"Siverlight doesn't work on Macs or Linux, so there's no point porting the exploit there"
I thought it was a Flash vuln and don't you mean it doesn't work on Linux. As the exploit does uses generic browser redirection scripts and SQL-injection.
"Malware hunters have spotted a previously unknown - and unpatched - Adobe Flash vulnerability"
"I hate paying the Microsoft Tax as much as anybody else, but if paying that 'tax' allows companies to reduce my price by bundling with my PC products that I will never use, why wouldn't I just buy a Windows-loaded PC and reformat?"
So as you can then get the refund of US$109.162 by clicking "no" on the Windows licence agreement..:)
It is odd that a Linux box costs more then a Windows box considering what Dell is paying for Linux. And considering with Linux you get a fully functioning Desktop, Office suite, multimedia etc as compared to a time limited reduced functionality Windows desktop.
Does Dell still have to pay the Microsoft tax regardless of how many Windows boxes it sells?
Presumably these people grew up on cathode tube television, the HT circuit of which blasted out X-rays, the dangers of Wi-Fi being minuscule in comparison.
I recall reading somewhere, that they did a test on people who clamed to be susceptible to electric fields and found they still got symptoms even when it was switched off.
"Does the owner of a video game console get to decide who has access, without questionably legal third-party products that crack the console's security?"
What ever, I'm not a lawyer and this is gettign slightly off topic. The original subject was how to protect computers from malware. It's a technical problem that could be solved by technical people. I mean does being legally 'compliant' actually make the machine any safer. Lets make thew machines safer and get all lawyered up later.
If those flash adverts were a little less intrusive and didn't have those anoying animations then I wouldn't feel the need to install noscript.
On another site, they have talking adverts, I forget the name, I ain't ever going back there.
Don't the advertisers realize that pissing people off isn't the way to sell product.
Also, the page freezing on google-analytics.com and doubleclick.net is.. wait... waaaaiit.... wait some more..now why did I click on that link, what was I thinking.. never mind, on to the next site......
"How would one develop for what you call a properly designed OS?"
The other poster specifically mentioned how 'PC users in home environments'. For developers the Installer would have an exempt option where anycode run from a designated 'safe harbor' would be exempt. Currently, the biggest vector for malware is click and run from a URL or email attachment. Obviously a developer would be able to recognize his own code, I mean he wrote it.
People don't go after Linux desktops because they are much harder to break into. What about all those nix servers out there. Linux isn't 'immune' but when properly configured you don't get infected by 'malware' merely by clicking on an URL or opening an email attachment.
"If you want to deploy them on a commercial network.."
What's the point, they DON'T WORK !! Right now in this place, every time I plug in my USB stick I get a 'virus'. I only know this when I get home and see a pile of *.EXE files on it when I boot up my RedHat box..:)
"It exists malware for both Apple and Linux too, but not in the same volume as for Microsoft's OS:es"
What about on servers, there's an aufull lot of nix boxes out there, with lots of jucy creditcard details on them.
"This way of relaxed behavior is kicking back because it also makes it easy to create malware"
Ease of use doesn't necessarly lead to lax security. A locked down Linux box can still provide a full feeture experience. You can click on URLs and open email attachments with 99.999% safety. Chief reason being that 'OPEN' isn't the same as RUN.
On non Unix platforms, you should run all the security bits on an embedded device, that way the 'malware don't compromise security.
"how will PC users in home environments know what to put on a whitelist and what not to put on a whitelist?"
If the OS was designed properly then the Installer would keep a whitelist of known good applications. If the app isn't on the list then it don't run. There would be no other vectors for malware to get on the system.
For online updates it would verify the update using digital signatures and so on. There would be a strict division between updating the core OS and lets say adding a new font to the Browser. So in the event of you clicking on a URL and something.exe attempts to run, the Installer triggers and prevents it, same for email attachments. Remember the Installer only needs to know about good software, therefore it don't go out of date.
For added protection the Installer could run from an embedded device, app signatures encrypted obfuscated etc, making itself immune from compromise. Yes I know about in-memory hacks. But at reboot the Installer would remove anything that wasn't on its WHITELIST.
In other words they've patented running predictive virus detection in a simulated environment. What happens if the 'invention' fails to detect the malware.
