The worst viruses are the ones that install in such a way as to go completely undetected
....and log all your details?
I've seen that statement many hundreds of times. Not once have I seen an explanation of how that is done from anyone that posts that statement. Always the scary bit and never the reality.
Keyloggers are never casually implemented. They are either clandestinely installed on physical media or they require the (tricked) cooperation of the recipient.
That's just absolute twaddle. Allow me to explain why your implication that I'm lying (for reasons I can't comprehend) is completely misplaced.
Without anti-virus protection, security vulnerabilities in browsers and email clients are the most common way of encountering an implimentation of a "dropper" - that is a script that once installed will then try to download the main infection.
One recent high profile vulnerability was found in Java, and was published in most of the respected computer press.http://www.informationweek.co.uk/security/attacks/java-zero-day-attack-could-hit-enterpris/240006341
The important part about understanding a dropper, is that its intent at that stage is not to do anything more than attempt to gain access to the computer so that arbitrary commands can be carried out. It will usually connect to a server and periodically check that server for instructions. Once a good number of machines are connecting to the server, the operator will then issue commands for them to download and run arbitrary code. The code is installed and executed, and runs just as any other background process does on your computer. It can do anything that any normal piece of software would be capable of doing.
You are now in the arena of guessing what the motives of person who has gained some access and control of your computer are. Some of the more common ones are:
- To pool resources and use as many machines as possible to create a DoS attack. That's where you flood a server with more requests than it can handle, and it stops being able to respond - Denial of Service.
- To harvest information, - keyloggers are smart. They don't send every keystroke, they look for patterns. Strings of 16 numbers is usually a credit card number, in which case the data before was probably a name and the data after probably the dates and CVV code.
- To prevent access to your computer - this one is becoming more common. One such infiltration has been very effective in obtaining money by deception, and is hard to track. You'd be amazed how many people fall for it. http://deletemalware.blogspot.co.uk/2012/07/remove-police-central-e-crime-unit.html
- It may also simply be feeding all your documents to the server at low speed.
Without anti-virus, you may never know it's there. Yes, it's frightening. Unfortunately it's also very real, and people do get caught. Part of my job, is clearing up that mess.
I once built a friend a computer, clean install of Windows with the only visits to the internet being to download the latest Windows updates. An "expert" friend of his came along and "found" hundreds of viruses. Go figure.
If you were capable of doing the checks yourself, you should have. You would then have been in a position to challenge the person that claimed to have found hundreds of viruses.
However, it's also common for people that claim to know what they are doing to be complete idiots, and I've encountered plenty of people that thought cookies were viruses.
Windows security essentials plus the usual rule of never doing so much with your computer that you are likely to forget doing it. That plus the fact that companies and their employees are, incredibly, much more at risk than individuals form viruses and hackers just because they are stupidly lax with security because most of them can't remember anything more than the simplest security routines as a body. So to reassure everyone, you are, with the most basic of security, vastly safer than MI5.