Please correct me if I am wrong, but its my understanding that malware and virus's cant infect a system that is run with USER level lowest level
That depends on what you mean by "infection" though. malware will have a difficult time of it not running as an administrator, however, it can still 'survive' in a low-privilege environment. For example, A piece of software can still add itself to the auto-start in the registry under HKEY_CURRENT_USER, and it can perform some limited logging. I'm not sure if it's possible to create a keylogger this way, but it might be possible to do so to monitor keypresses in other applications run under the limited account, which is still pretty bad.
permissions, so isnt the best antimalware / antivirus the practice of operating with lesser privileges and only elevating to admin when absolutely necessary such as to install an Adobe update ( verified to be from Adobe and not a fake site ) on top of running a better Antivirus such as AVG and Malwarebytes scans on occasion to make sure that nothing slipped in?
Well that should work for preventing more major infections, it has two flaws- the first is that the person verifying things are legitimate is a human, and we aren't known for our error-free judgement, and the second is that it won't prevent "minor" infections which are still infections.
I am not aware of any malware or virus that can spread to a user level privileged system that is patched from exploits. Are there any that can attack a user level lowest privileged system?
The common strategy of malware to install themselves as part of another product via a Trojan horse is common for admin programs. The installer get's admin rights, so the trojan installer does too.
But they can still be added to software that does not get admin permissions. Browser exploits can allow a website, script, or other entity to reach outside of the browser from within the browser's own security context, so even though they are reaching outside the browser, they are still restricted by the fact that the browser was run with lower privileges. This does not prevent problems, since with that level of permission they can easily write executable files to the temp or application data folders and add them to the autorun key of the current user, which means they will launch on next boot. Add in a fake signature and publisher and a Application manifest and the next time the system boots it could request elevation with a prompt that disguises as- to follow your example- Adobe updater. There is a high chance in that situation the user would than allow it, and then the malware that was previously only restricted to user privileges is now running as an admin, installing services, and adding scheduled tasks to run under the even higher privileges SYSTEM account, possibly even installing kernel drivers.
There are current whitelists in systems now. Microsoft Updates, as well as other software that update such as from Adobe and multiplayer games are trusted. I am really amazed that no one has found a way to mimic any of these sites to push out a malicious update.
trusted by whom?