Why don't MS use this patented proactive virus detection technology in Windows, that way they wouldn't need anti virus software.
"the parsed API calls are "executed" in the virtual operating environment of the present invention using stub Dynamically Linked Libraries (hereinafter "stub DLLs")"
"The stub DLLs have the same interface as the fully implemented DLLs that they mirror. However, the stub DLLs "execute" API calls only using components of a virtual operating environment"
Does anyone else here think this sounds like a total hack, as in fixing plugging a leak with ducttape sealing wax and string.
"PC Tools does not guarantee that the Software will detect and/or remove all known viruses, spyware, adware, malware, Trojans, keyloggers and trackware, or locate all browser infections and tracking cookies on your computer"
"The same is true for Linux, sadly. Disclaimer: I'm a Linux fanboy"
Well, yea, but it's virtually impossible to infect a locked down Linux, by clicking on a URL or opening an attachment. The worst that can happen is compromise of the users home dir and not the whole box.
An embedded OS with the user running in a virtual machine would be a solution. In theory, once you reboot any malware is flushed from the system.
I've user the restore from hidden partition solution, while it is a pain, it does work and I can click on links and open email without fear. Of course any documents I then forward are contaminated.
Like, right now I have a 'virus' on my USB stick. I don't know how it got there, probably in some Internet cafe, but it does nothing on my Linux box. The USB device is one of those that automatically runs an application in Windows. It creates two drives F: and G: presumably to handle encryption and password protection. Not much good if the drive itself is compromised..:)
"The BBC is in the business to deliver TV programmes to people"
May true once, but lately it's been in the habit of regularly interrupting programs with pretend adverts for programs on its other channels. It's news has also gone the way of Faux News especially since X/XX. No attempt at analysis just various supposedly independent commentators regurgitating the official line.
"International police agency Interpol says Colombian officials did not tamper with computers which they claim provide proof Venezuela financed Farc rebels"
Under Windows, there is no sure way of detecting malware once it's already installed, as it takes steps to hide itself.
The only sure way is a clean install or re-imaging from a hidden partition at boot. Something that would be a pain to set up and probably wouldn't even work with the current incarnation of Windows.
Your bet bet is to get your friend to install these Sysinternals ">utilitys and see if they can detect the keylogger by its activity. Monitoring activity at the firewall is also a good place to detect suspicious activity.
What is it about Windows that your friend absolutly needs to use. Are there alternatives out there.
If you absolutly can't survive without Microsoft applications then why not use a version of Linux that comes with CrossOver, this allows Windows applications to run natively on Linux, without the the same level of malware threat. Eg, by clicking on an URL or opening an email attachment.
Not exactly, remember they were in the search and email business before Google. MS strategy for success is invariably, buy up some vibrant company, like Hotmail, re brand it as Microsoft Whatever, use the Windows desktop monopoly to leverage it. Eg, every software update, installs Outlook, adds Microsoft affiliate web sites to Favorites and makes Microsoft.com your home page.
Design Microsoft services to make using third party services a jolting experience. Eg. Disable links to Youtube.com, filter third party greeting cards in Outlook and so on.
Present the ubiquity of such Microsoft product as evidence of the popularity of same. It must be good, everyone chooses it..:)
Slashdot Mirror
"Siverlight doesn't work on Macs or Linux, so there's no point porting the exploit there"
I thought it was a Flash vuln and don't you mean it doesn't work on Linux. As the exploit does uses generic browser redirection scripts and SQL-injection.
"Malware hunters have spotted a previously unknown - and unpatched - Adobe Flash vulnerability"
"This threat should be considered very serious because of the widespread distribution that Adobe Flash enjoys on the Windows ecosystem"
.. :)
Shouldn't that be monoculture
Congrads Slashdot, you've managed to produce a story that is guaranteed to totally baffle the non-techie sector.
...
KeyWords:
concurrent data structures, hardware threads, java, large array, scalable parallel access, atomic update, words, finite-state machine, lock-free, data structures
"I hate paying the Microsoft Tax as much as anybody else, but if paying that 'tax' allows companies to reduce my price by bundling with my PC products that I will never use, why wouldn't I just buy a Windows-loaded PC and reformat?"
