Re: Security? What security?
- From: "cquirke (MVP Windows shell/user)" <cquirkenews@xxxxxxxxxxxxxxx>
- Date: Mon, 09 Jan 2006 22:52:49 +0200
On Mon, 9 Jan 2006 00:15:49 -1000, "NoNoBadDog!"
>"kabraxis" <mad_kabraxis(removethis)@hotmail.com> wrote
>>i find it interesting, that despite Windows constant reassurings, and
>> upgrades, and money making for said events, that i -still- get viruses.
Well, to some extent that is up to you. More later.
>> of that i get come through Internet Explorer, a Windows Browser if I'm not
>> mistaken. now, generally i dont even use IE, ill open it maybe once a
>> month, the rest of the time i use Netscape.
IE is a web browser, or you could think of it as a generic HTML-based
viewer that can "open" other file types in the same window via other
integrated handlers. In the latter sense, "Windows browser" is a good
way to think of it, though my first instinct was to correct you :-)
>> tell me now.... why am i getting viruses through IE, when i dont
>> use it, and i get not one while using Netscape?
That is an excellent question, and the first step is to prove the
assertion that these malware really did enter through IE. The only
thing that would suggest that is if you discover the malware's initial
footprint within IE's web cache (TIF) - is that how you reached that
conclusion? Anything in the Temp location could have entered through
anywhere, because almost all apps (and not just MS ones) use Temp.
If IE is left with duhfault settings, it will permit "Install On
Demand" and 3rd-party "Browser Enhancements" aka BHOs. I would
strangle both of those at birth. Make sure you are on SP2 level of
patching, as well as subsequent patches.
Don't assume that because you don't use IE, that IE is not used by the
system. Whenever Windows encounters HTML and related material
internally, it uses IE's rendering engine to process it; this applies
in particular to Outlook and Outlook Express, but may well apply to
many 3rd-party (non-MS) email apps as well.
>> Netscape doesnt boast about security as thier main feature as does IE, i
>> just dont get it.
Netscape 8 uses both Gekko (Mozilla) and IE rendering engines, and
thus potentially carries the risks of both, so it wouldn't be my first
choice of web browser. I'd prefer Firefoix 1.xx as less bloated than
Netscape 7.xx, both having the advantage that they use only the Gekko
engine, and not IE.
Interesting thought: When Netscape 8 uses the IE rendering engine,
does material get cached in IE's TIF or Netscape's web cache? Perhaps
this is how stuff enters, via Netscape 8's use of the IE engine? Hmm.
>> then when i DO get a viruse from IE, my security center alerts me about
>> every 2 seconds that im infected, and it intrupts and ruins any
>> applications i have open? what's the deal with this?
MALware = MALICIOUS software. It's to be expected that MALICIOUS
software may spoil your day, etc.
>> and a a final thought, what truly makes me the most upset, is this
>> stupid XP activation thing. Im the type of person that liek to ahve
>> nice things, while trying out my different options.
That's cool; just make sure you build the skills to go with that.
>> so im constantly upgradeing, or swapping out hardware
>> components, to make things better for me, or just to compare. However,
>> everytime i swap out a new motherboard, i have to activate windows again.
Well that's a nuisance, but it's certainly not the only impact of
swapping motherboards - usually, Plug-n-Play will screw itself up,
you'd have to do a "repair install", and then catch up on all the lost
patches, settings etc. Ugly stuff, and I'd have to have a really good
reason to take that on, unless I enjoyed spending all my time
troubleshooting problems.
>> the Key you gewt for XP, the 25 digit one, is onhly good for , i believe, 4
>> activaions, maybe 5, and once you run out... you ahve to drop 100$
>> on 25 more letters and numbers, how on earth is this fair?
It wouldn't be fair, but that's not how it goes - you can activate
your OS as often as you like, and if you have trouble when phone
activating, kick ass until that trouble goes away.
>> not to mention having to reformat because of viruses gotten
>> through, once again IE. each time you reformat you need to
>> reactivate. very annoying and gets costly.
If your standard response to malware is to "just" format and rebuild,
you have a LOT of catching up to do. Either build those skills and
manage the massive malware load your setup and use seems to attract,
or practice "safe hex" and follow at least the MS A-B-C basics and
stay safer that way. Hint: XP Gold or XP SP1 default to no firewall
and have exploitable RPC and LSASS defects, so if you "just" wipe and
re-install these OSs without any manual setup at all, you are
absolutely doomed to repeated "death by malware".
If this is news, learn until it isn't, then apply what you've learned
:-)
>> all in all, id ahve to say, if it werent for that fact that 95% of PC
>> games wont work on another Operation System, i would ahve
>> switched out of Windows and into Linux a very long time ago.
If you get fed up waiting for patches because you'd rather program
them yourself, then you have the skill set to really enjoy Linux. If
you can't understand the mechanics of malware infections, patching,
firewalls, av, and all the other hoops you have to jump through to
stay safe in XP, then I doubt if you have the skills to fix anything
that might go wrong in Linux. It's like finding and flying a flying
saucer; it will end in tears the first time you guess wrong.
>You have no Antivirus Program.
He didn't clarify that one way or the other, but I suspect you may be
right - it's an assertion I'd have expected, even if only the usual
dumbo "I can't have a virus because I have NORTON".
>You have no reputable firewall (the SP2 firewall is useless).
XP's built-in firewall is not useless for firewalling outside traffic;
in fact, in some ways SP2's firwall has some advantages.
What XP's firewall will NOT do, is monitor outgoing traffic on a
per-application basis. If you rely ion your firewall to tell you when
you have resident malware that is trying to "call home", then yes;
you'd need a firewall with better egress control - but frankly, it
would be better not to have unwanted junk running in the first place.
>You have no concept of security.
>You are not practicing any of the recommended procedures to secure you
>computer.
We don't know that either way, though I'd have expected a litany of
the things we all know we need do, before sounding off about "always
being infected by viruses".
>You get infected.
>You come here complaining that it is the fault of Internet explorer.
>Perhaps your best course of action, given your current level of security
>practices and understanding, is to simply turn the computer off, and *never*
>turn it on again.
Harsh, but could be true. There's more to enjoying "nice things" than
simply being able to pay for them.
>---------- ----- ---- --- -- - - - -
Don't pay malware vendors - boycott Sony
>---------- ----- ---- --- -- - - - -
.
- References:
- Re: Security? What security?
- From: NoNoBadDog!
- Re: Security? What security?
- Prev by Date: Re: Do I have TOO MANY antivirus, antispyware, etc
- Next by Date: Re: BITS error code -2147024891 or 0x80070005 prevents install updates
- Previous by thread: Re: Security? What security?
- Next by thread: Re: mystery services found on my xp pro machine
- Index(es):
Relevant Pages
|
