Your PC is infected, but is it your fault?

[RoboMan]

I dont remember how many times i used cracks, keygens etc... I dont remember how many times i downloaded cracked games-AV's-programmes-Windows, movies via torrent. But the truth is i couldnt afford buying all of these like so many people and i risked it so many times... But i had my cracked AVG IS to protect me for everything . I was stupid.
And the funny thing is, i didnt get infected once. Coincidence, i think not.

I remember using a automated bot to play for me on Runescape so i could level faster. It was awsome until 1 month later i logged in and realised my Runescape bank was as empty as my soul. Needed to cry for a week.

Worrying about exploits is not precaution, it is paranoia.

Precaution is installing security softs and then being confident that they will do their intended job within the scope of their designed capabilities.

If everything was as simple as install and be protected then exploits would not have a place, would they? It's just as Bora mentions. I can have all updates up to date, and my OS lastest version. But if i'm the first EternalBlue reached, and the patch is ready until next week, then precaution as you mention is useless.

EDIT: well i just saw the last sentence you added about sticking to the best security practices which is exactly what i think, so +1 on that

 

[BoraMurdar]

I dont remember how many times i used cracks, keygens etc... I dont remember how many times i downloaded cracked games-AV's-programmes-Windows, movies via torrent. But the truth is i couldnt afford buying all of these like so many people and i risked it so many times...

1/10 of my friends have legal Windows, Office... 2/10 of my friends actually buy games they play.
It's the real world, at least where I live. But infection ratio dramatically dropped once they start downloading stuff from reliable and "probably reliable" sources and autors.

 

[BoraMurdar]

If everything was as simple as install and be protected then exploits would not have a place, would they? It's just as Bora mentions. I can have all updates up to date, and my OS lastest version. But if i'm the first EternalBlue reached, and the patch is ready until next week, then precaution as you mention is useless.

Sooner or later, something will come that will force us to extend our radius of protection. It's in people's nature to overcome ourselves. But until then, I think it's the most healthy to approach this theme as an agnostic atheist :
"I accept what is known about the world, I don't believe in what is not, and I don't pretend to know the rest"

 

[509322]

If everything was as simple as install and be protected then exploits would not have a place, would they? It's just as Bora mentions. I can have all updates up to date, and my OS lastest version. But if i'm the first EternalBlue reached, and the patch is ready until next week, then precaution as you mention is useless.

EDIT: well i just saw the last sentence you added about sticking to the best security practices which is exactly what i think, so +1 on that

Just knowing how many systems actually get smacked by exploits in real-life practice, the statistics clearly show that exploits on up-to-date systems are at the very bottom of the threat landscape.

For example, EternalBlue exploited systems constitute approximately 0.2 % of all active systems.

 

[DeepWeb]

It's not your fault when it's the fault of a big company.

 

[mekelek]

a whole lot of people are dissing security products here while using multiple ones.
almost making it look like you don't need one cause they don't work anyways...

 

[WolfensteinXeen]

I voted yes. I believe that in today's constant cybersecurity threats and how important our cyberlives has become, it's our responsibility to learn, keep being informed and invest the necessary time and money to protect ourselves.

I understand how non-tech people can feel it's boring or complicated. But at some point, the users will have to realize all the possibilities that internet provides them (accessing their bank account, communicating with friends and family, watch movies, play online, share their documents, etc..) and that it requires some basic knowledge to ensure their safety.

With recent events i think people will take more time te be informed and have the minimum required knowledge to be safe online.

 

[WolfensteinXeen]

Just knowing how many systems actually get smacked by exploits in real-life practice, the statistics clearly show that exploits on up-to-date systems are at the very bottom of the threat landscape.

For example, EternalBlue exploited systems constitute approximately 0.2 % of all active systems.

Thanks for the info, i didn't knew that

 

[509322]

Thanks for the info, i didn't knew that

The whole subject of exploits is not well understood on the forums.

 

[cruelsister]

They often are just presented as Magic.

But on the "Whose Fault" topic- You are using a browser extension that is totally legit and you like it a great deal. The author gets an offer he/she can't refuse and sells the product and everything that arises from it (like credibility, certificates, etc). The new owner recodes the product and includes a data harvester. There is an update which you install, and now whatever data collected is no longer just yours.

