PG Music Home Forums General Discussion Off-Topic Virus/Malware Protection

Possible Safe Computing Suggestions for Musicians:

I. Poor: Using only Windows for everything on a single PC
a. Install AV software
b. Leave AV active for updates
c. Go shopping while the AV software scans for infections
d. Install AntiMalware softwares
e. Update AntiMalware softwares regularly
f. Watch a movie while the AntiMalware software scans for infections
g. Install Firewall and test
h. Install Windows Updates regularly
i. Turn off Firewall while doing Windows updates.
j. Disconnect from the internet when working on a DAW
k. Turn off AV software when working on a DAW
l. Turn off Firewall when working on a DAW
m. Remember to turn on AV Software before reconnecting to the internet
n. Remember to turn on Firewall before reconnecting to the internet
o. Reinstall Windows when an update fubars the system
p. Remember to only surf "safe" sites
q. Hope and pray the site your just surfed to or from was "safe"
r. Encrypt all personally sensitive files and financial records
s. Hope and pray the system is not infected during financial transactions

II. Better: Using only Windows on two PCs
1. Set up Windows PC 1 for DAW and applications
a. Do not install AV, AntiMalware, or Firewall Software
b. Do not do any Windows Updates
c. Do not allow this PC on the internet
2. Set up Windows PC 2 for the internet
a. Install AV software
b. Leave AV active for updates
c. Go shopping while the AV software scans for infections
d. Install AntiMalware softwares
e. Update AntiMalware softwares regularly
f. Watch a movie while the AntiMalware software scans for infections
g. IInstall Firewall and test
h. Install Windows Updates regularly
i. Turn off Firewall while doing Windows updates.
o. Reinstall Windows when an update fubars the system
p. Remember to only surf "safe" sites
q. Hope and pray the site your just surfed was "safe"
r. Encrypt all personally sensitive files and financial records
s. Hope and pray the system is not infected during financial transactions

III. Still Better: Using only Windows on three PCs
1. Set up Windows PC 1 for DAW and applications
a. Do not install AV, AntiMalware, or Firewall Software
b. Do not do any Windows Updates
c. Do not allow this PC on the internet
2. Set up Windows PC 2 for the internet surfing
a. Install AV software
b. Leave AV active for updates
c. Go shopping while the AV software scans for infections
d. Install AntiMalware softwares
e. Update AntiMalware softwares regularly
f. Watch a movie while the AntiMalware software scans for infections
g. Install Firewall and test
h. Install Windows Updates regularly
i. Turn off Firewall while doing Windows updates.
o. Reinstall Windows when an update fubars the system
p. Remember to only surf "safe" sites
q. Hope and pray the site your just surfed was "safe"
r. Remove all personally sensitive files and financial records
3. Set up Windows PC 3 for the internet financial transactions
a. Install AV software
b. Leave AV active for updates
c. Go shopping while the AV software scans for infections
d. Install AntiMalware softwares
e. Update AntiMalware softwares regularly
f. Watch a movie while the AntiMalware software scans for infections
g. Install Firewall
h. Install Windows Updates regularly
i. Turn off Firewall while doing Windows updates.
o. Reinstall Windows when an update fubars the system
s. Visit only the the sites for financial transactions
t. Disconnect internet when transactions are complete

IV. Even Better: Using Windows on one PC and Linux on two PCs
1. Set up Windows PC 1 for DAW and applications
a. Do not install AV, AntiMalware, or Firewall Software
b. Do not do any Windows Updates
c. Do not allow this PC on the internet
2. Set up Linux PC 2 for the internet surfing
a. Install AV software to scan files destined for the Windows PC
1. Avast for Linux (free)
2. Clam AV (free)
b. Update AV only before a scan
g. Install Firewall and test
p. Surf any site and have fun
3. Set up Linux PC 3 for the financial connections
g. Install Firewall and test
s. Visit only the the sites for financial transactions
t. Disconnect internet when transactions are complete

V. Even Better on a Budget: Using Windows on one PC and a Linux Live CD
1. Set up Windows PC 1 for DAW and applications
a. Do not install AV, AntiMalware, or Firewall Software
b. Do not do any Windows Updates
c. Do not allow WIndows on this PC on the internet
2. Use the Linux Live Cd for any contact with the internet
a. Any downloads for Windows must be routed through an internet AV scanner
b. Get a Yahoo account
c. Save the download to your PC
d. Attach the download to a Yahoo email and Yahoo scans it for you
e. Discard email and use the download if it is declared safe

Thanks Tony!

