I was looking at the newest Negima at Mangafox when I accidentally clicked on the advertised links and ended up picking up a malware I'm familiar with. It's the one where it masquerades as the XP security icon and tries to make you go to a site to remove the supposedly found viruses. I had zone alarm up and it still went thru. I knew the drill to remove it but it took me 2 hours to do it. What a pain.
__________________
Into terror!, Into valour!
Charge ahead! No! Never turn
Yes, it's into the fire we fly
And the devil will burn!
- Scarlett Pimpernell
National Geographic also had some drive by download malware adds recently.
NoScript is your friend, and JavaScript an abomination that shouldn't have been allowed on the net.
E: "Did they... did they just endorse the combination of the JSDF and US Army by showing them as two lesbian lolicons moving in together and holding hands and talking about how 'intimate' they were?"
B: "Have you forgotten so soon? They're phasing out Don't Ask, Don't Tell."
I don't have a problem with Java, I have a problem with people who use it for the express purpose of making other people's lives miserable, however.
- Grumpy Uncle Gearhead
Sadly the advertisers (or advertising middle men/people) who care the least about who is sent their way (and will therefor pay a decent rate totally independent of marketing data) are also the ones who put the least effort into policing the inputs into their systems. And I don't think many top tier advertising companies want to deal with someone as gray market (perceived or not) Mangafox.
So someone who is looking to grow/maintain their botnet can pay a relatively minor amount* and be almost guaranteed a decent tic in exposure. Whether or not said exposure translates into more infected computers is a more complicated issue.
* depending on how long term they are looking to deal with a specific company, the bot-hearders may pay via stolen credit cards. Or actual money, if the CPM is less than what they can get for the personal information harvested from the machines.
I'll echo Catty with the recommendation for NoScript, also Flashblock. They cut out 99% of the avenues of attack for a third party.
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy
NoScript is awesome, though really I don't know why you don't expect to get viruses from places like Mangafox et al.
---------------
Epsilon
NoScript and Adblock... generally keeps most things clean. And keep some of the just plain irritating ads away aswell.
A Linux-based OS is generally even better. Though I did manage to get one on WINE once which I found spectacularly funny.
________________________________
--m(^0^)m-- Wot, no sig?
CattyNebulart Wrote:NoScript is your friend, and JavaScript an abomination that shouldn't have been allowed on the net.
I don't think the problem is with Javascript, per say, but more in aspects of it's implementation. And if one's site cannot be used without Javascript being enabled, then the site owner needs to fire their web designer. Nor should it replace the page I'm loading with no option of reloading what I was trying to read if I have it disabled. (Yes, I encountered that. I prefer not to go to that particular news site again.)
--
"You know how parents tell you everything's going to fine, but you know they're lying to make you feel better? Everything's going to be fine." - The Doctor
sweno Wrote:I'll echo Catty with the recommendation for NoScript, also Flashblock. They cut out 99% of the avenues of attack for a third party.
Unless they added extra features to flashblock then noscript already covers it. Adblock can also be handy.
Quote:A Linux-based OS is generally even better.
Agreed but even nix machines are vulnerable to flaws in the browser implementation, it's just that the damage the malware can do is limited.
But as a fellow enlightened *Nix user I'll join you in being smug and feeling superior.
(Because we are :p)
Quote:And if one's site cannot be used without Javascript being enabled, then the site owner needs to fire their web designer.
Tell that to the IRS, NASA and all the other government agencies. (which are legally required to work without Javascript. Of course they don't, but I know people who make good money fixing that every two years or so.)
The problem is that once it is widespread enough to be expected it will become a requirement. This is true of all net technologies.
Quote:I don't have a problem with Java
JavaScript and Java are two different animals. It's like someone complaining that rabbits are eating their flowers and someone else chiming in that they don't have a problem with wolves.
E: "Did they... did they just endorse the combination of the JSDF and US Army by showing them as two lesbian lolicons moving in together and holding hands and talking about how 'intimate' they were?"
B: "Have you forgotten so soon? They're phasing out Don't Ask, Don't Tell."
CattyNebulart Wrote:Unless they added extra features to flashblock then noscript already covers it. Adblock can also be handy.
It's more of a fine grained thing. If I visit youtube (or vimeo, or some other video sharing site) I want scripting to work for the site (kinda pointless without it). But I don't want to load all 7 of the videos they have on the side/bottom of the main one I'm interested in. It's more of a fine grained control thing. It also works in safari (which I spend about half of my time in), while noscript doesn't.
And ya. adblock is good.
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy
I currently have NoScript set to block ytimg.com, which stops all the extra stuff on youtube from working, but lets the main video play. (having ytimg.com blocked also stops some youtube pages from crashing Firefox, which was weird. It even crashed Firefox's safe mode, with all extensions disabled, though it took about 10 to 15 seconds longer to do so. It was weird.) Unfortunately, this kills youtube videos that are embedded in other pages, which is rather annoying. Is there some way to set it to block the script on youtube.com, but not elsewhere?
-----
Stand between the Silver Crystal and the Golden Sea.
"Youngsters these days just have no appreciation for the magnificence of the legendary cucumber." --Krityan Elder, Tales of Vesperia.
"Allow scripts from (this domain) only if being loaded by a page on (that domain)"? I can think of a couple things I'd use it for, but I don't think NoScript can actually do it.
... Wait, no, that's wrong. It looks like such a thing might be possible with
ABE. They give an example of a rule to only allow Facebook material on facebook sites. If I'm understanding this right, the rule would be something like:
Site .ytimg.com
Deny from youtube.com INCLUSION(SCRIPT, OBJ)
Accept
... But I'm not absolutely sure of that. '.'
-Morgan.
If I put it in as
Site .ytimg.com
Deny from .youtube.com
Accept
It accepts it, but breaks youtube and the embedded videos. If I put it in as suggested, it just won't accept it, and spits out an error about a missing EOF where the word inclusion begins. If I just move the inclusion segment to the allow line, it runs, but breaks stuff, so long as I put a period in front of youtube.com.
-----
Stand between the Silver Crystal and the Golden Sea.
"Youngsters these days just have no appreciation for the magnificence of the legendary cucumber." --Krityan Elder, Tales of Vesperia.
Hmm. Well, I am sort of guessing based on several things. (I'm not even absolutely certain that ytimg.com and youtube.com shouldn't be switched in that arrangement. Though I'm more confident about that than the rest.)
Maybe ask on the noscript forum? I found some other stuff where the guy responsible for the whole thing helped people get suitable ABE rules set up for things. (And I'd be interested to know too, for use with some other sites. I can't really test this one myself, since I don't even have flash installed on Firefox.)
-Morgan.
I've had something similar lately. I couldn't use IE9, it would start and then kill itself. Darn annoying when your trying to access one of Microsoft's IE-only pages. I'd trouble even finding the uninstaller for IE9 so I could get back to a "functional" IE.
IE9 *should* follow the same path structure as IE7 and 8. The uninstaller could be fired off from a command prompt, like so:
Quote:%windir%ie8spuninstspuninst.exe
Replace "ie8" with "ie7" for 7, and I think "ie9" for, well, 9.
I haven't upgraded or used IE except as absolutely necessary since... um... a really long time ago now. But I kill it all the time.
--sofaspud
--
"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs