How Windows Gets Infected With Malware

Orome1 writes "Since Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits, CSIS has actively collected real time data from them for a period of three months. The purpose of their study is to reveal precisely how Microsoft Windows machines are infected with malware and which browsers, versions of Windows and third party software that are at risk. They monitored more than 50 different exploit kits on 44 unique servers / IP addresses. The statistical material covers all in all more than half a million user exposures out of which as many as 31.3 % were infected with the virus/malware due to missing security updates."

70% on fully updated installs.

[140Mandak262Jamuna]

Salient point is that, fully updated and patched installs let 70% of the infections through.

Re:

[houstonbofh]

Mainly because the technology is reactive. We have to see and attack before we can guard against it.

Re:

[hedwards]

That's the theory behind Immunet, once one of the computers is infected by a new virus it's analyzed pretty much immediately and a signature is added before the virus has a chance to infect more machines. It doesn't stop new infections, but it does diminish the spread.

I'm not sure how well it ultimately works, but the basic theory behind it is sound.

Another thing that could happen would be for the ISP to throttle the connection back to dial up speed for infected computers downloading anything other than ant

Re:

[AJH16]

An interesting thought, but something seems fishy there. How does immunet tell that a particular piece of malware is malware? If it can tell automatically, then why not simply prevent it in the first place and updates are not necessary as you now have the perfect AV. If you can't tell automatically, then it relies on an end user to recognize and prevent infection. At this point, it is really relying on the end user and is not really any better than conventional AV.

Re:

[Riceballsan]

Well in theory, if you rigged a computer with a baseline install, and the 3 major browsers and perhaps flash, ran a script to make it visit random pages, but not download or install any files or programs, upon reboot any process running is almost certainly malicous.

Re:

[Moheeheeko]

The day that people stop clicking on "want bigger pen0r?" or "see x clebrity naked here" links is the day that 30% jumps to 90%. The fact is is that a fully updated maintaned system is virtually malware proof if the user uses common sense.

Re:

[networkBoy]

But sadly, average users need better than this.
Everyone on /. is at least computer literate, likely has fundamentals of data and system level security, and understands the importance of backups (even if they don't do it, they are accepting a known risk).
The average user thinks that e-mails are private, that 'password' is a bad password but that 'pa$$word', 'mypassword', 'PaSsWoRd', and password123' are all good enough, and that their digital pictures are perfectly safe on their hard drive in their 5 year ol

Re:70% on fully updated installs.

[houstonbofh]

I also think Linux is bad for the average user, because while it is more secure than Windows by default, if you muck with it you can cause vastly more damage to the system if you are in the "just enough knowledge to be dangerous" camp. Ubuntu goes a long way towards this, but it needs an even friendlier interface (IMHO) for system setup and config. We won't get that till an OEM adopts it seriously for end user platforms.

I have set up a laptop for 2 different client's wives with Ubuntu. Both were non-computer experts, and kept getting every infection known to man. After setting them up (Over 2 years ago) I never say those laptops again. I still see the clients, but they say the laptops are running perfect. Lost a lot of business there, and from happy clients. :) Ooops...

Re:

[oakgrove]

I used to do the bi-monthly schlep to my mother's house to clean off the latest Google-results-hijack/adware/trojans du jour. Finally one day I told her, "I got something for ya." Installed Ubuntu 10.04 LTS and haven't had a problem since. She's one very happy Linux user.

Re:

[jijacob]

The catch here is that *you* set the laptops up. Had you given the wives an Ubuntu CD and left them to their own methods, odds are they wouldn't be so happy.

Re:70% on fully updated installs.

[ThePilgrim]

Except having it set up is how most people receive windows

Re:70% on fully updated installs.

[oakgrove]

And if you think that would be bad, imagine giving them a Windows CD.

Re:70% on fully updated installs.

[Riceballsan]

Installing a modern linux OS, is generally easier then windows, even for someone who has never used linux before.

typical linux install, insert CD, boot computer, click the install linux button (by default it will ask to downlaod the updates, and does so in this step), hit next, accept the defaults. computer boots back up, ready to go with a word processor, firefox and almost everything they need ready to go.

windows 7. insert install CD, hit next, accept the defaults, computer boots back up, look for manufacturs CD to install any missing drivers, find printer drivers, find Office CD or go to webpage to download open or libre office, install antivirus, agree to windows updates, reboot, install more updates, reboot. Done.

