Re: Virus from web surfing

Edward Diener wrote:
[...]

I understand about scripts being downloaded and running on the client
side and I understand that if Javascript does something on the client
side as it runs it can theoretically change something on the client
computer. But as a programmer myself I have never heard or seen of any
ability which Javascript has to actually access the client computer's
hardware or file system. While some Javascript release in a browser
could have a bug in it which allowed such intrusion I would strongly
imagine that this would have been fixed and that every browser one uses,
if one keeps the browser up-to-date, will pick up such a fix. Of course
my friend could have been using an old version of a browser running some
early version of Javascript which allowed a hacker to subvert his
system. But my gut feeling is that Javascript has been gone over by so
many people down through the years to stop such an intrusion that is it
unlikely that some virus occurred from running it on the client side.
However, I am willing to listen to those who tell me otherwise.

It only takes minutes for your browser version to become *old* in this sense.

I admit to not disabling Javascript myself as plenty of web sites that
rely on it will no longer work properly. But then again I am pretty
careful where I surf on the Internet, unlike my friend who is much more
of a novice.

I agree that if other software involved in rendering a web page or its
images have a vulnerability, that is a place hackers will attack.

The upshot for my friend is that he took his laptop back to Best Buy and
they told him his hard drive stopped working. Since he bought it from
Best Buy originally, and since my view of Best Buy is that they sell
cheap and easily breakable computer hardware ( unfortunately my friend
does not know about New Egg etc. ) I think they just sold him a cheap
system, which worked nice for a short while but now he has started a
cycle of paying for who knows what will break down next.

Javascript should be "well behaved" by now, but can be used maliciously. I'm only mentioning misbehaving software.

http://www.microsoft.com/technet/security/advisory/2488013.mspx
.

Relevant Pages

  • Re: Virus from web surfing
    ... side and I understand that if Javascript does something on the client ... While some Javascript release in a browser ... my friend could have been using an old version of a browser running some ...
    (alt.comp.anti-virus)
  • Re: DesignBais - Impressive
    ... Moreover, even with Javascript, ... It gets a little bit hard to know whether a client has ... I stress normal because I can think of many apps that cannot be ... supported in a browser, but we're talking business apps here. ...
    (comp.databases.pick)
  • Re: Virus from web surfing
    ... side and I understand that if Javascript does something on the client ... While some Javascript release in a browser ... although I do not know the exact web site he went to which Webroot ...
    (alt.comp.anti-virus)
  • Re: Virus from web surfing
    ... explicit "actual executing some file". ... I understand about scripts being downloaded and running on the client side and I understand that if Javascript does something on the client ... While some Javascript release in a browser could have a bug in it which allowed such intrusion I would strongly imagine that this would have been fixed and that every browser one uses, if one keeps the browser up-to-date, will pick up such a fix. ...
    (alt.comp.anti-virus)
  • Re: IP addresses and JS.
    ... It does NOT live/run/work anywhere else OUTSIDE your desktop browser, the Web site you request the page from AND the proxy server you go thru to reach that site can NOT be touched by the JS code. ... I am talking about the JS on the server computer. ... All I was asking was whether or not the JavaScript on www.whatevercompany.com had the ability - if I am allowing JavaScript to work in my browser - to access my IP if a) I connect without a proxy and b)if I connect through a proxy. ... If it is executed on the browser it can only know what the client computer knows or can get. ...
    (comp.lang.javascript)