In reply to a post by Pipexer:

...... Using limited/admin accounts on a home PC is just wasteful of time, just use an Admin and get on with it, that is what User Account Control is for....

Defeating UAC is a fairly simple matter that is widely documented.

Give the kids their own PCs, they will probably want to play games which, you guessed it, often need Administrator permissions.

If not then perhaps yes, give the kids so-called limited accounts, but one would expect any adult to be clever enough to use an Admin account without issues on their home PC.

Having said that in my experience most of the trashing done these days is from adults who cannot resist thinking they know better and installing all manner of [censored] software and generally goofing with settings because they read some incorrect article in a PC magazine or some nonsense on BBC news of how to make your PC extra secure by fiddling around with things.

Edited by Pipexer (Sat 18-Feb-12 22:25:01)

If "x" can bypass UAC then it can probably do the same so-called "bypassing" when just logged on as a standard user, hence no difference either way.

It is an absolutely stupid waste of time logging in as a standard user and then switching to an Admin account for your own personal desktop, you can't get anything done properly (software updates, plugins, certain programs etc), the time wasted really is not worth the marginal gain in security.

Not only this, if something requires elevation, it will ask for the Admin account password, which the user would know, and if victim of social engineering, will type in anyway.

So I suppose if you did want to go for reduced risk, then you'd actually put them on as limited users and disable UAC elevation. Does anyone do that? No, they aren't smart enough.

If you are in an enterprise environment then it is of course a different matter.

Edited by Pipexer (Sat 18-Feb-12 22:54:16)

In reply to a post by Pipexer:

If "x" can bypass UAC then it can probably do the same so-called "bypassing" when just logged on as a standard user, hence no difference either way.
It is an absolutely stupid waste of time logging in as a standard user and then switching to an Admin account for your own personal desktop, you can't get anything done properly (software updates, plugins, certain programs etc), the time wasted really is not worth the marginal gain in security.
If you are in an enterprise environment then it is of course a different matter.

I fully agree. My point is that UAC is not and never was a defence against malware. There is at least one 5 year old "privelege elevation" exploit in Windows which is still unpatched. Several rootkits, most "FakeAV", some worm variants and trojans such as BancOS are just a few examples of malware that take advantage of this. Some of these will hook AV scans that are run after infection in order to hide their presence.

This is why it's essential to run decent anti malware/AV/firewall protection despite what others will say!

I disagree that it's essential on any system - because it very much depends on the circumstance.

To explain my train of thought more clearly (because our opinions seem to clash a lot and I ought to give it more explination)

-User is constantly downloading and running files in attempt to get copyrighted material for free and running them: AV essential
-User clicks on things without reading and visits many websites: AV essential

However situations such as the following:

-Very competent user and doesn't do high-risk activities on PC
-Server performing highly secure service only with highly restricted firewall permissions, no web browsing enabled.
-PC disconnected from internet, only CD-ROM media installed on the system.

Would not neccessarily require AV software, in my opinion.

Obviously we have our different opinions on how secure Windows is an OS and different knowledge of exploits.

It's not just limited to those examples above, by all means.

I should say that these opinions are unrelated to security software which blocks phishing sites etc - in my opinion these are social-engineering protection products and not what I'd call antimalware. I certainly have no requirement for something which tells me if a page is fake or not.

The other problem with companies bundling things like with their security product is dilution of the programmers efforts, interfering with the Windows kernel is not micky mouse stuff and I fear that sometimes the development effort gets diluted adding value add [censored] which isn't actually that important in the end. Programmers get told to develop toolbars rather than develop efficient scanning engines.

Ultimately, my own experience suggests that 99% of infections usually come from the user clicking "OK", and I know that I have the ability myself to resist clicking things without reading.

In reply to a post by Pipexer:

-Very competent user and doesn't do high-risk activities on PC
-Server performing highly secure service only with highly restricted firewall permissions, no web browsing enabled.
-PC disconnected from internet, only CD-ROM media installed on the system.
Would not neccessarily require AV software, in my opinion.

Your first example is negated by what I write below and this is just the tip of the iceberg.
Your second example is perhaps safe as long as no external data is able to be accessed by the system thereby rendering it useless for most applications. We are discussing domestic systems here anyway - Business critical systems are a different matter (Although in my experience, security on many of these are frankly, laughable).
Your third example is flawed by the fact that malware can easily be delivered by read only material.

I won't go into the obvious cesspits such as Facebook etc but these are hugely popular sites to the average user and it's that average user that we must bear in mind when discussing such matters in the public arena.
It is common knowledge that several high profile domains that would normally be regarded as safe have been infected in the recent past. Many local authority, social housing and other "essential" sites etc that are regularly visited by "competent users" have been and some still are compromised.
The days of having to vist porn, P2P, gambling and other unsavoury sites to get infected or having to physically open files or email attachments are long gone. Drivebys and some other very clever "innovations" have relegated these criteria to the history books.

Edited by Deadbeat (Sun 19-Feb-12 00:02:58)

Enterprise/government/public sector networks - indeed, enough said there!

Though I'm curious about your reasoning for the 3rd one - if the system never goes on the internet, the chances of optical media containing a virus is extremely unlikely. Even if the system does get a virus on it, since it is disconnected from the internet, there is not a huge risk, right?

Only read only media going into the PC, so it isn't going to spread.

If it crashes the system, then yes the user has to reinstall the OS, but if it has purposes which require an internet connection, does it even matter if something is on there given it can't spread or leak personal information anywhere? But the risk is so low I'm not sure it's even worth running the software let alone purchasing something.

I would have said actually the 3rd one (that is, computer disconnected from the internet) out of those 3 examples was the one I'd be least tempted to put AV on, the only real risk is the PC needs the OS installing, there isn't any potential for loss or compromise of data.

It all depends on the circumstance of course.

Differing opinions

A few folks I know have been caught out by a nasty yet genuine looking flash updater/installer from what they thought was a video link on facebook - IMO they are fairly competent and experienced users. Realising that there was an infection they cleaned their machines with Malwarebytes before any more harm was done. Norton AV did not block the fake flash updater/installer malware - it was fooled just as easily as those users.

Now they only check for updates and update the flash player directly from the Adobe site. This can easily be done by right clicking a video screen on the actual YouTube site which takes one directly to the relevant page on the Adobe site.

In reply to a post by Pipexer:

......If it crashes the system, then yes the user has to reinstall the OS, but if it has purposes which require an internet connection, does it even matter if something is on there given it can't spread or leak personal information anywhere? But the risk is so low I'm not sure it's even worth running the software let alone purchasing something....

In a domestic situation that's true (Except of course, you don't need a network to transfer data!), although there is still a real risk of data loss and given the average domestic situation that data will be irreplaceable and won't be backed up.
Infected read only media is far from unknown! Remember Sony's rootkit? Although pretty much benign in the grand scheme of things, it was advanced upon and used with much success by criminals.

Besides, there aren't many domestic computers about that don't have access to a network.

Edited by Deadbeat (Sun 19-Feb-12 00:50:14)

In reply to a post by 4M2:

A few folks I know have been caught out by a nasty yet genuine looking flash updater/installer from what they thought was a video link on facebook - IMO they are fairly competent and experienced users...

The "Like button" "exploit" is another accomplished but simple Facebook trick that has fooled many "competent" users for a couple of years.