I'm using hierarchical backup. Logfiles of backups could tell when and how maleware spread. And even more important, one can restore a system after infect quickly.
I'm using a detached screen for ssh master control, and an rsync script to sync servers to my backup server, from where hierarchical backup is done to USB disks in the most simple way: `cp -al` and rsync. I have 3 piles of disks. One attached, one in the shelf, and one at a neighbor and shuffle them weekly.
I'm using network scans, and keep things containerized with tight fitting firewall rules.
On my personal VPS I'm using separate encrypted partition to store version-controlled file containing list of all files (with size, last mod date, creation date etc.) and updating this file after system update. From that I know if my system was compromised. I keep another repository of all config files and scripts that automate building any non-standard components. So if I was hacked (I would assume the biggest risk is my web app) I would dump logs for later analysis and rebuild whole box from scratch in a matter of minutes. If there is nothing obvious in logs I then have my own utility that I use to detect anomalities in logs (behavioral analysis).
I also use rkhunter (that in a sense does similar thing in terms of keeping track of files being changed)
Apart from that I'm analysing logs frequently to see potential attempts.
I use Avira on Windows 7. Once a week, I run Spybot.
I do weekly backups, alternating between two sets of disks that are kept at opposite ends of my flat in case only one end burns down, as happened to a friend. The really critical must-not-lose data is encrypted and stored on SD cards on my keyrings that I keep with me all the time.
I have no knowledge whatsoever about this matter. That being said, I went seven years without running an antivirus and zero apparent harm was done to me. It could be that the viruses just did a good job of hiding themselves, but whatever (somehow I doubt it).
Now I live at a place whose internet requires me to have an antivirus installed. It's super annoying--Avira on Mac. It keeps popping up and telling me it's keeping me safe and I keep thinking "the gall of these people..."
(One might suggest simply disabling certain annoying features, but my God, university internet.)
The interesting bit here is that modern viruses don't ever make themselves known. They aren't there to prank you or make your life more difficult, they are there to steal your login credentials for financial sites, to be proxy servers to mask people who are trying to avoid having their IP address revealed, to send spam or do reflective DDOS attacks on third party sites. You'll never know they are there, unless you're system is slow one day because its doing your work and the virus owner's work at the same time.
> The interesting bit here is that modern viruses don't ever make themselves known.
Not disagreeing with your main point, but this bit is a bit statistically wrong, in my experience. (See also my comment downthread, https://news.ycombinator.com/item?id=10118516) We see a lot more malware that is obvious -- or, would be to a more technically savvy user -- and a lot less malware that's being really sneaky.
But there is still a lot of sneaky malware and to the extent that you're saying that people shouldn't trust that they aren't infected just because they aren't noticing anything out of the ordinary, you're completely right.
How did you get "exes only" from the word "binaries"? Anything can be uploaded to VirusTotal - Office documents, images, zip files, exes, installers...and that's what I do - pretty much anything that isn't a simple text or code file.
The last virus I got was back in the 90's. It was called the New York Boot Virus and I got it by accidentally leaving a floppy disk in my machine as it booted up.
No. I use a dedicated untangled box for a firewall to keep things out, and I use an IDS (security onion) that does packet analysis to check for any naughty egressing (malware, C&C, etc). Best antivirus around, is common sense.
Mac user here: I'm using nod32 as AV and Backblaze for automatic backups. I'm also using an object storage on rackspace for storing random stuff and last but not least, I'm not going head first on any shady website or things like that.
Oh and also I'm not letting anyone on my computer unattended by me.
It doesn't matter if you have the best security solution because in the end, the human factor is the most vulnerable part of any computer.
On OSX.
I don't use an AV.
In fact, I've visited known virus sites for the heck of it or plugged in infected USBs from Windows users to help clean it/recover data.
Nothing has happened to me, and it's been 2 years.
People keep harping on about the fact that viruses for OSX do exist. I don't dispute that. But realistically, outside of virus labs and white hat conferences, has anyone experienced or witnessed a Mac virus in the wild?
Ditto the above question to any other *nix users as well.
I started out with AdBlock Plus, switched to AdBlock, and now I'm using uBlock.
I guess that rules out browser-based exploits doesn't it? Since the browser is one of the few ways where attackers can automatically detect your system and deliver an OS-specific virus.
