Slashdot Mirror


User: Billly+Gates

Billly+Gates's activity in the archive.

Stories
0
Comments
13,460
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,460

  1. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 1

    Chrome clicks on the links automatically and loads them before you select them. That is how it appears so fast. You can be exploited automatically and the last version of Chrome fixed 30 vulnerabilities. It is far from perfect.

    OpenDSN blocks bad domains which is a huge source of XSS based attacks really well. I experimented with it on Norton's safe web of bad websites. Only 3 out of 10 got through with OpenDNS. OpenDNS only loads to their search engine if I mistype something horribly. Google works fine. I can do an image search without getting infected whether I click on links are not with OpenDNS. When OBL was killed you could get rooted by simply doing an image search without even clicking on the links. Yes, it was that bad and if you did this last spring you probably got infected.

    FF does not offer full sandboxing capabilities and even IE is better these days. XP has double the vulnerabilities of Windows Vista or Windows 7 and many corporations who have upgraded reported a drop in infections.

    Your machine is more than likely infected if you have flash, java, and simply browse the web. I can almost gurantee it and how would you know if it is clean or not? You need anti virus software in this day and age as they have between an 80% ro 90% success rate on new malware. It gets higher as definition files get updated. Rootkits and tcp/up stacks are quite common as Windows 7 is more secure and these are easier attack vectors in this day and age. Also it means less detection

  2. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 1

    Ok and the malware gets backed up and restored too right?

    How does the tech know his lan is not infected spreading the malware to other machines including your own? If he does discover its infected then how long was it infected? etc

  3. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 1

    I like to think of it as driving where everyone tries to dash at your car to break in at EVERY stop light.

    It is crazy and like the wild west. Secure doors are nice but people dashing to pop the hood while you stop to find ways inside your car.

  4. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 1

    A trojaned computer will use ports like 80 or the Windows Update ports to avoid detection or use a rootkit so wireshark can hide itself.

    Never trust netstat -an

  5. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 3, Insightful

    No you need a real anti virus package like Avast! or MSE if you refuse to have full shield protections.

    All it takes is 1 ad with a zero day exploit in flash or javascript to get on your system. It has happened to me twice this year. No I do not click on random shit and everything is up to date. The javascript hack used an IP address therebye bypassing XSS cross domain and openDNS security. Very sneaky.

    After your infected your done. I reformat my system as I do banking and student loans on it and can't risk infection. There is no excuse not to run anti virus software in 2012. It is not 2002 where all you need is a hardware firewall and not use IE 6 to magically be 100% secure anymore. Hackers have moved on and target flash, java, and ajax ads to bypass Windows and target all 3 browsers.

  6. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 1

    Why is that funny?

    Yes, a PC shop does have to be an expert. Maybe not a PHD CS researcher student, but like a mechanic shop (car analogy) a responsible tech comes in contact with malware regularly and needs to keep up.

    If I had a tech who did not use anti virus software on his/her own system I would refuse to do business. Of course I can diagnose it myself but still.

  7. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 1

    I suppose NOD32 is better than nothing. My college used it too with Cisco Clean Agent.

    However it slowed my laptop down greatly and wouldn't let me run World of Warcraft. I found the program annoying but maybe later versions have improved.

  8. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 0

    No it is not the best. It does not offer full shielding or prevention.

    I got infected and MSE only removed the virus after it came onto the system. MSE does not offer file or network shield protections so Windows will get damaged before it is removed and it is more of a scanner than a full protection suite. I have switched to avast! for these reasons and find it better with performance.

  9. Re:Who still pays for antivirus? on Symantec Sued For Running Fake "Scareware" Scans · · Score: 1

    Personally I don't run any antivirus as I don't download random executables from the internet nor surf to random porn sites or download from torrent sites. Windows is also secure now a days, and I haven't had a single malware in like 10 years."

    Jaw drops ... DCTech, if I knew you personally I would guarantee you money your PC that your typing this on is trojaned! Seriously as a Tech I am sure you have seen plenty of malware.

    Nothing is secure EVER. No Windows is not how you get nailed in 2012. It is through Flash, PDF, javascript, and java. That way you can target all 3 browsers and users are too dumb to keep these updated.

    Everyone needs anti-virus software in 2012. Maybe 10 years ago if you had a hardware firewall and didn't use IE 6 then you were secure. Malware spreads via flash ads and bad javascript. Not through Windows out of date or through free_titties_mpg.exe anymore. I just cleaned a laptop last week from a woman who
    a. does not download porn
    b. Very computer literate and does not click on everything
    c. Uses Windows update and had the latest anti virus software from Avast!
    d. Only uses latest patched FF.