A safe internet is important. There is a reason the anivirus programs are offered in Linux. Avast! is free and they still offer it for Linux.

JBlatz seems to have the idea too. The DAW never connects to internet here. His options give lots of choices.

touche

But if radar was available, you used it, right?

I've been thinking a lot about this and have also discussed with a friend. He's an MIT graduate and has been the Director of the IT Dept. for the complete University of Maine system for 30 years. His comments were:
1. For the average user security is a 50/50 toss up between a Linux Distro like Ubuntu with just a Firewall & a fully protected Widows system. The difference is that with the Windows system you'll know if you have issues as all your real time and off line scanners will warn you. With Ubuntu your only real assurance is what others have said, me included." you'll be safe" Their intrusion detection products are either SO COMPLEX or they don't work.

I Installed an intrusion detection program yesterday after this conversation here. Wireshark. Seemed really nice. Clicked on the icons to view available network connections and it showed none. Found out that the program has to be run with ROOT priviledges. This is TOTALLY against the whole Linux mantra. I said OK I'll try it. So I sudo wireshark and I get a pig popup telling me of the dangers of running this program as ROOT with a direction to their site that further explains to never run this program as ROOT but it's the only way it'll run. It was fun a geeky for awhile but I have no desire to be a programmer. I'll leave the duel boot for awhile but I'm gonna go back, in fact I'm on it, to Windows for awhile.

I am sorry to hear that John. I would have thought that Linux virus ware would have improved with all the developers out there.

I agree with your friend somewhat. I don't think it's 50/50 on 'getting' infected. I think you are less likely on Linux. But I also think if you do get infected in Linux more damage is likely to be done if it isn't caught, and a firewall most likely won't catch it after it's in. A good one may try to stop stuff from getting out, but that would be one of the first things targeted by an intrusion. Serious threats don't try to hurt the machine, they try to gain information or control.

Someone commented about "real-time" virus protection versus "scanning," and implied the former is superior to the latter. I suppose one could argue that, in theory, it is better to prevent than cure. But I find the real-time processes to cost a bit too much in the way of performance (not just with BIAB but with everything, but especially BIAB).

I find running an automatic nightly scan (I use AVG Free) is fine. I also run Spybot Search & Destroy (which is also free, but I throw them 25 bucks every year) and Ad-Aware Free. The only real-time feature I run is Spybot's "immunization," which is preventive. I also run the email scanner of AVG, but I don't consider that real real-time. I will scan with Spybot and Ad-Aware weekly or every ten days.

Also, I don't like any product that purports to do it all. They invariably do nothing well.

And further, using a router provides a very good hardware firewall. So good, in fact, that it is unnecessary to run Windows firewall -- unless there are machines on your side of the network that you don't trust, like a child's computer -- or a dumb-ass adult's.

On my Windows boot I run:
1. PC Tools Firewall+ because I don't have a router I'm on dialup
2. Avast v5 that is an excellent virus tool both real time and scan by not as good at the other malware very light on resources.
3. PC Tools Spyware Dr. excellent anti malware real time & scan but bogs down my computer.
4. Malware Bytes scan only.
The bogging down is what made me go to Linux. If I disable the real time protection in Spyware Dr. I'm OK. Uncertainty is what will bring me back to Windows. I'm still playing with Linux though.

I would also suggest all Windows, Linux, and Mac users subscribe to an email vulnerability service like Secunia Security Advisories. I don't know about other companies, but Secunia delivers email advisories on both Os and software related vulnerabilities. It can be a pain, because often there are a lot of advisories filling your mail box, but it does help keep you up to date on current potential problems.