There are a few exceptions to the list, and it's not uncommon for windows to have all of the drivers ready for you, But oddly in all installs of linux I have done recently, everything I have ever thrown at it has been automatically detected and ready to go on reboot, and I do admit the antivirus would be necessary if linux were to ever fall into the common for average users to get category.

Re:

[Krneki]

It helps, but what can you do if you favorite site serves infected 3rd party adds?

P.S: I do use noscript.

Re:

[maxwell demon]

It helps, but what can you do if you favorite site serves infected 3rd party adds?

P.S: I do use noscript.

AdBlock Plus.

Re:

[LordLimecat]

Even more salient is that only 13% of the successful infections relied on software that was Windows only (10% were IE exploits, 3% were Windows Help exploits).

All you folks encourgaging your friends and families to buy Macs for the specific reason of their security are in for a world of hurt in a few years when Mac hits ~30+% market share. Kits are already starting to appear.

Re:

[UnknowingFool]

But aren't you assuming that the other 87% are fully cross-platform? For instance Java and Flash vulnerabilities exist in both Linux and OS X but don't result in the same issue as those platforms are different. For example, a Flash vulnerability may allow the execution of a bundled .exe file; however that does nothing for Linux/OS X users. For them they would have to get scripts and even then bypass any default settings that don't allow scripts to run automatically.

Re:

[LordLimecat]

exe files arent materially different than Linux / Mac bin files-- if you can tell the OS to execute arbitrary code, the extension is hardly meaningful.

Regardless, thats not how those exploits work. Machine-code is somehow slipped through the plugin's security measures, and is executed (buffer overflow, etc). That code then downloads the actual exe and dll files that are set up as the permanent infection, and will often attempt privilege escalation at the same time (and if successful, will often overwrite

Re:

[UnknowingFool]

The problem is that you are assuming arbitrary code execution rather than arbitrary file placement. Both are bad but there is less severity in file placement depending on where the file is located. If files can only be saved to user directories but not executable there is less risk. As for Pwn2Own there were different categories. One was code execution and one was file placement and one was reading user files.

Re:

[beelsebob]

Tbf, a large number leveraged flash and acrobat reader. Flash is not installed by default on Macs any more (though is likely to be installed as there's no alternative), acrobat reader is not installed, and is unlikely to be installed due to the existence of preview, and safari's native pdf rendering.

Re:

[LordLimecat]

Flash is also not installed by default on Windows, nor is Java (though your OEM vendor may slip it in on you). That doesnt matter; the first time the user visits youtube, they will get Flash, and that will likely be the version of Flash they have for the next umpteen months until their local friendly geek updates them. (does Mac system update cover java?)

Re:

[gtall]

"does Mac system update cover java?" Nope, as of OS X 10.7, java is your problem, not Apple's.

Re:

[LordLimecat]

:\ one would have hoped they would have started moving towards "best of Windows and Linux", not "we're putting more things on the user's plate".

Seriously, why cant MS and Apple get on the "update repository for desktops" bandwagon?

Re:

[Pope]

Yes, the built-in Software Update service on OS X includes some Java updates, but with Lion, Java is no longer installed by default. http://support.apple.com/kb/DL1421 [apple.com]

Re:

[LordLimecat]

My friends & family run $OS with the browser running in an isolated user account, works quite well

So do most windows users. Luckily for the virus makers, its pretty easy to pester the user with a zillion gksudo / consent.exe prompts requesting elevation-- all it takes is clicking "allow" if you dont have a password set, and its all over.

Re:70% on fully updated installs.

[Anonymous Coward]

You say:

Salient point is that, fully updated and patched installs let 70% of the infections through.

TFA says:

The conclusion of this study is that as much as 99.8 % of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages.

Re:

[lpp]

The report only shows how many machines were running each browser or OS on the infected machines. They don't report how many machines in total had those browsers or OSes. So it may be that 100% of the Win98, Win2k and Win2003 installations were infected but they represent such a small subset of the total userbase that the percentages in the pie charts are also relatively small.