This happens all the time and frequently is uncovered way after the fact (if at all).

So whose fault here- the innocent user or the extension repository that didn't vet the new update?

 

[Deleted member 178]

When you are going online, you accept the fact that you may get infected.

Same as going out your home, you accept the probability that you may die because of some event.

 

[BugCode]

My fault, my failure, is not in the passions I have, but in my lack of control of them.

 

[Duotone]

Great thread @BoraMurdar !

Nice analogy @cruelsister and @Umbra...

Exploits... pffffff - only OCD paranoid worry about exploits

When is the last time that someone who has been on the security forums a long, long time can recall someone reporting that their system was exploited ?

That's a question for another poll, but exclusively a good one. I cannot recall such a case.

Would also like to see this kind of poll many topics regarding exploits but only few "really" experience it...

 

[Sunshine-boy]

It's all my fault
but what if someone tries to hack me or reach my network?

 

[ispx]

Worrying about exploits is not precaution, it is paranoia.

Precaution is installing security softs and then being confident that they will do their intended job within the scope of their designed capabilities.

Precaution is keeping all software updated, including the OS, and adhering to best security practices.

i totally agree with this & i would like to add that if you have been a member of MalwareTips for a considerable amount of time & you still have a fear /

paranoia about getting infected than i would say you wasted all your time on this forum. there is a plethora of data & tips & helpful members & mods on

MalwareTips to help you make your machines as safe & secure as possible. i personally feel a year old member on MalwareTips should be confident

enough to go online without any fear / paranoia. if you are afraid of the web i would suggest sell of your computers & go easy on your heart.

 

[Andy Ful]

I think that most of MalwareTips members, have security paranoia above an average level. I have never been hit by any kind of exploits, but posted many times about them. I do this, because I like it.

 

[509322]

Staff should make a poll that asks MT members if they've ever been infected. I'd bet that a poll with multiple infection categories will give results that will be single-digit for most categories. It would be quite interesting to see the poll results.

The single most prevalent "infection" that I see in testing are "browser locks" - where a browser tab is hijacked. The fix is trivial. Just terminate the browser via the Task Manager and then run CCleaner. I see at least 40 browser locks per year.

The poll results will not be accurate because of what users consider an infection is apt to be incorrect. Anyway, the results would still be interesting.

"Malicious" code that does nothing on a system does not count as an infection; the malicious code has to do something unwanted. A lot of users do not understand this basic concept. What I am saying is this - if a "malware" is running and all it does is cause a CPU spike, then it does not count as an infection. Also, a malicious file that is detected, but it cannot run on the system does not count either.

 

[509322]

I think that most of MalwareTips members, have security paranoia above an average level. I have never been hit by any kind of exploits, but posted many times about them. I do this, because I like it.

This is true of most members on most security forums. Paranoia itself is not bad if it drives one to obtain an increased awareness. Paranoia without understanding, on the other hand, is not good. It is what has so many users running around like chickens with their heads cut-off to patch SMBv1 when they never used, and never will use, SMB. The same can be said of many other things on the forums.

 

[Andy Ful]

There are many Adware samples on VirusTotal, that are flagged as trojans by several antivirus engines. Then guys change the antivirus, because of such "serious" infection. On Emsisoft website one can read that over 75% infections are related to PUPs.

 

[509322]

There are many Adware samples on VirusTotal, that are flagged as trojans by several antivirus engines. Then guys change the antivirus, because of such "serious" infection. On Emsisoft website one can read that over 75% infections are related to PUPs.

From time to time you will see someone come onto the forum and ask for an AV that will prompt the user to allow, block, quarantine when a PUP is detected. I think the main issue is auto-quarantine. Some AVs have a setting to prompt the user instead of auto-quarantine. Also, it is easy enough to create exclusions in most security softs. At least some users do not want to be hassled with creating exclusions.

I've asked questions as to what was being detected, but never did get to the bottom of it in all the cases that I asked. So I'm not sure if it is cracks, warez, legit utilities from SysInternals or NirSoft, etc, or it is something more ominous.