Any legit site can be hacked and have the JS injected into it; so we have to think beyond safe/unsafe.
Plus, I thought I was about to browse a 'safe' site when the incident I mentioned happened! haha.
Thank you Little Snitch!
Interestingly, it was around the time of that article that Haliax posted!

 

Well I've been in this game for over 25 years and have never experienced anything bad. However, a few months back (not sure where) I'm pretty sure it was after downloading a newer version of Macrium Reflect from a site, the shit hit the fan. I starting seeing some weird behavior on my Win 10 system so I immediately restored it from a recent backup and thought all was well. Well about a day later I noticed my D: drive had a number of files with the extension [email protected]. After researching it I found out It was the dreaded Phobos virus which to this day still has no Decrypt tool for undoing it's damage. Needless to say, I decided to replace the drive and store it away in hopes someone comes up with a Decrypt tool for Phobos Ransomware so I'll be able to retrieve a lot of those files since a number of them weren't backed up. Anyway, that unfortunate lesson taught me to definitely have protection installed on my system. Never again! I urge you to do the same! That's what I get for going to some new sites in search of the latest version of Macrium Reflect, and thankfully I had my main drive also backed up with Clonezilla which is freeware and very reliable! Macrium Reflect nags the shit out of you when a new version comes out and I fell victim to my own greed.

 

Last edited: Nov 8, 2020

not only in the OS itself, but also in the installed software.
for example, a music player.
about 15 years ago, winamp was the most popular, and there were constant vulnerabilities in it (updates were released frequently, but ordinary users do not update programs every day). I used one of them to demonstrate the ability to penetrate the system. For this, I created a regular playlist with a link to a song from a CD, but the name of the sound file consisted of a very large number of characters - this caused an error when reading the file. usually a buffer overflow followed by arbitrary code execution. at the same time, to increase the size, I simply entered a few megabytes into the file with the "0" symbol and changed the file extension to mp3. one of the local resources with the ability to listen to music online (which was downloaded by users), including through a music player installed on the computer, did not check the contents of the files and it was included in the list of available for listening.
it was not a script or an executable file and no sandbox would help if other programs were involved.

but that's not the point. look at what they write about system updates and you will understand that everything is very, very bad, since there are many holes in non-updated systems.

hmm ... install an antivirus and open any sites calmly? no.
bother with the sandbox every time, set up something there and, as a result, have protection with a bunch of opportunities to bypass it? Ooh yes!
how you love to create problems for yourself ...

 

Last edited: Nov 8, 2020

So Lil Snitch showed a popup that something wanted to connect somewhere ?

 

depends on the settings. you can turn off any notifications, you can turn off only a part, or you can turn on all notifications.

 

Never read this kind of posts!

 

I am sorry that you had these problems.
However, an antivirus program does not help against every kind of virus or worm. Especially if the systematic of the virus is relatively new, an A/V has no chance against the attack.

So it makes sense to pay attention to certain things anyway.
The separation of programs and data is for example such an important thing. One should regularly back up the data separately from the programs. If one doesn't do this, viruses on the system will be restored just like programs and data.
The backup of the intact data should be done on an offline storage medium, then e.g. Ransomware cannot encrypt backups on network shares.

What is also important: One should Load programs, if possible always from a reliable source. You can also download Reflect directly from the manufacturer.
For extra security installing warez in a controlled environment first is a good idea e.g. in a virtual system or in a sandbox (sandboxie freeware).

 

and AV will not help for that...
--
i dont say noon should never install AV but the most here in thread not need it..

 

Security is a state of mind. You can have guard dogs, video surveillance, armed guards and helicopters flying over, steel bars on all entries, but if someone wants what you have badly enough, they'll work out a way to break in.

A computer is no different and with a computer, accidents happen. All it takes is one wrong link click and your computer has been put up for ransom. Ransomware might be the most offensive of all new virus/malware/phishing style programs.
If you feel safe good but that is a choice you made and perhaps you never will get infected, but the reverse goes for a lot of people too.

 

These AV guys are the same ones that say if you don't update Windows every time Bill Gates demands that your whole life will be destroyed. I haven't updated my 3 Win 7 PCs since 2014 and haven't updated my main Win 10 PC ever. It's still running Win 10 Enterprise with every MS service shut off. I run all the latest software, no problems with compatibility. Actually seems like there are less problems hearing how people with the newest versions of Windows and OS X keep breaking all their shit. LOL I back up once in a while with Macrium Reflect, you know the Macrium Reflect the guy earlier was saying he got a virus downloading from some shady site.

 

Yeh I know I used little snitch some tiem agaoi before switcing to lulu. What exactly is trying to call home in such kind of case , which File , Appliation, which source ? I am just curious

 

Last edited: Nov 9, 2020

yes, something like that

Spoiler

 

Uh that sounds tedious , how often do you need to deny allow a day when surfing the net ? Donet it ask you all teh time when safari tries to connect to something since you havent whitelisted safari ?

 

this screenshot is from google =)))
I stopped using the app about a year ago - I don't need it anymore.

 

Damn Vro. I got a bo##er looking at this image. But I am only 5'6"

 

You can crawl the web with a virtual machine AND disable the IP stack from host OS.
And scan files BEFORE transferring to host OS.
So your host OS is not exposed to internet. And still get web

Biggest trouble with AV/anti malwares (apart resources, false negatives ...) is they hook BETWEEN OS layers.
So when they crash, you get a BSOD like an hardware driver crash.

This is NOT a good way to do things. But need to be implemented like this to avoid malware reaching upper OS levels.

 

Yes. And the website was hidden behind a block that Little Snitch put up, telling me that if I proceeded, then an executable file would action.

As it said in the article, a JS embedded in the web page.
If I had landed on the page without LS, that would have been me screwed.
I was trying to find some library I wanted to try out, so I was going 'out into the wild' a bit.
It's never worth it.

 

This is the reason my win 7 PC doesn't have any Windows firewall, nor Defender. I don't use any Antivirus crap. I check every EXE online. Some check on a virtual machine. However I don't have the patience. System Restore points are a good idea. As is a Separate Internet PC - if you can afford it - to browse the internet and start install everything you download then watch for results, before you transfer the program to your main Work Machine. I have 10 svchost.exe-s in memory. My Win 7 PC is blinding fast with 0% CPU usage on Performance window and 550MB RAM used with nothing started only the Explorer.exe. No Themes, no background pics. Maximum performance!!

My ""new"" Win10 machine I just bought used will have the very same minimum services: no trash OneDrive, No Skype, No Office, No Defender, No AntiVirus, No Firewall (only a hardware router), DISABLED TELEMETRY, No auto WinUpdate = FCK MicroPenisSoft!
I need Win, since most Work-software I work with was optimized for it.
This week I'll see, how can I transfer my last week's Win7-PC workflow to a never before used WIN10 environment.
I already have saved webpages:
How to disable Telemetry and Data Collection in Windows 10
20 Services in Windows 10 that Can be Stopped Without Any Risk
10 easy ways to speed up Windows 10 - CNET
etc... etc..

 

Thank you for taking time to answer ! But doesn't little snitch ask once to allow safari ?
That's why I am curious.

 

Have you ever tried to resore one ? It NEVER worked for me.

is it even possible to disable it completely ?


Do you know if there is a way to create a kind of snapshot of all services so that you can always reset to teh default setting ?