The safest Browser is IE7
in [Mozilla]
|
Prev: Firefox autodial
Next: Firefox is already running....
From: Moz Champion (Dan) on 6 Apr 2007 06:58 businessman(a)nomail.com wrote: > On Wed, 04 Apr 2007 01:22:41 GMT, "Moz Champion (Dan)" > <moz.champion(a)sympatico.ca> wrote: > >> >> Quite the opposite to your settings, I leave them ON all the time. I >> have the extension QuickJava that allows me to kill them per page if >> need be (for testing) > > There recently is (or was) a nasty malware program on AOL in one of > the flash ads that really caused havok with computers. Even if you > hate AOL, they are a mainstream service and somehow that flash ad was > right on their main page. The malware is called Winfixer. It placed > a popup on the screen constantly every few minutes even when not > online. That's why I dont trust flash player, not to mention the > irritating flash ads on almost every site these days. Here is the wikipedia page on Winfixer Note that in ALL cases the user has to accept the installation of the product - Hey, if you are going to install software on your machine then its up to you to check it out first! On the AOL/Flash problem. The conditions to be infected from such 1: Had to be an AOL member and sign on 2: Must have allowed (not blocked) ads 3: Must be running Flash 4: Must be running Active X And even after all that, all the user got was an offer to download/install the Winfixer program. So yes, it caused havoc, on computers whose owners downloaded the suppossed 'fix' program after getting the 'scare'. Once again. running Java or Flash is simply not a security hazard
From: businessman on 7 Apr 2007 08:32 On Fri, 06 Apr 2007 10:58:09 GMT, "Moz Champion (Dan)" <moz.champion(a)sympatico.ca> wrote: >businessman(a)nomail.com wrote: >> On Wed, 04 Apr 2007 01:22:41 GMT, "Moz Champion (Dan)" >> <moz.champion(a)sympatico.ca> wrote: >> > >>> >>> Quite the opposite to your settings, I leave them ON all the time. I >>> have the extension QuickJava that allows me to kill them per page if >>> need be (for testing) >> >> There recently is (or was) a nasty malware program on AOL in one of >> the flash ads that really caused havok with computers. Even if you >> hate AOL, they are a mainstream service and somehow that flash ad was >> right on their main page. The malware is called Winfixer. It placed >> a popup on the screen constantly every few minutes even when not >> online. That's why I dont trust flash player, not to mention the >> irritating flash ads on almost every site these days. > > > >Here is the wikipedia page on Winfixer > >Note that in ALL cases the user has to accept the installation of the >product - Hey, if you are going to install software on your machine then >its up to you to check it out first! > > >On the AOL/Flash problem. The conditions to be infected from such >1: Had to be an AOL member and sign on >2: Must have allowed (not blocked) ads >3: Must be running Flash >4: Must be running Active X > >And even after all that, all the user got was an offer to >download/install the Winfixer program. > This might be the case with THIS malware but is not always the case. I can recall 3 incidents in the past where malware got installed on my computer. In one case, a directory was created and malware program was installed on my drive without my knowledge whatsoever. I never did learn where it came from. The other case, I was supposed to download a shareware file which was listed on several legit download sites such as Tucows, Download.com, etc. It appeared legit. I was redirected to "the authors site". While the intended file downloaded, another malware program also downloaded and was installed. In a 3rd instance, I downloaded what appeared to be a pretty innocent screen saver with animal pictures. I dont generally use screen savers but thought the kids would like to see it. The download contained both a screen saver (as stated) and some malware that really caused a mess until I finally managed to kill it. Both were in the same install file, and the malware was actually 80% of the large file size. The screen saver portion when zipped was very small compared to the full download. NONE OF THESE WARNED ME OR GAVE ME ANY OPTIONS. > >So yes, it caused havoc, on computers whose owners downloaded the >suppossed 'fix' program after getting the 'scare'. > > >Once again. running Java or Flash is simply not a security hazard
From: John Thompson on 7 Apr 2007 11:46
On 2007-04-07, businessman(a)nomail.com <businessman(a)nomail.com> wrote: > This might be the case with THIS malware but is not always the case. > I can recall 3 incidents in the past where malware got installed on my > computer. In one case, a directory was created and malware program > was installed on my drive without my knowledge whatsoever. [...] > The other case, I was supposed to > download a shareware file which was listed on several legit download > sites such as Tucows, Download.com, etc. It appeared legit. I was > redirected to "the authors site". While the intended file downloaded, > another malware program also downloaded and was installed. Firefox by default does *not* automatically open downloaded files. If these did install without any user intervention, they were probably triggered by a script. Disabling Javascript will prevent this from happening. Check out the NoScript extension. > In a 3rd > instance, I downloaded what appeared to be a pretty innocent screen > saver with animal pictures. I dont generally use screen savers but > thought the kids would like to see it. The download contained both a > screen saver (as stated) and some malware that really caused a mess > until I finally managed to kill it. Both were in the same install > file, and the malware was actually 80% of the large file size. The > screen saver portion when zipped was very small compared to the full > download. NONE OF THESE WARNED ME OR GAVE ME ANY OPTIONS. In this case I suspect that you explicitly ran the installation program, which included a routine to install malware. This is not a browser issue, but user error in uncritically approving installation. Did you scan the downloaded file for malware prior to approving the installation? If not, no browser software security measure can protect you from this type of thing. -- John (john(a)os2.dhs.org) |