Good advice, however, you mean Java Script. It really has nothing to do with Java except the name.

I leave Java Script active, but use a Flash blocker. I also use an ad blocker. I haven't been having any problems this time around, however, even with these things blocked I was getting a notice about that the web site might harm my computer the last time this happened. Since I'm on a Mac, I knew nothing on any of these sites could harm my computer, so I just shut that warning off in Safari.

You also miss out on a lot of the content on the web. I'm not a huge Flash fan, but when I need it, I have it.

If you want to forget any of the other precautions you listed, get a Mac. I've been using them with no virus protection since the early 90s. And that's running on an administrator account, just as I'm doing now.

And it's all the Unix-y goodness of Lunix (actually it's more UNIX than Linux), but with real commercial software available. I like Linux, but I need Photoshop, Cubase and Protools.

That sounds like an absolute. Is it not possible or did you mean "highly improbable"?

On Mac OS X the default is a regular user account. If you want to do anything dangerous, the system prompts you for your password. I suppose under the hood it works with sudo.

Running a non-administrator account under XP is a good idea, until you come across an important piece of software that won't work unless you run as administrator. Then you have one account that can do everything, and another account that can't. Guess which one you end up using all the time.

Or should I say, guess which one I ended up using. Your mileage may vary

Flash is dreadful, but unfortunately it became an industry standard. The only escape is that Steve Jobs banned it from his iDevices because of a personal grudge against Adobe.

What I would recommend at this point, if you are using Firefox:
Click your upper left screen firefox tab
click add ons
search, from the box "ad block plus"
Install ad block plus add on to firefox, it's a firefox approved add on
restart the computer
should be working now, and can be updated.
The ad block plus does a good job of blocking the flash based attacks. When installed, there do not seem to be any further intrusions.
I have had zero problems after I installed that add on from firefox.
However don't go crazy blocking everything, as you have that option available. There is such a thing as blocking too much stuff.

Also, if you are using a free antivirus, I recommend you dump that-- and use a professional antivirus instead. Free antivirus does not have the juice to detect update and quarantine many of these attacks.

You can also use add block plus to disable facebook social tracking, and other irritating tracking cookies, etc...

If you are using internet explorer, you have my condolences. Even NASA has stopped using that.

Yes. When I wrote that, I was talking about web browsing, and Java in that text should mean JavaScript. I use NoScript to block all JavaScript in Firefox until I whitelist a particular site. Not many sites get whitelisted.

Downloaded Java applications are even more risky. Java is a very powerful language. Java apps have the ability to directly access your hard disk. You really don't want a Java app to execute on your system with root user privileges -- doing that hands the remote programmer the keys to your computer. Once you execute his software, it can do ANYTHING on your system, without limits.

By doing that you are allowing permissive interweb communication, in which javascript tracks your browsing activity, and relays information about you to third party tracking sites. That may or may not be a problem, depending on what you want. To get a better idea on how many web sites are secretly passing information about you behind your back, you may want to install the Collusion add-on for Firefox. You'll be amazed how many tracking services are sharing all sorts of information about you when you leave JavaScript enabled. If you have any concerns whatsoever about privacy, then JavaScript is your worst enemy. I won't enable javascript unless I absolutely MUST have it to browse a site that I am forced to trust with 100% confidence -- like my bank -- and nobody else.

Here's a sidetrack on OS selection and security. We all know that Windows is BAD, and that it's the ultimate in low-hanging fruit for the bad guys.


I can honestly say that I don't really miss what I'm allegedly missing. I have to admit, I'm one of those guys who uses the internet a lot, but I'm very selective about what I like to use. I may be odd in that I don't have a Facebook account and I don't participate in any social media. It's a rare occasion that I want to watch a YouTube video, and if it's in Flash, I often don't bother. I'm one of those guys who's been "online" since the days of the 300-baud modem, and I don't really care about what I might be "missing." IMO most of what's on the internet is vapid content that doesn't interest me. That said, if I absolutely have to have Flash, I can run virtualized Windows/Flash on a 32-bit linux machine, where I can load a fresh image of the virtualized OS for the browsing event and dispose of it afterward. That's the equivalent of performing a fresh Windows install for your session and reformatting the disk when you're done. Pretty hard to get exploited that way.



