How did my computer get compromised?
How is it possible that my up to date install of Windows 7 with UAC enabled and Microsoft Security Essentials running became compromised, seemingly in a website drive-by?
I've run ostensibly the same security setup for many years now and never been compromised, what has changed? Has the nature of attacks become more advanced? What could I do to prevent another attack being successful?
Edited to add: Browsers used are mainly Chrome & Firefox, IE only on certain sites that require it and/or we know are safe.
Edit: Thanks for the answers. I've gone through everything and nothing was permanently damaged (no MBR virus etc.) but at the same time I didn't find anything that would point to the vector. Chalk one up for experience I guess.
Solution 1:
I've run ostensibly the same security setup for many years now and never been compromised, what has changed? Has the nature of attacks become more advanced?
Yep! New virii, new tactics, new ways of exploiting peoples computers (eg: Tab nabbing) it never ceases to amaze the things 'bad guys' are doing to unsuspecting users. The problem only gets worse.
What could I do to prevent another attack being successful?
Follow all basic rules:
- Don't visit suspect websites
- Don't open suspect emails
- Keep system up to date
- Run Anti-Virus/Anti-Malware and a Firewall
- Use good pass-phrases (not password!)
- Dare I say ditch Windows? (Trying not being elitist, just suggesting an OS with a different security model. I use both Linux and Windows OS's)
- Listen to a Security Webcast and learn about new attacks and how to defend yourself (Education)
- There are too many to list but the biggest protection is common sense...
In regards to drive by downloading you can reduce your risk by doing browsing without JavaScript enabled, use something like NoScript with Firefox for example. Also disable JavaScript in Adobe Reader, if you didn't know it was in Reader then you don't need it.
Linux can be just as vulnerable as Windows if used incorrectly. Educating oneself will pay dividends.
EDIT: Just adding a link to a NoScript type workaround for Chrome, if people want to lock it down a little more: Is there a NoScript alternative for Google Chrome?
Solution 2:
I agree 100% with Qwerty, I'd like to add my 0.02 EUR: if you're using Internet Explorer, try using a different browser instead. IE8 may be the safest Microsoft browser yet, but one thing's for sure: it isn't updated as often as other popular browsers like Firefox or Chrome. (Firefox has been updated 3 times this month, if I'm not mistaken). The longer it takes for a security hole to be fixed, the higher the chance that it gets exploited.
That doesn't mean you'll be perfectly safe using an alternative browser. But I think you'll be safer.
Solution 3:
What is the point of UAC if not to prevent this kind of thing?
Despite the risk of the Dreaded Down Vote, I decided to use the "Answer" format to post what is basically just some questions better suited for a comment.
As has already been observed in a comment by Qwerty, the UAC isn't much use if it is either (1) disabled or (2) the warning is ignored and a rogue program is given the authority to do whatever. My understanding was that if you had UAC enabled (... did you check it's current setting?) then you could not have been infected unless someone authorized the rogue program.
You mentioned that "home PCs need to be used by wife, kids, friends, babysitters etc.". Could one of them have let whatever this is through the UAC? (Frankly, the thought of "kids" or "babysitters" using a system other than via a limited user level account without any administrative/install authority makes me shudder. BWTHDIK?)
I think another possible way it could happen is if somehow a program was given Windows XP compatibility and that program then turned around and bit you either directly or because it was somehow subverted. Windows XP compatibility seems to give some form of elevated authority to a program. Could that be possible in your case?
Another part of the reason to post this is because if I'm wrong about UAC needing to be consciously by-passed in order for something to infect a Windows 7 system, I'd like to know more about that threat. At the moment I can't see how it would be possible though.
Solution 4:
Without knowing the specifics, it's hard to say. You could try using a third party anti-virus/anti-spyware program.
Try AVG or my personal favorite, Avira.
Solution 5:
Antivirus and Firewall can only do this much ... from my experience - visiting the "wrong" sites will get you infected (just like with everything else).
Personally, I haven't had a virus in ages just by not clicking on "you just won a MILLION $$$" banners and not downloading god-knows-what from torrents :D Of course I'm oversimplifying things ... speaking of babysitters and wives ... they are probably the ones to blame ... just saying ...