[ale] nailing down firefox security and privacy - PT 1

Pat Regan thehead at patshead.com
Thu Oct 13 21:36:11 EDT 2011 

On Thu, 13 Oct 2011 18:52:43 -0400
Jim Kinney <jim.kinney at gmail.com> wrote:

> That's a very narrow definition of malware. What term is more
> suitable? Deceitware? Clickware?
> ALL malware requires some degree of human processing.  At a minimum,
> someone must join power source to computer power input. Surely that
> act of human involvement would not relegate all forms of miscreant
> operations involving software out of the bad or 'mal' designation.
> Symantical hair-splitting rarely works well with this group. Best keep
> philosophical discussions at a high enough level to avoid overly
> passionate nuance flame wars

I don't recall ever saying that malware is required to use an exploit
to be considered malware.

It sounds like Ron's relative had to be tricked into clicking a button
in order to install this particular piece of software.  I'm only saying
that, assuming this is truly the case, no exploit was required.  The
user was just tricked into thinking they were doing the right thing.

Pat

> On Oct 13, 2011 6:28 PM, "Pat Regan" <thehead at patshead.com> wrote:
> 
> > On Thu, 13 Oct 2011 17:16:50 -0400
> > David Tomaschik <david at systemoverlord.com> wrote:
> >
> > > On Thu, Oct 13, 2011 at 3:58 PM, Pat Regan <thehead at patshead.com>
> > > wrote:
> > > > If the malware in question here were using an exploit, why
> > > > would it bother trying to get the user to click on it?
> > > >
> > > > Pat
> > >
> > > You've never seen "AntiVirus 2009" (and I imagine there is 2010,
> > > 2011, etc., but I stopped doing any Windows support in 2009).
> > > It's malware that pretends to do an AV scan, finds a list of
> > > things, and tells you it can remove them... for $39.99.  You go
> > > to their website, put in their credit card details, and you're
> > > toast.  I'm not sure if they actually charge you $39.99, just
> > > capture your CC info, or both.  Never tried it to find out.
> > >
> >
> > I understand the concept.  What I'm saying is that any malware that
> > has to trick someone into installing it is almost certainly not
> > making use of any exploits.  If it were, it wouldn't need to
> > attempt to socially engineer the user.
> >
> > Pat
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >

More information about the Ale mailing list