Re: Spyware and Adware affect every internet user

Fuzzy Logic wrote:

But you're aware that this is dedicated either to luck or being
unable to recognize the problem? I just remember a cracked
adserver serving a trojan horse exploiting a formerly unpatched
vulnerability...
Anyone with XP SP2 was immune.
Not right.

Feel free to supply links that are contrary to this.

Sorry, mixed it up. The WMF exploit was spread via adspace that has
been legally bought instead of illegally aquired. Which is better how much?

Turn off scripting if you are concerned or change the security
level for it.
Basically you have to turn it off forever and never turn it on
again.

Or properly configure zones.

Ehm, no. Zones don't work, that's exactly the point of the issue.

Don't run ActiveX if you are concerned or configure it for sites
that really require it.
There's no way to turn of passive ActiveX control invokation
without putting some nifty killbits (which cannot be done with the
configuration dialogue).

Remove the ActiveX control if you are truly paranoid.

On Win9x this actually worked and only broke some crappy software. Do
this on Win2K or higher and you're about to remove at least 40% of the
entire system binaries...

Unpatched is not the same as no patch available in my books.
Unpatched means a patch exits but hasn't been applied.

Update your books, you're twisting client-side and vendor-side
terminilogy. When some vulnerability is unpatched by the vendor, then
because no patch exists.

Currently unpatched 'vulnerabilities' are so obscure that no one has
found a way to exploit them in the real world.

No, just that the vendor too incompetent to understand the
vulnerability. BTST too often, especially with Microsoft on IE.

Regardless of the browser you use there will be
vulnerabilties/risks.
Why do you think so? And do you understand the difference between
systematic and random errors?

Irrelevant. I'm positive that any current web browser will have a
security related patch before the year is out.

I'm still looking forward for a vulnerability in my secure configuration
of Firefox (which has JavaScript enabled BTW). As far as Bugzilla and
certain security vendor tell there has been no security issues that
applied to my configuration since Firebird 0.9 (!), so I've worked
around it / hardened before discovery of the problem. The only issue in
Firebird 0.8 was a memory leak in JavaScript's RegExp object
implementation, so no big problem either. Firebird 0.6 certain was
exploitable.

However, even when your prediction is wrong, then IE will remain
unfixed for seemingly forever so being the worst choice. Well, random
errors can be fixed, worked around or avoided - design errors cannot

If you don't like IE or feel it's unsafe then don't. Here's a
good read if you think switching to Firefox will somehow make
your life better:

http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html
Yes, I already pointed out a big load of errors on this website,
but the maintainer isn't interested in both facts and arguments but
just his big ego

Wait a minute I think you are talking about yourself.

Want to start over with a discussion about the errors of this website
and how mitigating issues makes it even dumber? Actually this would be
waste because there're more wrong than true statements.
.

Relevant Pages