Re: Spyware / Adware
- To: debian-security@lists.debian.org
- Subject: Re: Spyware / Adware
- From: Duncan Simpson <duncan@commercialuk.com>
- Date: 01 Sep 2004 11:06:06 +0100
- Message-id: <[🔎] 1094033166.622.608.camel@duncan>
- In-reply-to: <iate02-b2s.ln1@grendel.myth>
- References: <3C956A2FF7FE8F428BEE104D52ED008003B5C514@na1ecm55.dearborn.ford.com> <21866.1093951042@www33.gmx.net> <20040831133043.30fe8802.volker.tanger@detewe.de> <200408311643.02157@fortytwo.ch> <iate02-b2s.ln1@grendel.myth>
Nobody has brought this up, so I guess it up to me to do so. A lot of
windows {ad,spy,mal}ware does *not* require you to click on anything or
explicilty install anything. All you need to do is visit the "right" web
page or preview an appropriate HTML email. ActiveX and IE security flaws
do the rest, with no prompts whatsoever. All this *only* works in IE,
and HTML messages in outlook (which uses IE, so the same exploits
apply).
You can avoid almost all the problems by using an alternative browser
that does not support activeX. If you have just java and javascript then
installing *ware, even if the browser is running as root, is almost
impossible (in java only applets with a trusted signature have
filesystem access, and javascript does not support this access at all).
Of course, there might be buffer overruns or other bugs that allow you
to download and run anything you like anyway. Some plugins, for example
macromedia flash, have some filesystem access features accessable from
javascript.
BTW binaries are pretty portable across linux systems. I had some libc
4.x (a.out) binaries on my older box from SLS 1.03 (kernel 0.99pl13) at
least until the 1.2.x kernels.
Reply to: