Thread: I feel sorry for...

  1. #16
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793
    Well pictures dont execute code... but look at some of the viruses that have made it big in the last 3 years......For instance some emails have managed to run attachments without even being property opened...thanks to the preview pane on outlook Express for instance.......

    If they managed to run an executable on your system in such a way then your in trouble...anything could have been done to your system....often they can then take advantage of the run key in the reg to restart a trojan each time the computer boots (assuming windows in this instance)

  2. #17
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    >>>Well pictures dont execute code...

    true... but code can execute a picture. To an unwary person that just double-clicks.... display picture.... in background, drop trojan.
    Blue

  3. #18
    Former Member
    Join Date
    Oct 2001
    Posts
    955
    Originally posted by Betazep

    Easy. Send you a picture of a naked girl. You open it... you get infected. The program writes an entry into the winstartup or Autoexec.bat file so that your computer starts the program for them.
    Fordy's right, images don't run code, unless they send them as "picture.jpg.exe", and in my opinon, you REALLY need to be dumb to run these

    Originally posted by Fordy

    thanks to the preview pane on outlook Express
    oh, cmon, Outlook is the unsafest tool on the face of the earth, not to mention slow and inflexible. Why should you use it when there are more tools to do what outlook does without compromising your security.


    I still think that being careful can do even more than what any software or hardware can

    BTW, what does a firewall do?

    Oskilian

  4. #19
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    >>>I still think that being careful can do even more than what any software or hardware can


    Sure. If you know what you are doing... you may be immune. But whether or not you think that you are capable... it isn't usually the case. You do not need to do anything to get a virus. Just turning your computer on and hooking to the web may be enough.

    So how could you be any more careful than that?

    Virus software is important. I see too many people crash and burn without it. If you are not running it, there is a strong possibility that you are infected, and the possibility increases the longer you are online and with the speed of your connection.

    And as far as firewalls go... the best statement in this entire thread...

    "But, they'll deter casual interest." -Zen

    You don't take out everyone, but you take out a lot of 'em.

    (and see above about the images... a picture can be shown to you from an executable)
    Last edited by Betazep; 11-24-2001 at 09:49 PM.
    Blue

  5. #20
    /dev/null
    Guest
    "Lots of ways......mostly by trickery...... Your right about difficulties of executing stuff remotely, but often hackers trick people into running the code themselves......"

    then they dont qualify as hackers... call them script kiddies...

    about ZA

    Zone alarm sucks it just cant keep up with the pace of todays software firewalls

    there are also many know exploits againt the za firewall... now your right it will keep the lammers out... but firewalls arent the answer... the answer is to run only the services you need and to update often...

    now this is up for debate and i congradulate those who use firewalls... you are more concerned about security than most of the fools out there...

  6. #21
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    My friend played a clever trick on me when we were younger. He brought over a game on a floppy disk for me to try.

    It looked completely like a little driving game. I inserted the floppy, ran the executable... played the game and then quit and took the disk out.

    He left and came back the next day and played the game again and took the disk and left.

    Little did I know that he had logged all of my keystrokes for the entire day and conveniently walked away with the log.

    So much for my passwords.... he came back the next day and showed me the passwords I use.
    Blue

  7. #22
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    >>>now this is up for debate and i congradulate those who use firewalls... you are more concerned about security than most of the fools out there...<<<

    Ahhh isn't everything up for debate around here!

    My friend works for American Express as a computer guru. He had to test Black Ice and ZA Pro for implementation onto their personal workstations. Both companies gave them a wide open license to the newest developments.

    ZA Pro was actually pretty solid from what he told me when he gave me a copy... but we both know the real world. There is an exploit for everything eventually.

    You are so right on the services tho...
    Blue

  8. #23
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793
    >>oh, cmon, Outlook is the unsafest tool on the face of the earth

    Not arguing.... its just that its so wide used that if a security gap is found its widely exploited.

    >>there are also many know exploits againt the za firewall... now your right it will keep the lammers out... but firewalls arent the answer... the answer is to run only the services you need and to update often...

    Yeah I know... I wasnt disagreeing that Zone alarm is less than perfect....its jus the idea of dismissing it totally because it isnt 100% is flawed logic. For professionals your right, but for the millios of Win98 desktop users, the idea of checking for listning ports and then securing them is totally out of their ability.

  9. #24
    /dev/null
    Guest
    also if you need a firewall you might want to check out neowatch its a great firewall... if you know what your doing... stick with za if your inexperienced

  10. #25
    Former Member
    Join Date
    Oct 2001
    Posts
    955
    that's a good idea, I'd never thought of it, but I think that in most of these cases, an antivirii software is useless since most of these people write their own programs and when these programs classify as virii, they write a new one.

    As for the program that shows the image, who is stupid enough to run a program which was given to you by a stranger, and that for some reason, when you disassemble it, it makes some calls to the winsock2 library? (I'm talking about people like us, I'm sure that a normal user may fall on this like a... something in a stupid trap)

    Oskilian

  11. #26
    /dev/null
    Guest
    "As for the program that shows the image, who is stupid enough to run a program which was given to you by a stranger, and that for some reason, when you disassemble it, it makes some calls to the winsock2 library? (I'm talking about people like us, I'm sure that a normal user may fall on this like a... something in a stupid trap) "

    well not so long ago they had a file extension that windows removed when it was sent to your computer... i dont remeber the exact extension name but lets say it was "shh"... well the registry told your computer not to display this so... this is what would happen

    eg: nakedchick.jpg.shh will apear as nakedchick.jpg and shh is actually an executable file that can contain malicious code

  12. #27
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    >>who is stupid enough to run a program

    God you wouldn't believe some of the people that work in my building, man. Once you get one person to trust that it is a cool program or a nice picture or whatever... all the people that he/she gives it to are not strangers. Then it keeps spreading to other friends.

    And I am not saying someone with your reasoning abilty would fall for such a thing, but think about this the next time someone sends you something and you open it. (because I find it hard to believe that you never have).

    Do you dissassemble all of the software your friends send you? Wow... I would rather run updated virus software.
    Blue

  13. #28
    Former Member
    Join Date
    Oct 2001
    Posts
    955
    that's precisely why you must deactivate all these annoying extension-hiders that windows has as one of the first things when you install windows

    I do it just to be careful (this kind of careful is what I'm talking about)

    Oskilian

  14. #29
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    >>>eg: nakedchick.jpg.shh will apear as nakedchick.jpg and shh is actually an executable file that can contain malicious code


    Cool. You learn something new every day. You got to hand it to some people.... so many clever ones.
    Blue

  15. #30
    Unregistered
    Guest
    Originally posted by oskilian
    that's precisely why you must deactivate all these annoying extension-hiders that windows has as one of the first things when you install windows

    I do it just to be careful (this kind of careful is what I'm talking about)

    Oskilian
    no thats why you run linux

    Slackware 8 and the 2.4.12 kernel. (mm)

    even if there are some nix virri they are fairly rare

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. When you don't feel like reading\programming..
    By Brain Cell in forum A Brief History of Cprogramming.com
    Replies: 21
    Last Post: 03-03-2005, 06:32 PM
  2. Feel Like An Idiot
    By golfinguy4 in forum A Brief History of Cprogramming.com
    Replies: 22
    Last Post: 07-04-2003, 12:45 PM
  3. Feel Guilty..
    By vasanth in forum A Brief History of Cprogramming.com
    Replies: 11
    Last Post: 01-22-2003, 03:00 PM
  4. feel free to laugh at my code!
    By JimJamJovi in forum C Programming
    Replies: 4
    Last Post: 01-11-2002, 04:40 AM