Anti-virus pioneer Alan Solomon thinks anti-virus is dead. He uses Linux instead
http://blogs.techworld.com/war-on-error ... /index.htm
[quote]British anti-virus pioneer Dr Alan Solomon is so convinced that AV software no longer works that he gave up using it a “long time ago
Anti-virus pioneer Alan Solomon thinks anti-virus is dead. H
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
This should be even more true now that we know just how sophisticated malware has become. Here's a current example, Regin.
Some of you out there may be aware that I've had some serious tussles with malware infecting home computers I have tried to maintain for friends who are still tied to Windows by employers. In three cases I ended up totally replacing all software, after confirming that the hardware functioned perfectly under Linux. I've run scans from four different reputable antivirus companies without isolating any apparent malware, despite the machines in question being essentially unusable.
All three machines suffered a breakdown in networking software and Windows Update. Unfortunately, this doesn't lead to anything very specific. That whole subsystem is a house of cards which has repeatedly failed in the past due to problems not caused by malicious software.
I was particularly bothered by not having any clues about how to trace the problem to a source of infection, so I could plug the hole. This has changed in one sense: on November 24 a full scan showed definite malware on one restored machine at a time when nobody had been using it. The simplest explanation is that there was an infection already in the system after I replaced both the software and the disk holding it, but this was not found until it received an updated signature. This was about the time news about Regin broke, but this identification is complicated by the sheer number of malware programs listed at the same time. There is no question the infected system had a number of password protected files I could not explain.
The antivirus used at that time gave me a cryptic reference which doesn't match any other identifier used by other companies. When I have time, I intend to recreate the corrupted system on a separate disk, then use a variety of virus scanners with current signatures to see if I can gain a better idea of what caused these problems. If I were running a business, I would not want to bet on Windows remaining functional.
Some of you out there may be aware that I've had some serious tussles with malware infecting home computers I have tried to maintain for friends who are still tied to Windows by employers. In three cases I ended up totally replacing all software, after confirming that the hardware functioned perfectly under Linux. I've run scans from four different reputable antivirus companies without isolating any apparent malware, despite the machines in question being essentially unusable.
All three machines suffered a breakdown in networking software and Windows Update. Unfortunately, this doesn't lead to anything very specific. That whole subsystem is a house of cards which has repeatedly failed in the past due to problems not caused by malicious software.
I was particularly bothered by not having any clues about how to trace the problem to a source of infection, so I could plug the hole. This has changed in one sense: on November 24 a full scan showed definite malware on one restored machine at a time when nobody had been using it. The simplest explanation is that there was an infection already in the system after I replaced both the software and the disk holding it, but this was not found until it received an updated signature. This was about the time news about Regin broke, but this identification is complicated by the sheer number of malware programs listed at the same time. There is no question the infected system had a number of password protected files I could not explain.
The antivirus used at that time gave me a cryptic reference which doesn't match any other identifier used by other companies. When I have time, I intend to recreate the corrupted system on a separate disk, then use a variety of virus scanners with current signatures to see if I can gain a better idea of what caused these problems. If I were running a business, I would not want to bet on Windows remaining functional.
Never ever used antivirus on windows. Had no infections in over 10 years.
Never had to reinstall either....oldest 2000 is around 10 years now too.
As long as the gateways are present infections will happen regardless of whatever placebo software you have. The same software does not prevent gross stupidity either ...the main cause of problems on the hardened recent releases of windows....download and run in spite of warnings.
End of story really
Mike
ps antivirus seemed a waste of time anyway...a new virus can infect the world in a matter of minutes....the best antiv may take days to catch on to the new threat.
Never had to reinstall either....oldest 2000 is around 10 years now too.
As long as the gateways are present infections will happen regardless of whatever placebo software you have. The same software does not prevent gross stupidity either ...the main cause of problems on the hardened recent releases of windows....download and run in spite of warnings.
End of story really
Mike
ps antivirus seemed a waste of time anyway...a new virus can infect the world in a matter of minutes....the best antiv may take days to catch on to the new threat.
