Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • dipsomaniac
    • By dipsomaniac 10th Oct 18, 10:19 AM
    • 5,927Posts
    • 2,361Thanks
    dipsomaniac
    can anyone share there last windows virus experience?
    • #1
    • 10th Oct 18, 10:19 AM
    can anyone share there last windows virus experience? 10th Oct 18 at 10:19 AM
    When contracted?
    what windows os?
    type of virus?
    what av software installed at the time?
    how contracted?
    how cleaned?
    any other useful info?
    Last edited by dipsomaniac; 10-10-2018 at 10:23 AM.
    "The Holy Writ of Gloucester Rugby Club demands: first, that the forwards shall win the ball; second, that the forwards shall keep the ball; and third, the backs shall buy the beer." - Doug Ibbotson
Page 3
    • AndyPix
    • By AndyPix 12th Oct 18, 1:58 PM
    • 4,060 Posts
    • 3,460 Thanks
    AndyPix
    Certainly safer than Windows 10 solely relying on Windows Defender and Windows Firewall for protection.
    Originally posted by Gillor

    I've never seen anybody be so wrong in all my life !!!


    XP has more holes than swiss cheese - and they are no longer being filled by Microsoft - and haven't been for a while


    You put that machine anywhere near an internet connection and it is open season on it.
    I know at least 10 cracks that could completely own it in seconds
    • dogmaryxx
    • By dogmaryxx 12th Oct 18, 1:59 PM
    • 2,170 Posts
    • 2,576 Thanks
    dogmaryxx
    Sorry, off topic, but friend said they want to "upgrade" (or is that downgrade?) from ME (yes, ME) to XP. Any reliable sources for XP?
    Originally posted by grumpycrab

    Try this version Windows XP Ultimate Edition (by Johnny) .Even has Defender
    • AndyPix
    • By AndyPix 12th Oct 18, 2:02 PM
    • 4,060 Posts
    • 3,460 Thanks
    AndyPix
    ^^ Install a modified OS downloaded from an unknown from the internet


    Yeah right
    • Gillor
    • By Gillor 12th Oct 18, 3:07 PM
    • 681 Posts
    • 363 Thanks
    Gillor
    I've never seen anybody be so wrong in all my life !!!
    Originally posted by AndyPix
    You need to get out more

    XP has more holes than swiss cheese - and they are no longer being filled by Microsoft
    Originally posted by AndyPix
    Really? I didn't know that

    You put that machine anywhere near an internet connection and it is open season on it.
    I know at least 10 cracks that could completely own it in seconds
    Originally posted by AndyPix
    Without knowing how I have locked down my machine isn't that a bit of a presumption. But hey, you could be right. Try me with a few and I'll let you know if/how I have them covered. Never too old to learn.
    • AndyPix
    • By AndyPix 12th Oct 18, 3:58 PM
    • 4,060 Posts
    • 3,460 Thanks
    AndyPix
    The only way you can have "locked down" your machine is if you have edited the OS code / written your own patch/ OS update to fix the many exploitable vulnerabilities that have been left unpatched by Microsoft


    If you have done that then hat off to you


    I suspect you haven't and that metasploit would eat you for breakfast
    • LHW99
    • By LHW99 12th Oct 18, 4:50 PM
    • 1,582 Posts
    • 1,453 Thanks
    LHW99
    Some years ago in XP, came down via an email from a known contact that was dodgy (although I didn't in those days realise).
    Used an uninfected 95(!) machine to get an AV to remove it, and cleaned the odds and ends manually - took a couple of days.
    Now use Mailwasher to check emails and have script / ad / tracker blockers on my browser plus real time and "run on demand" AV - drives the kids up the wall when they try and use my computer, so its not all bad.
    • Gillor
    • By Gillor 12th Oct 18, 7:32 PM
    • 681 Posts
    • 363 Thanks
    Gillor
    The only way you can have "locked down" your machine is if you have edited the OS code / written your own patch/ OS update to fix the many exploitable vulnerabilities that have been left unpatched by Microsoft.....
    I suspect you haven't and that metasploit would eat you for breakfast
    Originally posted by AndyPix
    It’s a few years since I have been eaten for breakfast

