Slashdot Mirror
New IM Worm Installs Own Web Browser
Aquafinality writes "A new IM worm discovered recently takes the novel step of installing its own web browser onto the victims PC. Ironically titled "The Safety Browser", its default settings actually make your PC less secure - switching on pop-ups, changing your home page and hijacking your desktop with a looped music track that plays every time you switch your computer on.
It's clear people cannot resist clicking "yes" to anything they're presented with via IM - with this in mind, what on Earth can we do so stop the spread of garbage like the above? To put it another way, will reducing the amount of potential "suckers" out there dissuade the bad guys from coming up with ever-more elaborate ideas such as this latest scam? Or is IM safety a lost cause?"
It's very hard to stop people executing something thats sent to them by someone they know - but for other vector methods, perhaps people should consider an IM client that doesn't include activeX
Anyway, mildly interesting, the worm makes no attempt to hide iteself with a "You are beaten, it is useless to resist" desktop paper (!) and music on startup (from TFA) Worse still, music starts to blare out of your PC. Not just any old music - bad music. Bad looped music, with screeching guitars and awful drum n' bass beats.
But not to worry XP SP2 users, you're protected.... again from TFA: snigger....
There are shills on slashdot. Apparently, I'm one of them.
Once again, fingers pointed at some conduit when the true culprit still seems to be Microsoft's OS. If I were to click the link in gaim, on a linux machine (assume for the sake of argument, this browser is platform independent and would work on a linux box)?
Probably not, because the typical default access for a linux user is unpriveleged (I've been working intensively in the linux environment, and I'll bet I've not been logged in as a priveleged user (i.e., root) more than two or three times a year during that span). But, an extremely significant percentage (I'll bet it's over 80%) of Windows users continue to be logged in with administrative priveleges -- most without knowing and understanding what that even means.
Until there's a more consistent and pervasive culture (come on Microsoft, help out with this... how about a PSA campaing?, you can afford it) where users have non-administrative logins, there's little to be done. I still see people on older machines where they haven't even bothered to configure users for their older Windows machines... and don't have the slightest concept of partitioned separate logins for distinct different users.
This isn't entirely IM's fault.
(In the meantime, if you're a serious PC user and you want some piece of mind, spring for the extra $500 for your own machine and make it yours and yours only. It's how I've set up friends who use their computers for business/profession who've nearly given up on PC technology what with (shared home) machines popping porn, running slowly, and going Toes Up on them. Sigh.)
Lost cause. Next article please.
Lies about crimes
You mean there is not some hot horny blond wanting late night action from me? I mean, how could I ay no?
Make "Yes" buttons, by default, HURT people physically.
I think safety is always going to be hard to push on people who don't seem to understand the importance of what you are telling them. I'm sure you'll know from your own experience how hard it is to get even your own parents to take adequate security steps. I don't understand what this virus is doing though surely you would notice a new browser and remove it? certainly not use it...
As for removing the incentive for people to do this I think it will be hard; there will always be a few "suckers" and even 1 in a million can be profitable; so it'll be hard to stop it.
*''I can't believe it's not a hyperlink.''
> Or is IM safety a lost cause?
The question is sensationalist given the context.
The article describes a particular new threat - all good and well.
However, no information on the distribution of IM attacks is given. We have no idea if they are rare or frequent. How can it then be asked if IM safety is a lost cause? the question is almost orthagonal to the article; one cannot have a meaningful opionion about IM safety in general given only information about the *existance* of a particular, new threat.
As others have said, and no doubt will continue to say, you will not change the masses' behavior. The problem is not that people will click on things that look interesting, the problem is that the program will execute something presented to it.
There is no reason that *any* instant message client should ever execute other code, privileged or not. That is not the purpose of IM- IM is not a program launcher, it is a tool for communication.
Although I know it's a pain in the ass for us admins, I almost have gotten to the point of hoping that all of these computers get infected to the point that they are no longer useable. Spyware has been around forever and everyone and their brother knows what it's capable of doing. For people to actually continue to let this infect their system is unbelievable. The only way this is going to be fixed is for people to have to pay hundreds of dollars to get their systems repaired until they get to the point where they either are tired of paying or they smarten up. Jesus people, just by using common sense this wouldn't be an issue.
My sig of choice is Marlboro
Its for Windows and Internet Explorer only :(
Why can't this run on Linux?
liqbase
I use two browsers. Konquerer has cookies, java, javascript, installs, delayed redirects, and my browser ID changed (it varies, but the New York Times gets a Googlebot).
I use Mozilla for all the "insecure" shit.
Anything that can be done with my "secure" browser, is done with my secure browser. Anyting that has to be done with more functionality, I ask myself if it's really worth compromising my security to get it done. Some places are a good risk, and some places aren't.
does the browser pass the Acid2 test?
The difference between stupidity and genius is that genius has its limits.
I can't really feel sorry for these people. In my book, if you're dumb enough to run some strange executable, then you deserve what you get.
Next month, an IM worm will install not just a browser, but an entire operating system. It will be Linux, but it will be setup to give the worm owner complete remote ops. It will have basic mail, IM , web browsing and word processing all via the usual open source tools, and will be made to look something like Windows. And 90% of the people who wake up to find this new OS running on their system will simply use it.
You KNOW they will. That's the level of what we're talking about.
For one thing people have become accustomed to random stuff showing up on updates and upgrades. The remore operatior will simply launch a splashscreen that says "A gift from Microsoft for your loyalty!" and people will go nuts. For another thing, there is a good deal of evidence accumulated over the many years of this malware war that the users who are keeping malware authors in business are total noobs. Many are developmentally disabled, or are children, or are computer phobes who avert their eyes when the machines "does something odd". Some are simply dumb as cabbages. They click "yeah sure, pwn me" on every dialog box because they are functioning as part of the attached peripherals a NOT an intelligent user.
No, I'm not bitter. I'm not being sarcastic. I've woken to the reality. This is our world, and we white hats are just a liitle slow on the uptake is all. What this suggests about computer ownership (like maybe you need an operator's license, as required with radio broadcasting, if you are going to traffic in the public sphere) is probably the next frontier of the discussion, that's all.
=^..^= all your rodent are belong to us
I know TC is not held in particularly high regard around here, but imagine this scenario:
1. An OS with a solid configurable TC implementation.
2. A knowledgeable computer user sets up the OS for the executablerunning IM user.
3. The OS is configured to only run applications from certain vendors (Mozilla, StarOffice, Microsoft?).
I would love to have TC for my sisters computer. She has never had the need to run any applications besides the ones I have installed.