    She got infected by going to www.livejournal.com to create an account and a javascript ad infected her system. Avast! couldn't even clean it and I had to use Malware bytes in safe mode. To her surprise 2 more malware pieces were detected and removed. Turns out her version of Flash was not up to the latest and the javascript malware used an IP address rather than a domain name in which FF XSS would have caught and prevented.

    I reimaged my computer recently because I got infected too. I use OpenDNS, only IE 9 and Chrome, had MSE at the time (wont make that mistake again), and did everything right and had Java and PDF disabled. It came through a 0-day exploit. Unless you have java disabled, openDNS or Comodo Dragon's secure DNS, latest flash set to update, and Foxit instead of adobe PDF, predict network settings in Chrome off (Chrome will automatically execute each ad or link with it on!!), you will get infected. In fact FF is not even fully sandboxed believe it or not.

    May God help you if you still use XP too. Because it does not offer exception handling bounds checking, ASLR, full DEP, and other things the sandboxing is crippled on XP in any major browser which is why IE 9 is not available on XP. ... end rant

    Avast! is free for non business use by the way and it does not slow your system down like Norton 360 does. It is a necessary evil to run one and I had 0 performance problems. Run it in safe mode DCTech and I will bet you money it will find several trojans on your PC unless you just browse slashdot, have no flash or do anything but check email with it.

  10. Re:Entitlement on Mozilla Announces Long Term Support Version of Firefox · · Score: 1

    Yes actually

    Many are not happy about choosing a non compliant browser and being fucked over and want their new intranet apps to support open standards so they can never be locked into a single browser again.

    People like ME who do not want bugs, crashes, addons breaking, and security risks. FF is the shitiest browswer today while IE 9 and Chrome are the best. Yes even IE is decent and less buggy than FF and that is sad.

    Many businesses who the CFO and accountants demand to keep IE 6 in 2012 need another browser for the rest of the world outside their intranet app and FF was making some serious enterprise headroom before March 2011 when all hell broke lose with FF 4.0. It is not like you can have multiple versions of IE without expensive VM software or citrix terminal emulation. But that is very stupid just ro turn a fucking browser. I mean come on!

  11. Re:Enterprises? on Mozilla Announces Long Term Support Version of Firefox · · Score: 1

    Actually I know many who run FF 3.6. School districts and corporations who have intranet apps stuck in IE 6 let employees use FF for general internet. FF was great before 4

  12. Re:Enterprises? on Mozilla Announces Long Term Support Version of Firefox · · Score: 1

    Yep I prefer IE 9 over FF for security and stability reasons.

    It is a complete opposite of the 2000s in regards to IE vs Firefox. Chrome I tried but the minimalist and lack of an arrow to pick frequently used sites in the addressbar (have to type EVERY TIME) drive me insane!

  13. Re:Did they fire Asa? on Mozilla Announces Long Term Support Version of Firefox · · Score: 1

    Actually IE is now at an anual update cycle as well. This is a good thing as it is at least standards compliant now. An IE 9 app should run through future releases fine unlike the horrors between IE 6 to 7 to 8 that caused many enterprises to issue 5 - 10 year browser standard rules.

    Like you said things are innovating so fast that none of them can even be implemented until 2015 on desktops leaving the new web on your phone only. IE 7/8 is holding everyone hostage and FF 3.6 too. Things need to move faster but not break in the process.

  14. Re:Not long enough on Mozilla Announces Long Term Support Version of Firefox · · Score: 1

    Year is fine.

    Most intranet apps are IE 6 or IE 7 based and have to be rewritten for any other browser including IT itself!

    If it is used for standards compliant web browsing and intranet apps the only thing management has to do is certify it and it will just work unless there is something really funky in the code of the odd intranet app. A 12 week window to do so between releases is fine. If it is still having issues then use IE (which everyone supports) and upgrading FF for internet needs.

    You and management is still in IE 6 fear mode from the dark days last decade. That is coming to an end.

  15. Re:Good on Mozilla Announces Long Term Support Version of Firefox · · Score: 1

    My hunch is if it runs in FF 3.6 then it is standards compliant and should run fine in newer versions unless it uses HTML 5 which is still in draft where implementations might change between versions. It is not like it is an IE 6 app where it needs to be rewritten for IE 7 and each subsequent version of IE.