I used to publish my own linux distribution, which I built from source code. I'm not a Mac kind of guy, but I think that the Mac is a much better platform than Windows. As far as running an administrator account for day to day purposes, that's just a bad idea, regardless of whether your're running Unix, Linux, Mac/BSD or Windows. Root accounts are for performing root functions, not common use functions. The foolhardiness of performing unnecessary tasks with superuser privileges has been recognized for decades. It's definitely not a good idea. In fact it's such a bad idea that many Linux distributions force you to not have access to the root account by default, such as Ubuntu. I find the concept of browsing on a superuser account to be so foreign to me that I have trouble finding words to express the extent to which I think that is a really BAD idea. It's hard to imagine doing anything more foolish with a computer.

Being a really geeky guy, I go even farther in nailing down the security holes in my system. I have a dedicated linux-based firewall between my ISP's hardware and my LAN. It uses IP-Tables to drop packets bound for any IP address that is not on a context-appropriate white list. This allows me to control the kind of traffic (port number) that comes in/goes out of my system, as well as which IP addresses in the world are allowed traffic on those ports.

Not on the Mac they don't. Everything runs in a sand box. If an application of any kind wants to do something you didn't ask it do do, you have to authorize it with your password.

Cookies track your browser activity. I use a plugin called Ghostery. It blocks all tracking cookies unless you allow them.

Ghostery

I can choose not to install updates. They are not automatic. But I know that they are bug fixes and security updates. I've never had a bad experience with an Apple update.

[QUOTE]With Mac, I can't honestly say that I know that is going on because Apple isn't very open about things.[/INDENT]

No, Apple is pretty open about a lot of things.

Apple - OS X - Security - Keeps you safe from viruses and malware.

Apple security updates

I'm on the Internet every day. I have been since the early 90s. I use a plugin called ClickToFlash which blocks Flash content unless I want it. I mostly do that because a poorly written Flash file can suck up all your CPU cycles. But well written ones are fine. A good example is this site:

imani says hi

I didn't author this, but I host it on my web site. It's a very well written Flash site. it's fast, doesn't bog down your computer, and it's fun.


I don't run as a root account. I run as an administrator account. On a Mac, that's two very different things. On an admin account you can't do things that Apple does not want you to do. Even if you try and move an application to and from the Applications folder, you have to enter your password. On Mac OS X 10.7, Apple decided to hide the Library folder to make it harder to mess with things some people shouldn't be messing with.

If I were to run as a regular account, I would not be able to do some of the things I do every day, like install and update software.

I'm a "power user", so I do have a root account that I use for trouble shooting.

So far no one has been able to write malware for the Mac that doesn't require the user to manually install it and to authorize it with their password. You can have a secure OS, but you have to be web savvy as well.

The Mac has a good built in firewall. I actually don't even have it running. All I need to do is be behind a router, which in my case is an AirportExtreme, and it's fine. For a while I was running Norton Internet Security, because it was free from my ISP. It would give warning that someone was trying to access my Mac but they were not able to do.

Since 1994, I have had two instances of having a virus on my Mac. Both of those came from removable media, and not the internet, and I was able to remove them as soon as they were discovered.

No OS is perfect, but the Mac OS is a very secure OS, regardless to what some "Internet Security experts" say. I like Linux too. I used to run a distribution on one of my Macs. I also used to like BeOS a lot. But both suffered from a lack of software.

I've been under the hood on these things long enough to have seen sandbox failures/exploits and breaking out of chroot jails in different flavors of 'nix. Not to say that you aren't safe by doing what you're doing, but that you're always safer if your protection involves multiple layers between you and the bad guys. I don't put my faith in sandboxing all by itself.

Indeed they do. And you can manage them. But it's important to note that tracking/spying via cookies is passe', largely because you are aware of it and you know to take action. Modern tracking techniques allow web sites that you aren't even visiting to retrieve information about you in real time, regardless of your cookie management scheme., through the execution of javascript embedded in the web pages that you do visit. It seems that no matter how much we users pay attention to solving these sorts of problems, someody always seems to come up with a new way to store/recover the information to make you vulnerable.