Or is this already possible with any OS? The ability to specify a list of allowed executables and the disability for a user application to change the list.
When you try to make everything idiot-proof, you just raise the quality of the remaining idiots.
--- Asking inconvenient questions for over 30 years...
Yep, a lost casue, these sort of shenanigans have been occuring on IRC and through e-mail for years.
and some people will say, "Oh, Windows, default admin privledges, blah blah."
But the fact of the matter is, the only way this thing replicates is through user stupidity.
Split the friggin' internet in half.
Give out odd numbered IP addresses to Linux users, and even numbered addresses to Windows Users.
Then Linux computers just turn off access from even numbered source addresses.
Problem solved.
Ok - time for bed.
EMail: 0110001101100010010000000110001101110010 0110000101111010011011100110000101110010 0010111001100011011011110110
Just relabel the buttons to "No, thanks" and "Fuck off". Has anyone ever seen ActiveX controls do anything useful, anyway?
Send email from the afterlife! Write your e-will at Dead Man's Switch.
As long as people will click "yes" to install/run some random bit of software, Mac/Linux/*BSD/etc. are not going to be any better than Windows. These aren't holes in the OS, they are holes in the user. Much of the malware (spam zombies, SSH password scanners, etc.) doesn't need any special privileges to run, so it could run as a normal user.
Something like SELinux may help, but then email/IRC messages can just come with instructions for the chcon command to run (people open encrypted ZIPs with the password in the body already; putting a command to "fix" a download is not that different).
Internet Explorer 7!
We can browse if we want to,
we can leave your friends behind
Cause your friends dont browse and if they dont browse
Well theyre are no friends of mine
I say, we can browse where we want to,
catch a virus we will never find
And we can act like we come from out of this OS
Leave the real one far behind,
Anyone have any screenshots or a .torrent to the executable? I'd love to eval this new browser as an alternative to my enterprise's use of Mozilla. Anyone have any experience deploying this thing?
Somone who shouldn't own a computer continues to get infected, causing them to not be able to use their computer.
Why is this a bad thing?
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
We can browse if we want to
We can leave IE behind
Cause IE sucks ass, and since it sucks ass
Well it's no browser of mine
I say, you can browse where you you want to
A URL they'll never find
And... ah, screw it, I think I've got enough to get +5, Funny.
It's not the OS's fault, nor is it the IM program's fault. It's the fault of ignorant computer users, no matter what OS they use, doing stupid things that they know they shouldn't be doing, even when they're told constantly.
Thankfully, their ignorance means more money and work for me in my business to fix their problems that they brought on themselves.
If they're stupid enough to open something from a program that they know could be bad, then they do deserve whatever they get.
It used to be smart people using dumb computers - now it's dumb people using smart computers.
Your email has been returned due to insufficent voltage.
radio
In my 20 years of system administration I have often had people come to me and say "Peter, I just clicked the wrong button and my computer's acting funny." I've less often had people say "Peter, I downloaded a file to the desktop and opened it and my computer's acting funny." I've had several people say "Peter, I just clicked the wrong button AGAIN and I think I'm infected."
.NET-in-the-browser into the next Active Desktop disaster.
I've never had the same person come to me twice with "I've downloaded and opened a file and I'm infected." Give people even a small breathing space to think about what they're doing, without that reflex "gotta push a button" effect, and social social engineering is MUCH harder.
So...
You can solve this for most people simply by not including a mechanism for running untrusted content. Don't pop up a dialog box asking "What do you want to do with this application you just downloaded? (Open) (Show) (Ignore)". Don't even ask "The file you just asked to open is an appliaction? (Infect Me) (Cancel)". Just don't put the user in the position of deciding, right then, what to do with the file. Ever.
Firefox: get rid of the XPI install-from-web stuff. Let the user download the XPI and open it explicitly.
Apple: Dont' "open safe files after downloading"... there are no "safe files".
Microsoft: get rid of ActiveX and security zones and for god's sake don't try and make
All of the above: If it's a file you've got a safe application for... a *safe application*, not a *safe file*... open it explicitly IN THAT APPLICATION. Don't go "this is a ZIP file so I'll open it in whatever random program the user has for opening archives". Keep a database of safe programs to use on untrusted content like you keep a database of plugins people have explicitly installed. This would resolve SO MANY security issues... damnit.
(don't treat archives as "safe files", but that's another rant)
(in fact there's a lot of ranting I could add here...)
In Linux, applications are not executable by default. You have to first download it, save it somewhere in your home folder, change its permissions to allow execution and then run it. It gives you more time to realise that what you are doing is stupid. I think the average user that just wants to email and so on (the typical use who would get infected) wouldnt bother to learn all these steps.
But won't this make things harder for n00bs to play their stupid games? Not at all. Programs will in the future will be written to use a sandbox so that it will run with one click like always. Otherwise no-one will know how to run it. This is a good thing.
I'll probably be modded down for this...
Stop asking questions that the user can't answer.
The internet is full of people using computers. Some people are competent, others are not; some people are honest and others are crooks. There are some technically advanced, unethical people on the internet who will try to take advantage of the "suckers." What better place to find suckers than on IM channels - which are loaded with the younger set (many of which are gullible).
Since the internet is not centeral to any one government it is difficult to regulate which is both good and bad. The structure of the internet is quite versitile and is almost by design intened to be exploited (not just by bad guys but by anyone with a new or different idea on how to use it). This openess is what allows us to do so many different things on our computers but it is in and of itself a basic security weakness. One that as a community we have to decide on how we want to address it. Do we want some sort of international treaty that limits the use of the internet? Would doing this impede the creation of new ideas? If so, is the trade-off worth it? Would the crooks just find a different way around it? Could we impliment some sort of voting system where we could cast bad netizens off of the net? Could that work? If so, how could we keep that from being exploited by people with different agendas? Could some sort of system be developed where executables could be rated kind of like movies so that we would know before we executed them that they we either safe, somewhat risky, or downright dangerous? Could something like this be used by big business to impose their own will on the competition like Microsoft does with device drivers?
Like most people, I work to make sure that I keep my computer as safe as possible. I use security software, I have a firewall, and I am cautious about what I open. Still, I have been stung. It saddens me to know that criminals are always out there thinking up new ways to hurt people for fun or profit. I'd love to see them get caught and serve time in jail. But, there is another part of me that says that for every action we take to protect ourselves against them there is another reaction that is just as harmful to the internet as the crimes that they commit. I am convinced that no matter what we do to prevent them from doing something that they will work hard to find some new and possibly more dangerous way to exploit us.
