The Vent and Rant Thread

[dsvick]

Quote:

Originally Posted by kindlekitten

it was a looong hard day. I am now a certified welldigger's assistant. at least helping him knocked a lot of the labor off of the bill. we finished up at 9 last night. I looked like something the cat drug in, wet, covered in mud, scratched by blackberry vines and the holly tree, but I have a functioning well with more water pressure that I have had in years, and WATER!!!!

Great news!! I wonder if that would work for funeral expenses? I'll tell them I'll help dig my grave when the time comes for a discount - think they'll fall for it?

[DMcCunney]

Quote:

Originally Posted by BenG

I use Norton 360. Last month I was searching for a book cover using Google Image Search. I found what looked like a decent image of the cover. When I clicked on the link the website tried to take over Firefox and install software on my computer. Thankfully, Norton blocked it and no harm done, but it shows you don't have to visit obviously shady websites or do illegal downloads to be at risk.

The issue is that perfectly legit websites can be hacked to distribute malware payloads, so caution is required.

I run Firefox, and don't see that sort of issue because I have layered defenses. One is a Firefox extension called NoScript. NoScript blocks allscripting activity unless the site is in a user created whitelist. It defaults to blocking JavaScript, but can also block Flash, Java, and Microsoft Silverlight.

See https://addons.mozilla.org/en-US/firefox/addon/722/

If it's the sort of issue I think it is, running Chrome, Opera, or Safari instead won't be any protection, as it will bite in them, too.
______
Dennis

[DMcCunney]

Quote:

Originally Posted by pilotbob

Yes, totally serious. The only thing on it is the built in Windows Defender... which I think is basically anti-malware not anti-virus.

Correct. See http://www.microsoft.com/windows/pro...r/default.mspx
______
Dennis

[kennyc]

Quote:

Originally Posted by DMcCunney

...

Xmarks isn't gone. As of last word, they were in discussions to be acquired by someone with deeper pockets, who would continue the free service and offer an optional payware premium service. See http://blog.xmarks.com/
______
Dennis

Yep, and I'm still using it at the moment. I believe there are an number of other addons that can do this as well. I'm hoping they figure out a way to keep it in place.

It's worked well for me for a while now.

[pilotbob]

Quote:

Originally Posted by DMcCunney

Xmarks isn't gone. As of last word, they were in discussions to be acquired by someone with deeper pockets, who would continue the free service and offer an optional payware premium service. See http://blog.xmarks.com/
______
Dennis

OK, well it was expected to be gone... so I acted accordingly and found an alternative... which is use Chrome on Mac and Windows for the bookmark syncing. So far, no problems.

BOb

[kennyc]

In my best Mr T voice, "I pity the fool that doesn't run anti-virus checking software!"



"or doesn't do regular backups"

[pilotbob]

Quote:

Originally Posted by kennyc

In my best Mr T voice, "I pity the fool that doesn't run anti-virus checking software!"

Well, glad I'm not a fool that doesn't run it. Going on like 6 years now and no problems.

Quote:

Originally Posted by kennyc

"or doesn't do regular backups"

Of course, this goes without saying. With a combo of the cloud, dropbox and my time machine (on my Mac) backup I think I'm pretty well covered.

BOb

[DMcCunney]

Quote:

Originally Posted by kennyc

What? NO VIRUS SCANNER? Are you Serious?

Or are you talking about login security?

It's entirely possible to run without A/V relatively safely. I do run A/V, but could drop it without problems.

The trick is thinking about the problem the right way. Viruses and spyware/malware are like diseases. Diseases get into the the body via vectors. Ward the vectors, and you don't get the disease.

Many tools out there make the assumption you are infected and attempt to cure the disease. I find it easier to just not get infected in the first place.

My rough rules of thumb are

1. Don't use Internet Explorer as your browser. Many exploits target security holes in IE and Windows, and bounce off if IE is not the browser.

I use Firefox, with the NoScript extension.

2. Keep Windows fully patched. Turn Automatic Updates on, and get and install critical patches as released.

3. Consider not running as Administrator. This is the default behavior for Windows Vista and Windows 7. Prior to that, Windows assumed the logged in user was also an Administrator with all powers. Most exploits require Admin rights to do their dirty work, and fail if the user is not Administrator.

