that your decisions effect other computing users as well. This is why people are telling you to not use XP, not because they're out to get you, or trying to be jerks, but they know their stuff, and want to make sure the internet is secured for everybody. If you didn't want opinions about this, maybe you should have put in your OP "No, I'm not switching from XP. Don't recommend that I switch from XP", then people would have had an idea that you want to know how to make XP secure, instead of just having a secure PC. Because the amount of time and effort that it will take to make an XP PC secure is absolutely mind boggling - people know this, and instead of trying to get you to do things you might not be comfortable with as a computing user (registry hacks are no fun), the recommendations were based on the easiest course of action for a normal computing user standpoint.

That being said, Here are some things you can do if you absolutely have to have XP:

1) Make sure you never run as administrator
2) If you do get an anti-virus, make sure it's definitions are also up to date - you only have about two years before anti-virus makers stop providing definitions for XP computers
3) Make sure you're running the most current versions of any software
4) You can try a certain registry hack to keep getting updates because Microsoft is still supporting XP for ATMs and POSs and such
5) Use an up-to-date web browser
6) Microsoft has this tool: https://technet.microsoft.com/en-US/security/jj653751. You need SP 3 for version 4.1
7) Don't use Office 2003 or earlier.
8) Update your device drivers
9) NEVER USE INTERNET EXPLORER
10) Turn off autorun
11) Turn on Data Execution Prevention Protection for all applications
12) Consider upgrading and virtualizing XP
13) Make a reinstall disk with XP with SP3 so you can get a clean install quickly

Re: What's your virus/security procedure?

Posted: Fri Jul 31, 2015 4:11 pm UTC
by cphite
King Author wrote:I don't have any antivirus software on my old XP netbook I use for random web surfing.

It's fine 'cause I don't have any sensitive files on the disk, I don't log into anything personal or sensitive on the web, and I'm on Wifi so I'm not vulnerable to direct attack unless someone's physically close enough to pick up my Wifi signal, and I'm not too worried about that.

However, just for the sake of it, I wanna try running some stuff, see what it finds, if anything.

What free, XP-compatible software would you recommend?


I know it seems like this is piling on, but what you (and a lot of other people) don't understand is that XP is an unsupported operating system that is still somewhat popular. Those two things combined are the problem. There are still enough people using XP to make it lucrative to attack XP. And when holes are found there is literally no effort put into plugging them, or in most cases even detecting them.

Now... in your specific case you say you have nothing important on the laptop, and that you don't use the laptop for anything personal. Which is good.

The problem, as others point out, is that viruses these days are not limited to stealing data from the machine they primarily infect. Your machine could be used to send out spam, or to commit denial of service attacks against other people.

And assuming for the sake of argument you don't care if your machine is doing those things... do you have other computers at home? Ones that you do use for personal/financial purposes? If so, those machines could be at risk. It's entirely possible for an infected computer to seek out and access data on machines (other computers, storage devices, etc.) that it can reach on the same network or even on different networks, depending on the level of security.

All of that being said, if you would like to continue using XP and are looking for a decent anti-virus program, here are some things to consider. Firstly, make sure it has heuristic scanning; basically this is the ability to detect "virus-like" activity so that it isn't limited to known threats; this way you're not limited to threats specific to XP that have been identified.

Second, choose one where the developers have committed to continued XP support.... here is a list:
https://www.av-test.org/en/news/news-single-view/the-end-is-nigh-for-windows-xp-these-anti-virus-software-products-will-continue-to-protect-xp-after/

To be perfectly honest, even when running an AV that "supports" XP I would assume that the machine is unsafe for handling any important data. Another thing you might consider, if your router has the ability to offer a "guest" network, use that for the XP machine and keep the other machines on the main (hopefully secured) network. This won't necessarily prevent all attacks; but it'll provide some protection.

Re: What's your virus/security procedure?

Posted: Fri Jul 31, 2015 4:15 pm UTC
by Izawwlgood
Question for the computer savvy - say I have an old retired laptop that I use for nothing but word processing. Wifi is always disabled, and word documents transferred via USB.

Presuming the computer I print from is kept up to date and secure, is there anything that this isolated old laptop could be exposed to that could be a problem?