    Leaving aside the fact that in the real world most a/vs detect malicious attacks using Metasploit, even though it can be customised, I would be interested as to how you feel Metasploit, or any other exploit for that matter, could circumvent the combination of Shadow Defender/ Anti-logger/Sandboxie and Windows Firewall with out-bound access restrictions.
    • AndyPix
    • By AndyPix 12th Oct 18, 7:49 PM
    • 4,060 Posts
    • 3,460 Thanks
    AndyPix
    Read here for a list of unpatched OS vulnerabilities.


    Most of these 71 issues could be exploited regardless of any of the software you mention being installed.


    https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-739/cvssscoremin-5/cvssscoremax-5.99/Microsoft-Windows-Xp.html


    You hit a snide web page exploiting one of those bad boys and there you are
    And you may not even know it's happened


    Yes you can roll it back, but that doesn't stop your current session being owned
    Last edited by AndyPix; 12-10-2018 at 7:53 PM.
    • Gillor
    • By Gillor 12th Oct 18, 9:09 PM
    • 681 Posts
    • 363 Thanks
    Gillor
    Read here for a list of unpatched OS vulnerabilities.
    Most of these 71 issues could be exploited regardless of any of the software you mention being installed.
    Originally posted by AndyPix
    I've never said that XP does not have unpatched vulnerabilities, what system doesn't. What I am putting forward is that the real world risks are negligible if the system is properly protected.

    You hit a snide web page exploiting one of those bad boys and there you are
    And you may not even know it's happened.
    Originally posted by AndyPix
    I don't need to - when I hit the restart button whatever was there , if anything, is gone.

    Yes you can roll it back, but that doesn't stop your current session being owned
    Originally posted by AndyPix
    Who owns it if it can't record key strokes and all outbound communications are blocked?

    If you think my back-up XP system is suspect try running a pack of zero-day malware against Windows 10 with Windows Defender as your only layer of security and see how successful that is by comparison.
    • AndyPix
    • By AndyPix 12th Oct 18, 10:17 PM
    • 4,060 Posts
    • 3,460 Thanks
    AndyPix
    It's like trying to talk to children !


    If you understood what zero day vulns were then you would realise how silly that statement is.
    If you understood some of the vulns in that list you would realise how useless your software was.
    What's all this nonsense about all outbound comms blocked too - you realise how the internet works, right ?

    I'm not going to argue with you over this silliness. If you want to believe that your XP machine is as safe as a windows 10 box then you crack on


    What a bizarre arguement
    Last edited by AndyPix; 12-10-2018 at 10:21 PM. Reason: still no idea how to spell bizzzarre !!
    • Stoke
    • By Stoke 13th Oct 18, 12:02 AM
    • 2,980 Posts
    • 3,144 Thanks
    Stoke
    ^^ Install a modified OS downloaded from an unknown from the internet


    Yeah right
    Originally posted by AndyPix
    I know we've disagreed before, but you have to laugh don't you:

    Take one of the most exploited and mangled OS's ever released to the public..... and install a version that's been hacked up by some kid in his bedroom and put up for BitTorrent. Oh goody.

    OR.......... have you considered something like Lubuntu? It's a super lightweight version of Ubuntu designed for really old laptops. I run it on this old shabby Centrino laptop (that's right, not even Core 2 Duo) from about 2008 with a sticker on that proudly boasts "Designed for Windows XP/Vista Certified". It runs pretty well. Yeah you can't watch YouTube HD content and what not, but everything else works great and I've used it for all sorts..... Word Documents, E-mails, Programming, Retro Games, Wine, etc..... Works great

    @Gillor, I can't be bothered to respond to every last daft point you've made.... but you're wrong and for so so many reasons. Just because you've got 40 different AV's on your PC, that can all pickup the Spiral Trojan or some other ridiculous malware doesn't mean there aren't coding flaws that still exist within Windows XP and that can be exploited. These are now not being patched.... You've also got the fact Windows XP's security is still only trivially better than Windows 98. Windows 2000 security anyone??? Forget about viruses, forget about trojans, the security on Windows XP out of the box, as I said above IS HORRIFYING. They only got the hang of it around Vista and even that's pretty awful. I'll give you a terrible analogy for how Microsoft's security came about.... we'll start from 95 as I don't see the point in mentioning 3.1.