I'd imagine that using an adblock decreases your chances of being exposed to a virus by an order of magnitude. (That being said, I have never seen an OSX virus in the wild)
It redirected users to a compromised site, which used JS to load a Java applet containing an exploit that was already patched in the official Java, but not in the default version that comes pre-installed on Macs. The applet tricked you into installing "Flash" on your system.
- Adblock would've stopped the JS from executing in the first place
- We'd definitely have the latest Java versions
- I uninstalled Flash ages ago, and use Chrome's built in player instead, and certainly wouldn't install it from a site that isn't Adobe
Apple themselves have learnt from the incident, and have been speeding up Mac releases of pre-installed software since then.
The possible attack vectors against modestly capable Mac users are quite low..I simply don't see it happening. Unless I'm being targeted by institutional/state hackers. In which case I doubt AV would do much good.
Social engineering and poor passwords are likely to be a much bigger threat than malware.
That's not true in the majority of cases, although it's possible that our experiences are being distorted by the fact that users don't tend to bring their machines in until they're nearly unusable.
But of those infected systems, we see relatively few that have truly sneaky, invisible-to-the-user malware. Far more that's just a gigantic pain in the ass to remove as it's hooked into everything in order to display ads at the user or rewrite links or shoddy code has destroyed one or more browser or OS components.
You have very high regard of yourself (not saying it's wrong :-] )
On my VPS's I always assume I was already compromised. I never trust my system in current state until I do all the checks including analysis of my logs. I have automated this into certain level but you can never know :-)
People I work with used to say that it is only a matter of time somebody will try something you have not thought about - to be prepared for such situations is the key. But that's just my private opinion.
> ...has anyone experienced or witnessed a Mac virus in the wild?
Yes, my shop has had several legit malware removals for Macs, most of them were either Mackeeper or Genieo (or its variants), which was probably installed beginning with a malicious ad on some site the user was visiting.
(I'm not disputing that the situation for Mac users is still significantly better than for Windows users though.)
The two terms are synonymous at this point. If you want to be that pedantic, I think you'd find that a Windows virus hasn't been seen in the wild in a long time either.
Nope. I just use Adblock in all my browsers, and never run executables from untrusted sources. Whenever I install free software, I always go down the "advanced" install route and make sure that no adware is installed.
Been using Windows 7 and 8 for years with this strategy, and now 10. No viruses in years.
With that said, however, I also have a fairly intimate understanding of all of the common places that viruses hook into the operating system, and I double check things every so often just to make sure that everything is clean.
Common places to look: startup locations in the registry (check using msconfig), task scheduler items, services.msc, browser hooks, browser extensions, file/folder context menu hooks, etc... (using tools like HijackThis to look)
If you're going to go that route, you might want to use an adblocker instead.
I tried NoScript for a while, but it was impossible to use, too many sites were crippled or broken by default. I had to keep allowing scripts which defeated the purpose.
when i first started using it many sites were broken, but there are options to "forbid" and "allow" certain domains so after a while when the blacklists and whitelists are built up, it's working pretty well for me!
On Windows the free Microsoft tools Security Essentials or Defender. I gave up on "shrinkwrapped" anti-virus because it phones home all the time and I once I stopped running XP Professional x64, I stopped having to use it.
When I was on Windows I ran AVG (Free version), with no complaints. I don't run anything on OSX. This might be naive of me, but I've never had a virus problem on a Mac (knock on wood).
A disturbing trend is that more malware over time attempts to hide its presence in order to facilitate surveillance, extortion, or attacks against others (leapfrogging, spearphishing, spam, botnets). Malware used to like to draw attention to itself because it was a prank or showing off or because it was adware that profited by showing pop-up ads. But today a lot of malware victims don't know it, and again I think there's a trend that more and more malware tries to hide its presence from the infected computer's owner, permanently or for some period of time.
51 comments
[ 3.4 ms ] story [ 95.0 ms ] threadI'm using a detached screen for ssh master control, and an rsync script to sync servers to my backup server, from where hierarchical backup is done to USB disks in the most simple way: `cp -al` and rsync. I have 3 piles of disks. One attached, one in the shelf, and one at a neighbor and shuffle them weekly.
I'm using network scans, and keep things containerized with tight fitting firewall rules.