I don't know what the answer is to all of this. I have far more questions than answers but I do know that there is a sucker born every minute and behind every corner there is someone waiting to exploit that sucker. This is true in the real world and on the internet too. For now, the best protection that you can have is to watch out for yourself and try not to be a sucker. Use the tools that are available to you to protect yourself (the most important tool is your brain) and think before you click!
What you're thinking of is something called "Tuxissa" which was
an April Fool's Joke around 1999 after "Melissa" had hit the
internet. The basic premise was to take
the Microsoft virus/worm attack of the day and piggyback
onto it kickstart or something like it.
The only problem at the time was the bandwidth requirements for
getting millions of basic Linux installs on all those Windows
boxes was prohibitive -- No one server could feed all those
client installs --- at least not in 1999.
However, now that we have Bittorrent and it's fairly robust,
Tuxissa now seems much more doable. In fact, it would be
the easiest way for a sysadmin who was tasked to convert
a local Microsoft network into a Linux network to go --
just pick the known exploit of the week and marry it up with
kickstart+bittorrent and seed server and away you go ---
boom! Instant Ubuntu/SuSe/Fedora/Debian/Slackware/whatever
local network.
--Johnny
what on Earth can we do so stop the spread of garbage like the above? To put it another way, will reducing the amount of potential "suckers" out there dissuade the bad guys from coming up with ever-more elaborate ideas such as this latest scam?
Clearly there isn't enough evolutionary pressure on the heard. What the good guys need to do is build computers that explode when the user does something stupid.
-Grey
Silver Clipboard: Time Management Tips
This is too wordy, and it makes a typical Windows user's head hurt, but it's the right idea:
http://www.secureyourcomputer.org/
No, it's not pushing any commercial addons. It needs to be made simpler and shinier, but most of all the word needs to get out.
"Ain't no right way to do a wrong thing."
Frankly, I rejoice at news of some ubervirus causing massive damage. Dang, I wish viruses went back to being plain malicious rather than profitable tools as they are now. Every noob that has their computer trashed is one less noob on the net, one step closer to a pre-september 1993 internet. People blame villains and crooks for spam, viruses, popups and other such malware but really it's all the fault of the idiots who make it good business. Here's hoping that noobs get hunted to extinction and we can claim back the net from the clueless masses.
Most applications don't need to do anything that requires root privileges. The worm could happily install its browser in the user's home directory. It won't affect other users, but that isn't a big consolation to most home machines where there are often just one or two users.
Maybe some uberuser should make a "Click here for Brittney Spears Pics" trojan that wipes the computer. It could load a little program that runs at startup and nukes the PC from orbit.
Any other bots and spyware on that machine go away, and the user ends up with a clean factory restore (after his brother-in-law comes over to show him how to use the restore disks).
Over time, this could be modified to seek out zombie machines directly.
Bigtime Consulting - "We're the best because we cost the most"
But safety is defined as the minimum of the user's ability and the system's. I.e. you can have the best user with knowledge about every single entry point for malware, if the system has a security hole that allows an outsider to run it (regardless of the user's attempts to avoid it), it will run.
Likewise, you can have a top secure system, where a team of a few hundreds experts waded for years through the source to make it absolutely bulletproof, when the user allows anything and everything to execute (provided he has the permissions to do that), the system is insecure.
There are only 2 possible ways of tightening security that I could see:
1. Disallow anything but the most basic functions. Disallow the user to install, execute or change any settings but what he needs to complete his predefined tasks.
2. Educate the user. Inform him about the pitfalls and security issues his computer has. Disallow the user to access a computer if he does not comply.
I think we can agree that 1 is not really a desireable option, except in an environment where a person exists that sets those parameters, e.g. a company where there is an admin to set those permissions according to the person's needs to perform his or her tasks. There is no sensible way to predefine for EVERYONE what he "needs" to run what he doesn't need to. It defeats the purpose of an all-purpose computer.
So safety is not a "lost cause". But safety is something we NEED to install. Not in the system.
In the user.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
(..just like the lameness filter.)
By reading the article, it seems it's just general user clicking on "OK" rather than "Save As" worm. How is it different if the delivery is done through email or popup or iframe on some website listed on Google or Yahoo or whatever cross link sites? Or AIM for that matter? How about Gaim? or How about Jabber?
Perhaps re-examining the actual exploit rather than delivery medium as the cause would be a good way to head toward right direction in my opinion.
"Don't let fools fool you. They are the clever ones."
UNIX/LINUX place a lot of restrictions on what can be modified by the user, and is part of where their good security comes from. Perhaps if children using AIM weren't logged in under the admin account or one with similar priviledges it would prevent the whole system from being hyjacked, and would just cause that account to need to be deleted. I don't know how much Windows limits user accounts, but if this isn't within the ability of Windows, it's quite sad.
In undeveloped countries, the consumer controls the market. In capitalist America, the market controls you.
Uhhh sorry but how fucking stupid do you have to be to get a worm via an IM program? Why is this shit even posted on /. ?
This worms only works with Yahoo Messenger.
How about making a new virus that, immediately after the user does something stupid enough to install it, turns the volume up to the max in windows, and starts looping a wav file that says "MORON ALERT!! W00PWOOPWOOP! MORON ALERT!!" and starts flashing their monitor red and blue, refusing any user input until they type "I have learned today that I should be more careful about the things I click on".
Oh yeah, and it sends itself to everyone in his address book, so that the shame can be shared among others.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Soon or later Microsoft has to do something about this. Their design is plain wrong, you can't run everything as Administrator by default. Happy Linux user :)
Pixel image editor - http://www.kanzelsberger.com
I think that we should take a wait and see attitude on this. I'm tired of working harder and harder to get around or protect other people from their own stupidity. If this thing is going to debilitate the computers of people too stupid to know better, then let it.
I'm tired of the moron. It's time they felt some pain.
This "worm" will knock the morons and AOLers off the net and then I no longer need to worry about them. Let it ride...
Look at www.trueprotection.com It works. And it's not definitions based.
what on Earth can we do so stop the spread of garbage like the above?
..
.. .. .. .. ;)
Install an OS that don't get viruses/worms and use a browser that cannot be hijacked.
