«

On Fri, 23 Mar 2007 15:33:34 +0100, Sebastian Gottschalk
<> wrote:

>Just give the user a CD full of JPEG pr0n, and his Windows XP with SP1 is
>hosed.

really ? can you support that statement.
--
Jim Watt
http://www.gibnet.com

In article <>, Jim Watt
of _way, felt we'd be interested in the following...


> On Fri, 23 Mar 2007 15:33:34 +0100, Sebastian Gottschalk
> <> wrote:
>
> >Just give the user a CD full of JPEG pr0n, and his Windows XP with SP1 is
> >hosed.
>
> really ? can you support that statement.

Of course he can't. You can access porn quite safely without
compromising your PC.


--
My reply address is invalid.
Please post replies to the group.
Messages sent via Google Groups are 'auto-ignored'
XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX

Tx2 wrote:

> In article <>, Jim Watt
> of _way, felt we'd be interested in the following...
>
>> On Fri, 23 Mar 2007 15:33:34 +0100, Sebastian Gottschalk
>> <> wrote:
>>
>>>Just give the user a CD full of JPEG pr0n, and his Windows XP with SP1 is
>>>hosed.
>>
>> really ? can you support that statement.
>
> Of course he can't. You can access porn quite safely without
> compromising your PC.

Actually it doesn't even need to be pr0n. Just browsing the content of a
directory with JPEG or EMF images is already sufficient to exploit an
unpatched (or even fully patched!) Windows XP SP1.

How exactly should I support this statement? It's self-evident, since the
EMF metadata buffer overflow has never been patched on XP SP1 and the JPEG
Component Reorder Boundary Error hasn't even been publically documented
(other than SlashDot and the Securityfocus mailing list).

From: "Quercus Robur" <>

| My wife just turned on her computer and up popped a window stating "You need
| to download XXX to clean up your computer. You have visited adult sites."
| Of course we did not download.
|
| Now a) I don't use my wifes computer, and b) I don't visit A sites.
|
| My wife is PO'd
|
| We run Norton AV (always up to date), Trend Micro anti spyware and
| Ad-Subtract plus firewall, so I am curious, what got through and how?
|
| What do I need to do, am running a full AV scan?
|
| Martin
|

Martin:

What is the EXACT message. Please include what "download XXX" really is.
If XXX is a URL, plesase obfuscate the URL by using hxxp:// instead of http:// in the
posted URL.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Quercus Robur wrote:
> My wife just turned on her computer and up popped a window stating "You need
> to download XXX to clean up your computer. You have visited adult sites."
....


QR that popup is itself the virus and a phish to get you to "download"!!!!

Do not respond to the popup.

I recommend SUPERantispyware and PCRescue and of course you
already have an antivirus for your email, right?

Rick Merrill wrote:

> Quercus Robur wrote:
>> My wife just turned on her computer and up popped a window stating "You need
>> to download XXX to clean up your computer. You have visited adult sites."
> ...
>
> QR that popup is itself the virus and a phish to get you to "download"!!!!
>
> Do not respond to the popup.
>
> I recommend SUPERantispyware and PCRescue

Ehm... it seems like the computer is already infected. Or it's simply
Windows Messenger spam. In any case, this software is useless. Just like in
any other case.

> and of course you already have an antivirus for your email, right?

Eh... of course not!

On Sat, 24 Mar 2007 13:44:05 -0400, Rick Merrill wrote:

> Quercus Robur wrote:
>> My wife just turned on her computer and up popped a window stating "You need
>> to download XXX to clean up your computer. You have visited adult sites."
> ...
>
> QR that popup is itself the virus and a phish to get you to "download"!!!!
>
> Do not respond to the popup.
>
> I recommend SUPERantispyware and PCRescue and of course you
> already have an antivirus for your email, right?
>

Does anyone else tire of the "Anti-spyware, anti-virus, anti-adware"
mantra?

Of course, those are regular components of daily life for Windows users,
so I guess it doesn't really matter if they tire of it or not. It is
still a pain.

