D
darwinist
kurt said:
Well no, so you only download from trusted sources.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Well no, so you only download from trusted sources.
D
darwinist
jm said:And how do you do that? One of the tactics used by malware writers is
to disguise things so that they look trustworthy. You can't tell
whether something has a virus just by looking at it. The only way to be
100% sure of not getting a virus is to stay off the Internet and never
install anything. Even with AV software you're only 99.9% sure, but
that's still a lot better than relying on instinct.
Who you got it from is important. Also if there's a checksum you can
make sure it is what it says it is.
D
darwinist
David said:From: "darwinist" <[email protected]>
| I've never had one myself, but according to the McAffee site I linked
| to: "Trojans do not self-replicate. They are spread manually, often
| under the premise that the executable is something beneficial.
| Distribution channels include IRC, peer-to-peer networks, newsgroup
| postings, etc." - (Under "Method Of Infection")
|
| As I suggested earlier, learn to recognise untrustworthy software.
You have much to learn about vulnerabilities and exploitation !
BTW: McAfee's web site has inadequate information on this subject matter.
As I said, give me any url and I will go there with my browser and no
anti-virus software.
D
darwinist
edgewalker said:Being bad software is not the same as being a virus, plus you are
confusing viruses with exploit based malware.Viruses don't need
vulnerabilities to work, they only require normal functionality. You
admitted to your use of Thunderbird as a browser after declaring
that all one has to do is not use vulnerable software while even
Thunderbird has had vulnerabilities (you break your own rule).
They also have to go to a compromised site before the hole is patched.
I've never had a problem. Also thunderbird is an email client, firefox
is the browser.
D
darwinist
David said:From: "darwinist" <[email protected]>
|>> What kind of a browser do you use where a *website* can give you
|>> malware? The worst I've had from a website was a bunch of pop-ups
|>> jumping around my screen, so I went to tools->options and disabled the
|>> ability of javscript to move and resize windows. Problem solved.
|>>
|>> Give me any website and I will go there without anti-virus.
|>>
|
| Hmm, all my video files play fine. Why do I need another one?
|
|
| Never heard of it, musn't be a popular codec. Quick google search.
|
| http://www.google.com/search?hl=en&lr=&q=media+codec.com
|
| Oh what? It's a trojan. Good thing I looked into it for 3 seconds.
|
|
| LOL "download and install the latest version". Two untrustworthy
| sources of software quickly identified: media-codec.com and David H.
| Lipman.
|
| But you said that websites could give you malware, it hardly counts if
| the website is just a conduit for me agreeing to copy and install a
| trojan. That's not fair to the web and all the people who work hard on
| making secure web clients.
|
| That's like blaming the city gate for the original trojan horse.
|
Yeah, there are a couple dozen web sites puporting to be a Digital Key Generator or Media
Codec and are really ZLob Trojan installers. The web sites are auto-generating new variants
on a daily basis. Usually the same named file but the MD5 checksum gives it away.
Obviously I new they are malicious sites and that why I posted the URL obfuscated.
However, it was meant to drive home a point. A good Social Engineering disguise will allow
a well crafted malicious site and malware combo to get past one's personal defenses. The
anti malware community is working hard with the AV vendors to h\get these new variants to be
better detected via heuristics.
Or you can learn what to trust on the internet and not hope the
software will do it for you as it slows you down.
D
darwinist
kurt said:darwinist said:kurt wismer wrote:
[...]No that's a firewall, or a secure client. Anti-virus tries to clean up
the infection.
???!!!
boy have you got it wrong...
known virus scanners are essentially a blacklist technology - the best
place to use a blacklist is at the entrance... av software is for
prevention first and foremost, for detection of preventative failures,
and for recovery from preventative failures...
Anti-virus software is a blacklist applied to what's already on a
computer, so it's already past the entrance. A firewall or secure
client is a whitelist at the door.
Unlike, say, a text-email or an mp3, your default attitude to
executables should not just be to take anything from anyone and try it
out in case you like it. Instead you should whitelist from the start.
ok, i think there's a bit of a crossed wire here... you seem to be
seeing only 2 possibilities - either it never gets to the actual machine
at all or it gets to the machine *and* gets executed... i'm talking
about the 3rd scenario where you download it to a holding area to be
scanned first before doing anything else with it...
yes it is technically 'inside' the system at that point, but it is just
barely inside the entry point...