.. :)
So as you can then get the refund of US$109.162 by clicking "no" on the Windows licence agreement
It is odd that a Linux box costs more then a Windows box considering what Dell is paying for Linux. And considering with Linux you get a fully functioning Desktop, Office suite, multimedia etc as compared to a time limited reduced functionality Windows desktop.
Does Dell still have to pay the Microsoft tax regardless of how many Windows boxes it sells?
Presumably these people grew up on cathode tube television, the HT circuit of which blasted out X-rays, the dangers of Wi-Fi being minuscule in comparison.
I recall reading somewhere, that they did a test on people who clamed to be susceptible to electric fields and found they still got symptoms even when it was switched off.
The age of the geek? in your dreams Dilbert ..
http://news.yahoo.com/comics/080520/cx_dilbert_umedia/20082005 http://news.yahoo.com/comics/080521/cx_dilbert_umedia/20082105 http://news.yahoo.com/comics/080522/cx_dilbert_umedia/20082205 http://news.yahoo.com/comics/080523/cx_dilbert_umedia/20082305
Vista sells on all new consumer PCs ..
.. :)
.. :)
Well, it would do, since you can't get PC with XP on it anymore
* troll alert: Yea, I know, he refered to almost %100 and didn't refer to the Dell 'upgrade'
"Does the owner of a video game console get to decide who has access, without questionably legal third-party products that crack the console's security?"
What ever, I'm not a lawyer and this is gettign slightly off topic. The original subject was how to protect computers from malware. It's a technical problem that could be solved by technical people. I mean does being legally 'compliant' actually make the machine any safer. Lets make thew machines safer and get all lawyered up later.
"The first thing we do,is "kill all the lawyers."
"And then you get into platform vendors charging for access to the safe harbor"
I'm sorry but the safe harbor I refered to resides on the PC and the owner gets to decide who has access.
If those flash adverts were a little less intrusive and didn't have those anoying animations then I wouldn't feel the need to install noscript.
.. wait ... waaaaiit .... wait some more ..now why did I click on that link, what was I thinking .. never mind, on to the next site ......
On another site, they have talking adverts, I forget the name, I ain't ever going back there.
Don't the advertisers realize that pissing people off isn't the way to sell product.
Also, the page freezing on google-analytics.com and doubleclick.net is
"How would one develop for what you call a properly designed OS?"
The other poster specifically mentioned how 'PC users in home environments'. For developers the Installer would have an exempt option where anycode run from a designated 'safe harbor' would be exempt. Currently, the biggest vector for malware is click and run from a URL or email attachment. Obviously a developer would be able to recognize his own code, I mean he wrote it.
People don't go after Linux desktops because they are much harder to break into. What about all those nix servers out there. Linux isn't 'immune' but when properly configured you don't get infected by 'malware' merely by clicking on an URL or opening an email attachment.
.. :)
Bank: N.H. Hannaford Customers' Cards Compromised
International Hackers Indicted for Sniffing Credit Cards from Dave & Buster's"
Windows sure has the most market share in getting your CreditCard stolen
"If you want to deploy them on a commercial network .."
.. :)
What's the point, they DON'T WORK !! Right now in this place, every time I plug in my USB stick I get a 'virus'. I only know this when I get home and see a pile of *.EXE files on it when I boot up my RedHat box
"It exists malware for both Apple and Linux too, but not in the same volume as for Microsoft's OS:es"
What about on servers, there's an aufull lot of nix boxes out there, with lots of jucy creditcard details on them.
"This way of relaxed behavior is kicking back because it also makes it easy to create malware"
Ease of use doesn't necessarly lead to lax security. A locked down Linux box can still provide a full feeture experience. You can click on URLs and open email attachments with 99.999% safety. Chief reason being that 'OPEN' isn't the same as RUN.
On non Unix platforms, you should run all the security bits on an embedded device, that way the 'malware don't compromise security.
"how will PC users in home environments know what to put on a whitelist and what not to put on a whitelist?"
If the OS was designed properly then the Installer would keep a whitelist of known good applications. If the app isn't on the list then it don't run. There would be no other vectors for malware to get on the system.
For online updates it would verify the update using digital signatures and so on. There would be a strict division between updating the core OS and lets say adding a new font to the Browser. So in the event of you clicking on a URL and something.exe attempts to run, the Installer triggers and prevents it, same for email attachments. Remember the Installer only needs to know about good software, therefore it don't go out of date.