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
I'm curious about those "gateways". Does this mean your Windows installations were not connected to anything else? In that case I can agree.mikeb wrote:...As long as the gateways are present infections will happen regardless of whatever placebo software you have. The same software does not prevent gross stupidity either ...the main cause of problems on the hardened recent releases of windows....download and run in spite of warnings.
End of story really...
I will also agree if you are talking about people using dodgy sites like Yahoo! or Facebook.
As for "gross stupidity", does that include installing Google Chrome or Adobe Flash Player? Some problems with these I've successfully traced were caused by browser helper objects actually installed by M$ in some of its many incarnations, like bing or Skype Click-to-Call. (Bing also helpfully directs people searching for Google Chrome downloads to sites that add their own questionable product downloads.) Personally, I think anyone agreeing to pay for a product with a M$ EULA is guilty of gross stupidity from a legal standpoint. You might check on an organization calling itself Clickbank, which has emulated the M$ strategy of getting people to agree to hold them not responsible for rape and pillage via terms of service needed to do anything.
Hardening a machine running a M$ product today, rather than 10 years ago, should probably include packing the power cord socket full of Bondo.
User stupidity...downloading dubious software when an ad flashes at you for smilies or fix yer machine software...
these are machines connected to the internet... a router helps block the netbios/samba/rpc gateways otherwise there is a need for a bit of hacking/disabling for those.
browser helper objects...there is yer clue.
Your gateways are IE/outlook express/WMP7+/Msn messenger and automatic updates..and any software that uses trident and related active x controls, their abysmal security models let just about anything through with ease...the zone system is part of this mess and protects nothing... vista and newer have wrapped these up in cotton wool and do seem to require some user intervention now hence the stupidity thing.
Remove this bundled software as best you can and miraculously apart from a more stable system the bombardment of malware et al ceases.
Not using it is not quite sufficient as there is the integration of the desktop to bear in mind.
Funny really i never have had a problem via flash or java although the latter can be easily used via a hacked website it seems by tricking users into downloading software. To be honest if a website is hacked its going to be a no go zone generally.
By the way I do not browse carefully...I even used to goto dodgy ecard emails to see if I was safe.
As it happens I discovered all this because the computer seized up if making a few bookmarks in IE and had to be reset all the time...outlook took 10 minutes to even lauch, messenger was infection city and in a search for something better tried firefox and alternative email and chat software.... then found IE eradicator from 98lite and then learned about all the joys of the software I had just removed.
mike
these are machines connected to the internet... a router helps block the netbios/samba/rpc gateways otherwise there is a need for a bit of hacking/disabling for those.
browser helper objects...there is yer clue.
Your gateways are IE/outlook express/WMP7+/Msn messenger and automatic updates..and any software that uses trident and related active x controls, their abysmal security models let just about anything through with ease...the zone system is part of this mess and protects nothing... vista and newer have wrapped these up in cotton wool and do seem to require some user intervention now hence the stupidity thing.
Remove this bundled software as best you can and miraculously apart from a more stable system the bombardment of malware et al ceases.
Not using it is not quite sufficient as there is the integration of the desktop to bear in mind.
Funny really i never have had a problem via flash or java although the latter can be easily used via a hacked website it seems by tricking users into downloading software. To be honest if a website is hacked its going to be a no go zone generally.
By the way I do not browse carefully...I even used to goto dodgy ecard emails to see if I was safe.
As it happens I discovered all this because the computer seized up if making a few bookmarks in IE and had to be reset all the time...outlook took 10 minutes to even lauch, messenger was infection city and in a search for something better tried firefox and alternative email and chat software.... then found IE eradicator from 98lite and then learned about all the joys of the software I had just removed.
mike
I should add that the initial discoveries were all done on windows 98 which transformed into a secure and stable system...well as stable as you could get on DOS 
I applied the same approach to 2000 and XP with similar results though performance wise its not such a big hit unless you include the lack of antivirus dogging the system
NT4 of course came without this crap so there was nothing to do but enjoy it
(and original window 95 apparently....)
mike
I applied the same approach to 2000 and XP with similar results though performance wise its not such a big hit unless you include the lack of antivirus dogging the system
NT4 of course came without this crap so there was nothing to do but enjoy it
(and original window 95 apparently....)mike
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
I'm glad you clarified that Mike. I nearly mistook you for a M$ fanboy.