Additionally, the browser report doesn't break out different versions of IE and Firefox. The fact is a lot of people are still using

Re:

[ackthpt]

To think with GUI Operating System versions it began with Microsoft's rather optimistic view, with regards to ActiveX, nobody on another networked computer would every think of invading your computer, manipulating it, installing software on it and controlling it.

Big fan of OTR and impressed when I heard a radio play from the 1950's which predicted unprotected computer hardware being infected... so the concept wasn't new.

I also spent my early years on a mainframe system, where we were always vigilant to keep

Re:

[blackicye]

Salient point is that, fully updated and patched installs let 70% of the infections through.

This proves that no amount of software development can overcome human stupidity.

I haven't used an antivirus program in over 15 years and have not had any infections in about as long. I do download a free trial of some random antivirus program every year or so and just do a full manual scan before I uninstall it though.

I like to tell people that the best antivirus that you can possibly install lies between your ears.

Re:

[Hatta]

How many are let through with a fully updated NoScript?

Re:

[JDG1980]

How many users are willing to have all websites broken by default until each one is explicitly whitelisted?

Re:70% on fully updated installs.

[Dunbal]

Stupid users eh? Explain the following: Yesterday I visited the top site google provided for a search I did. I was not searching for anything particularly exotic or deviant, certainly not pornographic or illegal. Immediately on visiting the site with my Windows 7 machine, Microsoft Security Essentials pops up to alert me of a "severe" threat (Trojan:JS/BlacoleRef.A) it had located in my browser cache (Firefox 7.01). I did what the security program said, and it says the threat was removed. I have no idea if it was removed or not, my only choice with such an obfuscated, complicated OS is to assume that the tools I am given are not lying to me and are doing the job that they are.

However should I be infected in the above scenario, how exactly does this make me a "stupid user"? I've had a PC since the late 1970's. I can code in ASM, Cobol, Fortran, Basic, C, C++. I like to think I know how computers work. I don't click "Yes" to everything, and I don't run programs from dubious sources anywhere other than a virtual machine. Should I be going through my registry and boot files daily to not be a "stupid user"? Isn't that what an OS is supposed to do for me - take care of the basic functions of my machine while I run the programs I need? Are you just going to troll me by saying "use linux instead you noob"?

Re:

[houstonbofh]

Are you just going to troll me by saying "use linux instead you noob"?

User Virtual Box to browse, you stupid Noob! :) It is actually almost to this point. Some of the exploits even work on Linux. Only as the running user, however, so a root exploit means you were a stupid Linux noob running as root. (So far anyway. Tomorrow may be different.)

Re:

[ewanm89]

Unless it's a privilege escalation exploit.

Re:

[CadentOrange]

Your anecdote perfectly illustrates why we need to run AV scanners on our machines. It doesn't matter how careful we are, we are not immune to drive by attacks. At this point, the typical slashdot response is "Run AdBlock/NoScript". This doesn't always guarantee that you'll be safe because what happens if the "safe" site you regularly visit has been compromised and the script you're about to allow is no longer safe? AV packages add another layer of defense [wikipedia.org], and this is a good thing.

Re:

[rsilvergun]

"my Windows 7 machine ... how exactly does this make me a "stupid user"?", well, there's your answer

Sorry, I kid, I kid. But seriously, I feel your pain. My brother put a virus on my PC when he viewed a video about how to teach a kid to ride a bike. Go figure. What I've taken to doing is doing my web browsing in a Vitual Box running Ubuntu + Chrome. It's pretty bullet proof, and even if it gets through it's tough to get out of the V-Box (Yeah, I know it can be done, but who does it?).

Re:

[Endo13]

And what's to say that same site didn't also have another infection that wasn't caught?

You make some very interesting points.

Re:

[spottedkangaroo]

Unless the scanner didn't know the virus yet. I think you'll find that they don't know about anything from the last month or so. If you check virus total with the various binaries you collect on a mail server, you'll find that literally *most* of them don't get caught in any consistent way by any majority of the virus scanners listed there. It's not just that virus scanners suck, it's that the don't work for anything but the oldest stuff. So I hope UAC can do the job and it isn't a userspace malware set

Re:

[Dunbal]

Being a coder doesn't make you a bad / good computer user...