You would allow it on your hard disk or in your memory before stopping
it? Why take the risk?
O
optikl
darwinist said:As I said, give me any url and I will go there with my browser and no
anti-virus software.
www.gfy.com
D
darwinist
optikl said:
Yeah looks good. What am I supposed to have caught?
E
edgewalker
darwinist said:They also have to go to a compromised site before the hole is patched.
I've never had a problem. Also thunderbird is an email client, firefox
is the browser.
Nevertheless, vulnerable software is vulnerable software. I am not one
to argue against your underlying point - it is a fact that most of today's
malware is fairly easy to avoid. Most of today's malware is not viral,
and it is the virus that makes AV necessary. The exploit based malware
threat is (as you indicate) mitigated by minimizing the exposure time of
whatever vulnerabilities you do have - i.e. prompt patches and overall
more secure software (this is - not MSware). Computer viruses (real
computer viruses) have nothing to do with software that is vulnerable
to exploit code. They are programs that execute with the authority of
a program that you execute. They attach themselves to existing code
areas. If they appear as a new program (email attachment for instance)
then you can as easily avoid them as any other trojan, but if one attaches
itself to a program you trust (or is implicity trusted by the system) then
AV would become a necessary avoidance tool.
Viruses can betray trust - they can even infect a program you yourself
wrote and trust.
E
edgewalker
darwinist said:Well no, so you only download from trusted sources.
The problem is that trusted sources cannot be trusted to not have a virus.
If you only got your executables from trusted sources, you could avoid
"almost" all malware. AV can help with the rest. If you judge a "virus" to
be that which "antivirus" is against, then you judge wrongly. What AV is
now is an "enabler" of unsafe practices. What it was, was a necessary
tool to detect that which is not as easily avoided as what you envision.
D
David H. Lipman
From: "darwinist" <[email protected]>
|
| As I said, give me any url and I will go there with my browser and no
| anti-virus software.
|
No matter how stringtley you may want to argue this point, I will by no means get you
infected. I know I could give you a URL and you would have more activity on your PC then
you could deream about with the Haxdoor RootKit, non-viral malware and viral malware
installed within 60 secs. I will tell 'y there are some real nasty ones, by the Russian
Mob, that are in the Internet domain, .BIZ
I am NOT about getting people infected. Just the opposite. I wouldn't even do it to prove
I'm right. Those who know me will concur. If you want to dig your heels in the sand and
play Tommy (as in the Who's movie/album) that's your right. However I'm here, in this and
other virus related News Groups, to provide the facts that under the right conditions you
can be infected within seconds.
|
| As I said, give me any url and I will go there with my browser and no
| anti-virus software.
|
No matter how stringtley you may want to argue this point, I will by no means get you
infected. I know I could give you a URL and you would have more activity on your PC then
you could deream about with the Haxdoor RootKit, non-viral malware and viral malware
installed within 60 secs. I will tell 'y there are some real nasty ones, by the Russian
Mob, that are in the Internet domain, .BIZ
I am NOT about getting people infected. Just the opposite. I wouldn't even do it to prove
I'm right. Those who know me will concur. If you want to dig your heels in the sand and
play Tommy (as in the Who's movie/album) that's your right. However I'm here, in this and
other virus related News Groups, to provide the facts that under the right conditions you
can be infected within seconds.
K
kurt wismer
darwinist said:kurt wismer wrote: [snip]ok, i think there's a bit of a crossed wire here... you seem to be
seeing only 2 possibilities - either it never gets to the actual machine
at all or it gets to the machine *and* gets executed... i'm talking
about the 3rd scenario where you download it to a holding area to be
scanned first before doing anything else with it...
yes it is technically 'inside' the system at that point, but it is just
barely inside the entry point...
You would allow it on your hard disk or in your memory before stopping
it? Why take the risk?
handling new materials (which may or may not be malware) in this way is
no more risky than handling knives... the risk is in the possibility
that i might do something stupid...
malware, ultimately, is a subset of software... it's supposed to *do*
something, therefore it has instructions of some sort, therefore it has
to be executed in some way... so long as i'm careful not to let that
happen there shouldn't be a problem...