--
Standby for the trolls to respond with
it's not that simple
software not available
smaller userbase
ease of use
have to compile the kernel etc
davecb5620@gmail.com
Maybe we can't put the genie back into the bottle, but I think the real problem is that every Internet-enabled application these days is bastardized into a file transfer mechanism. IM programs should be for typing messages back and forth between two or more people. Why should IM even have the ability to transfer files?
Ironic DOES NOT mean contradictory! It also doesn't mean improbable, funny, or coincidental.
Sometimes it's best to just let stupid people be stupid.
well - just make a "nice worm" that tells you
...
"hi, your computer is obviously insecure - may I install
[] firefox
[] thunderbird
[] AVG free (Antivirus)
[] hijackthis
[] and one of the following freeware firewalls: [insert firewalls here]
for you? - P.S. I'll install the software from official mirrors, no faked, phishing software - if I wanted to harm you, I could have done this already
[No] [Yes]
may I also interest you in
[] OpenOffice
[] miranda
[] bsplayer
[]
[No] [Yes]
May I recommend myself to your friends?
[No] [Yes]
thank you for your interest
I'll remove myself from your system now. goodbye!
[OK]
I think most people that stick with ms software do this because they have no clue how to install alternative software (seriously - my family uses PCs for 14 years now and still they call me and ask me how to install this and that software) so make a "worm" that assists you in making your pc more secure (and shows you that you need it at the same time) maybe put in links to small, easy-to-understand "getting started" sites...
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
The problem with SELinux is that it is a hard beast to manage. SELinux can be configured they way that you suggest. But someone needs to set policies for every file. Worst different policies may be required depending on the intended use of the computer. Google for some of the problems FC5 users are having with SELinux. The Windows NT kernel, with NTFS, has almost the same capabilities as SELinux. The fact that no one has come out with a super set of policies suggests that it is not that simple.
Does anyone have a link to the really bad music this worm subjects its victims to? Hearing it would seriously enhance my sense of schadenfreude...
--JoeProgram Intellivision!
a browser that cannot be hijacked
is this a joke or do you really beleive such a browser was actually possible?
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
It's clear people cannot resist clicking "yes" to anything they're presented with via IM - with this in mind, what on Earth can we do so stop the spread of garbage like the above? To put it another way, will reducing the amount of potential "suckers" out there dissuade the bad guys from coming up with ever-more elaborate ideas such as this latest scam? Or is IM safety a lost cause?
"Yes"
"Yes" "Yes" "Yes" "Yes"
Why isn't this working?
"Yes" "Yes"...
...
I give up.
That sounds a hell of a lot like the browser that gets installed with the new version of AIM. During install I tried telling it not to install the browser but it did anyway, was amazingly slow and had lots of pop ups. It sounds pretty similar to this worm.
I've always pictured the color of OS zealotry as a sort of bright flamingo pinkish hue
The problem with MacOS parental controls is that it basically hides apps from the finder. Other applications can be used to circumvent the contols. The only way to properly implement MacOS parental controls is to use fine grained ACLs at the kernel and filesystem level. Apple can implement these ACLs, but it is going to be a lot of work.
But it's apparently not limited to communicating thoughts and ideas, but also malware as well...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
You got edged out by another poster...
:-)
It was funny, yes, but not funny enough to outshine the first post of the joke...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Comment removed based on user account deletion
The only solution to this problem is to kill all the people.
Unfortunately we can't do that yet, so the problem remains unsolveable.
administration rights restriction.
I would say "user education" instead, but education is not a very strong value these days...
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
I've seen this IM worm... it's called AIM Triton.
It installs it's own browser: AIM Browser.
It requires a Plazo addressbook to use the address book features, or even to set your own information.
And it leaves an awful lot of crap on your desktop. Even after selecting the "No desktop icon" option.
Oh, and it crashed when I try to quit it. I guess the programmers never thought anyone would actually try to quit their amazing app.
Back to GAIM for me.
just stop fixing their virus infected systems. Give them a warning and be nice explaining hte rules of how they should not do certain things. but tell them you wont be fixing it again. They will then have to take it somewhere and it will be inconveniently fixed for a good chunk of money. they will learn when it costs them an extra hundred + time a month
The phrase "more better" is acceptable English. suck it grammar Nazis
No, it's the wrong question. It's not IM, it's Windows.
no information on the distribution of IM attacks is given. We have no idea if they are rare or frequent. ... one cannot have a meaningful opionion about IM safety in general given only information about the *existance* of a particular, new threat.
No, but you can have a meaningful opinion about the "safety" of Windows. Despite claims of being "a safe and secure" OS and then years of promisses to fix the mess, Windoze remains a security dissaster that threatens users and the internet itself. Vista, if it ever runs, won't be much better because the priorities are DRM and locking out free software.
Friends don't help friends install M$ junk.
Anyone else want to know where they can download this? To play with it in a VM or something? Does anyone know where it is?
There is another kind of evil which we must fear most, and that is the indifference of good men. -- Boondock Saints
Last I checkeded, the best cure for ignorance was education. The best way to defeat education is laziness, complancency and apathy. Ignorance is why the internet is such a problem for most people. They don't know how it works, they don't know how computers work, and they sure don't want to learn anytime soon. They want the one-click-easy-button without having to learn anything. Sad to say, (and I suppose it's a troll, but it's the truth) many of these one-click-easy-button people are admins. There used to be a day when you had to know something about how computers worked in order to use one. You can be an asset to yourself this way. Until someone *wants* to be educated, you cannot teach them anything.
Join the Slashcott! Feb 10 thru Feb 17!
...Right next to the Evil Bit(TM)!
You need to distinguish between vandalism and profit motives. Installing Linux is far too complicated for profit.
This is an obvious defacement attack of the kind that becomes more prevalent six months before the new M$ OS is released. The user will haul their computer into a local store and be told it's obsolete and that they had better upgrade to the next M$ dissaster.
Profit motivated attacks don't want performance degradation or to be noticed. They install keyloggers and ad servers of one kind or another. Ideally, the user thinks the net just sucks more as advertisements become more frequent and obnoxious. The goal is to keep them watching and to rob them. You can't do that when they wipe and reload, so performance degradations are a accidents or the result of an attack by a rival group. Typically, the cracker wants to keep the box from other crackers so they close up the holes they crawled though themselves. Eventually, a multitude of crappy code will break the machine.