No I agree. Especially if you learn to code in a cookie-cutter university environment. However I taught myself everything I know about computers back when computers were far simpler than today. I knew how to peek and poke to memory, deal with interrupts and DMA channels and even sometimes write my own drivers before most of today's coders left their diapers. I have intimate and fairly obsolete knowledge not only of CPU's and their supporting chips, but I understand on a fundamental level how a computer work

Re:

[amicusNYCL]

I think anon is referring to users who open email zip files from unknown senders and who don't bother to install an AV to start...

Maybe, but the 70% number quoted, and this study, dealt with drive-by browser installs rather than emailed zip files.

Re:

[140Mandak262Jamuna]

Salient point is that, fully updated and patched installs let 70% of the infections through.

[citation needed]

I know you are not supposed to read the Fine Article, but not even the summary? The summary quotes the very article to mention the 31.x% statistic.

The article also says 99.8% of the infections happened due just five software. Cant understand that. On top of it, it splits Adobe into two pieces Flash player and Pdf reader. Thus the top prize goes to Java JRE. But there it clubs an array bounds violation with ActiveX vulnerability in the deployment tool. Looks like the article has the stench of a shill sett

How Window Gets... hu wha?

[sgt scrub]

A window can get infected? Lies I tell you!

Re:

[houstonbofh]

Yep. When a window licker has a cold or the flu...

Three guys beat IE!!!

[140Mandak262Jamuna]

According to the article, IE ranks fourth! Java JRE ranks first, Adobe Flash and Adobe Pdf reader takes the next two places. I think combining these two, Adobe is the king of the hill now in being the vector of disease. Not that it is any surprise.

Java JRE issue is confusing. If the problem is with Java and specs, it should be platform independent. So it is the Windows implementation that is at fault? I don't know.

Re:

[ColdWetDog]

OTOH, you can cruise the Internet in safety and ease using the following combination:

WIndows 98
Safari for Windows
Quicktime for Windows

About the only thing you could do is run iTunes, but you would be safe!

Re:

[daid303]

Java JRE, so, disable it. I haven't found a single site that depends on it, the add-on seems to install by default (I just want the runtime, not the browser add-on...) and only use in the browser seems to be an attack vector.

And It's not a problem with the specs I think, it's the problem that the Java JRE is huge, and a single exploit in a single feature is a problem.

Re:

[gad_zuki!]

Yep, the advice I always give is:

1. Uninstall java. Most end users never have a need for it and don't update it.

2. Use Chrome to read PDFs or Foxit. No need for Adobe, but to be fair Adobe's new sandbox model in version X is resistant to viral infections and exploits.

3. Update flash as often as it says or switch to Chrome.

4. Run MSE or some other AV.

Re:

[LordLimecat]

Yes, people who actually deal with such issues for a living have known this for some time. The difference between browsers is rapidly becoming moot-- the market share of any one browser is too diluted to be worth targetting when compared with the widespread adoption of Flash, Java, Acrobat, and Quicktime.

There are some cases where it is conceivable that IE would be more secure than firefox, given the huge leaps made between IE6 and IE9 over the last 4 years.

Re:

[RicktheBrick]

I am getting this pop up ad for Norton anti-virus. That would not be unusual except for the fact that the only way I can see to get rid of it is to click the accept button. There is no x or a no thanks button on it. I have microsoft anti-virus and I also have Iobit windows care program and I run firefox with their pop up blocker. Even with all of that I still get that pop up. I will not accept just because they do not have a easy way to decline.

Re:

[washu_k]

The JRE issue is simple. The JRE is being exploited to deliver Windows malware. Linux or other OSes can get "infected" by the same exploit, but since the payload code is for Windows it won't run on other OSes. The JRE is just the delivery method, it's not actually running the malware.

The big issue with Java is that while it is platform independent, it is not version independent. There are many many Java apps that require a specific version of the JRE and will not run on a newer one. So if you need t

Update early. Update often.

