I don't hesitate to click ok when my avast antivirus dialog box pops up to say "i need to update my virus definition". Lately its beginning to occur to me - could an advanced malware mask itself with an antivirus logo and so when you click "ok/yes" you end up f*******g-up your system.

What checks can one do to ensure protection against this kind of malware masking ?

Not that its happened to me, just thinking its a possibility

In my experience Avast is crappy ... Anyway, more to the point - anything can pop up a dialog box on your system - heck, you can get a virus by downloading Avast from certain sites [*1] .

Running a full time anti-virus/anti-spyware/anti-whatever-else will never catch everything, and you should seriously scan your system with different software from time to time.

Malwarebytes is a good one

Spybot - Search & Destroy is another good one.

*1 - you will end up with malware if you install from that web site.

Yes it could.
I don't have an anti-virus software. Just do not click or download anything fishy, and don't use torrents, thats all.

Just do not click or download anything fishy,

Thats the thing- HOW do you know whats "fishy"? Good sites can be hijacked through ads! People have had virus alerts even from this site in the past.

I'm currently not using any anti-virus software. Before that I have used one for ten or fifteen years. During that time, I have never gotten anything out of it except verifiable false positives and unnecessary popups ("I never had any intention of opening that email's attachment, if your stupid popup hadn't stolen my keyboard focus the mail would already be deleted").

Make sure your software, especially your browser, does not have glaring security holes, whether that means using older but extremely stable (but actively maintained in case of vulnerabilities) software or making sure automatic updates are applied without delay. Disable plugins. Even if you have Java installed, there is no real reason to not switch off the plugin in the browser. Same goes for Flash, if you must have it installed at least make sure your browser only activates Flash content by explicit click.

What would be the benefit of an advanced malware popping up a window "Hey, click OK to update virus definitions"?

Obviously, it's already installed and running on the machine, and it doesn't need you clicking anywhere any more to do something bad (the only exception maybe being a UAC prompt, but that one is hard to forge). It can download something from the internet any time (and upload data, too) without asking you.

Except of course, if an application-level firewall (or a Windows firewall rule) prevents it from doing that. But then it doesn't help having popped up a "Hey, please click OK" box either. The application-level firewall's confirmation dialog (assuming it's not blocking the request silently) will show the executable's name, publisher name, and signature validity.

If you have malware on your system that is able to properly feint this (including a valid exe signature), you have lost. Reboot and format your harddisk from the BIOS...

Hi,

could an advanced malware mask itself with an antivirus logo and so when you click "ok/yes" you end up f*******g-up your system.

It is very unlikely that a malware is mimicking your antivirus logo. It is standard for security software to look for key words which may indicate that malware is mimicking it. Probably the way that malware could actually accomplish that would be by compromising your security directly. Unless you have critical information and activities such as online banking, I would not worry about it if I were you.


What checks can one do to ensure protection against this kind of malware masking ?

Automatic anti-virus and anti-spyware definition updating is the best way to prevent such an attack. Do at least a quick scan once per day and preferably a full scan every day. I recommend starting it as soon as you awake in the morning. By the time you are done getting breakfast and other activities, then a long scan would probably be done. Also, do not leave your computer connected to the internet when you are not using it. Do not visit risky websites such as adult only ones.

I have spent several years as an IT consultant and had to deal with all kinds of security issues, so this is good advice.

Just do not click or download anything fishy,

Thats the thing- HOW do you know whats "fishy"? Good sites can be hijacked through ads! People have had virus alerts even from this site in the past.

This simply means that gamedev is also a fishy site, don't mix what you'd consider fishy for browsing and what's fishy for running code on your computer, only download programs from their own websites, if you need to download maya demo, download it from autodesk's website, if you need to download avast, download it from avast's website, if you need to download visual studio follow links from Microsoft.com etc, that's the easiest way not to download crap, additionally if you want to be safe don't run any unsigned installer or installers signed by a company other than the one the product is from.