A Linux replacement, while granting better control than Bill Gates' commercial nightmare, would be far too complicated to pull off. Something would be different or not work and the user would notice. It's much easier to swap out 50k worth of binary and registry files using Microsoft's own closed source vendor friendly code. Windows was make to keep things from the user.
Friends don't help friends install M$ junk.
Cars require them I think computers should too.
n/t
Relabelling the "Yes" and "No" buttons to the actual result of clicking it (e.g. "Install this software") might combat the reflex action and force people to actually read the message instead of just jumping to the Yes button.
Build computers with a robot arm that will reach out and smack the user in the back of the head every time they're about to run an EXE from a IM or popup.
A slightly lower-tech implementation has worked for me. When my friends ask me to fix their computer for the 30 billionth time after they infected it, I smack them in the back of the head and tell them not to be a moron, and then send them on to pay the Geek Squad to deal with their problems.
Where these people used to be reinfecting themselves on a weekly basis, they seem to have stopped now, so a combination of physical and wallet pain seems to be the best motivation to not be a retard.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
Changing People is a Lost cause...
To bad the worm doesn't display "Your An Idiot" to the beat.
OR simultaneously link all infected computers at once and display "We got the Beat"
Windows lets you restrict users to signed applications using Software Restriction Policies. It has several other options too.
What we really need is a virus that doesn't screw around with mail relays and botnet building and something that will just completely fry the machine of anyone stupid enought to catch it. Then the web will be a better place. It's called natural selection.
DONT PANIC
We can go when we want to
The night is young and the bandwidth high
And we can dress unneat from our hats to our feet
And no one will be the wise
Say, we can act if want to
If we don't nobody will
You can act real rude and be totally booted
from IRC like an imbecile
[Refrain]
I say, We can browse. We can browse.
Our machines are out of control.
We can browse. We can browse.
From firewall to firewall
We can browse. We can browse.
Everyone clear out your cache!
We can browse. We can browse.
Taking the spyware chaaance....
Safety browse
Is it safe to browse
Is it safe to browse
I almost feel ashamed for doing this, but I would like to take a moment to direct your attention to a parallel that has been bothering me as I was reading the replies to this topic.
...sucks to be at the centre of attention eh?). I am not from the US but I am sure I may end up working/living there at one point in my life so I take it at heart when I see your public freedoms taken away from you right under your nose. Ironically, it seems, everyone on this website has noticed this is happening, yet as soon as the same topic reaches technology I see a distinct and opposite view on something that is extremely similar.
Humour me, with all this talk of security and user stupidity I cannot help but notice the staggering similarity to current world politics (so U.S. politics essentially, right?
Humour me, read my post a little further:
Let's take Microsoft and compare it to the U.S. government, and let's take the PC users anc compare them to the citizens of the U.S.
Now, everyone here seems to be against the U.S. government taking away freedoms from the citizens because they are taking away freedoms in order to ensure security. Yet, we all seem to have no problem taking away a user's ability to do something in the name of security.
My question to you is, why is it that you defend so dearly your freedoms as a citizen but are willing to take away all rights of your users?
I fear that the problem at heart is that a lot of people here have a superiority complex. When we talk about operating systems, you are essentially the government (most of you sysadmins out there are literally gods, can do whatever you want with your users's rights). But when you get out in the real world you are under the U.S. government and all of a sudden you are no longer in control.
Frankly, this dichotomy is kind of hypocritical. If we put these two topics on the same table however, I feel that the solution is true for both. Better Education!
"It's clear people cannot resist clicking "yes" to anything they're presented with via IM - with this in mind, what on Earth can we do so stop the spread of garbage like the above?"
Create a virus that removes the "yes" button on all dialogs after it's intalled?
How about this...
Label the archive "Kiddie Porn" and have it install a program that sends your personal information to the FBI. I can hear it already "Well if you weren't looking for kiddie porn why did you download that archive?"
It's actually relatively simple. Unfortunately there are a million irrelevant arguments clouding the discussion, such that it's easy to lose the forest for the trees. But here's the bottom line:
Don't "disable" them. Don't try to "guard" them with bigger or redder or scarier "Are you sure?" prompts. Just don't have a mechanism for taking untrustworthy content and executing it as a program, at all.This is the fundamental issue. A lot of those irrelevant arguments try to dance around or ignore or make apologies for this issue, but it's the biggie. As long as there are executable attachments, security will continue to be a nightmare. If we would just get rid of them -- in IE, in IM, in all the silly other places they've been implemented -- we'd have infinitely better security all around.
I realize there are some nifty-keen things that can be done with executable attachments, and that some people have become dependent on them for various reasons. I'm sorry, but those people need to lose this argument. Losing the ability to easily run untrustworthy content is the price we really do have to pay for any kind of reasonable security.
What we need is a worm that does just the following:
1) Identifies the most-used accounts on a system;
2) Picks out those which are in the Power Users and Administrators groups;
3) Moves them to the regular User group;
4) Forces a logout/login sequence.
If the currently logged in account is 'Administrator', make *that* a regular user (since the user obviously uses it for day-to-day things) and make a new Admin, called 'DangerousNeverUse'.
No more worms will get into the system due to users running as Admin by default. If the user intentionally logs into 'DangerousNeverUse' for more than 30 minutes straight, disable that account and chide them for intentionally using it for non-Admin tasks.
As a good side effect, all badly written programs that assume Admin privileges will stop working, forcing lazy vendors to do things right.
Why? Because it becomes just another hoop to jump through. They don't consider the implications behind their action. The computer wants something, they give it what it wants to it'll shut up and let them get back to doing what they want to do.
Admin passwords are useful for knowledgable users because if you do something that shouldn't require admiin, but asks for it you can step back and think why it's asking, and approve or deny it based on more information. However clueless users won't do that, they won't know what should and shouldn't need it, so they'll just blanketly issue the admin password.
I've already witnessed this on other platforms (MacOS) that ask for admin. I was chatting with a guy while he was tinkering with his Mac, it popped up and asked for admin and he said "Huh, that shouldn't need admin"... as he was typing in his admin password (3 letters long). He even recognised that this might be a situation where it wasn't needed (it was actually, nothing harmful) but just gave it the password anyhow.
So while I think the privledge escalation is Vista is a nice try, and certianly something I'll use personally, I think it will ultimately make no difference for normal users. They'll just make it go away whenever it pops up, and they'll do that by giving it the password it wants.
But it is handy for those who do know what admin is about, because it is effectively a lockdown by default. Software vendors will notice this in testing because, unlike XP, it will be difficult to write software with lazy approaches without noticing.
