Windows 10 Security 'good against zero days!'

[vanished]

9 hours ago, sof006 said:

 

What do you guys think? Anyone here upgraded to anniversary update or has anyone here disabled Windows update all together?

When I read this I scrolled up to make sure this wasn't a necro'd thread... of course, that happened quite a while ago.  If you're not on the latest version, well, if this story doesn't explain why updates exist, I don't know what will ¯\_(ツ)_/¯

[Trik'Stari]

If they have a protection in place to prevent it.....it's no longer a zero day exploit.

[sof006]

4 hours ago, Ryan_Vickers said:

When I read this I scrolled up to make sure this wasn't a necro'd thread... of course, that happened quite a while ago.  If you're not on the latest version, well, if this story doesn't explain why updates exist, I don't know what will ¯\_(ツ)_/¯

Very true although I know people that refuse to update their computers and have Windows update disabled so it wouldn't surprise me if people weren't on the anniversary update.

[Trik'Stari]

4 hours ago, Ryan_Vickers said:

When I read this I scrolled up to make sure this wasn't a necro'd thread... of course, that happened quite a while ago.  If you're not on the latest version, well, if this story doesn't explain why updates exist, I don't know what will ¯\_(ツ)_/¯

Running outdated Windows 7 here. No issues to report.

 

There's this thing, called not clicking on shit you shouldn't ever click on (Like advertisements. Never click them. Just find the amazon page on your own). Really helps. Also checking on something before you download it by seeing if others have downloaded it without problems.

 

You know, basic computer security rules and best practices. That being said I still run a premium anti-virus program. It's saved my bacon more than a few times over the last 6 years that I've been using this company. But no amount of good security and locked down systems can prevent 100% of the damage that a dumb user can do.

[Dabombinable]

11 minutes ago, Trik'Stari said:

Running outdated Windows 7 here. No issues to report.

 

There's this thing, called not clicking on shit you shouldn't ever click on (Like advertisements. Never click them. Just find the amazon page on your own). Really helps. Also checking on something before you download it by seeing if others have downloaded it without problems.

 

You know, basic computer security rules and best practices. That being said I still run a premium anti-virus program. It's saved my bacon more than a few times over the last 6 years that I've been using this company. But no amount of good security and locked down systems can prevent 100% of the damage that a dumb user can do.

Apparently Windows 7 is more secure than 8.1, which is more secure than 10. With Vista being even more secure than Windows 7 because MS knew full well that they couldn't have another OS with as many holes as XP.

[Trik'Stari]

1 minute ago, Dabombinable said:

Apparently Windows 7 is more secure than 8.1, which is more secure than 10. With Vista being even more secure than Windows 7 because MS knew full well that they couldn't have another OS with as many holes as XP.

Meh.

 

The OS isn't as important as the knowledge and practices of the person sitting in the chair. A quick glance at Tales From Tech Support proves that well enough.

[Dabombinable]

1 minute ago, Trik'Stari said:

Meh.

 

The OS isn't as important as the knowledge and practices of the person sitting in the chair. A quick glance at Tales From Tech Support proves that well enough.

When you have exploits that can be used by malware which only reuire a computer to be connected to the internet to infect a computer, knowledge and practices only go so far...

[Trik'Stari]

2 minutes ago, Dabombinable said:

When you have exploits that can be used by malware which only reuire a computer to be connected to the internet to infect a computer, knowledge and practices only go so far...

Indeed. But unless you have someone actively attempting to gain access to that system to upload it, you usually have to put it somewhere and hope people stumble into it, kind of like a landmine of sorts.

[Dabombinable]

1 minute ago, Trik'Stari said:

Indeed. But unless you have someone actively attempting to gain access to that system to upload it, you usually have to put it somewhere and hope people stumble into it, kind of like a landmine of sorts.

I'm talking about malware such as Blaster (https://en.wikipedia.org/wiki/Blaster_(computer_worm)). No one accessing your computer directly to upload the malware. No user actions leading to malware being installed. Simply having your computer connected to the internet at all leading it to get infected.

[Trik'Stari]

1 minute ago, Dabombinable said:

I'm talking about malware such as Blaster (https://en.wikipedia.org/wiki/Blaster_(computer_worm)). No one accessing your computer directly to upload the malware. No user actions leading to malware being installed. Simply having your computer connected to the internet at all leading it to get infected.

Oh. But how often do those occur?

 

I'm not saying you don't need to protect against them btw. I was just stating that overall, more issues come from the users than they do from a nuclear style attack like that.

[captain_to_fire]

2 hours ago, Trik'Stari said:

Indeed. But unless you have someone actively attempting to gain access to that system to upload it, you usually have to put it somewhere and hope people stumble into it, kind of like a landmine of sorts.

Ever heard of Drive-by-download attack? That doesn't need user interaction. All it needs is for the user to visit a malicious website and it will inject malicious code in the temporary internet folder by a browser vulnerability or a plugin vulnerability like the ones found in Adobe Flash. 