4. Turn off the Windows default of hiding extensions of known file types. (In XP, you can do this by opening My Documents, andf clicking on Tools/Folder Options. Select the View tab, and uncheck Hide extensions for known file types. See below for why.)

5. Run a good A/V package, and make sure the virus signatures are up to date.

I use Symantec Corporate, courtesy of an employer site license, and get new A/V signatures delivered automatically each week.

6. Run a firewall. Windows Firewall will do, though better third party products exist.

I have three - the hardware firewall in my router, Windows Firewall, left active because it doesn't conflict with anuthing, and the last freeware version of the old Sygate Personal Firewall, bought and killed off by Symantec. It has the best interface I've seen in a firewall.

7. Be very careful about what you view in email. Poisoned attachments are a favorite distribution method for bad stuff. Be sure you know who it's really from and what it really is.

I use GMail as my primary account, checking my others. Attachments stay on Google's servers unless I specifically choose to download them, and I know what they are and where they are from before doing so.

As part and parcel of email security, see #4 above. If hiding the extension of known file types is checked, you don't know that the "cute_kitten_picture.jpg" file that arrived in email is really "cute_kitten_picture.jpg.exe", and will install something nasty if you open it.

7. Be very careful about what you download and from where. Download software only from known good sources, that check on their end.

8. Be aware that the Internet is like a big city. It has bad neighborhoods. Watch where you go and what you do when there.

9. See Rule 1.

I haven't had a serious problem in many years because I followed the practices above. I could actually drop A/V, because it never finds anything. (The last time it did, it was false positives on some ancient MS-DOS programs I still use.)

I also don't run "active" anti-spyware/malware defenses doing real time checking. They don't find anything because I avoid getting it. I occasionally run on demand checks with things like Ad-Aware, Spybot Search and Destroy, and Malware Bytes. The worst they find are "tracking" cookies, which are at worst a nuisance.

Good surfing habits are your best defense.
______
Dennis

[kindlekitten]

Quote:

Originally Posted by kennyc

Wonderful!

we finished up in a huge windstorm. he had to hurry to get his boom down before he got into trouble. there were power outages all over the place. I'm amazed I didn't lose power but it did flicker through the night. then an earthquake this morning!

Quote:

Originally Posted by dsvick

Great news!! I wonder if that would work for funeral expenses? I'll tell them I'll help dig my grave when the time comes for a discount - think they'll fall for it?

go for the cremation route! MUCH cheaper!

[badgoodDeb]

*Earthquake*?? My, but you DO live in interesting times.

[devilsadvocate]

Quote:

Originally Posted by DMcCunney

The issue is that perfectly legit websites can be hacked to distribute malware payloads, so caution is required.

I run Firefox, and don't see that sort of issue because I have layered defenses. One is a Firefox extension called NoScript. NoScript blocks allscripting activity unless the site is in a user created whitelist. It defaults to blocking JavaScript, but can also block Flash, Java, and Microsoft Silverlight.

See https://addons.mozilla.org/en-US/firefox/addon/722/

If it's the sort of issue I think it is, running Chrome, Opera, or Safari instead won't be any protection, as it will bite in them, too.
______
Dennis

One of the reasons I never fully migrated to Chrome (Chromium in Linux) is the lack of NoScript. There is an addon for similar functionality called NotScript for Chrome but it's not as thorough. Then again, being fairly new I expect that to change reasonably soon.

The problem is that Chrome is put together differently and Google has different motivations; the API for addon functionality isn't meant to block ads (which is what NoScript is very good at) because Google's primary source of revenue is advertising. NotScript does maybe 60-70% of the job NoScript does but can't stop click-jacking. It also requires editing a file; while not exactly rocket-science, many non-technical types might not want to go there.

Incidentally, the reason Chrome seems so much faster is because it splits everything into separate processes. It loads faster but CPU usage goes way up (and so does the list of running processes) relative to Firefox. This doesn't bother my overachieving workstation but I found it to be somewhat of a disadvantage on my netbook.

[DMcCunney]

Quote:

Originally Posted by desertgrandma

Yeah, I know. I just like my warm, comfy firefox.

I need a real reason to change. Is it safer?

No.

I try to keep up on browsers. I have current versions of Firefox, Google Chrome, Internet Explorer, Opera, and Safari here, with a few other things like Avant Browser and Maxthon that are essentially tabbed shells on top of the IE "Trident" rendering engine.