Anything which forces more things to be user-oriented (Settings, save files etc) by default is good in my book. Still, I agree we'll have to see what happens.
How many people can read hex if only you and dead people can read hex?
Once you allow local code execution, even in an OS-level sandbox, you've halfway lost the battle. Now the attacker has the ability to make arbitrary system calls, access any resources that the sandboxed application would need, and has in general a MUCH stronger place to work from. Not only that, but an exploit in the sandbox will be much harder to fix since any application that was legitimately using whatever feature the exploiter used will need to be upgraded.
So as an additional line of defence a sandbox is useful, but it doesn't change the absolute requirement that you only use "safe applications" to view untrusted content. And it's a lot easier to fix a "safe application" than either fixing a sandbox or fixing a hole in a general purpose application, since people are more willing to accept limitations required by security in a "viewer".
Then it won't matter if the program is "safe" or not, because even if the program gets compromised, the malware can never leave the process's sandbox.
Unfortunately, it does matter, because the security of a sandbox is compromised by every legitimate access requirement that an application might have. That's why Microsoft refused to sandbox ActiveX... they saw the restrictions a sandbox would impose on an application as too great a cost.
Just don't do anything for these users. Maybe release a patch to fix the damage caused by the worm but otherwise it's the user's fault.
Seriously, the only reason we keep hearing about these phishing scams, spam email that looks like it's from a bank, IM worms, etc. is because morons fall for them and think they're real.
It's kind of like that one joke I've heard "Now, I'm not saying there should be capital punishment for stupidity, but why not just take the safety labels off of everything and let the problem fix itself."
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Will natural selection not be sufficient to elimate all so called 'suckers'?
The computers who are inflicted by so many viruses and spyware will eventually just collapse as they start to eat up all system resources and potentially conflict with one another.
On a serious note, I think Windows Vista should really assist people not quite so bothered about security, along with the new Windows Defender, which I was personally quite impressed with, especially on the user-friendly side.
Create a new 'virus' that instead of just making the wintendo machine annoying to try to use and being difficult to remove, that instead overwrites all user data, all system data, erases all device firmware, and then replaces the system BIOS with a copy of itself - Turn the machine into a useless pile of rubble. Its the only way that morons will learn.
Of course, the people writing these things arent trying to destroy the machine (usually) they are trying to hijack it for their own purposes (which vary, but usually involve spam/scam)
I use a read-only VMware Virtual Machine running on VM Player for all browsing and IM activities. It doesn't get more secure than that.
A new IM worm discovered recently takes the novel step of installing its own web browser onto the victims PC... It's clear people cannot resist clicking "yes" to anything they're presented with via IM - with this in mind, what on Earth can we do so stop the spread of garbage like the above?
If you get infected, your IM might ask you if you want to get rid of a dangerous IM worm, just click yes and you'll be ok.
You also get very cheap C1ALi5, dunno what is it, but it seems like a great deal, so I ordered a bunch.
Um... damn, I can't think of any terms that would enable to software to automatically have the user sent to jail.
//Information does not want to be free; it wants to breed.
I already see two things wrong with that article...
Yahoo Messenger worm turns on IE
Hawt!
users can easily mistake it for the legitimate Internet Explorer.
Legitimate...?
The people who download the latest MSN messanger are the people who get the most malware on their PC.
Coincidence or just attitude?
-----
Flagrant copyright violation of products advertised through software illegally placed on someones computer without their knowledge IS ETHICAL.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
How about web pages that assume everyone is on broadband with at least a 21 inch monitor at very high resolution? That's a pet peeve of mine as well, considering roughly half the nation CAN'T GET broadband in any manner, from any company.
A browser which makes your computer less secure with its default settings? Mmm... Internet Explorer!
"I see undead people" Warcraft III - Necromancer
"Would you like to connect directly to this user? To make sure you actually read the question, press `No` if you mean `yes` or press `yes` if you mean `no`"
Or something like what WinZip does with shareware: don't make a default keyboard-accessible button (except escape) and move around the buttons
1st time:
ith time:
nth time:
Did you know that "FTW" ("for the win") is a direct translation of "Sieg Heil"?
The only solution to worms and viruses is to require a minimum IQ inorder to be able to use the internet. If we can get the stupid people that actually open spam and fall for phishing scemes they will no longer work and the rest of the world will no longer be made to suffer.
I say ban the stupid people!
On windows 2000/XP, you can whitelist/blacklist the execution of programs using group policy.p pro/maintain/rstrplcy.mspx for details.
See http://www.microsoft.com/technet/prodtechnol/winx
"New IM Worm Installs Own Web Browser"
I think this a bit of a below the belt move by the Spread Firefox campaign... ;)
THE HONOUR OF THE KNIGHTS - CC Licensed Sci-Fi Novel
"A common mistake that people made when trying to design something completely foolproof was to underestimate the ingenuity of complete fools" - Mostly Harmless
Facts do not cease to exist because they are ignored. - Aldous Huxley
How about someone makes a virus that infects a computer through one of these scams, then takes over the host computer, installs a stable version of Firefox and disallows access to IE, installs AVG, SB:SaD, Ad-Aware, and Kerio Personal Firewall, and makes the whole computer really secure, then waits. After a while, if the virus isn't detected and destroyed then it installs more anti-virus software until it is.
I just fixed the internet, mofos.
The author of this thread and anyone who takes his melodramatic question seriously is a bleating idiot.
Yes, he's an idiot, and yes, everyone knows the answer to this question already.
And yes, this idiot is running Window - so what the F is he doing here?
Time to call the gene pool cleaner again. It's an emergency!
...its a better browser than Internet Explorer
Only the strong survive - I don't mean to troll but if people are too stupid to NOT accept obvious viruses and spyware than so be it. Hopefully they'll either learn from their mistakes or just stop using their computer all together.
On the other hand I guess this brings in more business for PC technicians.
I say we need a worm that will go around to all the Vista machines when they get upgraded (or bought) and reset all the admin passwords to something the user will never guess. That should help solve the problem of the user blindly entering it even when prompted by something they didn't initiate.
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
We should make the yes button act like the press button in the clever example given in the following link: http://www.pagetutor.com/idiot/idiot.html
Believe me, I'm not saying it won't be handy and it's certianly something I'm looking forward to. In my case I'm hoping beyond hope that some engineering apps will clean up their act. Right now they almost all want admin rights. They don't need it, I figure out how to work around it, but it's stupid. Hopefully this will lead them to clean up, but I doubt it. Based off of what I've seen of the UNIX side of them, I think their coding just sucks.