ActiveX controls are simply software wrappers around raw machine code. You can tell because they are decidedly non-portable. Because they have access to the raw machine keeping them out of trouble requires some pretty sophisticated work with virtual machines. Easier to eliminate them entirely.
Various "enhancements and extensions" to HTML, Javascript and Java nearly destroyed portability of browsers, as certain companies wanted. To this day it is hard to say how well common browsers conform to published standards, unless you consider IE11 as the standard, which makes this a tautology. I'm not sure anyone really knows exactly what IE11 does. I'm not even sure how many defective implementations of software objects M$ has produced. (Remember OLE 1 and 2? Those are ancient history.)
I recently went through a dialogue about "dangerous sites" with a friend, who felt that he was safe because he "never visited porn sites". My demonstration involved booting a Puppy derivative (Fatdog 64) and using my (updated) Firefox browser with NoScript, running in RAM, to check on what his familiar sites were doing. I tried his local newspaper site, which needed permission to display the home page. This paper was part of a syndicate, advertising group, etc. A second level of scripts brought them in. These companies then sold advertising to still others, which required a third level of scripting. I think it was on the 4th level of scripts that the ad appeared which offered to connect me with "hot single women" in my area.
My friend said he would never click on that ad. This is where I pointed out that the browser was already running code from that site in order to display the ad. At this point, I asked if he knew anyone at that small newspaper who seemed like an IT security expert. No. Did he realize how thoroughly dependent the newspaper was on advertising revenue to stay in business? Yes. How carefully do you think they check scripts used by advertisers before they run them? How well do they know these advertisers? More to the point, how much do you trust the people who prepared that ad about "hot single women"? Not much.
This is where the level-zero malware droppers get in, and it is not always immediately clear if an unfamiliar program which doesn't do anything obviously malicious is malware or not. Many legitimate programs use encryption to protect intellectual property or prevent alteration of their code. Unfortunately, the suppliers of common software are busy changing things at a pace which makes it virtually impossible to decide if every changed program is legitimate. (I have a call today to check on just such a problem. It might be OK, but I'm willing to bet against that.) This leaves wide open the question of unintentional bugs which open a system up to exploits, as we just learned in the case of Shellshock. (OK, that one counts as deliberate code intended for debugging, rather than malicious code. If we have to worry about criminal intent we will be like a legal system which can allow murderers to walk free.)
The malware with which I just had that tussle produced a symptom called "the Green Ribbon of Death". Unfortunately, this has turned up repeatedly in systems which were not apparently infected, all the way back to Windows Vista. One thing going on in these cases was that the OS was scanning every file in order to index it for quick searches and/or prepare thumbnails of pictures and videos. A program which accesses every file on the disk is an obvious target for anyone looking for exploitable information in a system. Video codecs require access to the bare machine for reasons of speed, which makes them popular with malware producers. This system service could invoke every codec already installed. If you have a list of zero-day vulnerabilities in common codecs, or a list of known vulnerabilities a particular user may not have patched, this looks like an ideal means of checking for weaknesses you can exploit.
The Regin malware, for which I supplied the link above, was not terribly stealthy compared to other malware. It was, however, designed to make it very difficult to trace this back to a source. While it used encryption repeatedly, it did not exploit the level of obfuscation seen in some botnet control software, which uses encryption incorporating the MAC address of the network adapter so that each machine has a unique key. Once that kind of sophistication becomes common, signature-based scanning will be virtually useless.
What happens then?
ActiveX controls are simply software wrappers around raw machine code. You can tell because they are decidedly non-portable. Because they have access to the raw machine keeping them out of trouble requires some pretty sophisticated work with virtual machines. Easier to eliminate them entirely.
