«

In article <. com>,
says...
>
> Hywel Jenkins wrote:
> > In article < .com>,
> > says...
> > >
> > > Randy Webb wrote:
> > > > cwdjrxyz said the following on 1/28/2006 1:50 AM:
> > > > > cwdjrxyz wrote:
> > >
> > > > Do you work for a security company or an anti-virus company? It has to
> > > > be one of the two to come up with the kind of arguments you did (none of
> > > > which are true).
> > >
> > > No, I do not work for a security or anti-virus company. You are
> > > entitled to your opinion about what is true. However I suspect that
> > > many would argue with this conclusion, especially for those who use
> > > Windows XP without protective programs. I think that even Microsoft
> > > will suggest protective programs on computers that use Windows OSs, and
> > > they are not a big player in the security market - at least not yet.
> Y> > The XP does provide a one way firewall
> >
> > It has two-way functionality.
>
> You may be right, but see
> http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
> for details about the Microsoft firewall included with the XP, post
> sp2. It makes mention that there firewall can block incoming attempts
> to connect to ports, etc. It does not mention that it will block
> outgoing attempts by your computer to connect to somewhere

The Windows Firewall *does* block outgoing traffic. It frequently asks
if an application should be permitted access to the internet.

--

Hywel
http://kibo.org.uk/

In article <>, edMbj@aes-
intl.com says...
> >
> >Rubbish. They're false positives, or your set-up is not "authentic".
>
> Turns out that after installing XP I had my machine connected to DSL. When
> IE installed, it set its 'home page' to MSN.com. Shortly after connecting
> to MSN, the **** hit the fan. Machine started to reboot, etc. An AV scan
> showed about 4 or 5 viruses had invaded my new machine.

You allowed IE, out into the unknown with inadequate security. That's
how you got infected - you *let* it happen.

--

Hywel
http://kibo.org.uk/

In article <. com>,
says...
> This thread has grown into a rather long, now off topic, monster.

Indeed. Most of them debunking your knowledge of JavaScript and web
security.

--

Hywel
http://kibo.org.uk/

Ed Jay said the following on 1/29/2006 4:57 PM:
> Hywel Jenkins <> wrote:
>
>> In article <>,
>> says...
>>> On Sat, 28 Jan 2006 04:16:04 -0500, in comp.lang.javascript Randy Webb
>>> <>
>>> <ubydnadoCJHSq0beRVn-> wrote:
>>>
>>>> | cwdjrxyz said the following on 1/28/2006 1:50 AM:
>>>> | > cwdjrxyz wrote:
>>>> |
>>>> | <snip>
>>>> |
>>>> | Do you work for a security company or an anti-virus company? It has to
>>>> | be one of the two to come up with the kind of arguments you did (none of
>>>> | which are true).
>>>> |
>>>> | The best defense against being infected? Knowledge. Knowledge of how
>>>> | your computer works (at least a basic understanding) and a basic
>>>> | knowledge of how the web works. Now you can be safe.
>>>> |
>>>> | Even my mother knows how to keep from getting her computer infected. She
>>>> | has no firewall and no anti-virus program but she has the Knowledge to
>>>> | know how to stay safe.
>>> My experience (take it for what it is worth).
>>> I have cable connection.
>>> I was rebuilding my machine after a crash.
>>> I formatted the hard drive and re-installed the OS.
>>> I left the cable connection as the setup would've detected this and
>>> configured it for me.
>>> After the OS was installed I then installed the AV app.
>>> It reported 5 virii - all because I had a connection to the internet.
>> Rubbish. They're false positives, or your set-up is not "authentic".
>
> Not necessarily rubbish. I had a similar experience, but it didn't take my
> NOD32 A/V program to discover I'd been invaded.
>
> Turns out that after installing XP I had my machine connected to DSL. When
> IE installed, it set its 'home page' to MSN.com. Shortly after connecting
> to MSN, the **** hit the fan. Machine started to reboot, etc. An AV scan
> showed about 4 or 5 viruses had invaded my new machine.
>

As was pointed out, that is a flaw on *your* part. You are the one that
allowed it out without checking it first.

You can not put anything on my PC without me, directly or indirectly,
allowing it. And if you allow it, you reap what you sow.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

Hywel Jenkins wrote:

> The Windows Firewall *does* block outgoing traffic. It frequently asks
> if an application should be permitted access to the internet.

In fact, depending on the security settings you choose, you do
sometimes get a warning message when online if the site you go to tries
to get some information sent to it or elsewhere. I also have this
happen to me when I am on the web using IE6. However, my Windows
firewall is completely disabled by another, in my opinion better, 2 way
firewall I use, and a check of Windows settings confirms that the
Windows XP firewall is indeed disabled. Thus this has nothing to do
with the Windows firewall and everything to do with the security
selection features that were greatly improved with sp2. What my 2 way
firewall does is display every application you have on your computer.
Each application may be completely blocked from the web, allow
outgoing, or be unblocked. If you change the security settings, when on
IE6, to the lowest possible (not recommended), you seldom get any kind
of message. If you set for maximum security you can not get into many
safe sites such as my bank, etc. Security settings are somewhat
different for various browsers. I keep Opera set at very high security
for the most doubtful sites and Firefox a little less secure for
trusted sites. On broadband, it is no problem having several browsers
in use at once, and I often have the SBC/Yahoo DSL(IE6 relative),
Firefox, and Opera all connected to the web when I am testing pages on
different browsers. Thus you often notice differences in security
warning response for different browsers when you are viewing the same
page with 3 browsers.

In the last 15 minutes, over 20 attempts to get into many different
ports have been rejected and recorded in my firewall log. Tonight many
can be traced to China. Many of these likely are attempting to find an
open port, get in, and take advantage of a worm or virus that they hope
has been planted on the computer. I take part in a program that reports
all of these attempts to a data base that is used to help improve web
security. Some ISPs likely are targeted much more than others. The
large broadband ISPs in the US seem to be favorite targets. A computer
that always is connected to broadband is likely much more useful to
many hackers than one that is online only now and then and connected on
dialup.

But back to javascript, I would love to see a page using a script for
which you are most proud, since you seem to have very strong opinions
about how to best write scripts.

By the way, I do not really care about subjective adjectives, good or
bad, that anyone may use on the web. Such usually are not allowed in a
proper technical journal owned by an important scientific or
engineering society where papers are properly peer reviewed and
objective statements are required. I can not get very excited in an
emotional way, pro or con, about anything I read in an open NG. You
seldom know anything about the qualifications of the person expressing
an opinion.You could have the Queen of England(unlikely, but there is a
royal site), you could have a technician at a famous university who
knows little about computing and perhaps dissects frogs for a
researcher, or you may have someone who knows nearly nothing about
computing at all. And I doubt if skills in html, javascript, or C++ are
likely to be considered profound enough to win a Nobel prize.

So farewell to this much too long, off topic thread. Was there a full
moon this weekend? It has been too cloudy here for me to notice.

cwdjrxyz wrote:
<snip>
> ... . I can not get very excited in an emotional way,
> pro or con, about anything I read in an open NG. You
> seldom know anything about the qualifications of the
> person expressing an opinion.
<snip>

The only qualification that matters on a technical newsgroup with a
specific subject is how much an individual knows about the group's
subject, and that is relatively easy to determine from their
interactions with the group. It doesn't matter that anyone can post
anything they like to any group because if their writing is perceived as
questionable it will be questioned. The people who understand the
subject will be able to explain and justify their statements, the people
who are learning will be able to explain their understanding (and be in
a position to learn from the comments they receive in response), and the
people who would rather pretend that they know more than they do (often
as much to themselves as to others) will bluster and vacillate and
expose the truth in the process.

Two or three months reading this (relativity heavily trafficked)
newsgroup should identify most of the people who are worth listening to,
and the utterly worthless usually give themselves away quite quickly,
with the many in-between often rapidly migrating towards the more
informed end of the spectrum, if they actively participate. Newsgroups
may seem overly critical but understanding evolves quickly in a hostile
environment.

Richard.