WTF? Rooted?

[bhtooefr]

So I was searching for lyrics to a song, hit a site, and Avast goes ape****, saying there's rootkits. (And, the files were all in C:\Windows\System32\Drivers, too.)

Interestingly, I was running Opera, not IE or even Firefox.

When I told Avast to move the infected files to the chest (quarantine,) Opera immediately froze, which usually means a plugin was screwing up.

What the hell just happened? At least Avast told me what happened, and is now doing a boot-time full scan (dear god this is going to take forever,) but still... something actually infected the system, it wasn't just seeing some JavaScript exploit in Opera's cache.

[iMav]

Welcome to the Web 2.0 world.

[bhtooefr]

This whole thing is tempting me to run frickin eComStation or something, just so that I don't have any malware exposure. (OK, there is such a thing as OS/2 malware, and DOS and Win16 malware can damage the DOS and WIN-OS2 side of eCS, but let's face it, OS/2, DOS, and Win16 aren't exactly big targets any more.)

[Chloe]

Can you get Adblock Plus and NoScript for Opera?

[bhtooefr]

There is an adblocker built in, although it's not as good as AdBlock Plus.

And, NoScript? F12->Enable JavaScript (unchecked, of course.)

And, Opera does support per-site enabling and disabling of plugins (it's all or nothing, though - on my Mac, I actually take advantage of it to disable Flash on sites that use it in ads,) Java, and JavaScript.

[iMav]

Unfortunately, there isn't a comprehensive solution out there suitable for the home user.  

Blocking ad's can certainly eliminate one threat vector...but any site with active code can, potentially, infect your system.

The nasty is truly the low-hanging fruit...so if you can run an alternative operating system, that reduces your exposure drastically (OS X, Linux, *BSD).

[bhtooefr]

Unfortunately, I need to be able to run Windows apps... and no, WINE is not an answer.

Looks like my security policy will be a little different from here on out. My account will be a user account, I'll have Opera default to not running plugins or Java, and edit site preferences on a per-site basis to enable them.

[djones]

Have you tried rootkitrevealer? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

and hijackthis? http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

[bhtooefr]

Nah, I know the system's screwed, and I've been planning on gradually backing stuff up to my Mac and doing a nuke from orbit anyway, just so I can have that fresh install to start from.

So, I'm just gonna do this today, instead.

[andb]

Im surprised to hear of opera problems, Im so used to it being IE at the "root" of all evil

I often run seperate instances of FF with a limited profile, no plugins, maybe noscript - good for security, also very useful for web debug when you need to log in as multiple users!
http://www.borngeek.com/firefox/profile-tutorial/  (for windows but easily done in linux too)

but for real security, try running FF as another user. You can delete that user's mozilla profile after use for true cleanliness.
http://wp.pr0gr4mm3r.com/linux/how-to-set-up-and-run-firefox-30b2-as-a-different-user-in-ubuntu/

If you can't handle CLI, or are one of the unfortunate stuck with windows, at least use FF3 with the noscript extension when surfing, especially those "not suitable for work" sites...

About the need for windows apps, I have the same situation, solved in an odd way, they run in an XP machine running in VMware on my home debian server. I use rdesktop to access the XP desktop. Out of home? OpenVPN to get to the local network.  Ok, its not for everyone, but it works well once its set up!

[bhtooefr]

The funny thing is, it wasn't one of those NSFW sites that did it (and the NSFW site that I usually use is safe) - it was a lyrics site. I think I'll also start using more links in my daily browsing regimen - I don't need graphics for lyrics, and even if I do, there's always glinks.

[secularzarathustra]

http://www.openbsd.org


http://www.debian.org

[Chloe]

Is it really as simple as switching OS? Experienced Linux users told me I needed to learn how to secure my install when I was playing with Debian.

[iMav]

Is it really as simple as switching OS? Experienced Linux users told me I needed to learn how to secure my install when I was playing with Debian.

Your main threat vector is the web.  These days, most people are behind a NAT firewall/router of some kind...which simply means that, by default, you aren't allowing incoming connections.  So, in that scenario, it's not really all that important to make sure the OS is as locked down as possible.  That being said, most popular linux distros do a good job today of providing a fairly secure default installation.

Most web-based, active code (javascript, activex, java applets, etc) exploits are targeted at the nasty simply because that offers the best bang-for-their-buck.  It's the low-hanging fruit that is most prevalent.

