> > The more appropriate question would be "Is a Windows box safe with a > user behind it?" since today's threats require that you browse to the > danger, or click an "OK" button first :-)
Shall we just ignore the thousands of variants of Virut which are extremely prevalent? Virut is a file infecting virus combined with an IRC backdoor. Or how about the Nirbot family, which is like Virut only it includes RPC and LSASS exploits for additional means of propagation. How about the ubiquitous autorun worms that propagate via removable, fixed, and shared drives? How about those that are a combination of all of the above? As for "browse to the danger" do you mean open a browser window and perform a search using your favorite search engine? Or browsing to your favorite trusted news, sports, enterprise website that happens to work with advertising networks that happened to be infiltrated by a malicious ad run? Or browsing to any of the other millions of websites which happened to be compromised via SQLi, stolen credentials, poorly configured settings, or any number of means? All of the above are viable means of malware exposure, simply by opening the browser. The malware problem is not user-driven (nor is it Windows-specific). -- Mary _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
