[Hidden-tech] Windows security (sic)

Ben Liyanage ben at smartankgroup.com
Fri May 27 16:49:31 EDT 2005

Previous message: [Hidden-tech] Windows security (sic)
Next message: [Hidden-tech] Windows security (sic)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is not completely true.  While you do have to agree to run a program,
windows has added the lovely feature where you can set it to automatically
run scripts from a particular site/company.  Once you say yes to that, you
automatically say yes to the rest.  This is trouble, and also why I do not
use this "feature".

Ben Liyanage
ben at smartankgroup.com
410.336.2464

-----Original Message-----
From: hidden-discuss-bounces at lists.hidden-tech.net
[mailto:hidden-discuss-bounces at lists.hidden-tech.net]On Behalf Of Andy
Klapper
Sent: Friday, May 27, 2005 12:19 PM
To: hidden-discuss at lists.hidden-tech.net
Subject: RE: [Hidden-tech] Windows security (sic)


   ** Be a Good Dobee and help the group
   ** Fill out the survey/skills inventory in the member's area.
   ** Remember you must be counted to post .

Once upon a time I worked as a consultant for the group at IBM Research
responsible for their now defunct Anti-Virus product.  (In the end we built
a really cool automated virus definition/repair generator for Symantec after
Symantec (Norton Anti-Virus) bought out IBM's product).

A lot of what has been said is true.  You can avoid virus and other bad
things by being paranoid, or as I like to call it sensible.  Use Windows
Update to keep your system up to date (it usually takes a couple of months
to a year for virus writers to exploit a hole in the OS and once that hole
has been fixed the virus will not work).  Block pop-ups and Active-X scripts
unless you know they are both necessary and from a safe place.  Never click
on a button to close a window that you are suspicious of (use the X in the
upper right).  Don't follow any link in an add that was mail to you, even if
its from a company that you know (it could have been spoofed).  Don't
download a toolbar/screen saver/ or cute game from anywhere.  And many more
others mentioned before.  I've run my Windows based system for years (using
outlook express, IE, and Word) with old or no protection and when I recently
installed a new copy of Norton Anti-Virus, updated the data files, and ran
it on my machine it found no viruses.  Clean living can and does work.
Given that virus and spyware creation seems to be moving out of the "script
kiddie" mode into a professional criminal activity I just no longer willing
to bet my identity on clean living alone.  (It also makes sense to watch the
cookies as they can be used to track your use of the internet).

Linux is better, mostly because it has less market share and thus less glory
(or profit) in infecting it, and less ability to spread since a Linux
specific virus cannot replicate on a Windows based machine (and vise versa).
As Linux gains more market share on the desktop it's value as a target will
go up and so will the threats.  (It also hurts Microsoft that they try to
have a common scripting language and high integration across all of their
products, which is a great thing on so many levels, but opens their products
up for attack).

The reason I jumped into this conversation is because the below comment is
false.  For a virus to do its thing it must be run.  If you download that
cute screen saver or toolbar you are asking for some code to run.  If you
don't take the appropriate steps viewing an email in an Active-X enabled
email reader you could cause the Active-X code to run.  But unless you run
the application it stays dormant on your machine.  I have a stack of virus
infected test files on a CD.  I can copy those files onto my hard drive and
as long as I do not open the files they will do no harm.  The below
statement is false and most likely started by somebody with an ax to grind
with Microsoft and not a whole lot of knowledge of how software works.  (I
don't think the poster here started the rumor, only passed on the
dis-information gained on the net).

> Some [virus/spyware] can get in if you have Outlook Express or
> Microsoft Outlook installed even if you don't use either of those
> programs.



Andy

Asgard Technology Group, LLC


_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members

Previous message: [Hidden-tech] Windows security (sic)
Next message: [Hidden-tech] Windows security (sic)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Hidden-discuss mailing list