    I know you are a professional developer as I read your comments and I am an amature just learning the horrors of learning IE 6 for a project I am working on, but I assume certifying for a newer release of FF is more akin to upgrading Office. Not as big as a deal as a whole platform upgrade like Windows or IE is. Maybe it not that simp,le?

    Many corporations did use FF for internet access and IE for intranet access. Many now just force everyone to use ancient versions of IE and bring their phones and computer from home to do internet stuff work related as IE 6 is useless on the WWW. I had a client where it was that bad as they refuse to upgrade beyond XP SP 2 which means IE 6 and no security updates.

    IE 8 is ok but its age is certainly showing. I am rebuilding my image on a home PC and before downloading other browsers I popped out IE 8 under win7 and went to maps.google.com and sattelite view was INCREDIBLY slow! I downloaded FF 3.6 and google maps too was TERRIBLE with the old javascript interpreter. I got spoiled from JIT ajax in IE 9, firefox, and Chrome. As clouds take over older browsers will be painfully and obsolete. IE 10 will be coming out in a few months and IE 11 next year. IE 6,7 should not be used and I certainly do not want to use IE 8/FF 3.6 by 2013.

    Once a year is not bad if things do not break or have to be rewritten. Lets hope by 2017 in 5 years that this will be a reality as the code is standards compliant and not hack specific per one version compliant.

  16. Re:Good on Mozilla Announces Long Term Support Version of Firefox · · Score: 1

    Oh please.

    If your organization takes 2 -3 month just to *think* on whether to upgrade then you have problems. IE thr darling of enterprise users has an anual release cycle now. Its the new norm and with browsers following standards it shouldnt be that much of a problem like it was leaving IE 6 when apps had to be rewritten. Think of it as a security update and not a different release of IE with a different set of bugs?

    I suppose it doesnt matter as enterprises have all downgraded to IE anyway. Those MCSEs look liked geniuses for sticking with IE 7. Grr. No corporation will touch FF for a long time after last year.

  17. Re:Oracle and Java on Oracle's Latest Java Moves Draw Industry Ire · · Score: 1

    And how much do senior level .NET developers with SQL Server experience bring in?

    I did a comparison when I had to take a course in C# or Java in 2006. Java won by a large margin. Today it is narrow and all the JR level positions are for C# developers. This shows me it is a growth market and it will overtake Java soon if not already. Sure Java is a better bet than Cobol for mainframe shops if you want to write a new server app from scratch but it seems very cobolish in that is Java projects are just maintaince or upgrades from older code bases. Not new apps being made.

  18. Re:Oracle and Java on Oracle's Latest Java Moves Draw Industry Ire · · Score: 1

    True but Java has been kind of abandonded for awhile. Hibernate and other projects are outside of Oracle/Sun while .NET is steaming forward. Yes, it is a Windows only thing but most corporations prefer to have only one ecosystem by only a single company and that is Microsoft. It sounds very 1990s, but these companies still use IE 6 and are a decade behind everyone else and even convinced slashdotters that XP is somehow still good in 2012! .NET supports more than one language, has generics (I think Java 6 has them now so correct me if I am wrong as I learned Java 5 while in school), and is now getting things like NHIbernate from Java, and LinQ is awesome too.

    With C# you can simply compile and distribute your program. No need to use a third party java compiler to get it into a .exe so other people can run it via point and click. The Winforms libraries are not bloated and slow like Swing was and have a native feel in Windows.

    If the DOJ had some balls and split MS into 3 different companies .NET would be all over Linux and MacOSX as it is an excellent platform. I give MS credit they make great products and also very shitty ones. .NET is a great product as well as powerpoint and excel. Windows and IE ... well that is another story :-)

  19. Re:Oracle and Java on Oracle's Latest Java Moves Draw Industry Ire · · Score: 2

    Java got a really bad rap due to swing which was very slow and VMs that were not very good for the first 5 to 6 years. I remember counting a full minute a decade ago to launch netbeans (swing based). Once opened I was surprised at the gui's and how quick the applets I wrote were. By then if you mentioned Java on slashdot you would get 12 replies saying it was SOOO SLLLOOOWW and flamewars starting. People never thought about the Java APIs and obsessed about swing applet load times instead to make a value judgement on the language.

    The Fud worked, and new FUD about C# and Mono being just as cross platform compatible and 10x faster could run on Linux and this would be the wave of the future by 2012 etc. Mono failed to delievery but it is too late.

    Only legacy code is written in Java for some overly engineered app on the server. Java is perceived too slow to run desktop software so no programmer will touch it on the desktop and most geeks disable java in their browsers anyway due to security risks.