[mrflash818]

When a Microsoft Windows machine gets infected by viruses/malware it does so mainly because users forget to update the Java JRE, Adobe Reader/Acrobat and Adobe Flash.

Update early. Update often.

Re:

[chispito]

When a Microsoft Windows machine gets infected by viruses/malware it does so mainly because users forget to update the Java JRE, Adobe Reader/Acrobat and Adobe Flash.

Update early. Update often.

Alternately, you could simply not use Adobe plugins.

Re:

[houstonbofh]

Funny enough, while there are loads of alternative pdf readers out there, all of the alternative flash players I know of seem to be Linux only, or the windows versions are way behind. http://www.gnu.org/software/gnash/ [gnu.org] http://sourceforge.net/apps/trac/lightspark [sourceforge.net] http://swfdec.freedesktop.org/wiki/ [freedesktop.org] Perhaps this will get these projects some attention...

Re:

[jimicus]

Alternately, you could simply not use Adobe plugins.

Let's face it, for most people that's a bit like telling them not to have sex if they don't want to get pregnant.

Entirely true, but so un-representative of the real world you might as well save your breath.

Re:

[antdude]

How do we watch Flash videos then? :P

Re:

[networkBoy]

I wish this were true.
So many enterprise apps are Java (not JS) it is frightening.
I maintain a whitelist for JVM apps allowed in the browser rather than uninstalling it. Annoying, but I can not do my job without it, nor can my wife go to school without it (on-line classes use it for the "classroom app").
-nB

Re:

[i kan reed]

Uninstall reader/acrobat as useless, install firefox with flashblock, adblock.
Ta-da, infection almost certainly now depends on users being morons.

I personally would like a way to tell firefox to block cross-domain anything that's not a static image. That would quash a lot of the scripts that are problematic without the hassle of noscript.

Top 5 to be avoided

[hesaigo999ca]

I guess dont use java, adobe reader or flash, or IE, and you should kill 90% of possibilities.

Better statistics?

[SpryGuy]

Looking at the graphs and statistics, I ended up wishing they'd factored in usage share, to make the numbers more meaningful.

I mean, if (say) 70% of users used XP and 30% of users use Win7, then seeing 70% of the exploits on XP and 30% of the exploits on Win7 doesn't tell you much other than there's an exploit that is the same across them. It does NOT mean that XP is more vunerable than Win7. Ditto the breakdown by browsers. Without usage share factored in, the numbers can be misleading in either direction.

How Windows Get Infected With Malware 16

[DRAGONWEEZEL]

Simply Click HERE! [goats--damnicantdoit] ;)

Not much meat in TFA

[sl4shd0rk]

User's patches not up-to-date. User got infected.

The applications the malware targets are unsurprisingly the same-ol-same-ol. Windows, Java, IE, Adobe.

Perhaps the real questions should be:
- Why is patching so ineffective?
- Why is patch frequency not decreasing over time (these are *very* mature applications) ?

Re:

[quacking duck]

The Flash update process is pretty retarded, for one.

In the control panel, it can tell me which versions of the ActiveX (IE) and plugin (Firefox, etc) are installed, but when I manually ask to check for updates it sends the default browser to the Flash download page.

What a completely lame-brained approach--the control panel should check for, download and install updates itself, or pass it off to an Adobe Update app, or *something* that doesn't require manually downloading and installing a fresh copy of *bot

Java JRE

[Bigbutt]

Unfortunately I run into areas where I am unable to upgrade the JRE due to incompatibilities with newer versions. For instance, in dealing with a Dell DRAC, the old Chassis says it'll support 1.4_5 something or other or newer. The problem is with the exact version it works fine but upgrading JRE on my system causes it to fail and refuse to start up the console java app. So I have a Windows laptop at my desk that is kept at that specific version of the JRE so I can continue to access the chassis until it's replaced. It's just one example but it's one I have to deal with on a periodic basis.

[John]

Re:

[magamiako1]

Easy: Virtualize the management system used to manage these cards, throw it in a VM that is not used for general everyday computing (its sole purpose is managing the DRACs)

Contact Dell to see if an update exists that would allow you to use a newer version of Java.

If the hardware is too old, look into a replacement plan due to aging.

