>JeffM wrote: >>The anti-whatever guys >>are always playing catch-up with the black hats. >> ...and the bad guys are smarter than MICROS~1 and the anti-whatever guys put together.
>>Updating your band-aid apps >>*just before* doing something questionable is the "best" you can do. >> Paul B. Gallagher wrote: >Yes. Of course, it's better not to do questionable things. > Heard of cross-site scripting? Most site owners will allow *any* jerk to put up whatever "advertising" they want in order to get revenue. The owners don't check it. It's the Wild West. Running Adobe's crap? Good luck. Have Java enabled? Good luck. Aren't running NoScript? Good luck. "Questionable" isn't always obvious--especially with M$'s junky OS. ...and back at Firefox 1.5, there was an extension that did ActiveX. What kind of clueless masochist would install that? >>If you run Windoze, and AV apps are your primary line of defense, >>you are going to get pwned. It's that simple. >>NB To those who say "Not me", I say "Not yet". >> >Possibly. > See "smarter than MICROS~1 and the anti-whatever guys put together" (above). Over time, it's a certainty. You can only dodge machine gun bullets for so long. >I suppose if a determined hacker targeted me specifically, >he could get in. > ...with his hordes of bots, running on other Windoze boxes. >But since I don't own a bank or anything, why bother? > Do you do online banking on your Windoze box? Buy stuff online using your credit card? Heard of man-in-the-middle attacks? With dirtbag Certificate Authorities recently being exposed, http://google.com/search?q=Diginotar+Comodo+DigiCert even FOSS isn't necessarily immune (SM update lag). ...and an OS that downloads files with full permissions granted to those is a sitting duck. >I've been running Windows machines since[...]the late 1980s >and have never yet been infected. > See "yet" (above). >they were all either snagged and >deleted/quarantined/sanitized/whatever by my AV programs > See "always playing catch-up" (above). >Forever's a long time, but good software > Heh. Now I know you're -not- talking about M$'s junk. Want to see "good"? Look at how few successful exploits have -ever- been written against Linux to start with. Now look at how fast things in the Linux world get patched. (*NOT* relying on 3rd-party "protection" is the ticket.) OTOH, even if Redmond *has* a fix for the latest exploit, **you** can't get it until the 2nd Tuesday of next month. That is orthogonal to "good". >and good practices > It doesn't matter what *your* practices are if your vendor is a lax/sloppy/incompetent idiot. There's no other way to put it: The execution of user-supplied data in kernel space is just monumentally stupid. Image viruses? Macro viruses? Email viruses?[1] Any of this ringing a bell? That's just garbage OS design. ...and the latest fallout from MICROS~1's incompetence? Font viruses: http://google.com/search?q=Duqu+TrueType+exploit >I figure if I can make it to 2055, when I'll be a hundred, > Youngster. 8-) >that'll be close enough for rock 'n' roll. > Now pity the fools who run Redmond's junk but *aren't* aware: An OS that uses file extensions to determine executable status then HIDES those by default?? Autorun enabled by default?? >P.S. For someone who's never been to Africa, >I never cease to be amazed at how many people over there >have left me money in their wills... ;-) > You haven't scored any of that easy cash?? Are you some kind of hardhead? 8-) . . [1] ...then there are apps that crash and take the OS with them. While not a *security* failure, those are a far more fundamental example of a crappy operating system whose creators have violated Rule 1 of OS design. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
