How Much Harm Can One Web Site Do? 501
Ben Edelman has written extensively on issues including censorship and spyware. He's got a very interesting piece on his site now about who profits from spyware, and how much spyware can be installed on a Windows XP machine when the user simply visits a single Web site using Internet Explorer.
not much... (Score:5, Informative)
Re:not much... (Score:4, Informative)
In Case It Gets Slashdotted... (Score:5, Informative)
Re:not much... (Score:3, Informative)
Re:What was the actual web page? (Score:2, Informative)
http://xpire.info/fa/?d=get [xpire.info] Entering this in Mozilla 1.8a4 gives me an authentication dialog. Hitting Cancel pops up a Moz file save dialog for a file containing an authentication error message.
Re:What was the actual web page? (Score:5, Informative)
Re:not much... (Score:2, Informative)
I know it's a pain to have to click on the icon tray and then select 'Repair' but it's a small price to pay. Also, I don't usually switch my network connection more than once if I move my laptop.
Re:No surpises here. (Score:1, Informative)
I don't use it on my machine only because when windows pop up out of nowhere telling me I absolutely need to download something, I know I don't. But I wouldn't trust hundreds to thousands of employees of a company to know the same.
Re:What was the actual web page? (Score:3, Informative)
Your right. If you did download the video you likely would not have been able to play it. It uses a non-standard codec and every player I have, including MS Media Player for Mac, could not play it...
Regarding the Video... (Score:3, Informative)
Glad I didn't have the boss watch it with me in an attempt to convince her of the need to take better anti-spyware measures.
Re:What was the actual web page? (Score:2, Informative)
Silly AC, the goatse site just displays a domain registry TOS page now.
wait...
Another good write-up here: (Score:5, Informative)
Comment removed (Score:2, Informative)
Anti-anti-MS zealots (Score:2, Informative)
Re:Now... (Score:2, Informative)
Re:not much... (Score:4, Informative)
It isn't a real hard thing to do most times as long as you know what you are looking for and the machine doesn't touch any form of a network during cleaning.
Yes, it takes awhile. Then again, would you upgrade an OS on a virus infested machine? Of course not!
Re:You could always use a Mac. (Score:5, Informative)
No, IE runs under whatever user you are logged in as. One should definately learn to manage users. No argument there.
, but I am of the opinion that users have every right to be stupid,
Yet we all own cars... If you are too stupid to add oil to your car and you burn out your engine... It's not the manufacturers fault. There's a certain level of responsibility the users should bear as well. Users have a right to be stupid, but should pay up when they screw their computers up the same way car owners should pay if they don't maintain their vehicle or use it correctly.
. If XP needs all of these security patches just to keep going, where a mac or linux box could stand like a column of basalt for years
Again, Bullshit! There's security holes in Linux and FreeBSD. That's why we have utilities in Fedora like up2date, portupgrade, etc. So you can automate the patching of those security holes.
Reminds me of passthison.com (Score:3, Informative)
Re:Umm... (Score:3, Informative)
Here's what's happening:
Wallpaper: Your computer is broked.
Author: The wallpaper says, "Your computer is broked." [s.i.c.]
The author should have written: "Your computer is broked [sic]"
See the difference and where the mistake is?
Re:My e-mail to the TwainTec Legal Dept (Score:3, Informative)
Re:not much... (Score:2, Informative)
See here:
http://search.linuxsecurity.com/articles/h
I'm not sure if sp2 fixes this problem
Re:not much... (Score:5, Informative)
I'm running SP2 and nothing has broken thus far. Normally when people complain about SP2 breaking stuff (like a game that will not play online after patching to SP2) it has to do with the upgraded firewall. Tweaking the firewall is all that is needed to get your game (and 9 times out of 10 X app)running agian.
All in all, I think Microsoft did a good job with SP2. The security center is something that should have been in the control panel to begin with. Its good to have some centralized location.
But yeah, SP2 fixed a lot of things in Windows and it really didn't *break* things, it just tighten some bolts that then required the user to go and loosen what he/she wanted to use. (instead of leaving the whole damn computer open)
Re:SP2 is immune (Score:3, Informative)
Outdated products like Windows 2000 Professional?
Microsoft's own product lifecycle chart [microsoft.com] indicates "Mainstream Support" through June 30, 2005, and "Extended Support" through June 30, 2010.
Re:not much... (Score:3, Informative)
That said, we'll be going to SP2 where I work when all of the testing is finished, but there are non-game business critical software packages that do break under SP2. I recommend it for home users, but I'm far more hesitant in the business environment, particularly if some custom or very old software is being used.
Re:s.i.c. -actually. (Score:1, Informative)
The word is spelled 'grammar'. Also, check the MLA Handbook (you do know what that is, Mr. English Major?), and you will see that you are wrong about 'sic' being an acronym.
I suppose it's a good thing you changed majors. Remember that spelling and grammar are helpful in computer languages also.
Re:not much... (Score:5, Informative)
Re:What was the actual web page? (Score:2, Informative)
btw video stream is Windows Media Video 9 Screen
and audio is Windows Media Audio 9
Re:not much... (Score:3, Informative)
Wow, you really don't have a clue, do you?
http://www.newsfactor.com/story.xhtml?story_id=26
http://news.com.com/Microsoft+lists+SP2+conflicts
http://news.com.com/Microsoft+tackles+AMD+conflic
From this article: Microsoft had advised AMD users to remove SP2 altogether.
There are pleanty of others.
And lets not forget problems with legacy applications. (Which many people need.)
How people get infected (Score:3, Informative)
Browsing to the site I showed in my video is one way to get infected. But that's not the most typical infection method. Instead, other sites can and do point to this site (and other similar sites), typically via IFRAMES. I was recently looking at a post in a web-based threaded messaging site, which used a 1x1 pixel IFRAME (basically, hidden) to reference the site shown in my video. When a user loads the infected post in the threaded messaging site, the user's PC will be infected via the exploits shown (if the user's PC is vulnerable to such exploits), and the user will receive spyware like that shown in the video.
As to video format: I apologize for the WMV format. There's a lot to be said for this format, from the reliable free creator to the wide deployment of the player software (present in all W2K and WXP systems). But clearly it's an imperfect solution, and not great for viewers on other platforms. I'm working on finding a better alternative and/or offering the same content in other formats.