Re: Just venting (totally OT)

Loz <lozzer2@xxxxxxxxxxx> wrote:

Rowland McDonnell wrote:

It might be worthwhile considering installing a spyware protection program.

It'd be a very good idea, but you'd need to find one that works well.
And that'd take research of more detail that `Whatever PC Answers told
me to do'.

I've done my research Rowland and PC Answers is also a bloody good
magazine.

How do you know that they're good? What tests have they done? What do
you have to back up your claim?

Come on - tell me.

I've read PC Answers, and I think it's utter *** like all current
computer magazines in print in the UK. Serious people who want the real
gen use the Web.

Ars Technica is a damned sight more useful when it comes to technical
information than any UK published computer magazine in print.

I did my research, and the `bloody good magazine' you rely on suggested
that you use anti-virus software which has been shown in tests to ignore
70%-80% of the current active virus threat.

You keep faith in that `bloody good magazine' if you want, but I'll not
have you you mis-informing Mandy. That's not on, that isn't.

I know you've got an emotional investment in trusting your source, but
it's pretty silly of you to deny the evidence I presented if you ask me.
But of course you didn't even bother reading the Web pages I linked to,
did you?

If you can point out better free anti virus, firewall, anti
spyware programs than the ones i mentioned to Mandy i would be very
grateful.

<surprised> Well, it's not at all hard. Didn't you bother reading the
link I provided, which did exactly that in the case of antivirus
software?

No, you didn't, did you? You just decided to stick with `what you
already know' (or rather, your existing prejudices) instead of trying to
learn from a useful information source even when I provided the link for
you to learn from.

I'll tell you what, why don't you read the links I provided? The
information I could supply is there for you to read. Maybe you could
learn something?

Ars did explain that all the anti-virus software currently around is bad
and getting worse. That's why I didn't bother suggesting anything
better.

I've read on serious tech Web sites in recent months that there are lot
of serious computer security professionals who take the line that virus
checkers are nothing but a scam and a waste of resources simply because
they're so bad at spotting current viruses. Virus scanners are an
old-hat solution that doesn't really work properly any more - although
if you've got Windoze, it's essential to have one but you cannot rely on
a virus scanner to spot much.

writers specifically write their nasties to exploit vulnerabilities in
Internet Explorer.

That is a common misconception.

Malware authors write their nasties to exploit vulnerabilities in MS IE
because MS IE has /many/ more vulnerabilities than any other Web
browser.

Sorry Rowland, I dont buy that at all.

<shrug> I'm not selling anything. I'm just explaining about a
mis-perception that many people have.

Using your logic if Opera had many more vulnerabilities than IE the bad
guys would write their nasties to exploit Opera instead of focusing on
IE even though Opera has a very small % of the browser market.

And using *your* logic, no-one would have ever bothered writing a virus
to attack Macs. But back in the pre OS X days, there were lots of Mac
viruses. Now there are none - even though Macs have a much larger
market share than they did in the old days *and* there are a much larger
number of Macs in service (because the total market is greater now).

I take it you'll admit that proves your reasoning does not connect to
reality?

What's
the point in trying to exploit vulnerabilities in a browser that the
majority of PC users have never even heard of let alone use?

What's the point in trying to exploit a vulnerability in a computer that
the vast majority of PC users have never used and never will use? That
was the case with Macs in the 80s and 90s. But the viruses were
written.

So you can see that your reasoning doesn't accurately predict the
behaviour of malware writers, and so should be discarded.

What they actually do is attack holes - where they see something they
can attack, they attack it.

The way these malware authors work is this:

Someone finds a vulnerability and writes some code to exploit it. They
then release this code but do not use it themselves to write malware -
they just release the exploit code.

Then what happens is that the actual malware writers (typically
malicious teenaged fuckwits who couldn't write an exploit to save their
lives and spend all their cash on pizza and zit cream, probably)
download the exploit and fit it into an actual malware application.

That is where the malware comes from - the writers of the malware can
only use exploits written by others. They don't care what they're
attacking very much, just that they are attacking.

Given that's how it's done, you can see that it's not the popularity of
the platform that's relevant to the number of attacks, but the
availability of exploits. And exploits are written whenever someone
finds a security hole. So it's the number of security holes that's
relevant, not anything else.

I hope you can see how it is that your ignorance of where malware comes
from has caused you to make a serious mistake by using `pure logic'
instead of finding out what actually happens in the real world.

Okay, there is another sort of malware writer - recently, there's been a
tendency for serious criminal types to get involved, and they want to
make money. That means they're only interested in going after
worthwhile targets. Thing is, that doesn't mean you have to go for MS
IE because the Firefox usage share is plenty large enough (for example)
to make big money from - very big money. We're talking tens of millions
of people. You don't have to go for the biggest target, just one that's
big enough and vulnerable enough.

But yes, the `serious crook' type of person does have a tendency to aim
for the big target - but they are still a minority of malware writers,
and even they are often quite happy to aim at a platform (be it an OS or
browswer or whatnot) that's `only' got tens of millions of potential
targets rather than hundreds of millions.

Do you understand your mistake now?

Look Loz, you're talking through your arse. I've actually read up on
this stuff and found out the real gen.

The baddies aim their nasties at IE coz of the numbers of people who use
it.

So you claim. The evidence I've presented demonstrates the flaw in your
reasoning. Do you have any evidence to back up your assertion? It's
clever reasoning, but it contradicts reality so must be wrong.

In addition, IE users are less computer literate than users of
firefox, opera etc and so their pcs will more vulnerable.

Safari users are on average even less computer literate than the average
MS IE user. No attacks target Safari specifically.

So that point is irrelevant.

The baddies want results for their efforts which is why they go for IE
users due to their numbers and computer naivety. Yes, IE is less secure
than other browsers but that is not the reason the browser is targeted imho.

Yes, but your opinion is based on flawed reasoning rather than looking
at the evidence. I've looked at the evidence and reality proves that
you're wrong.

Rowland.

--
Remove the animal for email address: rowland.mcdonnell@xxxxxxxxxxxxxxx
Sorry - the spam got to me
http://www.mag-uk.org http://www.bmf.co.uk
UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
.