[ale] nailing down firefox security and privacy - PT 1

planas jslozier at gmail.com
Thu Oct 13 19:20:37 EDT 2011 

On Thu, 2011-10-13 at 18:52 -0400, Jim Kinney wrote:

> That's a very narrow definition of malware. What term is more
> suitable? Deceitware? Clickware?
> ALL malware requires some degree of human processing.  At a minimum,
> someone must join power source to computer power input. Surely that
> act of human involvement would not relegate all forms of miscreant
> operations involving software out of the bad or 'mal' designation.
> Symantical hair-splitting rarely works well with this group. Best keep
> philosophical discussions at a high enough level to avoid overly
> passionate nuance flame wars
> 
> On Oct 13, 2011 6:28 PM, "Pat Regan" <thehead at patshead.com> wrote:
> 
>         On Thu, 13 Oct 2011 17:16:50 -0400
>         David Tomaschik <david at systemoverlord.com> wrote:
>         
>         > On Thu, Oct 13, 2011 at 3:58 PM, Pat Regan
>         <thehead at patshead.com>
>         > wrote:
>         > > If the malware in question here were using an exploit, why
>         would it
>         > > bother trying to get the user to click on it?
>         > >
>         > > Pat
>         >
>         > You've never seen "AntiVirus 2009" (and I imagine there is
>         2010, 2011,
>         > etc., but I stopped doing any Windows support in 2009).
>          It's malware
>         > that pretends to do an AV scan, finds a list of things, and
>         tells you
>         > it can remove them... for $39.99.  You go to their website,
>         put in
>         > their credit card details, and you're toast.  I'm not sure
>         if they
>         > actually charge you $39.99, just capture your CC info, or
>         both.  Never
>         > tried it to find out.
>         >
>         
>         I understand the concept.  What I'm saying is that any malware
>         that
>         has to trick someone into installing it is almost certainly
>         not making
>         use of any exploits.  If it were, it wouldn't need to attempt
>         to
>         socially engineer the user.
>         
>         Pat

I have seen many types of maiware that exploit both the user by some
form of social engineering and others that exploit security flaws in the
software. Older versions of Windoze were notorious for allowing code to
act without direct use involvement.

Both Java and Flash have some nasty security problems that could allow
remote execution of code. In fact to some extent they rely on remote
execution of code without user intervention for many web uses. 

-- 
Jay Lozier
jslozier at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20111013/24028589/attachment.html

More information about the Ale mailing list