«

Using the latest google chrome on fully patched Windows XP with
javascript enabled and some standard plugins like shockwave and pdf
viewer, is it possible for a virus or malware to get onto a computer
just by visiting websites (without downloading anything) ?

Has anyone had this happen to them or know of it happening. If so
what was the virus or malware?

Using google chrome, does it ever download and execute native machine
code without me realising it - like maybe Active X controls or
something?

I use Norton Internet security and sometime it pops up a window that
says it has blocked something from attacking my computer. I also have
a router with a firewall. What kind of thing is it that Norton thinks
it has blocked and what could it do to my computer?

Why don't Linux machines need security software? Is it because not
many viruses are targetted at Linux or is Linux immune to the kind of
threats that I mentioned above that Norton thinks it blocked.?

Thanks in advance.

nospam wrote:

>
> Using the latest google chrome on fully patched Windows XP with
> javascript enabled and some standard plugins like shockwave and pdf
> viewer, is it possible for a virus or malware to get onto a computer
> just by visiting websites (without downloading anything) ?
>
> Has anyone had this happen to them or know of it happening. If so
> what was the virus or malware?
>
> Using google chrome, does it ever download and execute native machine
> code without me realising it - like maybe Active X controls or
> something?
>
> I use Norton Internet security and sometime it pops up a window that
> says it has blocked something from attacking my computer. I also have
> a router with a firewall. What kind of thing is it that Norton thinks
> it has blocked and what could it do to my computer?
>
> Why don't Linux machines need security software? Is it because not
> many viruses are targetted at Linux or is Linux immune to the kind of
> threats that I mentioned above that Norton thinks it blocked.?
>
> Thanks in advance.

With Javascript running lots of attacks are possible.
One possibility is cross-site scripting (XSS).

On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
<> wrote:

>
>With Javascript running lots of attacks are possible.
>One possibility is cross-site scripting (XSS).

I read the wikipedia article on this but I can't understand very much.

<quote>
Mallory crafts a URL to exploit the vulnerability, and sends Alice an
email, enticing her to click on a link for the URL under false
pretenses. This URL will point to Bob's website, but will contain
Mallory's malicious code, which the website will reflect.
Alice visits the URL provided by Mallory while logged into Bob's
website.
The malicious script embedded in the URL executes in Alice's browser,
as if it came directly from Bob's server (this is the actual XSS
vulnerability). The script can be used to send Alice's session cookie
to Mallory. Mallory can then use the session cookie to steal sensitive
information available to Alice (authentication credentials, billing
info, etc.) without Alice's knowledge.
<end quote>


A URL is something like http://bob.com right?

How can a URL "contain malicious code" or have a malicious script
embedded in it?

On 2011-05-01, nospam <> wrote:
>
> Using the latest google chrome on fully patched Windows XP with
> javascript enabled and some standard plugins like shockwave and pdf
> viewer, is it possible for a virus or malware to get onto a computer
> just by visiting websites (without downloading anything) ?

The question is whather or not it is possible, but rather the risk.
>
> Has anyone had this happen to them or know of it happening. If so
> what was the virus or malware?
>
> Using google chrome, does it ever download and execute native machine
> code without me realising it - like maybe Active X controls or
> something?

something, sure does that eh?


>
> I use Norton Internet security and sometime it pops up a window that
> says it has blocked something from attacking my computer. I also have
> a router with a firewall. What kind of thing is it that Norton thinks
> it has blocked and what could it do to my computer?

Remove Norton and let it do its thing. Then you will know. Does the denial
mess up your use of the machine?


>
> Why don't Linux machines need security software?

[removed my response to the grammer above]


> Is it because not
> many viruses are targetted at Linux or is Linux immune to the kind of
> threats that I mentioned above that Norton thinks it blocked.?

Both. Linux, evoled out of Unix which was, and still is, a multi user
system. So nasty natty needed to be restrained from messing up other users
files, or the operating system files.

Ms Windows is attacked because, mostly, it is the biggest bang for the buck.

Sony, the company that claims to take security seriously, was hacked to the
tune of millions of users data going to the third party.

A virus on Linux can only really mess up the home/user directory which is
not a heck of alot of use to someone who wants to steal ones idenity or take
over ones PC for bot use.

History plays a part in all of this. Ms Windows was born into it has to work
now for $. Unix came from a "real" world situation. Ms Windows has been
handicapped as a result.




>
> Thanks in advance.

On 2011-05-01, nospam <> wrote:
> On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
><> wrote:
>
>>
>>With Javascript running lots of attacks are possible.
>>One possibility is cross-site scripting (XSS).
>
> I read the wikipedia article on this but I can't understand very much.
>
><quote>
> Mallory crafts a URL to exploit the vulnerability, and sends Alice an
> email, enticing her to click on a link for the URL under false
> pretenses. This URL will point to Bob's website, but will contain
> Mallory's malicious code, which the website will reflect.
> Alice visits the URL provided by Mallory while logged into Bob's
> website.

