Re: Google Base
- From: John Bokma <john@xxxxxxxxxxxxxxx>
- Date: 27 Oct 2005 03:59:54 GMT
Borek <borek@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, 27 Oct 2005 01:16:32 +0200, John Bokma <john@xxxxxxxxxxxxxxx>
> wrote:
>>> Yes, but this program will be not able to execute by itself.
>>
>> Since when does this happen with mail programs on Windows?
>
> I don't quite get your question. What I was aiming at was some
> virus that attacked few years ago exploiting a hole in Outlook -
Aaaah!, ok, a few years ago.
> it was enough to display the email to run the attached program.
> It worked in Outlook only, but was quite efficient and fast spreading.
Yup, another nice thing from biology: the faster a virus spreads, the
sooner it is detected.
>> Yup, but probably enough to get exploited. From what I understand,
>> after SP2, things are lessening a bit, but still serious enough.
>
> Small difference in the speed of infections can lead to the
> difference between total disaster and containement of the
> infection. The diversification is not very difficult to achieve.
> I am using Opera, IIRC you are using Firefox, Stacey uses IE.
Yes, mainly Firefox, and IE now and then. But I am not the target. As
long as I have been using computers I haven't had a single active virus
once. I once got very close, a customer had given me his *official*
diskettes, bought in a shop. And they were infected! (Probably because
some people made copies of software in that shop :-( ).
And another customer once accused me of giving him a floppy with a
virus. Well, when he checked his floppies at home, almost all got
infected, even the ones he used the last time way before he knew me.
So basically, I am very secure IMNSHO. The problem is a very large group
that just clicks on everything, and neglects: This exe can contain a
virus, are you really, really sure? It's the same group that readily
accepts "advice" like: turn off your firewall, turn off your virus
scanner.
>>> And I never stated it will ever be completely safe, but if OS-es,
>>> browsers and mail programs will be more diversified web will be
>>> _safer_.
>>
>> This is already quite the case for mail programs, a bit less for
>> browsers (I guess). But like biology, there is never a equally
>> distributed diversity.
>
> It doesn't have to be equal, although that will be ideal situation.
But how will this stop people executing attachements? The more hoops you
provide, the less willing they are to use the software (unless all
provide the same hoops). Saving an attachement and then double clicking
on it instead of double clicking on the attachement is not really going
to stop them.
>>> If every second computer will be running
>>> different OS you need two programs to infect the same number of
>>> computers. If there are three different OSes you will need three
>>> different programs and so on. That makes large scale attacks more
>>> difficult. Not impossible, but more difficult to orchestrate.
>>
>> Yes, nice in theory, but practically this isn't going to happen.
>
> I never said it will happen, but the more people are aware of the
> fact, and the more people switch from IE and Outlook to other
> programs, the better. Will you deny that too?
Yes, of course. IE has been improved quite a bit if the user did apply
the patches. I am not sure about OE/O, but a lot of security issues with
IE have been fixed, and the new IE has even more measurements against
weird stuff. The switch is not going to happen, so lets focus on
educating users, since *that* is the major issue. Not the software, but
the person behind the machine.
Another thing that should be done is making ISPs aware that they can
detect malware running on their client's computer in a very early stage.
Aggressively blocking ISPs that ignore zombies should kick some in
action, and the only right thing is:
* isolate the infected machine (kick it off the net)
* let the customer fix it, and prove it has been fixed
* let the customer sign a paper that it has fixed the machine
* connect the machine. If it happens again, the customer has to
pay a huge fine.
> Same holds for switching from Windows to other OSes, although that's
> much more complicated problem - I can't switch, as I am developing
> Windows programs.
Yup, Windows is here to stay, and I doubt if one can call that a bad
thing (of course there are plenty of people who do so). Anyway,
switching OSes isn't going to stop viruses either. Like I said, even a
very exotic OS like RISC OS had over 200 viruses. A massive switch is
not going to happen soon, so dreaming about a virus free world is just
that, a dream.
> But Junior uses FreeBSD as he doesn't need Windows
> for most of the time.
Yup. I use Windows for several reasons: the major one is that some of
my customers use it. The other one is that some software *doesn't* run
on Linux, and no, there are no alternatives (there are similar programs,
but not similar enough). Another thing is that I really don't like the
GUIs/Desktop environments I have seen so far. I think one I might like
is XFCe, but I just don't have the time to hack Linux for a week or two.
My new computer is Dual-Boot: Windows XP Pro + Kubuntu. I am also
looking into the free VMware Player, since I want to be able to use
Linux while I am running XP: http://johnbokma.com/mexit/2005/10/25/
--
John Perl SEO tools: http://johnbokma.com/perl/
or have them custom made
Experienced (web) developer: http://castleamber.com/
.
- References:
- Google Base
- From: John Bokma
- Re: Google Base
- From: Roy Schestowitz
- Re: Google Base
- From: John Bokma
- Re: Google Base
- From: John Bokma
- Re: Google Base
- From: Borek
- Re: Google Base
- From: John Bokma
- Re: Google Base
- From: John Bokma
- Google Base
- Prev by Date: Re: Berners-Lee and the Semantic Web
- Next by Date: Re: How??
- Previous by thread: Re: Google Base
- Next by thread: MSN More relevant than Google?
- Index(es):
Relevant Pages
|
|