    The truth is Java had the most advanced API around and you could do anything with it. It was amazing. Only .NET comes close and it took MS almost a decade to catch up.

    Today it does not make sense to start a new project in Java. It is like saying a new project in COBOL. It is legacy

  20. Re:Oracle and Java on Oracle's Latest Java Moves Draw Industry Ire · · Score: 1

    No it is not.

    I had trouble running Java software with it and netbeans was ugly and buggy with it under Ubuntu. Basically the gui libraries are owned by Adobe and there are a few other pieces of code scattered that are copyrighted by other companies.

    Much of the OpenJDK had to use source compatible replacements to refill it and they were not all compatible. I would not trust it to run a mission critical system and I use Oracle's JDK on my win7 desktop as it just works and do not want any surprises running Andriod apps.

  21. Re:Oracle and Java on Oracle's Latest Java Moves Draw Industry Ire · · Score: 1

    IBM has a contract with Oracle from the days of Sun.

    However, IBM no longer makes their JDK or JRE free anymore on non IBM hardware. I wonder if that was intentional because of Oracle's agreement with them? If you are a java shop, IBM is a way to go if you want to leave Oracle. They make nice servers, databases, and I heard websphere is pretty cool.

    I do not know if they are cheaper though. IBM is certainly like the rolls royce of servers.

  22. Re:Oracle and Java on Oracle's Latest Java Moves Draw Industry Ire · · Score: 1

    I hear you and it is so frustrating. Java was so cool a decade ago.

    I really wish MS did not own .NET and C#. It would be an excellent replacement for Java and if Gnome were rewritten in mono.net we could use all the different languages and a common language runtime etc. Of course politically and liability wise it would be a cold day in hell.

    Java is stagnating anyway back when Sun owned it. I use Java on my desktop for Eclipse and the ANdriod SDK. I make sure Java is disabled in my browsers. I highly recommend anyone who supports PCs to always do this as it is a big security risk. Other than that it is dead. Php is just too simple or there is .NET for real internet development ... only on Windows.

    RIP Java. Sigh

    Java jobs are still in high demand but it feels more like a 21st cobol that is unpleasant to program in compared to C#.

  23. Re:Just in time on Comcast DNSSEC Goes Live · · Score: 1

    If I recall DNSSEC is simply encrypted DNS lookups to prevent man in the middle attacks. It is not a COA or anything like that. Militaries from around the world use it and it is not a tracking mechanism no more than regular DNS.

    If OpenDNS had DNSSEC for free I would be estatic as I use OpenDNS on my computers at home to prevent known bad malware domains and recommend all slashdotters to use it.

    The extra security would be good as the government can look up NOA records with standard DNS anyway.

  24. Re:How about going back to flat-rate data? on Comcast DNSSEC Goes Live · · Score: 1

    Is there really a tie in mechanism with DNSSEC?

    Not to sound cynical, but DNS poisoning is a very real problem that I am surprised hackers have not succeeded in doing yet. For the record I hate Comcast and I am in no way defending htem. When I used to play WOW the users who always lagged or were DCed were comcast customers. Reliability is a joke. ... back to the topic DNSSEC is just encrypted DNS lookups to prevent man in the middle attacks and is used in many institutions such as banks and militaries. Hairfeet who is a top poster on /, uses Commodo Dragon as his browser simply because it uses DNSSEC to its own secure DNS servers that filter out malware domains.

    I use OpenDNS as it is simple and easy to use on my computer and filters bad domains. However, it is still vulnerable to man in the middle attacks because it is not encrypted. I would prefer DNSSEC if I could actually do it.

  25. Re:And the existing providers? on London Installing Largest Free Wifi Network · · Score: 1

    I was thinking the same thing and then realized it was the UK.

    If any city in the US did this the carriers would be SCREAMING SOCIALISM!! ... and funding every politican and their brothers to ban and stop this assault on freedom and capitalism at all cost while probably then lobbying congress to add anti free WIFI in SOPA or something stupid.

    Maybe in Europe the governments there actually listen to their citizens and not corporate lobbiests who vote only on the behalf of corporations? I was just watching the Star Wars prequel tonight and the US and Canada are starting to look just like the final days of the old republic before it fell to the empire. Inept government totally rotten to the core gave way to many supporting the empire. ... anyway do not want to go offtopic with that rant but thought of it when reading this article pretty much expecting this to be outrageous and political suicide. That is pretty sad if you ask me.