    Windows 95 - Like having a car, with the doors unlocked and the keys in the ignition. All you need to do, is turn the key.
    Windows 98 - As above, except the key is in the car door rather than the ignition.
    Windows 2000 - The car is locked, but the keys are on top of the doormat by the front door.
    Windows XP - The car is still locked, and the keys are just slightly under the doormat by the front door.
    Window Vista - The car is stilled locked and the keys are nowhere to be seen.... but stick your hand through the letterbox and they're on a table by the door.
    ...... and at Windows 7, they finally started to get a hold of it.

    Now..... shall we move onto full drive encryption? Let's not get started on that shall we? Another wonderful Windows omission. Oh wait, they got bitlocker in Windows Vista didn't they? No, because you had to buy the most expensive version which came pre-installed on no hardware really. So it was more like 8 and 10 then? Only about 30 years too late. Still haven't mentioned that whole Internet Explorer 6 thing yet either or IIS..... the most dangerous web browser ever released to the public coupled with the most exploited web server of all time!!

    For too many years Windows was basically sold as a single user system out of the box, giving full administrator access to Joe Public. Windows didn't even get file permissions for god knows how long.....remember this old trick (worked better on 95/98, but good to know it still worked on XP):
    https://www.youtube.com/watch?v=o4oiQVX3hMc

    Linux distributions on the other hand have always been multi user systems by design. File permissions etc. The above is simply not possible to the average user running a fairly standard distro because unless you're running on an embedded device that does not require a multi user setup, the root account is not usually the one you'll login too. You may well set a root password, but you're unlikely to use a root shell, unless you absolutely know what you're doing, so you won't have permissions to start rm * / etc. Heck, I can prove it if you like? I'll try delete every node in my /dev/ folder
    Code:
    joe@joe-AMILO-Pro-V3505 ~ $ rm /dev/*
    rm: remove write-protected character special file '/dev/autofs'? 
    rm: cannot remove '/dev/block': Is a directory
    rm: cannot remove '/dev/bsg': Is a directory
    rm: remove write-protected character special file '/dev/btrfs-control'? y
    rm: cannot remove '/dev/btrfs-control': Permission denied
    rm: cannot remove '/dev/bus': Is a directory
    rm: cannot remove '/dev/cdrom': Permission denied
    rm: cannot remove '/dev/cdrw': Permission denied
    rm: cannot remove '/dev/char': Is a directory
    rm: remove write-protected character special file '/dev/console'? ^C
    joe@joe-AMILO-Pro-V3505 ~ $ ^C
    Ignore the things about folders, that's because I've not set the recursion flag.... I might be using a modern distro, but I'll bet my car that if you find an older distro from say 2000.... the same result will occur.... Everything is a file baby Love it.

    ............
    Oh and all of this.... was posted from a 10 year old Fujitsu Core Laptop Running Lubuntu......
    Last edited by Stoke; 13-10-2018 at 12:15 AM.
    • Gillor
    • By Gillor 13th Oct 18, 1:30 AM
    • 681 Posts
    • 363 Thanks
    Gillor
    @AndyPix
    Ok, for “zero day” read “new/fresh”, and for “outbound communications are blocked” read “outbound rules apply” if you want to be pedantic.

    I didn’t realise we were having an argument but if we are going to get personal, if you think that Shadow Defender and Sandboxie is “useless software” you obviously have no idea how either work or are being purposely obtuse – probably the latter I suspect. Why do the words “rattle and “pram” spring to mind.