Re: What's your virus/security procedure?

Posted: Fri Jul 31, 2015 4:23 pm UTC
by Thesh

Re: What's your virus/security procedure?

Posted: Fri Jul 31, 2015 4:36 pm UTC
by Izawwlgood
Right, I understand the old laptop can be infected, but assuming the only source of information flow off the thing is via USB to a secured computer, is that a problem?

Re: What's your virus/security procedure?

Posted: Fri Jul 31, 2015 4:39 pm UTC
by Thesh
Your unconnected laptop can be assumed to be as secure as the least secure machine you transfer USB sticks to and from. So if that machine is not infected with anything, your laptop cannot be infected with anything.

Re: What's your virus/security procedure?

Posted: Fri Jul 31, 2015 10:08 pm UTC
by WanderingLinguist
Thesh wrote:Your unconnected laptop can be assumed to be as secure as the least secure machine you transfer USB sticks to and from. So if that machine is not infected with anything, your laptop cannot be infected with anything.


Technically speaking, I suppose it could be less secure than that.

For example, suppose you've downloaded a JPEG file on your newer more secure machine. That JPEG file contains data designed to exploit a flaw in the JPEG decoder that either has been patched or doesn't apply on the OS on your newer machine. Your virus/malware detection may not care about it because it's not relevant to the platform. So you don't know it's a problem, and stick the JPEG file in a word document because it suits whatever it is you're writing in that document. Later, take it over to the older machine, where the exploit works and (for example) turns on wi-fi and sends out your data.

It's a bit of a contrived example, and I can't imagine someone making malware like that unless they were specifically targeting you, so it's probably not something to worry about. But technically it could happen.

So I think your rule of thumb is generally correct, but if there's sensitive data or a situation where someone might target you specifically, it might need to be assumed to be less secure.

Re: What's your virus/security procedure?

Posted: Fri Jul 31, 2015 10:19 pm UTC
by Thesh
I don't think that is contrived at all, especially when you take word documents and PDFs into account, which could contain macros - these have been exploited many times in the past.

Re: What's your virus/security procedure?

Posted: Sat Aug 01, 2015 6:17 pm UTC
by gmalivuk
I feel like you're still misunderstanding Izawwlgood's question.

The question wasn't whether the unconnected laptop could be infected, but whether that would actually be a problem (in terms of personal data or botnet vulnerability or the like) if the only transfer *off* the laptop was via USB to an up-to-date secured computer.

Re: What's your virus/security procedure?

Posted: Mon Aug 03, 2015 3:03 am UTC
by WanderingLinguist
gmalivuk wrote:I feel like you're still misunderstanding Izawwlgood's question.

The question wasn't whether the unconnected laptop could be infected, but whether that would actually be a problem (in terms of personal data or botnet vulnerability or the like) if the only transfer *off* the laptop was via USB to an up-to-date secured computer.


But if malware could make it on to the laptop somehow, couldn't it theoretically enable wi-fi? In this case the only route would not be via USB any more. Of course, if it's an older laptop with a physical wi-fi switch, this may be a moot point. But if the security is due to disabling wi-fa via software, that could be compromised. (Again, that's in theory; I'm not sure in practice how likely it would be fore someone to build that kind of malware; it seems such a specific application it would most likely be an issue only if you were targeted specifically by someone who knew the setup... so while the setup described may not be perfect, it may be "good enough"...)

Re: What's your virus/security procedure?

Posted: Mon Aug 03, 2015 12:13 pm UTC
by gmalivuk
No setup is perfect, regardless of operating system. If data can go between the computer and the internet, the computer can be compromised.

But if the only way that's feasible is for someone to specifically attack an unconnected XP computer through USB sticks, it seems like a pretty acceptable risk.

Re: What's your virus/security procedure?

Posted: Mon Aug 03, 2015 1:16 pm UTC
by Izawwlgood
Are there any examples of malicious code packaging important information for transfer via USB?

Re: What's your virus/security procedure?

Posted: Mon Aug 03, 2015 2:32 pm UTC
by ahammel
Izawwlgood wrote:Are there any examples of malicious code packaging important information for transfer via USB?

