Re: Spyware and Adware affect every internet user

Fuzzy Logic wrote:
Sebastian Gottschalk <seppi@xxxxxxxxx> wrote in
news:4bsma8F12kspqU1@xxxxxxxxxxxxxx:

Fuzzy Logic wrote:

Many of these 'flaws' have been around for quite some time and
amazingly no one has taken advantage of them (mostly becuase they
are too obscure to do so).
You're wrong, these flaws are getting exploited all day long. This
has actually gone so far that Microsoft declared some of them to be
features.

References?

<http://technet2.microsoft.com/WindowsServer/en/Library/22fffeb1-66a3-4d5c-bc12-def57c3354fa1033.mspx>

Of course if you visit malicious, pornographic or malware sites
you may wish to use another browser besides IE
Every website including third-party content is malicious. Google
is, the Microsoft website is, Slashdot is, I guess even
ubuntu-forums.com is.

You obviously have a different defintion of malicious than I do.

No. Any malicious guy can buy some adspace from an advertiser and put
his content in there. We've seen this with the IFrame vuln., the WMF
vuln. and certain ActiveX vulnerabilities widespread.

Hello and welcome to the internet!

(though I would be nervous regardless of the browser I was
using).
Why? No webbrowser needs to be exploitable in first place. Well,
but IE.

Of course they don't need to be exploitable, they just are. That's
because none of them are or ever will be perfect.

But you know the difference between being potentially exploitable with
currently no problem known and always being exploitable by design, for
sure known?

And, another good keyword for you: reliability

Your point?

IE is unreliable because of known unfixed and unfixable problems, you
must reasonably assume that it will get exploited whenever possible.

For any real webbrowser you can assume that it can't be exploitable
until some vulnerability becomes public, and even then you can already
have the workaround in place, having set up some configuration to limit
the impact or not being vulnerable due to hardening.
.