Don't pay for software you don't need

Started May 5, 2011 | Discussions thread
Jim Cockfield Forum Pro • Posts: 16,333
Good Point

Sean Nelson wrote:

Jim Cockfield wrote:

What I want to know is why Fred and those guys don't see this kind of thing on a regular basis. I see it on a regular basis, usually just reading through news articles when I run into ad poisoning. Other times, it's when legit sites have been compromised by other means.

I've NEVER seen a pop-up box like that on any of the sites I visit. I use Firefox with the NoScript add-on. NoScript blocks a number of security vulnerabilities including Flash, Acrobat, Java, transparent click-throughs, etc. etc. It works on a "whitelist" principle - if you visit a web page which doesn't work because of the restrictions, you can easily permit or revoke the entire page or any of the individual domain names it uses temporarily or permanently.

Good point.

I often forget to install it in all copies of Firefox I use. I run in different Operating System configs and use Linux a lot of the time. I often chuckle when I see the fake AV scanner screens come up (trying to convince me that they're finding problems in folders that don't even exist, and/or the permissions allowed for the linux installation I'm running in doesn't allow access to them).

These things have been around for a long time (as have SQL injection vulnerabilities that some sites are now coining as "LizaMoon" when exploits planted on hacked sites because of unpatched vulnerabilities include redirects to pages trying to get you to install fake AV scanners and more.).

I probably see them at least a couple of times per month. But, sometimes I've seen them more than once in the same day (not trying to find them, as I usually hit them when browsing through news stories and following links to related stories).

No OS is totally secure, so I should probably get into the habit of installing NoScript in Firefox under all copies of Linux and Windows that I use.

Of course, sometimes the malware itself is being hosted on a "legit" site that you may have told NoScript to allow all scripts on, versus another site that you're being redirected to (just because it's easier to use the "Allow [insert site name here] choice" versus worrying about more finer control for individual pages, etc.). So, it's still best to have multiple layers of protection.

-- hide signature --


Post (hide subjects) Posted by
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark MMy threads
Color scheme? Blue / Yellow