K
kurt wismer
darwinist said:kurt said:i'm sorry, prescience doesn't seem to come standard with the humandarwinist said:kurt wismer wrote:
darwinist wrote: [snip]
Safety Goggles:
- Prevent access to your eyes, again they're what i'm advocating;
rather than, say, some kind of "eye cleaning and healing fluid" to be
applied after all the damage is done.
anti-virus products can prevent execution of the virus and therefore
prevent access to the resources required to do damage or infect...
Or you can prevent the *existence* of the virus on your computer, by
not downloading it.
condition...
Well no, so you only download from trusted sources.
and who should i trust? microsoft? they've accidentally distributed
malware in the past... nobody's infallible, not even trusted sources...
which is not to say that one shouldn't also incorporate a preference for
dealing only with trusted sources into one's defenses - it's just not
sufficient by itself...
N
Noel Paton
darwinist said:Who you got it from is important. Also if there's a checksum you can
make sure it is what it says it is.
Bull - all that tells you is that the checksum number that you get is the
same as the one that the site tells you to expect.... if the site bundles
malware and then does the checksum run, you're stuffed!
Checksums tell you that the file you receive has *probably* not been altered
from that which the checksum was originally run on - but it's possible for
two totally different files to have the same checksum, and it's also
possible for a malicious site to run the checksum after bundling malware.
--
Noel Paton (MS-MVP 2002-2006, Windows)
Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm
http://tinyurl.com/6oztj
Please read on how to post messages to NG's
N
Noel Paton
darwinist said:Yeah looks good. What am I supposed to have caught?
The joke?
--
Noel Paton (MS-MVP 2002-2006, Windows)
Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm
http://tinyurl.com/6oztj
Please read on how to post messages to NG's
O
optikl
Noel, he must be a thick one.Noel said:The joke?
N
Noel Paton
optikl said:Noel, he must be a thick one.
No doubt about that - but a thick 'what?
--
Noel Paton (MS-MVP 2002-2006, Windows)
Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm
http://tinyurl.com/6oztj
Please read on how to post messages to NG's
D
darwinist
Noel Paton wrote:
[...]
Then I recommend you don't get into the habit of downloading random
executables from random websites.
By 'possible for two totally different files to have the same checksum'
you mean like it's possible for all roulette tables on the floor of a
casino to spin the same number at the same time?
[...]
Bull - all that tells you is that the checksum number that you get is the
same as the one that the site tells you to expect.... if the site bundles
malware and then does the checksum run, you're stuffed!
Then I recommend you don't get into the habit of downloading random
executables from random websites.
Checksums tell you that the file you receive has *probably* not been altered
from that which the checksum was originally run on - but it's possible for
two totally different files to have the same checksum, and it's also
possible for a malicious site to run the checksum after bundling malware.
By 'possible for two totally different files to have the same checksum'
you mean like it's possible for all roulette tables on the floor of a
casino to spin the same number at the same time?
D
darwinist
kurt said:darwinist said:kurt wismer wrote: [snip]ok, i think there's a bit of a crossed wire here... you seem to be
seeing only 2 possibilities - either it never gets to the actual machine
at all or it gets to the machine *and* gets executed... i'm talking
about the 3rd scenario where you download it to a holding area to be
scanned first before doing anything else with it...
yes it is technically 'inside' the system at that point, but it is just
barely inside the entry point...
You would allow it on your hard disk or in your memory before stopping
it? Why take the risk?
handling new materials (which may or may not be malware) in this way is
no more risky than handling knives... the risk is in the possibility
that i might do something stupid...
Indeed, most adults can handle a knife without gloves if they are
paying attention.
N
Noel Paton
darwinist said:Noel Paton wrote:
[...]Bull - all that tells you is that the checksum number that you get is the
same as the one that the site tells you to expect.... if the site bundles
malware and then does the checksum run, you're stuffed!
Then I recommend you don't get into the habit of downloading random
executables from random websites.
Checksums tell you that the file you receive has *probably* not been
altered
from that which the checksum was originally run on - but it's possible
for
two totally different files to have the same checksum, and it's also
possible for a malicious site to run the checksum after bundling malware.
By 'possible for two totally different files to have the same checksum'
you mean like it's possible for all roulette tables on the floor of a
casino to spin the same number at the same time?
yep - when the tables are magnetic!
--
Noel Paton (MS-MVP 2002-2006, Windows)
Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm
http://tinyurl.com/6oztj
Please read on how to post messages to NG's