To subscribe, click the link listed below.
http://secunia.com/community/profile/

sort of interesting. From the Ubuntu Forums

Re: Rkhunter log
Quote:
Originally Posted by Silvertones View Post
This is the one thing that would make me go back to Windows. At least I can run all the tools I have and be assured that there are no issues & if something should get by the real time scanners I can fix them.
I understand your feeling, but i can't agree with your assertion. for instance, only 23% of fully patched AV systems can detect the ZeuS trojan. as of last year, close to 40% of distributed malware could not be detected via static signature scan. the only way to catch some of them is with behavioral analysis, and most AV/IS systems run in an non-interactive mode, to keep the user from being swamped with messages every time a process loads a new dll, or establishes a relationship with another process. of course malware employing a rootkit would not cause behavioral warnings, and most rootkits can't really be detected by conventional AV systems.

with windows you can just never tell if it is clean.
http://www.darkreading.com/security/antivirus/showArticle.jhtml?articleID=220000718
http://www.darkreading.com/security/antivirus/showArticle.jhtml?articleID=215600282
__________________
Things are rarely just crazy enough to work, but they're frequently just crazy enough to fail hilariously.

Quote:

---

40% of distributed malware could not be detected via static signature scan. the only way to catch some of them is with behavioral analysis

---

I believe it, despite that fact that I haven't been hit by anything bad (but I don't go to certain neighborhoods where getting hit is more likely).

Spybot S&D has its "Teatimer" real-time thingamajig. I don't use it, but I know many who do and swear that it's saved them. In the beginning, it nags you a lot, but it learns as it goes, and the warnings and alerts become less frequent.

Look (another analogy alert) -- its like riding a motorcycle.

There are those who haven't gotten off real quick and then there are those who have.

And there are also those who are about to get off again.

get off = lay it down, clown.


--Mac

Well now since we are are on the subject of OS security quite a few of us do online banking and use credits cards on our computers every day. Maybe even some of us or other members of the household visit unsavory sites (just saying) and then we bank on the same installation of the operation system.

Why haven't banks to date not insisted that a separate partition is used for banking or customers should use a live cd or others means to be able to access their acounts.

Just wondering?

Paddy

They would lose customers

Do a little research and see how many financial institutions get hit in a year for $10,000 or more. You'll be surprised.

Why don't we hear about it more? Banks don't want the customers panicing.

You will seriously be surprised how many get hit. And they are running Unix, Linux as well as windows based servers. I had to do a report on it last year. The statistics are a little hard to find, but not impossible. Had to 'join' a few cyber-security groups to get access to some of it, but it's out there. The most recent data is hardest to find, stuff from a few years ago won't be.

As I said earlier, it's because they are targeted. Any OS specificly targeted is vunerable.

Mac is speaking truth though that user error usually contributes. (I didn't understand the 'get off' analogy)
I don't think anyone is immune though. I mean Google, DoD, lots of 'secure' systems have been hit pretty hard lately.

Linux, to me, was more work than it was worth. Just my opinion there, wouldn't try to talk anybody out of trying it based on that. But going in thinking you are immune isn't good.

I didn't have time to read the posts attached to yours Silvertone, will try to find time. I did read what you posted though- I notice he said 'with windows you never know if it is clean', and somehow that doesn't apply to Linux? You always know your system is clean? Doubtful many check it to find out cause 'all you need is a firewall'.<grin>
I do like his point about behavioral attention. Know your system and when it acts funny find out why. Great tip.
How you run your antivirus is uo to the user. He states they run in non-interactive mode. Most do as default, some can be adjusted.

Rootkits are by far the hardest to get. Running malwarebytes has found them for me more than once. I get lots of calls from people when these things happen because people know I usually can deal with them. And so it has caused me to look closer at the subject. I'm not an expert, but have learned a bit along the way.

To be honest I regret jumping into this thread..

That may happen some day, Paddy, as things sort out.

If it does, I fully expect the baddies to figure out a new way of exploiting it, too.

Thieves predate computers by only a few millenia...


--Mac

+1