Bill
Sat Jan 10 19:23:05 CST 2004
http://www.claymania.com/safe-hex.html
"zipadedodazipadeday" <noanswer@hotmail.com> wrote in message
news:OM6FD$41DHA.2948@TK2MSFTNGP09.phx.gbl...
>I am not sure if I have posted in the right area but thank you all for
> taking the time to explain to me, especially the in depth response from
> John, very informative. I like the Practice safe Hex idea, do we need
> script in order for it to execute or do we just get our digits out and
> make
> code?
> "John McGaw" <nowhere@inparticu.lar> wrote in message
> news:uHwXzy41DHA.2180@TK2MSFTNGP12.phx.gbl...
>> Replies inline...
>>
>> "zipadedodazipadeday" <noanswer@hotmail.com> wrote in message
>> news:OS2rCW21DHA.2928@TK2MSFTNGP09.phx.gbl...
>> > I am wondering if downloads are scanned for viruses, spyware etc etc.
>> > My
>> AV
>>
>> It is possible that your e-mail is being pre-scanned for viruses and
>> other
>> malware. Some ISPs have started either voluntary or mandatory scans of
>> everything coming through their mail servers. If you download something
> from
>> a website or ftp server it is unlikely that anyting at all is being done
>> with it before it gets to your computer.
>>
>> > software seems to intercept most e mail threats and my firewall seems
>> > to
>> > protect me against direct intrusion but when I run my spyware program I
>> > nearly always have something lurking, a tracking cookie or some other
> such
>> > thing, how do these things get passed all of the security?
>>
>> Cookies are not, per se, an intrusion or dangerous. They may be used in
>> an
>> intrusive manner but so far as I can tell their good uses outweigh the
>> bad
>> ones. This is why AdAware and the like only identify and offer to remove
>> ones that have been shown to have been used badly. It would be MUCH
>> easier
>> to simply erase every cookie if that were not the case. You can erase
>> them
>> yourself and prevent new ones from being saved but if you do you will
>> find
>> that many websites become difficult or impossible to use.
>>
>> > Whenever I get an attachment in an e mail, my e mail prog firstly warns
> me
>> > that the attachment might contain something nasty, I then save the
>> > attachment to my desktop and run a virus scan on it before I open it,
>> > am
> I
>> > doing the right thing?
>>
>> Blindly executing attachments is, of course, an incredibly stupid thing
>> to
>> do. But blindly relying on an AV scan to assure yourself that an
> attachment
>> is safe might be just as bad. Every AV scanning program relies on either
> 1)
>> matching bits of data against other bits of data which have been
> identified
>> as existing in a known virus and/or 2) trying to identify bits of code
>> within a file which seeem to suggest some nefarious purpose. Great ideas
> but
>> if you receive and execute an attachment which is 1) new enough that it
> has
>> not been identified and had its signature placed in the virus definitions
>> and/or 2) has been written in such a way as to appear innocuous there is
>> really nothing to stop it from doing anything it wants with your
>> computer.
>> In fact, it could even be the case that a malicious attachment might not
> be
>> a virus or worm or anything else that would be of any interest to the AV
>> program writers. If someone writes a program which will reformat your
>> hard
>> disk when run and has no way of spreading (maybe someone who just hates
> your
>> guts) you are still in major trouble if you run it but it will never
>> register on the virus trackers charts.
>>
>> Yes, scan to your heart's content but be sure that your AV definitions
>> are
>> up to date. But don't depend on it to be 100% effective. Use your head.
> Ask
>> yourself "why did I receive this attachment?" "who sent it to me ?" "do
>> I
>> trust them implicitly?" "did I ask for it?" If you are downloading ask
>> yourself "do I know the parties involved?" "do I have reason to trust
>> them?" "is this site/server really what it seems to be?". Example: if you
>> download a piece of shareware from CNET you can be relatively sure that
> the
>> executable is safe but if you download a 'crack' from some hacker/cracker
>> site you might expect that some percentage of them aren't exactly what
> they
>> claim to be.
>>
>> It all comes down to practicing safe hex.
>>
>> --
>> John McGaw
>> [Knoxville, TN, USA]
>>
>> Return address will not work. Please
>> reply in group or through my website:
>>
http://johnmcgaw.com
>>
>>
>
>