Hold it right there. Alice fell down a rabbit hole. She was wise enuff never
to click on a link from someone she did not trust, yet alone know.

Keep going nospam. You are on a learning curve.


http://en.wikipedia.org/wiki/Phil_Zimmermann

He once said that it was about whom does one trust.

On 01/05/11 12:45, nospam wrote:
>
> Using the latest google chrome on fully patched Windows XP with
> javascript enabled and some standard plugins like shockwave and pdf
> viewer, is it possible for a virus or malware to get onto a computer
> just by visiting websites (without downloading anything) ?
>
> Has anyone had this happen to them or know of it happening. If so
> what was the virus or malware?
>
> Using google chrome, does it ever download and execute native machine
> code without me realising it - like maybe Active X controls or
> something?
>
> I use Norton Internet security and sometime it pops up a window that
> says it has blocked something from attacking my computer. I also have
> a router with a firewall. What kind of thing is it that Norton thinks
> it has blocked and what could it do to my computer?
>
> Why don't Linux machines need security software? Is it because not
> many viruses are targetted at Linux or is Linux immune to the kind of
> threats that I mentioned above that Norton thinks it blocked.?
>
No viruses (or very few) are targetted at Linux. To some extent the way
that Linux works makes it harder to get control of the machine, but
that's not an absolute. I believe that most attacks these days that are
more than a nuisance value are 'social engineering' ones where the user
is persuaded to run a progam which gives the attacker control. A bit
like the Irish Virus: http://www.avolites.com/jokes/irishvirus.htm

Cheers,

Cliff

--

The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

The end excuses any evil - Sophocles

On 01/05/11 15:54, nospam wrote:
> On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
> <> wrote:
>
>>
>> With Javascript running lots of attacks are possible.
>> One possibility is cross-site scripting (XSS).
>
> I read the wikipedia article on this but I can't understand very much.
>
> <quote>
> Mallory crafts a URL to exploit the vulnerability, and sends Alice an
> email, enticing her to click on a link for the URL under false
> pretenses. This URL will point to Bob's website, but will contain
> Mallory's malicious code, which the website will reflect.
> Alice visits the URL provided by Mallory while logged into Bob's
> website.
> The malicious script embedded in the URL executes in Alice's browser,
> as if it came directly from Bob's server (this is the actual XSS
> vulnerability). The script can be used to send Alice's session cookie
> to Mallory. Mallory can then use the session cookie to steal sensitive
> information available to Alice (authentication credentials, billing
> info, etc.) without Alice's knowledge.
> <end quote>
>
>
> A URL is something like http://bob.com right?
>
> How can a URL "contain malicious code" or have a malicious script
> embedded in it?
>
The URL given above is actually short for something like
http://bob.com/index.html usually. However the 'index.html' may be
substituted by 'index.php' which is a script. Or maybe 'index.cgi'.

Cheers,

Cliff

--

The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

The end excuses any evil - Sophocles

nospam wrote:

> On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
> <> wrote:
>
>>
>>With Javascript running lots of attacks are possible.
>>One possibility is cross-site scripting (XSS).
>
> I read the wikipedia article on this but I can't understand very much.
>

Malicious Javasript can be injected into big-name websites that have
no intent to be malicious. It can be come embedded in public-editable
sections of pages, such as the now ubiquitous "comments" section.
Websites should guard against such injection, but not all of them do.
Once the page has been displayed the Javascript has been executed.
You may then have become victim to a drive-by download or, similar.

On Sun, 01 May 2011 12:45:45 +1200, nospam <> wrote:

>
>Using the latest google chrome on fully patched Windows XP with
>javascript enabled and some standard plugins like shockwave and pdf
>viewer, is it possible for a virus or malware to get onto a computer
>just by visiting websites (without downloading anything) ?
>
>Has anyone had this happen to them or know of it happening. If so
>what was the virus or malware?
>
>Using google chrome, does it ever download and execute native machine
>code without me realising it - like maybe Active X controls or
>something?
>
>I use Norton Internet security and sometime it pops up a window that
>says it has blocked something from attacking my computer. I also have
>a router with a firewall. What kind of thing is it that Norton thinks
>it has blocked and what could it do to my computer?
>
>Why don't Linux machines need security software? Is it because not
>many viruses are targetted at Linux or is Linux immune to the kind of
>threats that I mentioned above that Norton thinks it blocked.?
>
>Thanks in advance.



All Google stuff is Spyware, did you not know that..?


Use Opera as it does not come from the Evil US.

On Sun, 01 May 2011 17:44:23 +1200, Enkidu <>
wrote:

>>
>>
>> A URL is something like http://bob.com right?
>>
>> How can a URL "contain malicious code" or have a malicious script
>> embedded in it?
> >
>The URL given above is actually short for something like
>http://bob.com/index.html usually. However the 'index.html' may be
>substituted by 'index.php' which is a script. Or maybe 'index.cgi'.
>

And where is the script located? Is it embedded in the URL?