 

Browser providers lessened the impact of this kind of attack by implementing sandboxing. This doesn't make the browser invulnerable but sandboxing reduces the chances of being infected with malware by restricting the privileges of each browser tab.

 

[mynameisjuan]

4 hours ago, Trik'Stari said:

Running outdated Windows 7 here. No issues to report.

 

There's this thing, called not clicking on shit you shouldn't ever click on (Like advertisements. Never click them. Just find the amazon page on your own). Really helps. Also checking on something before you download it by seeing if others have downloaded it without problems.

 

You know, basic computer security rules and best practices. That being said I still run a premium anti-virus program. It's saved my bacon more than a few times over the last 6 years that I've been using this company. But no amount of good security and locked down systems can prevent 100% of the damage that a dumb user can do.

People still use basic security as a valid argument?

 

The problem is not being careful with what you click on anymore. Most malware come from ads or hijacked sites, it has nothing to do with what you click on on that site. I dont care how careful you are, but until companies start to get their shit together and monitor who and what advertisers on their site are doing the internet is a hit an miss on if you get infected. Like look at when LTT forum was hacked. If they injected any code into the site we could of all been compromised even though its a good trust worthy site. It wasnt caught until some time later but whoever hijacked their site could of done a lot more damage. 

 

The best security practices you can have anymore is 

#1-do not be an admin. Seriously, after working for companies with 2000+ people with one with admin right and the other without, we went from reimaging 2,3 a day to 2,3 a year. I cant emphasize it enough.

#2-ad blocker. Since almost all attacks are done this way its an instant way to fill a possible entry.

#3- Antivirus. I get people hate them as some seem like they feel like a virus them selves. But any of the top 10 AVs will work and since 10 years ago pc have enough resources that they dont slow pcs down like they used to.

 

Those are the best practices from years of experience.

[Dabombinable]

7 minutes ago, mynameisjuan said:

People still use basic security as a valid argument?

 

The problem is not being careful with what you click on anymore. Most malware come from ads or hijacked sites, it has nothing to do with what you click on on that site. I dont care how careful you are, but until companies start to get their shit together and monitor who and what advertisers on their site are doing the internet is a hit an miss on if you get infected. Like look at when LTT forum was hacked. If they injected any code into the site we could of all been compromised even though its a good trust worthy site. It wasnt caught until some time later but whoever hijacked their site could of done a lot more damage. 

 

The best security practices you can have anymore is 

#1-do not be an admin. Seriously, after working for companies with 2000+ people with one with admin right and the other without, we went from reimaging 2,3 a day to 2,3 a year. I cant emphasize it enough.

#2-ad blocker. Since almost all attacks are done this way its an instant way to fill a possible entry.

#3- Antivirus. I get people hate them as some seem like they feel like a virus them selves. But any of the top 10 AVs will work and since 10 years ago pc have enough resources that they dont slow pcs down like they used to.

 

Those are the best practices from years of experience.

I still remember Norton on my old laptop (standard 1 month "license"). 512MB of RAM wasn't enough despite it being almost overkill back then, and the Pentium 4 HT 3.2GHz was pegged at 100% from logon to shut down (I still have the installation disk for it as well). Now though even a 45nm 2GHz mobile Pentium dual core is enough for basic tasks+antivirus (even with 2GB of RAM).

[mynameisjuan]

1 hour ago, Dabombinable said:

I still remember Norton on my old laptop (standard 1 month "license"). 512MB of RAM wasn't enough despite it being almost overkill back then, and the Pentium 4 HT 3.2GHz was pegged at 100% from logon to shut down (I still have the installation disk for it as well). Now though even a 45nm 2GHz mobile Pentium dual core is enough for basic tasks+antivirus (even with 2GB of RAM).

Yeah back then antivirus was worse then actually having a virus. But also back then viruses existed for one purpose, to piss you off. Which fit the bill perfectly for older AVs. 

 

Now a days viruses are not a thing and its switched to malware that is just there to steal information or force you to pay up. Most are next to invisible to prevent anyone from finding them. Antivirus adapted with them and now use very little resources and are better optimized with scanning and heuristics. 

[vanished]

10 hours ago, Trik'Stari said:

Running outdated Windows 7 here. No issues to report.

 

There's this thing, called not clicking on shit you shouldn't ever click on (Like advertisements. Never click them. Just find the amazon page on your own). Really helps. Also checking on something before you download it by seeing if others have downloaded it without problems.

 

You know, basic computer security rules and best practices. That being said I still run a premium anti-virus program. It's saved my bacon more than a few times over the last 6 years that I've been using this company. But no amount of good security and locked down systems can prevent 100% of the damage that a dumb user can do.

Those are good tips regardless, not an excuse to not update.  That's like saying you're very careful about who you answer the door for, and so you leave it unlocked at all times.

[Doobeedoo]

That's great. It got quite better.