Re:

[Bigbutt]

Not allowed to virtualize Windows (I've asked). They're trying to reduce the number of Windows licenses in the company (I have a Mac :) )

The last update was applied. This was end of life'd two years ago.

Hahahahahahaha. Believe me, we're trying to get old hardware replaced.

[John]

Re:

[magamiako1]

Company's going to have fun on the Mac environment....(word: it's worse)

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Bigbutt]

My solution is to just keep the old laptop around but not use it for anything but that specific task. So it sits in a drawer and every month or so I have to break it out, turn it on, and check out the console for the server that stopped responding to the network for some reason. If it doesn't get on the 'net, there isn't much of a chance of it getting infected.

[John]

Re:

[Bigbutt]

Granted but I do from the system I use to access the DRAC. The issue is that my Windows box has to stay at a specific version of the JRE in order to continue to access the DRAC. So upgrading the JRE isn't possible. Fortunately I've received a new laptop so the old Windows one just sits until I need it to access the DRAC.

[John]

Java and Adobe need automated silent updates

[sandytaru]

They need to incorporate the option of turning on automatic, silent upgrades like Google Chrome has - many end users don't recognize the "Hey I've got an update" balloons on their machines, and just ignore them until they wind up several versions out of date. Also, Adobe needs to cut out this "reboot required" nonsense for Adobe Reader. Not everyone is able to reboot machines at a drop of a hat, and it's annoying to have to schedule a reboot on a server for a program that didn't require a reboot for insta

Re:

[goldspider]

I don't know about Flash, but Java can be set to auto-update.

Re:

[AtomicJake]

Silent updates is the worst idea ever. Something that worked yesterday, stops working today - and I have no clue why.
It is OK for some users to enable automatic updates (e.g. if you use only a Web browser and no specific plugins), but even then: Make the users aware about each update. Most users are far better off with a planned update.

Re:

[sandytaru]

That only works if users actuall install the updates. Best case scenario, they actually call IT and ask about it and make us install it for them. Worst case scenario, they ignore it and we don't find out about it until six months later when they're system is suddenly infected beyond repair because they double clicked a fake UPS attachment reciept.

Salient point:

[aepervius]

http://www.net-security.org/images/articles/102011-infection.jpg [net-security.org]

Avoid Java, Flash, acrobat and IE Explorer and you avoid around 95+% of the entry points. IOW it does not seem to be opera or mozilla which is vlnerable, but the added cruft plug in.

Summary of the article

[rabtech]

TL;DR:

The majority of infections are (in order): JRE, Acrobat Reader, Flash, and a minority are actual browser exploits and/or Quicktime exploits. No word on the versions but I expect that they are all well-known and long-patched holes.

Part of the reason I run with Java disabled, Flashblock installed, etc.

Product Pushing.

[nairnr]

Of course this study was done to showcase a product... And it is a Danish company CSIS...

"With this study CSIS has received confirmation that our security program Heimdal is addressing a market not adequately covered by a proper patch routine or policy for this area. "

Re:

[Guspaz]

Not to be confused with CSIS, the Canadian Security Intelligence Service, our equivalent of the CIA.

Re:Welll

[QuantumRiff]

I can't tell you how much I wish Windows Update would update other applications.. I guess I've turned into a crusty, bearded old Linux geek.. but one command to update everything kind of spoils you. (and being able to install and uninstall more than one application at a time is nice too).

Re:Welll

[houstonbofh]

Plug-in repositories are one thing I WISH windows would steal from Linux!

Re:

[Leebert]

It will happen if and when Microsoft can manage to swipe the App Store concept. The end goal is in sight, although we might not like the side effects.

Re:

[Nerdfest]

They will likely do what Apple did and borrow the concept, but not allow other repositories to be added. The walled garden is now an accepted approach it seems.

Re:

[somersault]

According to my colleague, the option is there for Win7 to do that now. It's apparently the software vendors who need to integrate their apps into it. I doubt Adobe and Oracle will do that without being pushed though, there probably is something in the rules against pushing extra toolbars and such when updating.. they love doing that.

Re:

[somersault]

Perhaps. I was trying to give MS the benefit of the doubt, as my colleague typically does. I guess it could be just laziness on MS' part.

