Badware state-of-the-union for 2007
Erica sez, "StopBadware's 2007 report on badware online, written in user-friendly non-geek-speak. Explains dangers most internet users still aren't aware of, especially hacking of otherwise legitimate websites with drive-by downloads."
Drive-by downloads and website hacking add a scary new element to the badware problem. It's no longer possible for a conscientious user to protect herself simply by staying away from the internet's more questionable areas like software piracy, pornography, drugs, and gambling. Any website, no matter how trusted, can be vulnerable to attack. Knitting sites, outdoor equipment retailers, and even Santa Claus's website can be compromised and made to infect users who simply visit a web page. This means the security-conscious user must find new ways to stay protected from badware. The first step to protecting yourself from badware is learning more about it, from common ways badware is distributed to new threats on the horizon. As new ways of distributing badware emerge, your best defense is keeping yourself up to date - from frequently updating the protective software you use on your computer, to keeping informed about new dangers so you will know how best to avoid them.Link (Thanks, Erica!)
the latest
latest episodes
Just don't wear it to the airport.
Shirt + Lights = Terrorist
"...written in user-friendly non-geek-speak..."
Well, I don't understand the article very well, which may mean that I need it translated back into geek-speak :-)
The unspoken assumption behind the whole article seems to be that there are dangerous web sites -- web sites so dangerous that simply visiting them can compromise your computer. I don't quite understand the assumption. If your browser will allow malware to be installed on your machine without your permission, simply because you visit a particular web site, then your browser is broken, and you're screwed. It's been 10 years since I last used Windows, and 5 since I last used Internet Explorer, so maybe I'm just underestimating how insecure Win+IE still is, but I find it hard to believe that this is possible unless you've gone out of your way to horribly misconfigure your browser.
"Days before the big game, attackers infected the Dolphins's site with a trojan that installed keylogging software onto visitors' computers, allowing the attackers to spy on keystrokes and steal passwords."
Huh?? Does this depend on users having some ancient, unpatched Win+IE setup? If there's some gaping security hole in the browser, then the solution is to patch the hole, not to sit around reading articles about how to change your websurfing behavior.
@bcrowell: You're underestimating how insecure Win+IE still is.
"For at least 38 days in 2005, Internet Explorer was vulnerable to unpatched critical security flaws that were being exploited actively by viruses, worms and spyware. For at least 256 days [in 2005], Internet Explorer contained unpatched vulnerabilities where the exploit method had been publicly disclosed but was not necessarily being used." (Security Fixes Come Faster With Mozilla)
That's better than 2004, when MSIE only had 7 safe days (no known exploit) and 200 days of actively exploited holes (A Year of Bugs), but still not very good.
Anyone have the figures for 2006?
@sabik:
Interesting -- thanks for the info. Maybe the whole first half of the article should say nothing but this: "Windows users, switch to Firefox."
Yah, I was wondering too about this supposed vulnerability. Granted, I am a Mac user since '90, and a Firefox user since it was available, but I am also just paranoid enough to know that I am not perpetually invulnerable. I mean, don't we all get a tad nervous when we're web-enabled and the hard drive spins up and starts chunking along for no obvious reason? Then again, my 60G drive did just bite the big one, apparently due to burnt out bearings. Must accound for the manic 'chunking' noises. Still, I just couldn't stand to 'live' with a zombified G4TiBook!!!