Various "enhancements and extensions" to HTML, Javascript and Java nearly destroyed portability of browsers, as certain companies wanted. To this day it is hard to say how well common browsers conform to published standards, unless you consider IE11 as the standard, which makes this a tautology. I'm not sure anyone really knows exactly what IE11 does. I'm not even sure how many defective implementations of software objects M$ has produced. (Remember OLE 1 and 2? Those are ancient history.)
I recently went through a dialogue about "dangerous sites" with a friend, who felt that he was safe because he "never visited porn sites". My demonstration involved booting a Puppy derivative (Fatdog 64) and using my (updated) Firefox browser with NoScript, running in RAM, to check on what his familiar sites were doing. I tried his local newspaper site, which needed permission to display the home page. This paper was part of a syndicate, advertising group, etc. A second level of scripts brought them in. These companies then sold advertising to still others, which required a third level of scripting. I think it was on the 4th level of scripts that the ad appeared which offered to connect me with "hot single women" in my area.
My friend said he would never click on that ad. This is where I pointed out that the browser was already running code from that site in order to display the ad. At this point, I asked if he knew anyone at that small newspaper who seemed like an IT security expert. No. Did he realize how thoroughly dependent the newspaper was on advertising revenue to stay in business? Yes. How carefully do you think they check scripts used by advertisers before they run them? How well do they know these advertisers? More to the point, how much do you trust the people who prepared that ad about "hot single women"? Not much.
This is where the level-zero malware droppers get in, and it is not always immediately clear if an unfamiliar program which doesn't do anything obviously malicious is malware or not. Many legitimate programs use encryption to protect intellectual property or prevent alteration of their code. Unfortunately, the suppliers of common software are busy changing things at a pace which makes it virtually impossible to decide if every changed program is legitimate. (I have a call today to check on just such a problem. It might be OK, but I'm willing to bet against that.) This leaves wide open the question of unintentional bugs which open a system up to exploits, as we just learned in the case of Shellshock. (OK, that one counts as deliberate code intended for debugging, rather than malicious code. If we have to worry about criminal intent we will be like a legal system which can allow murderers to walk free.)
The malware with which I just had that tussle produced a symptom called "the Green Ribbon of Death". Unfortunately, this has turned up repeatedly in systems which were not apparently infected, all the way back to Windows Vista. One thing going on in these cases was that the OS was scanning every file in order to index it for quick searches and/or prepare thumbnails of pictures and videos. A program which accesses every file on the disk is an obvious target for anyone looking for exploitable information in a system. Video codecs require access to the bare machine for reasons of speed, which makes them popular with malware producers. This system service could invoke every codec already installed. If you have a list of zero-day vulnerabilities in common codecs, or a list of known vulnerabilities a particular user may not have patched, this looks like an ideal means of checking for weaknesses you can exploit.
The Regin malware, for which I supplied the link above, was not terribly stealthy compared to other malware. It was, however, designed to make it very difficult to trace this back to a source. While it used encryption repeatedly, it did not exploit the level of obfuscation seen in some botnet control software, which uses encryption incorporating the MAC address of the network adapter so that each machine has a unique key. Once that kind of sophistication becomes common, signature-based scanning will be virtually useless.
What happens then?
Hmm turning off that indexing of files is one of my first things I do....an inadvertant security measure perhaps
No...not a fanboy...I use computers and want them to work quickly and reliably.
Note that .NET is a huge pile of active x controls to create a virtual machine on machine... worrying really.
As for web page scripts only IE (and outlook etc) would attempt to run scripts in media fortunately... for everyone else that just leaves javascript...an annoyance but does it go any further than a crash in most browsers? Notice that outlook no longer uses the trident engine (express does I believe). Actually as a fanboy I would know the ins and outs of windows 8/9/10 but I only recently had a play with 7 for the first time to see if the bunny could be streamlined and how safe it actually was. It actually seems to do a fairly good job of removing IE at least in part. The trident engine in itself is ok as long as software using it does not let it near the net or potential threats.
