How Much Harm Can One Web Site Do? 501
Ben Edelman has written extensively on issues including censorship and spyware. He's got a very interesting piece on his site now about who profits from spyware, and how much spyware can be installed on a Windows XP machine when the user simply visits a single Web site using Internet Explorer.
Gnome + spyware? (Score:4, Interesting)
Re:not much... (Score:1, Interesting)
Re:not much... (Score:5, Interesting)
I am personally responsible for the software on 67 windows computers at a university. I am jointly responsible for almost 400 of same.
On the image I created and support, there are 93 applications loaded on top of a base XP install. These range from silly stuff like DivX player to Pro/Engineer. I had to test each and every one of them for SP2 compatibility.
A grand total of 4 applications wouldn't work at all. 2 or 3 more had minor problems. Every one of those with problems were corrected by getting updated versions of said app.
Any other usability problems are strictly a function of the firewall and if you (being a
Does he have a lawyer? (Score:3, Interesting)
I would love to see somebody slap some criminal charges against the site owner. Hiding behind an obfuscated EULA is bad enough, but installing software without any permission whatsoever has to be illegal, doesn't it?
Did anyone else read the title as... (Score:-1, Interesting)
That would be a good question to ask Michael Sims [slashdot.org], who goatse'd my web site last year and said of the experience, "I'd do it again."
This Ron Artest-like display shall not stand. Read all about it in my upcoming book entitled Cheating Death: How the Censorware Project Became Fraudened [yahoo.com].
Re:not much... (Score:2, Interesting)
simulating spyware installs (Score:3, Interesting)
Win2K is just as bad. (Score:5, Interesting)
I also killed all the services. and it never ran a web browser. Just mysql. I didn't have any antivirus software on it.
So after placing it on an unfirewalled connection in a locked room, withing 2 hours there were over dozens of virus, worm and spyware installed on the system till it crashed and couldn't even boot. Coming up with 100's of DLL errors!
Again we never open a single web page.
Specificaly some of what was installed was:
alte.exe
beird.exe
c.bat
clonzips.ssc
clsob
cvqaikxt.apk
cult.exe
cygwin1.dll
dgss
dual.exp
emoti.bat
enotxa2.exe
explorx.
ger.exe
gt.x
hosts was altered
knlps.exe
knlps.sys
ksat.bat
medo.dl
nonzipsr.noz
ntcnsl.dll
orrl.exe
Odi
repcale.exe
riqa
scheduler.exe
sysm
svcshost.exe
titlex.exe
w.e
wshield.e
winguard.exe
ymnz.exe
unmt.exe
vnicmon.exe
a qsws directory
zippedsr.piz
Re:You could always use a Mac. (Score:3, Interesting)
November 23, 2004 (1:39 PM EST)
Java Bug Makes IE, Firefox Vulnerable
By TechWeb News
A flaw in Sun's Java Virtual Machine can open up the two most popular browsers, Microsoft's Internet Explorer and Mozilla's Firefox, to attack, security researchers said Tuesday.
Re:not much... (Score:3, Interesting)
/me laughs maniacally. Oh, the naivette...I do desktop support in an University setting for students and faculty. Amongst my duties is supporting the students XP laptops (we don't technically support other windows versions). I've seen Adaware remove well over a 1000 items from laptops, and my supervisor has seen over 3000. One laptop brought in (by somebody who I'll guarantee wasn't searching for warez and pr0n) had 256MB of Ram and was using an additional 350 MB of swap by the time it finished booting. The hard drive light wasn't flashing. It was just _on_. :) Just as dangerous as the w4r3z and pr0n is that inspirational link Mom sent you that requries you turn all your additional browser crap...
These people don't do anything but browse the web and use office. It's all comin in through IE.
Re:not much... (Score:5, Interesting)
Stupid Spyware Companies. (Score:3, Interesting)
virgin install (Score:5, Interesting)
It bothers me that some people still install windows while connected to the internet.
The test is not particularly valid (Score:2, Interesting)
The "test" is basically the same as saying "Hi I know that this lock is vulnerable to this method of being opened and I will now prove it is not secure by using an old lock with that vulnerability."
If I was in a really pedantic mood I could use a nice old copy of any other operating system with known and patched security problems and demonstrate how vulnerable they were in the past as well. Lets see, maybe I could make a website dedicated to the old known Irix user able to set root password to nothing exploit.
It's not scientific and it's not clever.