Malicious JavaScript code,

[Hywel Jenkins]

Y> > The XP does provide a one way firewall

You may be right, but see
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
for details about the Microsoft firewall included with the XP, post
sp2. It makes mention that there firewall can block incoming attempts
to connect to ports, etc. It does not mention that it will block
outgoing attempts by your computer to connect to somewhere

The Windows Firewall *does* block outgoing traffic. It frequently asks
if an application should be permitted access to the internet.

 

[Hywel Jenkins]

Turns out that after installing XP I had my machine connected to DSL. When
IE installed, it set its 'home page' to MSN.com. Shortly after connecting
to MSN, the shit hit the fan. Machine started to reboot, etc. An AV scan
showed about 4 or 5 viruses had invaded my new machine.

You allowed IE, out into the unknown with inadequate security. That's
how you got infected - you *let* it happen.

 

[Hywel Jenkins]

This thread has grown into a rather long, now off topic, monster.

Indeed. Most of them debunking your knowledge of JavaScript and web
security.

 

[Randy Webb]

Ed Jay said the following on 1/29/2006 4:57 PM:

Not necessarily rubbish. I had a similar experience, but it didn't take my
NOD32 A/V program to discover I'd been invaded.

Turns out that after installing XP I had my machine connected to DSL. When
IE installed, it set its 'home page' to MSN.com. Shortly after connecting
to MSN, the shit hit the fan. Machine started to reboot, etc. An AV scan
showed about 4 or 5 viruses had invaded my new machine.

As was pointed out, that is a flaw on *your* part. You are the one that
allowed it out without checking it first.

You can not put anything on my PC without me, directly or indirectly,
allowing it. And if you allow it, you reap what you sow.

 

[cwdjrxyz]

The Windows Firewall *does* block outgoing traffic. It frequently asks
if an application should be permitted access to the internet.

In fact, depending on the security settings you choose, you do
sometimes get a warning message when online if the site you go to tries
to get some information sent to it or elsewhere. I also have this
happen to me when I am on the web using IE6. However, my Windows
firewall is completely disabled by another, in my opinion better, 2 way
firewall I use, and a check of Windows settings confirms that the
Windows XP firewall is indeed disabled. Thus this has nothing to do
with the Windows firewall and everything to do with the security
selection features that were greatly improved with sp2. What my 2 way
firewall does is display every application you have on your computer.
Each application may be completely blocked from the web, allow
outgoing, or be unblocked. If you change the security settings, when on
IE6, to the lowest possible (not recommended), you seldom get any kind
of message. If you set for maximum security you can not get into many
safe sites such as my bank, etc. Security settings are somewhat
different for various browsers. I keep Opera set at very high security
for the most doubtful sites and Firefox a little less secure for
trusted sites. On broadband, it is no problem having several browsers
in use at once, and I often have the SBC/Yahoo DSL(IE6 relative),
Firefox, and Opera all connected to the web when I am testing pages on
different browsers. Thus you often notice differences in security
warning response for different browsers when you are viewing the same
page with 3 browsers.

In the last 15 minutes, over 20 attempts to get into many different
ports have been rejected and recorded in my firewall log. Tonight many
can be traced to China. Many of these likely are attempting to find an
open port, get in, and take advantage of a worm or virus that they hope
has been planted on the computer. I take part in a program that reports
all of these attempts to a data base that is used to help improve web
security. Some ISPs likely are targeted much more than others. The
large broadband ISPs in the US seem to be favorite targets. A computer
that always is connected to broadband is likely much more useful to
many hackers than one that is online only now and then and connected on
dialup.

But back to javascript, I would love to see a page using a script for
which you are most proud, since you seem to have very strong opinions
about how to best write scripts.

By the way, I do not really care about subjective adjectives, good or
bad, that anyone may use on the web. Such usually are not allowed in a
proper technical journal owned by an important scientific or
engineering society where papers are properly peer reviewed and
objective statements are required. I can not get very excited in an
emotional way, pro or con, about anything I read in an open NG. You
seldom know anything about the qualifications of the person expressing
an opinion.You could have the Queen of England(unlikely, but there is a
royal site), you could have a technician at a famous university who
knows little about computing and perhaps dissects frogs for a
researcher, or you may have someone who knows nearly nothing about
computing at all. And I doubt if skills in html, javascript, or C++ are
likely to be considered profound enough to win a Nobel prize.

So farewell to this much too long, off topic thread. Was there a full
moon this weekend? It has been too cloudy here for me to notice.

 

[Richard Cornford]

cwdjrxyz wrote:

... . I can not get very excited in an emotional way,
pro or con, about anything I read in an open NG. You
seldom know anything about the qualifications of the
person expressing an opinion.

<snip>

The only qualification that matters on a technical newsgroup with a
specific subject is how much an individual knows about the group's
subject, and that is relatively easy to determine from their
interactions with the group. It doesn't matter that anyone can post
anything they like to any group because if their writing is perceived as
questionable it will be questioned. The people who understand the
subject will be able to explain and justify their statements, the people
who are learning will be able to explain their understanding (and be in
a position to learn from the comments they receive in response), and the
people who would rather pretend that they know more than they do (often
as much to themselves as to others) will bluster and vacillate and
expose the truth in the process.

Two or three months reading this (relativity heavily trafficked)
newsgroup should identify most of the people who are worth listening to,
and the utterly worthless usually give themselves away quite quickly,
with the many in-between often rapidly migrating towards the more
informed end of the spectrum, if they actively participate. Newsgroups
may seem overly critical but understanding evolves quickly in a hostile
environment.

Richard.