The browser integration...I believe was MS attempt to own the emerging internet by creating windows only pages via their frontpage software and IE that matched its non standardness.....oh yes and propriety active x controls.
In my limited book for ANY code to be a threat it has to be added to a machine and then run.... if there is no mechanism for that apart from a human then it ceases to be a threat.
Linux is nice as it seems to lack such ridiculous security blunders... there may be obscure methods somewhere in there but why bother when windows continues to be such an easy target..after all its mainly idiots trying to make a quick buck in some way and they have not the brains or the resources to crack anything difficult.
One point that always occurred to me...If a big dummy like me with very limited computer knowledge at the time can harden a system to the extent that it's safe in practical day to day terms how come the mighty MS and all these security experts appears to continue to fail to achieve the same...unless of course its in their financial interests to perpetuate the problem.
The flip side is while there is an easy target more secure systems continue to be relatively left alone.... now there's a generalisation
Anyway an interesting discussion as always...
mike
No...not a fanboy...I use computers and want them to work quickly and reliably.
Note that .NET is a huge pile of active x controls to create a virtual machine on machine... worrying really.
As for web page scripts only IE (and outlook etc) would attempt to run scripts in media fortunately... for everyone else that just leaves javascript...an annoyance but does it go any further than a crash in most browsers? Notice that outlook no longer uses the trident engine (express does I believe). Actually as a fanboy I would know the ins and outs of windows 8/9/10 but I only recently had a play with 7 for the first time to see if the bunny could be streamlined and how safe it actually was. It actually seems to do a fairly good job of removing IE at least in part. The trident engine in itself is ok as long as software using it does not let it near the net or potential threats.
The browser integration...I believe was MS attempt to own the emerging internet by creating windows only pages via their frontpage software and IE that matched its non standardness.....oh yes and propriety active x controls.
In my limited book for ANY code to be a threat it has to be added to a machine and then run.... if there is no mechanism for that apart from a human then it ceases to be a threat.
Linux is nice as it seems to lack such ridiculous security blunders... there may be obscure methods somewhere in there but why bother when windows continues to be such an easy target..after all its mainly idiots trying to make a quick buck in some way and they have not the brains or the resources to crack anything difficult.
One point that always occurred to me...If a big dummy like me with very limited computer knowledge at the time can harden a system to the extent that it's safe in practical day to day terms how come the mighty MS and all these security experts appears to continue to fail to achieve the same...unless of course its in their financial interests to perpetuate the problem.
The flip side is while there is an easy target more secure systems continue to be relatively left alone.... now there's a generalisation
Anyway an interesting discussion as always...
mike
Re: Anti-virus pioneer Alan Solomon thinks anti-virus is dead. H
Here's the link for those who haven't seen Mr McAfee's YouTube ...James C wrote:... John McAfee rubbishing the software that still carries his name was one thing ...
https://www.youtube.com/watch?v=bKgf5PaBzyg :¬) [ NSFW ]
To be fair some of the punters are getting clickjacked , or drive-by-downloads , so gross-stupidity is not a necessary requirement to download malware.mikeb wrote:User stupidity...downloading dubious software when an ad flashes at you for smilies or fix yer machine software...
Unfortunately named malware category: PUP. Potentially Unwanted Program. This acronym will inevitably be expressed in lower case, and be an extra confusion for new users of Puppy Linux. I just removed one of these slithering varmints from a Win7 laptop, named crawler.com, which provides a gateway for an entire suite of junkware, like the rogue AV, Spyware Clear.
-
bark_bark_bark
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
O.K. bark_bark_bark, let's see a web page that is not devoted to advertising. Even this one has some.
clickjacking is one of the problems that bothers me, and it can be more subtle than you might think. Take a look at what is possible just in terms of changing appearance using CSS. You can make a page so confusing that people will click on a button which means the opposite of what they intend. Other ways to do this are to make the active region for the button you want people to click large, and the opt-out region small -- without changing appearance at all.