Re:Welll

[bill_mcgonigle]

I think that's in Windows 8 and they're calling it an 'App Store'.

No word yet on how many reboots it'll take to install an app.

Re:

[buchner.johannes]

Use PSI https://secunia.com/vulnerability_scanning/personal/ [secunia.com]

There are also several software-updaters based on repositories, but none are really good. The software landscape is just different in Windows.

Secunia PSI

[ThatsNotPudding]

http://secunia.com/vulnerability_scanning/personal/ [secunia.com]
I'm sure it's not unique, but I like that it does keep track of third-party programs and services - especially the seemingly purpose-built attack vector: Flash.

Re:

[mikael]

I must admit I always had some suspicions of web browsers that visit dozens of websites before they even visit your own home page. Running 'tcpdump -vv' and 'netstat -a', while a browser is very enlightening, even more so when doing 'whois' on those websites I've never heard of.

Never could understand why 'firefox' was opening a shttp link to weather.noaa.gov, or who "stopbadware.org" was.

Re:

[houstonbofh]

weather.noaa.gov is the stupid toolbar something added. stopbadware.org is the firefox link scanning site trying to keep you safe from "bad websites" but only after they have infected lots of folks, and for a while after they are cleaned up... The other 52 websites on a given page are adds, and google analytics.

Re:

[VGPowerlord]

weather.noaa.gov is the stupid toolbar something added.

Why would a toolbar contact a government-run weather service?

Re:

[mikael]

So in effect, they get to know your online usernames plus all the websites and comments you make?

Re:

[LordLimecat]

Which is why Chrome is such a boon-- auto-blocks Java if its too old, auto-updates Flash, auto-updates its PDF reader (which notably isnt Acrobat based).

Even if you disregard marketing blurbs about Chrome's security, the auto-update alone makes it a huge security plus.

Re:

[LordLimecat]

How Windows [machines] get infected.

I didnt have trouble parsing that; possibly if you turned the brainpower spent making snarky responses to reading comprehension you wouldnt have had the issue either.

Words counts!

[jabberw0k]

Grammars be important, their how we speech proper. Kapeesh?

Re:

[somersault]

What talk bout. We no talk that here.

Re:

[LordLimecat]

One might wonder how you ever manage to read headlines if you cant grasp the concept of implied words. Its not exactly uncommon for a headline to drop words, nouns and verbs alike.

Why, Msn.com has the headline "Dust storms, Bear attacks, more". Oh noes! Theres no verb in those sentences! WHAT are the dust storms doing? Or perhaps the dust is currently storming, and its the object of the attacks and storms that we are missing? However will we decode this headline? And what is the bear attacking?

Really

Re:

[somersault]

"Storms" and "attacks" are both verbs. The dust is storming, the bear is attacking. There was an s missing from the headline. It's a Slashdot meme to make jokes about the poor editorial quailty. You need to relax and get over it.

Re:

[LordLimecat]

Not correct. You might be able to make the case for "attacks" being a verb, but ONLY if it is referring to a single bear doing the attacking. If it is referring to several incidents, it would be "bear-attack", plural-- that is "bear attacks" (noun).

Dust storm, however, is a noun, and I have never heard the usage that would indicate the dust was storming something-- you would have to think the dust was breaching the walls of something, which is a bit of a stretch.

From the context (being a headline, the use

Re:

[LordLimecat]

There were multiple Windows machines being discussed. "Gets" is only appropriate for the singular case, so the usage of the plural "get" was correct.

Pedantic fail.

Re:

[houstonbofh]

IE is the default browser on more systems than anything else. And even if Firefox is installed, the API calls on windows for http downloads use the IE engine, unless you go to some trouble.

Re:

[magamiako1]

No, it's called shitty application developers that don't want to leverage the tools Microsoft provides for securing their applications.

I've gotten arguments from developers who SWEAR they can do it better--and by better, I mean "I should be able to put my application anywhere on the system and the system shouldn't be exploitable by any bugs in my code."

I shit you not, we argued over this for a while.

Microsoft provides developers every tool they need to make a Windows application that can operate on least pr