With full respect to your opinion, except from the user and his control on what to execute, isn't it possible for a user to get infected by javascript malware for example (web)? It's not neccessary that he must approve it to do it's work...Detection rate is based on the users own actions not the product they choose to use because none will detection every single malware in the wild. You can easily get infected using any product if you don't use precautions. Just because a products fails to detect a sample doesn't mean that sample will infect your system. The user always has control over what they decide to download and run.
Users with good downloading and other online habits can easily get by just fine only using a light AV with moderate detection and Windows Firewall.
The best protection for reckless users is "Limited User" accounts, since no security products will be able to protect them.
Enjoy!!
Even javascript malware requires users to manually run an infected file. They can download into your browser's temp folder but can not execute themselves and will be removed when you clear your cache. Malware writers now just basically design fake alert websites and let the user's own ignorance infect themselves, it is easy and simple you don't have to worry about bypassing security products, browser protection features or Windows components. The user clicks on a fake file, ignores all warnings, runs it anyway and get infected. Fake alerts have a much higher success rate for infections since most users don't pay attention.
And what about all the reports I read on the net about malware that runs without user interaction? I know, this must have been discussed very much in this forum, but for some reason I didn't manage to get a robust truth in my mind xDEven javascript malware requires users to manually run an infected file. They can download into your browser's temp folder but can not execute themselves and will be removed when you clear your cache. Malware writers now just basically design fake alert websites and let the user's own ignorance infect themselves, it is easy and simple you don't have to worry about bypassing security products, browser protection features or Windows components. The user clicks on a fake file, ignores all warnings, runs it anyway and get infected. Fake alerts have a much higher success rate for infections since most users don't pay attention.
Enjoy!!
Users that are using out-dated browsers, software and fail to apply Windows Updates.
Firewall isn't needed when windows firewall is always there.No Firewall in Baidu Antivirus
You can find such articles written in the last 5 years. I refer to malicious code running just when a page is loaded. Not to files downloaded via the regular way.Users that are using out-dated browsers, software and fail to apply Windows Updates.
Check the dates on the articles found on the web they probably only apply to the days of IE6 (2002) and before.
Before other browsers got popular about 90% or more users only used IE as their browser and it was full of Active X Control vulnerabilities.
The problem was fixed with the release of IE7. However some users still use IE6 today and get infected regularly.
With modern browsers even the current IE will block files that try to download and run. Many users make the mistake and select "Run" on IE downloads instead of "Save" which gives the file permission to automatically run. That is user error because they still have to give the file permission to run on UAC prompt. Some users get embarrassed by their own ignorance and say the malware just attacked them when they visited the site. They don't want to admit that they selected "Run" on the IE download and choose to ignore UAC prompt, click "Approved".
It is much easier to blame something else for the infection then to hold their head down in shame for being ignorant.
Enjoy!!
Malicious codes can not execute themselves and can not infect a remote system without the user manually running a file.
Thanks for your accurate description of your experience! The truth is that even me who test malware every some months in VM I have not managed to infect the system via visiting dozens of blacklisted websites. Even UAC prompts did not appear ever.Malicious codes can not execute themselves and can not infect a remote system without the user manually running a file.
If the articles are written by security vendors that sell products it is just an ad campaign, scareware tactics to make users buy or use their products. Think about it, I have been using the web since 1995 and on older Windows and browsers this was possible and happened often. I haven't come across any malicious codes that could do this since the release Windows XP SP3 and IE7. Of coarse older IE versions are vulnerable and so is XP now, but on Windows Vista and above this is no longer possible unless the user fails to keep their software updated.
The most common vulnerability to execute malicious codes is the Java browser plugin, most browsers have already disabled it by default.
Adobe Flash Player and Adobe PDF Reader is also commonly used to execute malicious codes. Keeping Flash Player updated is a must, use an alternative PDF reader or Google Chrome and Firefox has their own now.
New vulnerabilities are discovered all the time and if some sites had malicious codes used as exploits, UAC would still block them from executing. I browse all over the web even some infected sites and I have not come across any malicious codes that could automatically run without the users permission and UAC prompts. Because if any do exists they are extremely rare to find if you have everything currently updated. If some websites did have malicious codes that could run just by clicking on the links without downloading any files then no security products would be able to protect you period because they would have to bypass Windows kernel in order to be effective, only UAC and update patches can protect kernel exploits, once Windows kernel is bypassed all software based products are useless.
Thanks.
Would you be so kind as to explain why the antivirus is a "must" please...i dont use file sharing or run as a server .i have been under the impression an antivirus is not needed on a linux os.