Drive-by-downloads are all over the place, and it is hard to do a great deal on the Internet without downloading and installing something. In many cases you have to fight to get the program you want without also getting a "download manager" you do not want. If you don't look real closely you may also have opted-in for services you never heard of by not unchecking a box.
All this still leaves out man-in-the-middle attacks providing code injection at nodes your connection passes through on the way to the site you want. These can even push the button for you if you don't select what the attacker wants. Trying to untangle the legal liabilities in such a case is almost hopeless.
We still have not exhausted the possibilities.
I can't let this thread go without sharing a story about one person who told me he never had trouble with malware on Windows. A few months after making this statement he called me in a panic, saying his computer was speaking Arabic to him. This was sufficiently unusual and interesting enough so that I made a trip to his house. As advertised, when we turned up the audio on that machine we heard what sounded like a telephone conversation in Arabic. There were two male voices. I caught a few words, but couldn't tell you what they were discussing. It sounded like a business conversation.
His machine was too far gone for me. I told him to buy the Fix-Me-Stick and run it. It ran for 10 hours, and found so much that it was impossible to guess which malware provided the Arabic Internet telephone service.
clickjacking is one of the problems that bothers me, and it can be more subtle than you might think. Take a look at what is possible just in terms of changing appearance using CSS. You can make a page so confusing that people will click on a button which means the opposite of what they intend. Other ways to do this are to make the active region for the button you want people to click large, and the opt-out region small -- without changing appearance at all.
Drive-by-downloads are all over the place, and it is hard to do a great deal on the Internet without downloading and installing something. In many cases you have to fight to get the program you want without also getting a "download manager" you do not want. If you don't look real closely you may also have opted-in for services you never heard of by not unchecking a box.
All this still leaves out man-in-the-middle attacks providing code injection at nodes your connection passes through on the way to the site you want. These can even push the button for you if you don't select what the attacker wants. Trying to untangle the legal liabilities in such a case is almost hopeless.
We still have not exhausted the possibilities.
I can't let this thread go without sharing a story about one person who told me he never had trouble with malware on Windows. A few months after making this statement he called me in a panic, saying his computer was speaking Arabic to him. This was sufficiently unusual and interesting enough so that I made a trip to his house. As advertised, when we turned up the audio on that machine we heard what sounded like a telephone conversation in Arabic. There were two male voices. I caught a few words, but couldn't tell you what they were discussing. It sounded like a business conversation.
His machine was too far gone for me. I told him to buy the Fix-Me-Stick and run it. It ran for 10 hours, and found so much that it was impossible to guess which malware provided the Arabic Internet telephone service.
Enjoying this, really.
One of the few things I could not get people to understand is that the mailbox is THE primary gateway into a computer. If you pick up and sort your mail at the server, rather than downloading mail, about 90% of all problems magically disappear (W98 days). So that meant to TOSS Outlook (Express) or better yet, never install it. A month with Mail 1.1 (W95.2) with its ibx and obx extensions will confirm. Good-bye D/L mail, hello server.
But this new security-ware like AdBlock(Edge)... does it just remove the pix, or does it actually block coding like NoScript? NFN, but its taking up 25MB on a / size of 460MB (about 5.5%). In M$-bloatware 25MB is nada, but Puppyware is a bit more lean... just a wee bit.
One of the few things I could not get people to understand is that the mailbox is THE primary gateway into a computer. If you pick up and sort your mail at the server, rather than downloading mail, about 90% of all problems magically disappear (W98 days). So that meant to TOSS Outlook (Express) or better yet, never install it. A month with Mail 1.1 (W95.2) with its ibx and obx extensions will confirm. Good-bye D/L mail, hello server.
But this new security-ware like AdBlock(Edge)... does it just remove the pix, or does it actually block coding like NoScript? NFN, but its taking up 25MB on a / size of 460MB (about 5.5%). In M$-bloatware 25MB is nada, but Puppyware is a bit more lean... just a wee bit.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
Yes perhaps my language was a bit strong there.... I meant the ...'do you wish to download/run this software' warnings being ignored when unsolicited as well as wanting shiny thingies. And of course those 'your computer is faulty...we will fix it'. stuff.To be fair some of the punters are getting clickjacked , or drive-by-downloads , so gross-stupidity is not a necessary requirement to download malware.