If you take some time to monitor what the javascript on web pages is actually doing, you'll find that they're all sending information aboutyour browsing activity to companies like facebook and doubleclick. What's so interesting about this is that I don't have a facebook account, and I've never been to the facebook site, but facebook is still collecting/updating a dossier on me. They do this by paying other websites to include javascript in their web pages that forwards information to facebook. This information could be indexed by your IP address, or by your NIC MAC address if you allow javascript execution. These techiques allow companies like facebook to track browser activity across every site you visit, indexing it to the MAC address on your NIC. Don't underestimate what kind of tracking facilities are in place on the web sites you visit. It's a lot more complex than cookies.



At the risk of stating the obvious, If you don't have it running then it isn't doing you any good.

That's a good first step as far as security is concened; it protects you from a brute force attack from an outside hacker, but it's far from a complete solution. I'm sure that you're aware that a firewall, a router, and a firewall/router perform different functions. An SPI firewall/router will protect you to the extent that your internal LAN addresses are not directly accessible from the outside world. An SPI firewall/router doesn't protect you from exploits that are taking place via a "legitimate" packet stream that you have initiated. In that case, a more sophisticated method of intrusion detection is required. The state of the art now is actually focused more closely on extrusion detection, via packet payload examination, to control what kind of information is leaving your computer during a browsing episode. This requires a packet sniffing system and a firewall that is expressly configured to drop packets that are headed for unsavory destinations. All things considered, it's a lot easier just to block javascript execution by unauthorized sites, and to blacklist their IP domains at the router level, dropping packets to the people who are trying to take advantage of user naivety. Enabling javascript is inherently dangerous.

In the big scheme of things, people who worry about having their PC hit with a virus or a trojan are paying attention to one level of internet security and completely ignoring another. The bigger threat, IMO, comes from the spyware/tracking paradigms that are currently in use to collect all sorts of information about you using javascript. This concept bothers some people more than others. Some people aren't even aware of the kind of information that's being collected about them; the problem isn't even on their radar.

Could this Thread be moved to the Lobby, instead of being in the Pickup Makers Forum?
The Lobby or Fun with Computers forum, is where all the other virus threads are.
Things are better now, Lets move on!
T

Not on Macs. But you are welcome to give some examples.

[QUOTE]Indeed they do. And you can manage them. But it's important to note that tracking/spying via cookies is passe', largely because you are aware of it and you know to take action. Modern tracking techniques allow web sites that you aren't even visiting to retrieve information about you in real time, regardless of your cookie management scheme., through the execution of javascript embedded in the web pages that you do visit. It seems that no matter how much we users pay attention to solving these sorts of problems, someody always seems to come up with a new way to store/recover the information to make you vulnerable.

That doesn't happen because I'm using Ghostry. Here's what happens at this site:



It's not running because I generally don't need it. The problem is that it becomes a nuisance in some situations. I'm also running LittleSnitch which warns about network connections.

The built in Firewall also has a "stealth mode" which does not respond or acknowledge attempts to access the computer from the internet. So you can't ping it.

I agree, but as I said, in the last 18 years I have had zero problems on the internet. There really aren't any "exploits" going on here. I can see that there are attempts to connect from the outside, and they can't.

As macs get more popular hackers might start targeting them, but currently it's not happening. And as soon as word gets out that there is some exploit, or at least a proof of concept exploit, Apple fixes it.


See, I can see all network traffic going on.



When Safari makes a connection, it shows up there. There's no tracking going on here.

I agree! I don't think I can move it, but tboy can.

There, I moved it to "Fun with Computers". David, I'm not sure why you couldn't move it, maybe the administrative menu needs JavaScript to work?

How do you get that window that shows all network activity? It looks handy.

I'm an Apple fanboy. I trust that they come with a reasonable security policy out of the box.

So can you view YouTube videos without Flash on WinXP or Win 7?