The reason why many folks switched to Firefox as a safer browser was that Firefox does not support IE Active-X controls. Active-X controls are downloaded by the site that uses them, and execute in the context of the browser. They way they are supposed to work is what happens when you visit Windows Update. Windows Update wants to install and run an Active-X control. You get a dialog box stating the site wants to install software, asks permission, and offers to display the digital certificate that confirms the site is who it says it is, and you haven't been maliciously redirected. The Active-X control is what examines your system, and determines what updates you need.

Unfortunately, bad guys found ways to exploit security holes in Windows and IE to do "drive by installs" of malicious Active-X controls. You got no warning, and didn't even know you were infected until you started showing symptoms.

Firefox deliberately does not suopport Active-X controls as a security measure. (You can get an add-on that adds Active-X support, but it's a "Not recommended, and you better know what you're doing" operation.)

Google Chrome, Opera, and Safari also do not support Active-X, so the safety quotient is equivalent.

I use Firefox because it's extensible. The design of Firefox and other Mozilla products allows developers to create themes that alter the way the product looks, and add-ons that extend and enhance how it behaves. Add-ons are essential parts of my kit, and there are an assortment that get added to any new profile I create.

Google Chrome now has an extension capability, but there are still rough edges, and there are no equivalents of some of what I use in Firefox.
______
Dennis

[EowynCarter]

Quote:

Originally Posted by kennyc

In my best Mr T voice, "I pity the fool that doesn't run anti-virus checking software!"



"or doesn't do regular backups"

Yup, me neither. Running linux a lot additionally.
Last time I had trouble, a few day later, i try installing WM11, and windows goes "SP1 not installed". Me : . Ouuppss !!!! ** starts windows update **

[DMcCunney]

Quote:

Originally Posted by devilsadvocate

One of the reasons I never fully migrated to Chrome (Chromium in Linux) is the lack of NoScript. There is an addon for similar functionality called NotScript for Chrome but it's not as thorough. Then again, being fairly new I expect that to change reasonably soon.

I'm aware of it. NotScript is limited by the underlying API Google supplies for Chrome, so we'll see how close the NotScript developer can come to his inspiration.

Quote:

The problem is that Chrome is put together differently and Google has different motivations; the API for addon functionality isn't meant to block ads (which is what NoScript is very good at) because Google's primary source of revenue is advertising. NotScript does maybe 60-70% of the job NoScript does but can't stop click-jacking. It also requires editing a file; while not exactly rocket-science, many non-technical types might not want to go there.

I never thought of ad blocking as a NoScript function. The default standard for that is AdBlock Plus, which is available for Chrome, too.

Personally, I don't use AdBlock Plus. I run an extension called Stylish in Firefox that has been described as "Greasemonkey for CSS". It's apt. Greasemonkey allows you to run arbitrary JavaScript (called UserScripts) on pages you view, depending upon the page. Stylish does the same for CSS. I use a UserStyle called AdBlocking Filterset P, which is an underlying component of AdBlock Plus. Filterset P defines a large number od ad server sites, and simply doesn't display content served from the. It doesn't prevent the downl;oad in the first place, as AdBlock can, but I have a fast broadband connection and don't care. Stylish and Filterset P don't catch all ads, but again, I don't care. I'm not fanatic about blocking ads. I installed Filterset P in the first place to clean up ad heavy sites to make them readable, and it does just fine at that.

Stylish is also available for Chrome, and can run Filterset P.

Quote:

Incidentally, the reason Chrome seems so much faster is because it splits everything into separate processes. It loads faster but CPU usage goes way up (and so does the list of running processes) relative to Firefox. This doesn't bother my overachieving workstation but I found it to be somewhat of a disadvantage on my netbook.

I don't care about faster initial load, as once the browser is up, I leave it running. I don't hop in and out the way people are accustomed to doing with IE. Each tab in a separate process is good for the cases where a site has a problem: the entire browser doesn't hang until it gives up trying on that site. But CPU usage can go up. Even odder, if you install extensions, each of those becomes a separate process. Watch memory usage skyrocket...
______
Dennis

[kennyc]

Quote:

Originally Posted by kindlekitten

.

go for the cremation route! MUCH cheaper!

Or do what I'm planning:

http://edition.cnn.com/2010/HEALTH/1....html?hpt=Sbin

http://www.sciencecare.com/why_sciencecare.htm

http://www.biogift.org/

http://www.anatomicgift.com/