Re: Malicious JavaScript code,
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.lang.javascript archive

Re: Malicious JavaScript code,

From: Thomas 'PointedEars' Lahn <PointedEars@web.de>
Date: Sat Jan 28 2006 - 05:38:08 CET



cwdjrxyz wrote:



> Using javascript is just one of many ways of writing codes that will


> cause computers serious problems. Others include ActiveX, and just


> corrupted images with bad code hidden in them.



ActiveX does not run in my Mozilla/Firefox, neither in Linux nor in


Windows.  And on Linux, ActiveX does not run in any other UA, too.



> At one time you could avoid bad sites and not open unknown email, and


> you usually would not get infected. For some time now there have been


> bugs that will infect you just if you sign onto the web.



Probably you mean security leaks exploited to infect computers that have


merely established an Internet connection, which is not the same.



> Especially if you have a Windows OS, you must take all Microsoft critical


> updates, have good virus protection, 



The (sad) truth is that no virus protection can be good enough.  Vendors of


anti-virus software cannot be faster than the thousands of malicious people


writing malicious software.  You could be the one that discovers your


system being infected with the brand-new virus nobody knows about.  Of


course vendors of anti-virus software do not tell you this, they want to


make money.  Your money.



> have a good firewall,



Utter nonsense.  A firewall, may it be just snake-oil software ("desktop


firewall") or a real one (that is, a security concept including a network


packet filter), cannot protect you from yourself, allowing your system to


be compromised by running inherently insecure software and clicking on


everything that cannot fight back.  Of course vendors of so-called "desktop


firewalls" do not tell you this, they want to make (your) money one way


(you buying their snake oil and feeling protected while you are not at all)


or the other (you providing them with potentially valuable information


without knowing it).



<URL:http://www.interhack.net/pubs/fwfaq/>



Again, what is the right thing to do is not to use inherently insecure


software (that includes inherently insecure operating systems), or


configure the system as secure as possible if the former is not


possible, and to develop a common sense for secure use of computers.



<URL:http://www.ntsvcfg.de/linkblock_eng.html>



HTH



PointedEars


Received on Tue Feb  7 21:25:31 2006