Modern operating systems and viruses/trojans/worms etc.

[Rakanoth]

How do modern operating systems (Windows 10 and the latest versions of linux distributions) an make it difficult/impossible for (certain type of) viruses to infect the computer or to function at all? I am looking for an exhaustive information on this topic. I know that Windows 10 comes with Windows Defender. But is this the only development from the older versions of Windows? Maybe, there is some more changes about how the operating system utilizes the memory and CPU which makes things difficult for viruses?

 

Sending a link to an article etc. can also be of help.

 

Thank you.

[Mira Yurizaki]

Permissions. Having a robust permissions system is key for a first line of defense against malware. If you traditional types of viruses, the only thing they have access to is the files that the user who ran the virus has access to. Since in most cases, system and apps files are read-only for standard users, the malware can't infect those. And if the malware tries to do something like set itself up to run whenever the computer starts, on a standard user it may not be able to or it could, but it'll just start up using that same user account. So if you log in using another account, the malware can't do much because it doesn't have access to the other account's files.

 

The only reason why Windows 9x and prior was a hotbed for malware was because there was no such thing as permissions. Windows XP was slightly better, having a permissions system, but given that every default account runs as an admin, which basically has unrestricted permissions, it effectively had the same level of security as Windows 9x. Windows Vista made it so that no matter what kind of account you ran, you could only run things as a standard user and had to confirm via UAC prompts to elevate to admin status.

 

Today most security threats rely on trying to get you to give them admin status, if not try to obtain it via other means.

[pipnina]

I know that for security Linux has containers like Docker and FireJail. It stops the program having access to places and features it doesn't need.

[LogicalDrm]

My very basic understanding of Linux is that user, not even "admin" user has direct rights to control what is being installed. So permissions are handled in layers. User has access for most of stuff they need, except for installing anything. For installing stuff you need root password. So, at least in theory, nothing should be installed without you being aware. I'm not entirely sure how it works with browser addons. From my time of having Ubuntu on laptop I don't remember needing to give root password for those. So I guess their permissions are limited for operation with browser. But can you still get adware addons which download crap? I honestly don't know.

[Mira Yurizaki]

On 8/22/2018 at 1:05 AM, LoGiCalDrm said:

But can you still get adware addons which download crap? I honestly don't know.

Yes, of course you can. But depending on what account it's run on and if you gave it elevated permissions to run, it likely won't be anything more than a nuisance.

[JohnDongus]

With windows its not impossible to get virus's as with any other OS. There will allways be encryption to hide virus's from antivirus programs, then they get found and encrypt again. its cat and mouse and it will last until we get a computer fast enough to brute encryption like that. Maybe when we get a function quantum computer.

 

For the average user who doesn't setup permissions, usual using a default admin account on the computer, if you open it your lose. And alot of the time we see privilege escalation exploits on All if not most OS's. And who knows how many 0day exploits are running around us. And any future exploits.

 

If you want to be safe you need to be smart. The better we get at knowing what we should and shouldn't do on our computers is going to be the best antivirus.

[homeap5]

On 21.08.2018 at 7:11 PM, M.Yurizaki said:

The only reason why Windows 9x and prior was a hotbed for malware was because there was no such thing as permissions. Windows XP was slightly better, having a permissions system, but given that every default account runs as an admin, which basically has unrestricted permissions, it effectively had the same level of security as Windows 9x. Windows Vista made it so that no matter what kind of account you ran, you could only run things as a standard user and had to confirm via UAC prompts to elevate to admin status.

Permissions are part of filesystem, not operating system.

So it's not because XP was better, but because more and more people starts using NTFS instead of FAT.

And of course Vista improves a lot things, but it's not most important if we're talking about permissions.

 

And about topic question - modern operating systems have also better user control over resources. For example - when you saw process in WinXP, you can only see it's name. It can even be named "virus trojan.exe" in task manager, but you cannot find it without deep search. From Vista you can open file location. Also processess cannot be hidden anymore like in old operating systems. Basically you have access to everything that is running on your system - you can find your startup items in task manager, in startup folder, in task scheduler and starts as services. That's all. Program like Autoruns shows you every file virus you have.

[Mira Yurizaki]

20 hours ago, homeap5 said:

So it's not because XP was better, but because more and more people starts using NTFS instead of FAT.

And of course Vista improves a lot things, but it's not most important if we're talking about permissions.

Moving to NTFS was a good idea, but not defaulting every new account as an administrator with effectively unlimited permissions. Running as an admin on XP is the same as running as root on a POSIX system.

 

When the OS has a concept of separate user accounts in conjunction with a compatible file system that has file permissions, gaining administrative access is the end goal for many attacks if not trying to find some way to sniff out data. After all, if you have administrative access, you own the system.

 

20 hours ago, homeap5 said:

And about topic question - modern operating systems have also better user control over resources. For example - when you saw process in WinXP, you can only see it's name. It can even be named "virus trojan.exe" in task manager, but you cannot find it without deep search. From Vista you can open file location. Also processess cannot be hidden anymore like in old operating systems. Basically you have access to everything that is running on your system - you can find your startup items in task manager, in startup folder, in task scheduler and starts as services. That's all. Program like Autoruns shows you every file virus you have.

That doesn't really help in the defense of malware or an attacker though. Finding that you've been infected means you're likely pwned, so it's a moot point whether or not you can find out where it lives.

 

Besides that, if you've been infected by a rootkit, it doesn't show up on the task manager list either. And even then, not every malware can show up as its own process. What if malware injects itself into a trusted application?

[pipnina]

7 hours ago, M.Yurizaki said:

not defaulting every new account as an administrator with effectively unlimited permissions....

 

...gaining administrative access is the end goal for many attacks if not trying to find some way to sniff out data. After all, if you have administrative access, you own the system.

I remember being on some sketchy site many years ago trying to get the latest episodes of i think futurama. Windows Vista "Something wants administrator access" warning comes up, and I click "allow" by mistake. Computer got infected with something.

Situations like that are why you should at least have a password for accounts with administrator privilege, it adds a barrier to making mistakes.

[Mira Yurizaki]

9 hours ago, pipnina said:

I remember being on some sketchy site many years ago trying to get the latest episodes of i think futurama. Windows Vista "Something wants administrator access" warning comes up, and I click "allow" by mistake. Computer got infected with something.

Situations like that are why you should at least have a password for accounts with administrator privilege, it adds a barrier to making mistakes.

While it probably doesn't offer any more effective protection, I run my daily as a Standard user. This forces me to input the admin password if something needs elevation every time. So I actually have to think about accepting a random UAC prompt.