I also use rkhunter (that in a sense does similar thing in terms of keeping track of files being changed)
Apart from that I'm analysing logs frequently to see potential attempts.
I do weekly backups, alternating between two sets of disks that are kept at opposite ends of my flat in case only one end burns down, as happened to a friend. The really critical must-not-lose data is encrypted and stored on SD cards on my keyrings that I keep with me all the time.
Now I live at a place whose internet requires me to have an antivirus installed. It's super annoying--Avira on Mac. It keeps popping up and telling me it's keeping me safe and I keep thinking "the gall of these people..."
(One might suggest simply disabling certain annoying features, but my God, university internet.)
Not disagreeing with your main point, but this bit is a bit statistically wrong, in my experience. (See also my comment downthread, https://news.ycombinator.com/item?id=10118516) We see a lot more malware that is obvious -- or, would be to a more technically savvy user -- and a lot less malware that's being really sneaky.
But there is still a lot of sneaky malware and to the extent that you're saying that people shouldn't trust that they aren't infected just because they aren't noticing anything out of the ordinary, you're completely right.
The last virus I got was back in the 90's. It was called the New York Boot Virus and I got it by accidentally leaving a floppy disk in my machine as it booted up.
Oh and also I'm not letting anyone on my computer unattended by me.
It doesn't matter if you have the best security solution because in the end, the human factor is the most vulnerable part of any computer.
100 percent correct.
Nothing has happened to me, and it's been 2 years.
People keep harping on about the fact that viruses for OSX do exist. I don't dispute that. But realistically, outside of virus labs and white hat conferences, has anyone experienced or witnessed a Mac virus in the wild?
Ditto the above question to any other *nix users as well.
I started out with AdBlock Plus, switched to AdBlock, and now I'm using uBlock.
I guess that rules out browser-based exploits doesn't it? Since the browser is one of the few ways where attackers can automatically detect your system and deliver an OS-specific virus.
It redirected users to a compromised site, which used JS to load a Java applet containing an exploit that was already patched in the official Java, but not in the default version that comes pre-installed on Macs. The applet tricked you into installing "Flash" on your system.
- Adblock would've stopped the JS from executing in the first place - We'd definitely have the latest Java versions - I uninstalled Flash ages ago, and use Chrome's built in player instead, and certainly wouldn't install it from a site that isn't Adobe
Apple themselves have learnt from the incident, and have been speeding up Mac releases of pre-installed software since then.
The possible attack vectors against modestly capable Mac users are quite low..I simply don't see it happening. Unless I'm being targeted by institutional/state hackers. In which case I doubt AV would do much good.
Social engineering and poor passwords are likely to be a much bigger threat than malware.
How do you know? Modern day viruses and root kits go out of their way to make things look "business as usual"
But of those infected systems, we see relatively few that have truly sneaky, invisible-to-the-user malware. Far more that's just a gigantic pain in the ass to remove as it's hooked into everything in order to display ads at the user or rewrite links or shoddy code has destroyed one or more browser or OS components.
On my VPS's I always assume I was already compromised. I never trust my system in current state until I do all the checks including analysis of my logs. I have automated this into certain level but you can never know :-)
People I work with used to say that it is only a matter of time somebody will try something you have not thought about - to be prepared for such situations is the key. But that's just my private opinion.
Yes, my shop has had several legit malware removals for Macs, most of them were either Mackeeper or Genieo (or its variants), which was probably installed beginning with a malicious ad on some site the user was visiting.
(I'm not disputing that the situation for Mac users is still significantly better than for Windows users though.)
I don't run untrusted executables without scanning them, or runing them on VM first. Better safe than sorry.
Been using Windows 7 and 8 for years with this strategy, and now 10. No viruses in years.
With that said, however, I also have a fairly intimate understanding of all of the common places that viruses hook into the operating system, and I double check things every so often just to make sure that everything is clean.
Common places to look: startup locations in the registry (check using msconfig), task scheduler items, services.msc, browser hooks, browser extensions, file/folder context menu hooks, etc... (using tools like HijackThis to look)
when i first started using it many sites were broken, but there are options to "forbid" and "allow" certain domains so after a while when the blacklists and whitelists are built up, it's working pretty well for me!
Ubuntu: have ClamAV installed, but don't use it.