Just do not click or download anything fishy,

Thats the thing- HOW do you know whats "fishy"? Good sites can be hijacked through ads! People have had virus alerts even from this site in the past.

This simply means that gamedev is also a fishy site, don't mix what you'd consider fishy for browsing and what's fishy for running code on your computer, only download programs from their own websites, if you need to download maya demo, download it from autodesk's website, if you need to download avast, download it from avast's website, if you need to download visual studio follow links from Microsoft.com etc, that's the easiest way not to download crap, additionally if you want to be safe don't run any unsigned installer or installers signed by a company other than the one the product is from.

The thing is you don't even need to download "fishy" Malware. Lenovo, Dell and Toshiba have all been stung in the past for selling brand new laptops that have had pre installed bloatware that was already infected.

Hi,

could an advanced malware mask itself with an antivirus logo and so when you click "ok/yes" you end up f*******g-up your system.

It is very unlikely that a malware is mimicking your antivirus logo. It is standard for security software to look for key words which may indicate that malware is mimicking it. Probably the way that malware could actually accomplish that would be by compromising your security directly. Unless you have critical information and activities such as online banking, I would not worry about it if I were you.


What checks can one do to ensure protection against this kind of malware masking ?

Automatic anti-virus and anti-spyware definition updating is the best way to prevent such an attack. Do at least a quick scan once per day and preferably a full scan every day. I recommend starting it as soon as you awake in the morning. By the time you are done getting breakfast and other activities, then a long scan would probably be done. Also, do not leave your computer connected to the internet when you are not using it. Do not visit risky websites such as adult only ones.

I have spent several years as an IT consultant and had to deal with all kinds of security issues, so this is good advice.

That's not the best way, that's the somewhat working crappy way "let the problem in, be paranoid, and when the problem is there fix it", the better way is to not do all that, not worry about it all the time, but do take the necessary precautions for the problem not to arise to begin with.

You don't get infected automagically, it can happen in a number of ways but they almost all boil down to "you screwed up".

1) By exploit

2) By running malicious code yourself

#1 can be fixed (except for 0 day exploits) by keeping your software and Windows up to date, simply set Windows update to run daily and download optional update as well as critical ones, don't ever worry about, just reboot when it asks you to, that's about 50% of all possible problems fixed just right there.

#2 is where your antivirus can save you, but it saves you when you screwed up, better yet is not to screw up and that's actually fairly easy:

- if you see a popup warning you that you have a virus IGNORE IT, most of the time it's an add trying to get you to download a virus, no virus will EVER let you know that it found something WITHIN a webpage, so if the window is "owned" by your browser (in the taskbar), IGNORE IT, if it's not, well ignore it anyway, most antivirus with default settings will take reasonable actions if you let them do without worrying about it and if you're following the advice, you shouldn't be getting a virus anyway.

- Only download what you need, and download it from the Publisher, if you're downloading you know is from Microsoft and it doesn't come from Microsoft.com, don't download it, period, this is how most people get infected, downloading things from third party websites that may not contain the original exe.

- Do not trust email, EVEN FROM YOUR FRIENDS! If they get infected by a virus that spreads by mail, you WILL receive an email from them (but sent by the virus), don't go thinking that just because an attachment comes from a friend, it actually comes from him, do not click any attachment you do not know about, if in doubt call your friend, you should never receive executables by mail and most email clients / servers filter it anyway.

- Do not run as administrator, but modern Windows versions handle that pretty fine with UAC, DO NOT DISABLE UAC, at least each time you get the popup you get to see the digital signature too, if a program comes from "unverified Publisher" or a Publisher that isn't the one you're expecting, refuse running it, it's the same for everything you download, it's tagged as coming from the net and won't run without the popup, it's there for your safety, if you just hit yet without reading, that safety is USELESS.

Just applying those simple tips should keep you virus free (if you know what you're doing you don't even need an antivirus for that matter).