All you really need are a pop-up blocker (Firefox has one built-in that is
reasonably good--and you can pretty easily get an ad-blocker for it, too,
that prevents a good deal more of crud from being able to get in), a
decent anti-virus program (AVG Free does a decent job and also detects
many types of malware), and HijackThis, which is a Windows utility to help
find things that have installed themselves into places like the Windows
registry.

You can eliminate two-thirds of that stuff if you don't use DOS or Windows,
by the way. (DOS viruses are pretty much out of circulation, but they are
still possible.)

-- Mike

On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:

> All you really need are a pop-up blocker (Firefox has one built-in that is
> reasonably good--and you can pretty easily get an ad-blocker for it, too,
> that prevents a good deal more of crud from being able to get in), a
> decent anti-virus program (AVG Free does a decent job and also detects
> many types of malware), and HijackThis, which is a Windows utility to help
> find things that have installed themselves into places like the Windows
> registry.

All you really need is to secure the machine and install a firewall for
the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
FTP sessions and 99% of the Windows people will be free from trouble.


--
Leythos
(remove 999 for proper email address)

On Sun, 25 Mar 2007 09:14:14 -0500, Leythos wrote:

> On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
>
>> All you really need are a pop-up blocker (Firefox has one built-in that is
>> reasonably good--and you can pretty easily get an ad-blocker for it, too,
>> that prevents a good deal more of crud from being able to get in), a
>> decent anti-virus program (AVG Free does a decent job and also detects
>> many types of malware), and HijackThis, which is a Windows utility to help
>> find things that have installed themselves into places like the Windows
>> registry.
>
> All you really need is to secure the machine and install a firewall for
> the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
> FTP sessions and 99% of the Windows people will be free from trouble.
>

Software firewalls aren't that effective, particularly when they are
running on the machine that they're designed to protect. If one must run
Windows, all that is really needed is a little bit of thought and the three
programs that I mentioned above. Most Windows users are sitting behind a
NAT, which takes care of blocking incoming connections, and those that
aren't behind a NAT, probably should be.

Also, you can't really filter HTTPS through a firewall. You would need a
proxy for that, because all the firewall would see is a stream of
encrypted packets. Systems should be secure enough, anyway, to not
require filtration of the protocols that people use on the
Internet, anyway.

-- Mike

On Sun, 25 Mar 2007 09:23:59 -0500, Michael B. Trausch wrote:

> On Sun, 25 Mar 2007 09:14:14 -0500, Leythos wrote:
>
>> On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
>>
>>> All you really need are a pop-up blocker (Firefox has one built-in that is
>>> reasonably good--and you can pretty easily get an ad-blocker for it, too,
>>> that prevents a good deal more of crud from being able to get in), a
>>> decent anti-virus program (AVG Free does a decent job and also detects
>>> many types of malware), and HijackThis, which is a Windows utility to help
>>> find things that have installed themselves into places like the Windows
>>> registry.
>>
>> All you really need is to secure the machine and install a firewall for
>> the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
>> FTP sessions and 99% of the Windows people will be free from trouble.
>>
>
> Software firewalls aren't that effective, particularly when they are
> running on the machine that they're designed to protect. If one must run
> Windows, all that is really needed is a little bit of thought and the three
> programs that I mentioned above. Most Windows users are sitting behind a
> NAT, which takes care of blocking incoming connections, and those that
> aren't behind a NAT, probably should be.

You misunderstood - I don't consider software solutions running on
non-dedicated servers to be firewalls. I was speaking of a firewall
appliance, although I could have better stated that.

NAT appliances don't filter HTTP, HTTPS, SMTP, POP3 or FTP content, but a
firewall with those as proxy services can remove content.

> Also, you can't really filter HTTPS through a firewall. You would need a
> proxy for that, because all the firewall would see is a stream of
> encrypted packets. Systems should be secure enough, anyway, to not
> require filtration of the protocols that people use on the
> Internet, anyway.

Many firewalls have HTTPS proxy services, but you are completely correct,
most would not be able to filter content in HTTPS.

--
Leythos
(remove 999 for proper email address)