Seems like kids need educating about this at school and what to look out for (stuff most here will be well aware of and ignore) and then they tell their parents. Humans can make very effective antivirii tools.
Email as the source of most evil...yes outlook express is a major culprit...sad the tale of the woman who said she got a new laptop...got a few emails ...one of them stuffed the machine...it was put away and not used since...what a waste and all because of THAT program.
It also means I find so many are reluctant to use emails at all and prefer to communicate via say facebook....another great waste of a really useful tool. MS blunders cause whole cultural shifts. By the way since using thunderbird since 0.6 not a sniff of a problem.
I must also mention after removing all that gateway 'software' I did occasionally download and run something dodgy.... the dark days of file sharing I must admit. Such nasties sat their gobbling 100% cpu but failed to totally entrench or spread themselves further...why?...It appeared that they were looking for the very software (programs and related active x controls to be more specific) I had removed. All I had to do was kill the process and delete the file in question and no further harm done. In other words these 'gateways' work both ways both to get in and allow spreading elsewhere....all the more reason to neutralise and remove.
mike
I have XP installed on my desktop PC, but almost always run Puppy instead.
Are there any detailed instructions available about what I should do to XP to make it save.
So far:
I seldom use it to go online, and NEVER use it to fetch emails.
Installed Time Freeze so I can choose to NOT SAVE session changes in XP.
Are there any detailed instructions available about what I should do to XP to make it save.
So far:
I seldom use it to go online, and NEVER use it to fetch emails.
Installed Time Freeze so I can choose to NOT SAVE session changes in XP.
Hmm well in the past I use tools from 98lite / xplite.... some are free some are not.
I also used to manually get out the chopping scissors but that's time consuming and error prone but a way to learn I suppose.
More recently I used fred vorck's fileset to make a windows 2000 that installs without the bad guys ... and for XP, nlite is great tool to achieve the same thing.
Its much cleaner to prevent installation than to remove after which is what the XPlite tools do but that's not always convenient.
As you mention...You have XP yet are unable to use it to its full extent.... not getting value for money really.
There may be some value to using XP and simply using alternative browsers and email clients .... I just like to play safe though have been using/testing XP with the core HTML renderer left in for convenience and had no problems yet...XP just cannot be dealt with as cleanly as 2000 or 98.
mike
I also used to manually get out the chopping scissors but that's time consuming and error prone
but a way to learn I suppose.More recently I used fred vorck's fileset to make a windows 2000 that installs without the bad guys ... and for XP, nlite is great tool to achieve the same thing.
Its much cleaner to prevent installation than to remove after which is what the XPlite tools do but that's not always convenient.
As you mention...You have XP yet are unable to use it to its full extent.... not getting value for money really.
There may be some value to using XP and simply using alternative browsers and email clients .... I just like to play safe though have been using/testing XP with the core HTML renderer left in for convenience and had no problems yet...XP just cannot be dealt with as cleanly as 2000 or 98.
mike
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
Even under Puppy, I never run HTML scripts from email. I use Sylpheed for text emails, and if the content looks reasonable, I will open an HTML file turned into an attachment using a browser which runs as special user "spot" which can only write to its own directory. If the text looks dodgy, it doesn't even get that far.
Some people who used to send me infected email stopped doing so after they realized I was contributing this to antispam sites which check for malware. I have been blacklisted by blackhats.
p.s. the only public places to contribute spam I know of today are spamcop and spam@uce.gov, (be sure to include headers). Most public sites have stopped accepting examples to avoid DDoS attacks. They now rely on their own secret honeypots to collect data.