For added protection the Installer could run from an embedded device, app signatures encrypted obfuscated etc, making itself immune from compromise. Yes I know about in-memory hacks. But at reboot the Installer would remove anything that wasn't on its WHITELIST.
In other words, please pay us royaltys to fix our own leaky Operating System .. :)
In other words they've patented running predictive virus detection in a simulated environment. What happens if the 'invention' fails to detect the malware.
Why don't MS use this patented proactive virus detection technology in Windows, that way they wouldn't need anti virus software.
"the parsed API calls are "executed" in the virtual operating environment of the present invention using stub Dynamically Linked Libraries (hereinafter "stub DLLs")"
"The stub DLLs have the same interface as the fully implemented DLLs that they mirror. However, the stub DLLs "execute" API calls only using components of a virtual operating environment"
Does anyone else here think this sounds like a total hack, as in fixing plugging a leak with ducttape sealing wax and string.
Colonel Korn said that Threatfire considers cookies as malware. I asked for a citation. I don't have to prove his point in the negative .. :)
.. cookies .. to be .. malware", Colonel Korn
"Threatfire considers
Where does it say it counts cookies as malware?
"PC Tools does not guarantee that the Software will detect and/or remove all known viruses, spyware, adware, malware, Trojans, keyloggers and trackware, or locate all browser infections and tracking cookies on your computer"
"Vista suffered 121,380 instances of malware"
I thought Vista with UAC didn't get malware. Didn't Allchin say Vista didn't need any anti-virus software.
"The same is true for Linux, sadly. Disclaimer: I'm a Linux fanboy"
.. :)
Well, yea, but it's virtually impossible to infect a locked down Linux, by clicking on a URL or opening an attachment. The worst that can happen is compromise of the users home dir and not the whole box.
An embedded OS with the user running in a virtual machine would be a solution. In theory, once you reboot any malware is flushed from the system.
I've user the restore from hidden partition solution, while it is a pain, it does work and I can click on links and open email without fear. Of course any documents I then forward are contaminated.
Like, right now I have a 'virus' on my USB stick. I don't know how it got there, probably in some Internet cafe, but it does nothing on my Linux box. The USB device is one of those that automatically runs an application in Windows. It creates two drives F: and G: presumably to handle encryption and password protection. Not much good if the drive itself is compromised
"The BBC is in the business to deliver TV programmes to people"
May true once, but lately it's been in the habit of regularly interrupting programs with pretend adverts for programs on its other channels. It's news has also gone the way of Faux News especially since X/XX. No attempt at analysis just various supposedly independent commentators regurgitating the official line.
"International police agency Interpol says Colombian officials did not tamper with computers which they claim provide proof Venezuela financed Farc rebels"
Under Windows, there is no sure way of detecting malware once it's already installed, as it takes steps to hide itself.
The only sure way is a clean install or re-imaging from a hidden partition at boot. Something that would be a pain to set up and probably wouldn't even work with the current incarnation of Windows.
Your bet bet is to get your friend to install these Sysinternals ">utilitys and see if they can detect the keylogger by its activity. Monitoring activity at the firewall is also a good place to detect suspicious activity.
What is it about Windows that your friend absolutly needs to use. Are there alternatives out there.
If you absolutly can't survive without Microsoft applications then why not use a version of Linux that comes with CrossOver, this allows Windows applications to run natively on Linux, without the the same level of malware threat. Eg, by clicking on an URL or opening an email attachment.
"How come FTC hasn't looked into the antitrust implications of this merger?"
Because when MicroHOO does it that means that it is not illegal. And MS didn't make all those donations on capitol hill for nothing, DOH !!!
Microsoft + Yahoo = MicroHotHoo :)
.. :)
Not exactly, remember they were in the search and email business before Google. MS strategy for success is invariably, buy up some vibrant company, like Hotmail, re brand it as Microsoft Whatever, use the Windows desktop monopoly to leverage it. Eg, every software update, installs Outlook, adds Microsoft affiliate web sites to Favorites and makes Microsoft.com your home page.
Design Microsoft services to make using third party services a jolting experience. Eg. Disable links to Youtube.com, filter third party greeting cards in Outlook and so on.
Present the ubiquity of such Microsoft product as evidence of the popularity of same. It must be good, everyone chooses it