There seems to be the suggestion that the BadUSB vulnerability could be used for that purpose. Not sure anybody has cooked up a proof of concept for it, though.

Slides (PDF)

Re: What's your virus/security procedure?

Posted: Mon Aug 03, 2015 7:38 pm UTC
by Quercus
https://xkcd.com/694/


Spoiler:
I'm really sorry. I just stumbled across this one and couldn't resist.

Re: What's your virus/security procedure?

Posted: Tue Aug 04, 2015 1:50 pm UTC
by Jorpho
I know an unpatched XP installation with no service packs (and maybe even with SP1?) will become magically infected if you just connect it to the Internet and don't do anything. Or at least, that's how it used to be. Would there still be systems out there actively probing IP addresses for ancient vulnerabilities?

Anyway, to the best of my knowledge, XP SP3 with all the patches isn't vulnerable, so I don't see the problem if you're not downloading new programs or using anything but Internet Explorer.

Microsoft Security Essentials for XP is still getting new updates, isn't it? (It's just barely possible to install that without having to "certify" your installation with Microsoft.)

On that note, the first "offline" scanner that comes to mind is Microsoft's Windows Defender Offline. It installs to a bootable USB drive without any fuss, and of course it's free.

Re: What's your virus/security procedure?

Posted: Tue Aug 04, 2015 2:30 pm UTC
by Echo244
This Microsoft Security Essentials?

The product received generally positive reviews praising its user interface, low resource usage and freeware license. It secured AV-TEST certification on October 2009, having demonstrated its ability to eliminate all widely encountered malware. However, it lost the certificate on October 2012, having shown a constant decline in protection and repair scores. In June 2013, MSE achieved the lowest possible protection score, zero


From here it seems they improved since that quote was added to Wikipedia; 0.5/6.0 is now the protection score...

Re: What's your virus/security procedure?

Posted: Tue Aug 04, 2015 4:16 pm UTC
by ahammel
Jorpho wrote:I know an unpatched XP installation with no service packs (and maybe even with SP1?) will become magically infected if you just connect it to the Internet and don't do anything. Or at least, that's how it used to be. Would there still be systems out there actively probing IP addresses for ancient vulnerabilities?
For XP vulnerabilities? Yes, why wouldn't there be?

Re: What's your virus/security procedure?

Posted: Tue Aug 04, 2015 5:16 pm UTC
by gmalivuk
Echo244 wrote:This Microsoft Security Essentials?

The product received generally positive reviews praising its user interface, low resource usage and freeware license. It secured AV-TEST certification on October 2009, having demonstrated its ability to eliminate all widely encountered malware. However, it lost the certificate on October 2012, having shown a constant decline in protection and repair scores. In June 2013, MSE achieved the lowest possible protection score, zero


From here it seems they improved since that quote was added to Wikipedia; 0.5/6.0 is now the protection score...
In any case, MSE stopped updating for XP quite some time ago, which is why I turned off wifi on my XP netbook and just use it as a hard drive at this point (I also have an old ubuntu installation on it, which is also no longer supported but is at least somewhat less likely to have people still actively trying to attack it).

Re: What's your virus/security procedure?

Posted: Tue Aug 04, 2015 5:26 pm UTC
by cphite
Jorpho wrote:I know an unpatched XP installation with no service packs (and maybe even with SP1?) will become magically infected if you just connect it to the Internet and don't do anything. Or at least, that's how it used to be. Would there still be systems out there actively probing IP addresses for ancient vulnerabilities?


Absolutely. The thing about XP is that it's out of service and still somewhat popular in the business world. Those two things combined make for a huge incentive to find exploits.

Anyway, to the best of my knowledge, XP SP3 with all the patches isn't vulnerable, so I don't see the problem if you're not downloading new programs or using anything but Internet Explorer.


XP SP3 is no longer supported; which means that it is getting no new security updates, and that exploits that are found will not even be officially recognized let alone addressed. In other words, I wouldn't use it without assuming it was vulnerable.

Microsoft Security Essentials for XP is still getting new updates, isn't it? (It's just barely possible to install that without having to "certify" your installation with Microsoft.)


Updates for MSE on XP ended July 14, 2015.