I can't emphasize enough that anything programmable is likely to end up being Turing Universal. It is difficult to create models of computation which stop just short of that. My adviser proved a system allowing only two variable names and a very limited set of rules of inference was Universal. Famous problems in mathematics have turned out to be equivalent, even when they did not appear to be programming systems at all. C.A.R. Hoare tried to create a restricted set of primitives for communicating sequential processes which would avoid this in parallel processing. This turned out to be Universal. Even Conway's game of Life and Langton's Ant are Universal. Your screen saver may be Universal.
This means they can do anything any other program can do. The only restriction is on the memory and devices they can access and the time it takes. With even video cards now having gigabytes of memory, and thousands of processors, together with direct access to hardware, I would hesitate to say what is impossible. If you don't control what runs on a machine you literally have no idea what it might do.
Some people who used to send me infected email stopped doing so after they realized I was contributing this to antispam sites which check for malware. I have been blacklisted by blackhats.
p.s. the only public places to contribute spam I know of today are spamcop and spam@uce.gov, (be sure to include headers). Most public sites have stopped accepting examples to avoid DDoS attacks. They now rely on their own secret honeypots to collect data.
I can't emphasize enough that anything programmable is likely to end up being Turing Universal. It is difficult to create models of computation which stop just short of that. My adviser proved a system allowing only two variable names and a very limited set of rules of inference was Universal. Famous problems in mathematics have turned out to be equivalent, even when they did not appear to be programming systems at all. C.A.R. Hoare tried to create a restricted set of primitives for communicating sequential processes which would avoid this in parallel processing. This turned out to be Universal. Even Conway's game of Life and Langton's Ant are Universal. Your screen saver may be Universal.
This means they can do anything any other program can do. The only restriction is on the memory and devices they can access and the time it takes. With even video cards now having gigabytes of memory, and thousands of processors, together with direct access to hardware, I would hesitate to say what is impossible. If you don't control what runs on a machine you literally have no idea what it might do.
Hmm I have found HTML mail to be totally harmless in any other client and always have it enabled...as far as I see in thunderbird and others an image is ....erm.... just an image...it gets passed onto an image decoder/display and you see a picture...nothing more...as it should be. I like computers and I like having the visual content they can provide. Being able to send photographs via the internet was one of our first PC joys back in thee day.
Again its a case of users losing out due to one company's poor software. Never felt hotmail was great either and tended to tie users to express...again most accept it as its the first thing stuffed down their throats when you first turn on yer new PC. Adobe now force IE usage as part of their pdf reader install.... why force a known security leak I ask??
Its all a bit smelly really.... and I may not be in a perfectly safe place but in practical terms it works...know your enemy sort of thing. I just mention it as it may be of help to others.
Mike
mike
Again its a case of users losing out due to one company's poor software. Never felt hotmail was great either and tended to tie users to express...again most accept it as its the first thing stuffed down their throats when you first turn on yer new PC. Adobe now force IE usage as part of their pdf reader install.... why force a known security leak I ask??
Its all a bit smelly really.... and I may not be in a perfectly safe place but in practical terms it works...know your enemy sort of thing. I just mention it as it may be of help to others.
Mike
mike
Hi all...
I would greatly suspect that if, at some point in the future, Linux were to gain a much greater market share, we will no longer be enjoying this form of "immunity."
Regards...
I would greatly suspect that if, at some point in the future, Linux were to gain a much greater market share, we will no longer be enjoying this form of "immunity."
Regards...
Our Lord and Savior [url=http://peacewithgod.jesus.net/]Jesus Christ[/url] loves and cares about you most of all!
PLEASE READ! You don't have to end up [url=http://www.spiritlessons.com/Documents/BillWiese_23MinutesInHell_Text.htm]here![/url]
PLEASE READ! You don't have to end up [url=http://www.spiritlessons.com/Documents/BillWiese_23MinutesInHell_Text.htm]here![/url]
security by obscurity is a bit of a common myth.... on linux you simply don't have those howling security blunders in spite of some of the drama you see around.I would greatly suspect that if, at some point in the future, Linux were to gain a much greater market share, we will no longer be enjoying this form of "immunity." Wink
Anyway I was talking about security on windows and I hear that's pretty commonplace
mike