Ping Edwin: Virus damage 620

But one can make an informed determination. Since the systems are behind a hardware firewall (2000 doesn't have it's own), the systems are kept up to date with patches, and I run as a non-privileged user it's very unlikely that the system has been compromised by malware. The firewall prevents malware from connecting to services on the system. Therefore they cannot exploit services that have elevated privileges. Patching removes known holes. And running as a non-privileged user keeps the system from being compromised. Non-privileged users cannot write to system (and usually in the case of Windows, other applications) files. Therefore they cannot be corrupted. Nor can they write to system wide registry keys. Given these three things it's very unlikely that the system has been compromised. Since most malware attempts to change system settings they will be unable to do so. And since error correction isn't top on most malware authors lists of things to include the malware itself is likely to fail. For that malware that does work in user space the best it can do is start up when I log in. Thus logging in as the administrator allows me to remove any malware that might have found it's way into the user account. Also knowing how the system starts up and what processes are normally running allows me to perform a quick check without validating every file. Are there things in the startup process that shouldn't be there? Are there things running that shouldn't be there. Mind you I understand that normal files can be altered...but only if you're running as a privileged user. As a non-privileged user the system files are highly unlikely to be modified. Given all this I think my argument is sound. And I've proven it. And it's been much more effective than anti-malware software which is a reactive tool. Mine are proactive. With all of Snit's hoopla and hollering one thing remains clear: Anti-malware doesn't really work. After all I can butture you that many companies that were hit by one (or more) of the top eleven were using anti-malware software. And they still got hit. I doubt many, save for the possible exception of Melissa, were using my recommendations. Why do I know this? Because an analysis of the malware shows that it would have been stopped dead in its tracks through one of the three recommendations. Until malware starts becoming user land only I'll take my chances with my suggestions over anti-malware any day. Anti-malware software has proven to be effective only after the malware has done its damage...as evidenced by the top eleven list.

Josh