    Anyhow, feed your own ego, I’m out of here before we both get banned.
    • Gillor
    • By Gillor 13th Oct 18, 1:31 AM
    • 681 Posts
    • 363 Thanks
    Gillor
    @Stoke

    Thanks for your detailed explanation; very enlightening.

    But just to be clear, are you saying that if I run say XP in what is, for all intents and purposes, a virtual environment e.g. i.e Shadow Defender/Sandboxie my system is still at permanent risk?
    • robatwork
    • By robatwork 13th Oct 18, 10:40 AM
    • 4,730 Posts
    • 5,303 Thanks
    robatwork
    1987
    Cascade
    DOS

    https://youtu.be/z7g-v3d7-Gk?t=137
    • Stoke
    • By Stoke 13th Oct 18, 10:49 AM
    • 2,980 Posts
    • 3,144 Thanks
    Stoke
    @Stoke

    Thanks for your detailed explanation; very enlightening.

    But just to be clear, are you saying that if I run say XP in what is, for all intents and purposes, a virtual environment e.g. i.e Shadow Defender/Sandboxie my system is still at permanent risk?
    Originally posted by Gillor
    Possibly, it depends. Obviously it's at a significant less risk than an entirely unpatched Windows XP machine, of which there are still too many out there playing around with the world wide web etc.

    I've not used Shadow Defender before, but it looks a little like OverlayFS in Linux, so while that should protect the underlying root flesystem from nefarious write activity, is doesn't do anything to protect you from unpatched bugs that may remain within Windows XP. It's also impossible to quantify just how many of those bugs remain, because bugs are found all the time and will be for years to come.... and it's whether those bugs manifest into something more serious. Luckily, in the past, when this has happened Microsoft has actually gone back and fixed OS's they have previously dropped all support for.

    From the few minutes I've spent reading up on Shadow Defender and Sandboxie, they achieve roughly the same thing, albeit with slightly different methods. Shadow Defender appears to do an 'OverlayFS' style union mount, with a read-only layer and a read-write layer, whereby the read-write layer is (intentionally) lost on reboot, leaving only the read-only layer which is the optimal setup. Sandboxie appears to sandbox individual applications which is more like a SELinux strategy. Both of these tools will obviously prevent viruses and trojans and malicious software from doing certain things to your root file system, but they're not going to protect against OS specific issues. That isn't what they are designed to do either.

    I'll concede that you've obviously thought about this and therefore aren't a complete novice. Your setup will be a lot safer than many other systems out there that continue running XP. However, I really wouldn't go anywhere near suggesting it's truly secure. I would also find it hard to believe that's as secure as Windows 10..... unless Microsoft have really let themselves go again. Never say never though....

    Now, if you were running XP as a true VM, I would say go right ahead, just don't ever use that VM for sensitive work, banking, e-mails etc. Just use it for games or whatever reason there is to keep XP. I'm sure you spent time looking at VM's when you were looking up Shadow Defender, but the huge benefit of a true VM is the host OS is completely and utterly inaccessible from the guest OS. With all the Virtualisation options that come with PC's now, a VM can run almost as fast as a host OS. If some hole was discovered in XP that allowed you to compromise the entire OS, your host OS would remain completely unaffected.... All you would lose is the guest OS, and anything you might have done within that environment. The alternative (Which is becoming more common) is the offline workstation running 95, 98 and XP.... these appear to be primarily games machines though.

    It's up to you, I personally think continuing to use XP on a daily basis is playing with fire, but there we go.
    • AndyPix
    • By AndyPix 13th Oct 18, 4:34 PM
    • 4,060 Posts
    • 3,460 Thanks
    AndyPix
    2 great posts there Stoke - kudos for having the patience to explain it like that ..




    coding flaws that still exist within Windows XP and that can be exploited. These are now not being patched
    Originally posted by Stoke

    ^^ This right here is the crux of the matter


    Respect
    Andy
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

3,805Posts Today

6,958Users online

Martin's Twitter