"cquirke (MVP Windows shell/user)" wrote in
There was a bug fixed by MS once, where scripts within cookies could
have been executed in the anything-goes My Computer zone.
The "fix" changed things so these scripts ran "correctly" in the
Internet Zone. IOW, MS considers it to be by-design to have scripts
hidden within cookies, and doesn't block them totally.
When I read that, I kinda got a lot less relaxed about cookies.
So far, the sky is still up there where we last saw it, though
But the machine has to be put at risk. If the machine is never put into a
risk position and one is aware of the risks, then running of those solutions
have no value, IMHO.
I agree with you; where we disagree, is on what constitutes "putting
the PC at risk". I'd say any Internet connectivity and any
installaton of software will expose one to this surface.
But of course, one has to know what he or she is doing
in this area and know what those risks are to avoid the risks.
What's changed is that we rarely find sites by entering URLs these
days - we are more likely to follow a link found by a search, or found
in a forum post, or from within a software installer.
When we get to the site, we reach not only what the webmaster put up
there, but also any hacker defacements (uncommon), banner ads (very
common) and other ads and fake links that could have been added by
commercial malware within the PC, and even by some ISPs.
In practice, a pattern I often see is a PC with no "viruses", a
functioning and up-to-date resident av (usually "Norton"), and a
metric spitload of commercial malware.
Malware begats malware, as settings and other "fences" get trampled
down, and some malware actively pulls down other malware. Defender
has value in that it can alert and block some settings changes.
Recently, I downloaded and installed Adobe Acrobat 8.1, and as usual,
I was obliged to use their "special" downloader. There was a checkbox
to opt in for their Photoshop Album freebie, which I wanted to check
out, so I checked that.
I noticed the download process pulled down the Google Toolbar, which I
didn't see mentioned anywhere in the site. WTF?
Then I noted this toolbar was active in IE, even though I specifically
UNcheck the setting to allow 3rd-party browser intrusions. Er,
"enhancements". Yup, the state of that checkbox had been silently
flipped by Adobe'Google's shovelware, and was now open to anything
else that can find its way in. And so, the system begins to rot.
Cases like these make me extend caution to software installs from CDs,
CDRs, USB sticks etc. even when off line. Unless you really trust
your av to take as active an interest in commercial malware as the
trad stuff, you may not be protected against this sort of thing.
I am very aware, as I could turn bad guy with ease, since I have been
programming professionally since 1980. But I am a nice guy.
Yep, me2. I'm often more amazed at what the bad guys DON'T do.
I think if you posted this into a Security and Firewall NG you may get a lot
of opposition about solutions like Ad-Aware, Spybot, WD, etc, etc.
The thing is, what is lumped together as "antispyware" is actually
quite a disparate bunch of technologies.
If you exclude passive protections like Spyware Blaster and some
aspects of Spybot, and exclude behavior alerters that operate like
"internal firewalls" like PrevX, All-Seeing-Eye and aspects of
Defender, you look at scanners on their own.
Even there, these work differently. Some run resident, others only on
demand, and some scan from the registry outwards, while others scan
files and then backtrack to registry, others do both. Some scan each
item for multiple baddies at a time, as av usually does; others scan
everything for a particular baddie at a time, as Spybot does.
If one knows how to protect and not to put the machine at risk, then for
someone like that, the solutions are of no value.
I like to have scanners for commercial malware on hand, but generally
dislike having them running resident. Defender's built in and on that
basis, I generally leave it there. Passive defenders like Spyware
Blaster are essentially free (as long as you aren't using a brain-dead
email app that is incompatible with the OS's feature set).
So at this point, I'm wondering if we really disagree at all ;-)
What I normally do, is use the old faithfuls AdAware and Spybot, along
with Spyware Blaster, as these don't impose any underfootware baggage
(I'm selective of what I use in Spybot; no Tea Timer etc.).
Then, if I have to check the system for malware, as part of the
process I will re-assert these three, and add A-Squared and AVG
Antispyware. These do run resident in a sense; A-Squared integrates
as a rt-click option, and AVG AS sits in the SysTray to update itself
and runs resident protection for a trial period.
My thinking is this; by needing a cleanup, these particular PCs are
higher-risk, and therefore may warrant extra care, and the trail
period of AVG AS's resident protection may catch things that are still
active, or that missed malware may try to pull dowm., etc.
Follow-up on such systems generally doesn't find first-month
re-infection, so the above may be "overkill". Or maybe I don't see
those re-infections because, lame as it may be, so far it works?
---------- ----- ---- --- -- - - - -
On the 'net, *everyone* can hear you scream
