How does this challenge work? It's easy. I will never install any anti-malware software on my computer for some weeks or so. Additionally, since my copy of Windows is not genuine at all, it won't receive important security updates from Microsoft, so that's another layer of protection removed. Then I would do whatever I always do online. Trolling, researching, reading the news, maybe even download some pr0ns for...safekeeping. So there. I'll go out in the wild without anything watching your back for a few weeks, then I'd download Trend Micro House Call to scan for malware that came through.
Why did I use XP? Because with all the Windows versions I've used, XP was the most vulnerable, wherein I had way too many run ins with malware in the past. I believe XP is the most vulnerable operating system out there when it comes to malware. It's like a Thai prostitute - ugly and full of viruses. The only advantage XP has over its successors is that it uses way less resources than Vista and 7. So there.
Of course, I took every security precaution available. To safeguard myself against keylogging, I used LastPass to encrypt my logins and on-screen keyboards while inputting usernames and passwords. I even used Tor so that those tracking websites won't be able to remotely view my geolocation.
Results
House Call just finished scanning my computer for malware, and it found something. Great thing is, it's alone, and it's just some regular adware that I probably got from browsing pornographic websites (you know those popups of Adultfriendfinder and other sites? They give you that). The file detected was cmdow.exe, and its corresponding threat was, according to Trend Micro, ADWARE .0737EEDD. According to the data in the link, this spyware does nothing but take my browsing history and send it somewhere for marketing purposes. Well they're in for a big surprise then.
Also, cmdow.exe, according to further Googling, is not originally a fatal binary file, but a tool designed to modify commandline windows, such as not allowing the user to close the window (because some users freak out at the sight of an ugly DOS-prompt and close it immediately, hampering some installation procedures in the process). However, in this case, I don't recall having to use this, and I don't really need it, so I just removed it.
I also managed to install and run Malwarebyte's Anti-Malware (an excellent software, I might add), which managed to snag a trojan executable and a dangerous registry value. Also, it detected three potentially dangerous security settings, which was the Windows Security Center being turned off, but I intentionally set it that way for this challenge.
After a quick system reboot, I decided to run a scan again, just to be safe. I won't be posting any more details and its results, because that would be a waste of time.
Conclusion
- It is possible to be malware-free without some sort of security software
- Windows XP is very vulnerable to attacks
- Virtual machines are probably the best way to protect yourself against malware, by using a fake OS as a shield