All I'm saying is it's not this magic protection against malware. Many people seem to think it's some kind of guardian shield that keeps Macs and Linux safe and if only Windows had it things would be so much better. In reality it's not. Like anything else it's good in the hands of a skilled admin, no change in the hands of a clueless user.
Why not just _let_ the users do what they want? It's their computer. They paid their money for it, and along with that made their choice of OS. If they did so ignorantly, that's still their responsiblity. I say let people click on IM's etc. and get viruses. The only malware I am worried about is the type that "cracks" into a system without the user having to run it.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
step one: problem(s) is disovered.
step two: smarter software and/or patch(es) developed to combat the security problem(s)
step three: dumber users are developed to keep problems moving right along with newer/smarter (and in some cases, the same old) exploits.
Sarcasm aside, we can work to make internet useage/traffic/sales/financial exchange etc. as safe as we possible can (and educate more people to the same), but there will always be a more than adequate supply of certain people to make most changes in secrity/safety shortlived or only truly applicable to those who care and are willing to learn. Those certain people share one or more of the following characteristics:
1) gullible (esp the "I read it on the internet so it must be true" types or "I read it in an email from my bank or one of my friends so it must be true" types). These users will open/forward/install things often times without blinking an eye.
2) ignorant: they could know but dont bother to learn for whatever reason, that a problem exists until it is too late and/or or don't think it is serious. Like number 1, these users are much more prone than more capable users to click on the "click here" "yes" or "install" link/button.
3) out-of-touch: closely related to number two, this mostly applied to older people who "dont get" computers and/or internet safety and may never "get it" because they dont want to and/or are afraid to learn.
4) PEBKAC types, or just plain stupid users, differentiated from number 2 in that they cant really learn because computers and/or internet safety just aren't their strong points, even if they wanted to learn. PEBKAC is, of course, in the eye of the beholder (or tech support), but most people can think of someone who fits this category.
I'm not saying better internet security and software systems aren't worth pursuing, but it would be unrealistic to hope we can make IM software, email, on-line banking or whatever, safe for everyone. Safer for more users more often yes, but not for all.
uR iGn0ranc3, Their Power
You know, by saying "It's the user's fault" you're following the exact same mentality that any Women's Studies major would call Rape Culture.
/.-ers blaming people for being hit with malware, viruses and spam.
Think about it: Isn't the person who WRITES the software at fault? I mean...really. Why do we blame the victims? I thought we'd moved away from such an 18th centure viewpoint of crime; yet here we are, with
You won't make the average user any smarter. In fact, the only way that Windows/Apple can increase their user base is by attracting NEW customers. Every advanced user that switches to *nix gets replaced by someone very very inexperienced with computers, so that MS and Apple can maintain their volumes.
People who write malware make money at it, bottom line. If it stops being profitable, or becomes incredibly risky to try, the numbers will fall. The problem is that the world's laws are a decade behind the technology, and companies regularly get away with this. Instead of lamenting how users "should know better" why not look at the actual cause of the problem. Someone can make money off of stupid people. These are just modern-day snake oil salesmen. Make violating someones computer the same crime as their house. 10,000 computers infected? That's 10,000 counts of trespassing, burglary, or something similar. Why not? The desire is the same, the goals are the same.
...industry officials note, browser still more secure than Internet Explorer.
Laugh at them, they are morons that deserve what they get. If you get a chance, take their money to clean up their pc. While you are in there install firefox, a good antivirus and set up a firewall for them Then tell them how they got infected with spy/bug/mall ware and how to avoid it in the future. In about a year take their money again to clean up their mess and laugh at them again.
If someone bought a car and didn't put oil in it you would consider them a fool. If someone bought a gun and didn't take a firearms safty class you would consider it Darwin at work. This is the same except there is a much smaller chance that they will hurt anyone other then themselves.
"Or is is IM safety a lost cause?"
;-)
Until the day that spyware starts inflicting physical pain on stupid users, people will always click links that promise them.....well, anything really.
So, high voltage electrodes to be made compulsory on the mice of all budget computers? Who's in?
Yes the new IM worm and a new "Word Exploit" of all things exploite exists.
M SFT:US.
Yet, on 4/28/2006, somebody unloaded upto 591 Million share of MSFT,
which was caught by both "short" and "long" programs and thus
sent the DOW, NASDQ et al. into a "correction." This "correction" is
not a market correction as usual, but, I posit, "someone bailed out!"
See for yourself at , http://quote.bloomberg.com/apps/cbuilder?ticker1=
Toodles!
Ive been saying for years computers and internet should be like driving a car. people should be required to take a test and get a license before being allowed to own and operate one online.
"The Safety Browser"
Everybody look at your hands!
Windows users everywhere were suddenly silenced when they realized the worm's web browser still offered better security and features than IE.
I'm not a Libratarian
A "Libratarian"? What's that? Is it a cross between a librarian and a Libertarian? Maybe someone who eats nothing but books?
This is the same except there is a much smaller chance that they will hurt anyone other then themselves.
Not true unfortunately, these infected PCs will be the first to be loaded up with smtp spam-sending engines, botnet ping-flood wares, and other garbage that all pollutes the net as a whole for everyone.
Its in the interests of every net user that these systems either be kept clean, or be destroyed ( aka formatted, fdisked, or disabled in some way, as a last resort ) so that they dont screw things up.
Well, offhand I'd say you included the answer with your question. Since a large part of "egoboo" is having your software be used and liked by as many people as possible.
While on the other hand, if catering to a hypothetical extra N% of satisfied customers requires increasing the development cost by more (or even slightly less) than the expected extra profits from those customers, the proper commercial decision is not to do it.
System security is not a black art although many folks seem to think it is. Instead it includes many different elements that You as the system administrator need to implement and yes although a local user can download malware unknowingly, it's really the admins responsibility to ensure that malware can't run.
/root to a meager 32 megs and break out every other sub-directory that doesn't need to be in root. /boot /var /tmp /usr /opt /home are all seperate partitions, thus allowing me to set the appropriate permissions on each of the. both /home /tmp get not only the noexec but nodev options included. This alone prevents many of the exploits simply because the malware can't run or create the device file it may need to connect. Simple & effective.