[bhtooefr]

I'll actually go ahead and say that Windows isn't an insecure OS.

However, it's horribly insecure in default config, and even worse, it's a total bear to use in a restricted account that makes it secure.

Also, there is the "low-hanging fruit" thing. You're a spyware developer, and you'll make money from idiots who buy your fake anti-spyware app. So, do you attack:

Windows, with ~90% market share, and the most idiots per machine (who don't even know what computer security is)
Mac OS, with ~5% desktop market share, and a bunch of snobs who think they've got the most secure OS ever
Linux, with ~2.5% desktop market share, and a bunch of people who are even snobbier than the Mac users, but they have a point, and usually run with very restricted accounts by default

[secularzarathustra]

Just because of market share, Windows would be a target regardless; however, they do have the most insecure install by default.

[zwmalone]

This whole thing is tempting me to run frickin eComStation or something, just so that I don't have any malware exposure. (OK, there is such a thing as OS/2 malware, and DOS and Win16 malware can damage the DOS and WIN-OS2 side of eCS, but let's face it, OS/2, DOS, and Win16 aren't exactly big targets any more.)

Why not?  My thinkpad 600 runs OS/2 Warp 4 (4.52) comfortably in a slightly dated kind of way (ah, nostalgia )

[bhtooefr]

I actually had an eComStation VM before I blew everything away, and elected to nuke the eCS VM so that I could actually fit my My Documents directory on my server.

[andb]

My thinkpad 600 runs OS/2 Warp 4 (4.52)

Wow. I haven't used OS/2 since '90. One of my favorite OSs. I had a ton of memory, I think around 64mb! so it really flew. It was a great OS but needed too much memory at the time.

By the way, for XP users, the single best thing you can do is set up an admin account and make your daily account a Limited Access User. You can run programs as the admin by right clicking on the program and Run as... But it should be needed only for installing. This way, if there is an undisclosed bug in a browser, when it goes to write to the registry for example, the system just says, NOPE. You aren't allowed to. Run as an admin (which is the default), and your browser is also a system admin and IT can change anything it wants.

I remember MS blogs from their security guys who agreed that between this limited acct and virus scanner, they'd always first choose the limited acct.

Chloe, I remember my first debian install. Every service from FTP to NFS to making your tea was turned on (or was it that I was really bad at installing, I don't seem to remember...) which is exactly the problem with windows, too many trusting services running, assuming a secure network.

However, modern linux distros mostly start with nothing running. And if your computer isn't listening to the outside world, who needs a firewall? Thats only there to help block the silly ports windows leaves open to the world.

I can highly recommend grabbing an ubuntu install disk, which is also a live system, so you can try it without installing. You can set your computer to boot into both to test. Expect a learning curve though. And things will break, just be prepared to search forums to find what it is. I have about 5 non-technical friends using ubuntu and so far they unanimously love it. Otherwise, I highly recommend Mac OS, just don't install unknown software, especially video codecs, its a favorite attack vector for macs.

Also, keep in mind that you can do almost everything in desktop flavors of linux from the command line. What a great motivation for keyboard fans to switch!

[bhtooefr]

I actually run all three OSes - http://bhtooefr.ath.cx runs Ubuntu Server 8.04 (I'll stick with 8.04 instead of going to 8.10, as it's the LTS version,) this ThinkPad runs XP Tablet, and my iBook runs OS X 10.5.

Of course, I was having trouble with applications refusing to run as limited user, when I changed this account to be a limited user account (by manually logging into the Administrator account, and using lusrmgr.msc.) Not sure what that was about.

[zwmalone]

I'm pretty much OS agnostic.  I run Windows XP (desktop), Windows 7 prebeta (desktop), Ubuntu 8.04 (desktop), Windows Server 2008 (server), OS/2(Thinkpad), and OS X 10.5 (PowerMac G4 Quicksilver).  I have an RS/6000 that I got off craigslist for $10 that runs Unix but I haven't done anything with it yet...  It's probably the most secure of all of my machines for the simple fact that nobody's gonna target an antiquated PowerPC Unix box.

[Chloe]

I can highly recommend grabbing an ubuntu install disk, which is also a live system, so you can try it without installing.

The last time I tried Ubuntu it didn't run. I've had no problems with Knoppix or DSL in the past though. I'm pretty happy using Windows 2000. I feel a bit safer now I have a router.