Re: Identity P/W and Security question
From: mto (nobody_at_dontsendmeanyspam.thanks)
Date: 08/29/03
- Next message: Peter Young: "Re: VPN or FTP?"
- Previous message: Michael Thompson: "Re: Best Kept Secrets"
- In reply to: Frode: "Re: Identity P/W and Security question"
- Next in thread: Frode: "Re: Identity P/W and Security question"
- Reply: Frode: "Re: Identity P/W and Security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Aug 2003 14:30:52 -0400
"Frode" <news@mascot.REMOVETOREPLY.dyndns.org> wrote in message
news:3f4f6e2d$1@news.broadpark.no...
> > every nasty I've seen in the last year or so has come from a "safe" news
> > site - msnbc, cnet, download.com, foxnews - all the places one would
> > least expect. Some of these particular sites are so bad that I won't
even
> > visit them without everything disabled - no java, no scripts, no
activeX,
> > no nothing.
>
> Can you name an example of a virus or trojan that has propogated via ads
on
> a major news site? Every nasty I've heard of for the past few years have
> virtually always been one of two: IIS exploit or Email worm. Can't
remember
> any infecting major webpages and propogating that way. Curious about what
> you're referring to.
I wasn't actually referring to virii but to various and sundry
spyware/malware programs that seem to be pretty prevalent lately as driveby
downloads even at prominent sites (maybe I should say especially at
prominent sites) that download, install and execute completely behind the
scenes and without permission. I've found Avenue A a frequent offender at
msnbc over the last several months - luckily Spybot S&D halted the download
of that each time. During the same period my daughter (casual user much as
you describe your family, new computer) managed to pick up so many BHO's
(including a porn tool bar) that the browser window on a 21 inch monitor
provided a 3 inch high viewing area and two different dialers that ran up
phone bills in the many hundreds of dollars. Only after the first huge
phone bill arrived did they agree to a real firewall and a little
interference with their email LOL. Another daughter happens to work for a
major large database company. They've had such problems in this line that
she keeps AdAware and Spybot on disc to clean off the machines in the
section that she supervises. (IT doesn't allow permanent install.)
In every case that I have seen the problem really lies with the advertising
being served on the site rather than the dot.com itself. In the one case I
managed to track in the source code the spyware was being delivered using an
img scr tag. Turning off automatic downloading does not seem to help.
> > Whether or not you want to see the notification is a preference. When
> > your machine no longer functions normally because you were innocent &
> > trusting enough to think a "firewall" was keeping it safe (as it surely
> > will sooner rather than later if you are just a "simple" user visiting
> > news sites) then it can be a whole lot of work to trace a problem that a
> > firewall log might have revealed almost immediately.
>
> I don't follow your logic here. For one, I've never heard of a virus
> spreading via popups or otherwise from major news sites. Assuming that IS
> the case I fail to see how your firewall logs would show it since it would
> undoubtebly come in via packets you've requested (an ad or a script for
> example) and the firewall log would show nothing out of the ordinary since
> it would just be one of any number of legit packets from that site.
Again, I am speaking more of spyware/malware infestation rather than virii,
since this seems to be becoming far more of a problem than the various and
sundry viruses. Get a decent antivirus program and keep it updated,
download patches in a timely way and you're good to go in the virii
department. Tracking down where your F11 key went or why you suddenly get
dragged off to some page you've never seen is a little more of a problem.
> > No, no - ZAP doesn't just block pop-ups. It blocks ALL the ads. I
> > literally never see an ad for anything except those rare few that are
> > text ads. Once in a great while I *do* want the popup - sometimes sites
> > put
> > things that aren't ads in a small popup.
>
> Ah, you're more picky than me then. I don't care about an ad in the margin
> of the window and stuff like that.
More likely the difference is that you are on an adsl line and I live in an
area where that is not available and so I function on a dialup. You likely
never notice just exactly how long those 12 ads on a typical msnbc page take
to load but I most definitely do :)
> impede my browsing nor pop up to block what I want to look at. The few
> sites that do use ads that temporarily show up on top of the article text
I
> visit so rarely it's not a bother to me either. Certianly not enough to
> make me install a program to avoid it.
>
> >> features than they provide then use other programs. However, for most
> >> casual users, the XP firewall and toolbar popup blocking will suffice
> >> imo.
> > If you access the Internet, you need more features than these two
> > programs provide.
>
> A few hundred million internet users would likely disagree. I have a
> hardware firewall that came with my adsl subscription so I don't run one
on
> my main box,
AHHHH - but if you had NOT gotten that hardware firewall with your adsl,
would you then feel perfectly safe with just the XP firewall, the Google
toolbar and a virusscanner? Bet not :) Remember - "most" people still
function on dialup, no hardware firewall included.
in addition to that a popup killer to make surfing liveable is
> all I really feel I absolutely need. Virusscanner is an added piece of
> security just in case I get a mail from someone I know with an attachment
> containing a virus.
>
> > If cost is a consideration, there are several decent firewalls
> > available that are free to home users, ranging from user-friendly Zone
> > Alarm to fairly complex programs that you can write your own rules for.
>
> No argument there. All I'm saying is that for most people they don't have
a
> need for it. Assuming they follow a few simple rules. Firewall enabled.
> View HTML mail as plain text enabled. Don't open attachments. Keep IE
> updated (or use another, more secure, browser). Don't install every piece
> of crap software on the net without having some notion of what it is
first.
> Chances are low it carries a virus payload but malware abounds.
See - we agree perfectly :)
- Next message: Peter Young: "Re: VPN or FTP?"
- Previous message: Michael Thompson: "Re: Best Kept Secrets"
- In reply to: Frode: "Re: Identity P/W and Security question"
- Next in thread: Frode: "Re: Identity P/W and Security question"
- Reply: Frode: "Re: Identity P/W and Security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