What you need to do to start with is properly configure the drive partitions. In Gentoo at least, I've managed to reduce
This means that
Because the biggest security hold is at the keyboard. In the same way a user would run your program off the internet without really knowing what it is, they'll run the next one too, even if you install a different browser.
About the only thing you could do for them is reconfigure their machine so they don't run as administrator all the time. But honestly, they'd likely get angry about that when their machine tells them they don't have permissions to do something they try (like install more BS from the internet).
http://lkml.org/lkml/2005/8/20/95
For most people, particularly most of those unable to discern what is safe and sensible, have a computer with no way to persistently store executable/scriptable content.
Most people use very few apps, and change or upgrade their apps very rarely. Back in the olden days, software came on cartridges, or even CDs. Now USB dongles are cheap and portable, as are USB hubs. So, distribute software on hard media, and don't run it from anywhere else.
It's not for everyone, but it's viable, and would save a lot of confusion and risk.
-- All your bass are below two Hz
I've had a couple of occasions where the most rapid method to get a security application [antivirus / antispyware] to a geographically distant user has been file transfer over IM. The alternative is e-mailing multiple 1-2MB chunks and trying to guide the user through rebuilding the archive.
I'm only happy for the blocking of file transfer and executable code as has been discussed elsewhere in the post if the ability to transfer apps/patches between trusted pairs of users is still possible. However I'm not certain that this pair of objectives can be reconciled.
F_T
Software vendors will notice this in testing because, unlike XP, it will be difficult to write software with lazy approaches without noticing.
I doubt it.
Even today, though it's rather less noticeable as an issue what with the increasing popularity of MSI packaged applications and various deployment tools built into Windows servers - even today, there STILL exists software which is intended from the off to be used by a number of people in a business environment with several PCs, yet has installation instructions which read "Go to every PC you need to install this on, insert the CD, click on Start, Run, D:\SETUP (where D: is the letter assigned to your CDROM drive)".
Only a few weeks ago I contacted a company supplying such software and said "I've got PC's in three different timezones spread across the globe, and I don't have someone I can trust in every office to physically visit each PC and install your software. How would you suggest I install it?".
Unfortunately, "don't use that software" isn't an option - the business has already decided to use the software and my job is to make sure the business gets what it needs. If that means dealing with the occasional bit of badly-thought out software, that's my problem. As it is, it's almost always possible to work around such problems - but if you're expecting them to disappear I think you're very optimistic.
The PC has been sold to a market that computers traditionally were not sold to. It is out of academia and industry, and has become a piece of brown goods. This has brought an amazing revolution in the way people communicate, but it is not without its downside.
The fact is, there are people who have gone out and paid for a PC for no good reason other than they "need the internet" (sic) and they have been convinced by the Dell ads. These people aren't tech users, they certainly aren't manual readers. They _aren't_interested_ in the computer per se, but just want to use the 'net. If their taskbar clock could continually flash 88:88 it would.
It might be possible to blame techs for having an attitude problem, but one of the reasons for this is that the tech community is asked the same questions, time and time again, by people who can't be bothered to exercise their minds and think that it is the job of all techs to continually spoon-feed them with answers to FAQs.
That someone gets a malware infection once can be placed down to bad luck, carelessness, circumstance. However the user that _fails_to_learn_ from that infection is a fool, plain and simple. It is not "the computer" that decided to run the software, it was the user that requested that the malware was run. For the users (and I know a few) that get infections every couple of months, there is nothing that can be done except for taking a sledgehammer to their e-machine and performing the ultimate DOS attack.
F_T
Well there can be two ways to implement this. Put a rigid control on this by for instance the OS owner, MS in this case, and voila, you just gave Bill Gates a hardon.
Cause now you won't be able to run anything not approved off by MS. Yipee!
On the other handle it like you get certificates for the web in a free open manner and the only barrier to getting malware signed is a few bucks. The cost is trivial especially if you consider most malware is commercial in nature.
So other your PC comes under total control OR all you do is add a small cost burden to everyone developing software. Unimportant for big companies and criminals BUT not for non-commercial developers. Even worse then first you now handed control over to anyone with money.
And all this to achieve what? That the user can't install software that he wants to install. Cause that is the simple problem. The user wants to install this piece of crap. It could already be easily achieved with current tech. It ain't that hard to even lockdown a windows box and stop the user from installing software.
But the, windows, user wants to be able to install all those nifty toys he sees on the net. 99% of the time it goes fine, there really are free screensavers and free smileys out there. Some people even reported that there are some really free pictures of naked women on the net that are not spyware in disguise but I think that might be just a myth.
So TCP could work but at the cost of loosing the control over what you install OR if it can be avoided you have the exact same system as now.
This isn't a problem of the OS, anything that requires user interaction to activate is a problem located firmly between the keyboard and the chair.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
"do you really beleive such a browser was actually possible?"
.
.. .. .. ..
. .. :)
It's not a matter of belief its a reality.
Run the browser as standard user with write
access to the home and tmp dirs.
Set the home and tmp dir to no execute.
That's it . . .
it's not that simple
software not available
smaller userbase
ease of use
add . . .
Thats not possible
davecb5620@gmail.com
Yes, we Libras *have* formed our own political party! We stand for fairness and equality for all, and our agenda is to promote businesses which provide fast food and universal remote controls to everyone. Also we like Tivo and those new washing machines that both wash and dry your clothes.
It is not IM's fault or M$'s fault.
It is the hacker bastards that need some serious jail time. I want to live in a world where my doors are not locked. If someone trespasses I get to shoot them. Why should I be patching and fretting and locking and acting like a scared bunny? Do you blame the post office or cardboard companies for the UNABOMBER? Your failure to blame the bad guys helps them. I don't like kids testing all the doors and walking into open ones. Their parents need to teach them better.
can you gurantee 100% that by using this method your system gets 100% in-attackable through your browser? you need a 100% secure operating system for this... wanna do a hoare-calculus proof on a kernel-source? might take some years...
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Can you gurantee 100%
Nothing is 100% but I can guarantee that if you use Windows you are guaranteed to catch a virus merely by clicking on a web link or opening an email attachment. With Linux or Mac OS X you have to perform a number of steps to 'catch` a virus.
davecb5620@gmail.com
So I heard you got the gay flu from a queer nigger dog?
Any comment?
If you haven't foed me yet, what are you waiting for?
thats my point - nothing's 100% safe... so talking about a "browser that cannot be hijacked" is useless, because every browser could be hijacked somehow...
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes