Cruisers Forum
 


Join CruisersForum Today

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 16-07-2010, 18:15   #1

Cruisers Forum Supporter

Join Date: Apr 2006
Posts: 12,113
Web Page Safety ?

After getting infected by some realy nasty malware that someone had loaded on an innoculous web site I visited...I've doubled the guards and set phasers to kill.

And that means the Cruisersforum web pages are generating warning messages now, apparently because they (or the ads on them) are using scripts, or plug-ins, or other usually innocent technologies that can and do sometimes carry malware--even if the webmasters have no idea of it.

I get prompted with:

"Do you want to allows software such as scripts and Active-X plugins to run?"

And the inevitable "do you want to run Adobe Flashplayer?" which is a known long-time carrier of malware, watch how often Adobe patches it nowadays to try playing whack-a-mole with the bad guys.

So I put this question out to the owners and webmaster: WHY?

WHY DO RUN THIS STUFF? The pages appear to load and run just fine when it is blocked, so why not make a firm habit of simply not using this code, so you simply can't pass on a malware problem? And, so your pages will load without triggering security dialogues, for those of us who are now running in high security mode?

Give it a thought, set your own browser to high security settings, and watch what happens. You don't need that stuff, we don't need that stuff, why don't we make sure that everyone checks their weapons at the door?
__________________

__________________
hellosailor is offline  
Old 16-07-2010, 19:48   #2
Eternal Member
 
Chief Engineer's Avatar

Join Date: Aug 2006
Location: North of Baltimore
Boat: Ericson 27 & 18' Herrmann Catboat
Posts: 3,798
It will probably disappear...but cruisers forum has ads on in for windows registry scan

I would off to cut the bollocks off of the guys that come up with this stuff....

Maybe stoning with infected laptops.
__________________

__________________
Chief Engineer is offline  
Old 16-07-2010, 20:35   #3

Cruisers Forum Supporter

Join Date: Apr 2006
Posts: 12,113
It isn't just an odd page here or there, but 10/10 and growing.

This page didn't ask me about Flash, but it did generate another script warning, again. Needs scripts? To do...What?? Apparently nothing that stops the page from rendering, or replies being posted, or notifications being sent.

As George Carlin said, "TOO MUCH STUFF!"

Years ago some of us almost started a group to chase down the folks who put out the malware, but we got all bogged down in whether the uniforms would have to be leather, or spandex. You know, superheros can't shop at The Gap.<G>
__________________
hellosailor is offline  
Old 16-07-2010, 21:27   #4
Registered User
 
Serenity_'s Avatar

Join Date: Jun 2010
Location: Columbia mouth
Boat: coming soon.......
Posts: 49
"Ads by Google" is a script

I doubt you or anyone will be able to get the owner to take off the ads, it creates revenue for this site which helps keep it going.

What browser do you use?
__________________
Serenity_ is offline  
Old 16-07-2010, 22:44   #5
Senior Cruiser
 
maxingout's Avatar

Cruisers Forum Supporter

Join Date: Dec 2006
Location: Fort Pierce, Phoenix
Boat: Privilege 39 Catamaran, Exit Only
Posts: 2,367
Are the Apple computers susceptible to this malware problem?
__________________
Dave -Sailing Vessel Exit Only

http://SailingUNI.com
http://maxingout.com
http://PositiveThinkingSailor.com
maxingout is offline  
Old 17-07-2010, 06:52   #6
Senior Cruiser
 
colemj's Avatar

Cruisers Forum Supporter

Join Date: Oct 2005
Location: Presently on US East Coast
Boat: Manta 40 "Reach"
Posts: 10,043
Images: 12
Quote:
Originally Posted by maxingout View Post
Are the Apple computers susceptible to this malware problem?
They are "susceptible" in theory but not in practice. Unless you are running Windows on the Mac. Active x controls are windows only. Other script kiddy stuff endemic and prolific on the web cannot get around the basic Unix architecture of the Mac operating system. I have no problems on this site and no ads anywhere using ad blocker software on the Mac. I operate the computer right out of the box without any additional setup or security software and have never had a security issue.

Mark
__________________
www.svreach.com

You do not need a parachute to skydive. You only need a parachute to skydive twice.
colemj is offline  
Old 17-07-2010, 09:13   #7
Senior Cruiser
 
osirissail's Avatar

Cruisers Forum Supporter

Join Date: Feb 2009
Location: A real life Zombie from FL
Boat: Gulfstar 53 - Osiris
Posts: 5,416
Images: 2
Shhh! don't tell anybody, but TaoJones put me onto "AdBlock Plus" Install it into your Mozilla if you are using it and all that stuff is history. Things load faster and don't hang up when Adverts try to load scripts. Don't tell anybody, though, because the forum is paid for by the Advert's.
__________________
osirissail is offline  
Old 17-07-2010, 09:14   #8

Cruisers Forum Supporter

Join Date: Apr 2006
Posts: 12,113
"have never had a security issue." YET. Bear in mind that security issues for the Mac and other UNIX versions are documented and happen regularly, and the major security organizations (including SAN and CERT) say they are no more secure than Windows. The Mac is simply an unpopular computer, compared to the PC, and as such fewer people target attacks looking for it. That does not make it safe, except to say fewer folks are out gunning for you.

Accodring to apple's own support pages:
Java for Mac OS X 10.6 Update 2

"About Java for Mac OS X 10.6 Update 2
Java for Mac OS X 10.6 Update 2 delivers improved compatibility, security, and reliability by updating Java SE 6 to 1.6.0_20."

Would Apple say they released an update that improves security, if there wasn't a security problem to start with?

I've also been "quite" secure on the PC platform, for years, but this time something found a way to get in, through Sun Java I think, despite the fact that I run unusually high security settings.

Getting the unneccessary active technologies off web pages makes us all more secure, on all platforms. Whether they are necessary here (i.e. generating revenue) or not, I don't know.
__________________
hellosailor is offline  
Old 17-07-2010, 09:30   #9
Registered User
 
mintyspilot's Avatar

Join Date: Feb 2010
Location: UK
Posts: 834
Although I run desktop Linux rather than Windows I use Firefox and AdBlock Plus. Being in the software industry I am aghast that ActiveX has not been killed off yet as it is the single biggest route for infecting Windows machines.

There ARE some simple things you can do to minimise your chances of infection.

1) Do not use Internet Explorer (IE). If you must use it, use the latest version. If you can, avoid all Microsoft technologies that utilise ActiveX and that includes MS-Messenger..

2) No browser is totally safe, but FireFox and Opera are "less unsafe" than IE

3) On Firefox, always use an advert blocker. AdBlock Pro is good.

4) Consider using Firefox's "no script" add on as well. This is simple to do

5) Most windows machines automatically run in "Administrator" mode - consider creating a different Windows user who only has "guest" privileges and use that instead. This removes the ability to install software through a "drive-by download". You can use the "standard" user for adding or removing software.

6) If all you use the machine for is email, surfing and writing office documents then consider moving to Linux. Ubuntu is "mac-like" and SUSE or PCLinuxOS are more "Windows-like". Try it on some old kit if you have a spare machine. In general, Linux needs less resources than Windows and will run well on older kit.

Anti-virus and anti-malware programs are typically about 60%-80% effective so something will always get through them no matter what you do. The points above will help you avoid getting infected, but are no guarantee of total success.

On the family PC (running XP) I removed the Internet Explorer icon from the desktop, installed Firefox, replaced Outlook Express with Thunderbird and disabled Messenger. With a few other tweaks it took the girls 4 years to infect the PC.
__________________
Arthur Dent: "I wish I'd listened to what my mother told me when I was younger"
Ford Prefect: "Why? What did she say?"
Arthur: "I don't know - I didn't listen!!"
mintyspilot is offline  
Old 17-07-2010, 09:45   #10

Cruisers Forum Supporter

Join Date: Apr 2006
Posts: 12,113
"4) Consider using Firefox's "no script" add on as well. "
Add-on? Funny thing, MSIE has offered that as an internal security setting for years now.<G> I think since at least v.6. Mine is set to prompt rather than simply disable, so I know a web page is trying to run one.
Until and unless HTML5 can get established as a standard...MSIE really has been the defacto standard since HTML3.2 was obsoleted. Every browser has been different, and even though MSIE is down to something like a 65% market share, it still is the 800# gorilla in the room, which is why I stick to it.

Couple of years ago I was trying to complete a form (related to a background security check with a selected vendor who was providing security services) and got a security warning from MSIE6.x. Their tech support--at a security vendor--said "Oh, that's a known bug in MSIE, just disable the blah blah blah". MSIE is easy to slam, MS hasn't always been a stellar example. But in that case, I was also able to confirm that the error was an invalid security certificate fro the vendor. Who denied it vehemently--but the certificate issuer confirmed it was revoked and invalid. Not an MSIE problem.

MSIE, Windows, never been perfect. But not always the problem. It is indeed quite possible to still put up a web page (in HTML3.2 even) and have everything run just fine--without all the glitz and dangers.

Right now, "this" web page shows some 3400 lines of code when viewed in source mode. At a casual read, I only see Javascript being invoked, but I could easily have missed something else in 3400 lines.
__________________
hellosailor is offline  
Old 17-07-2010, 09:48   #11
Registered User
 
RainDog's Avatar

Join Date: Jun 2009
Location: Varies
Boat: Pacific Seacraft 34 #142
Posts: 1,178
Quote:
Originally Posted by maxingout View Post
Are the Apple computers susceptible to this malware problem?
Yes. All computers (and cell phones) are vulnerable to Mal-ware. Luckily the vendors do a good job of staying ahead of the curve. If you are not regularly installing the latest patches, you are vulnerable.

If you stay up to date with you patches and do not click on questionable links, you should be pretty safe.

Even if you are using a Mac, make sure you are regularly installing the latest security updates.
__________________
RainDog is offline  
Old 17-07-2010, 09:56   #12
Registered User
 
mintyspilot's Avatar

Join Date: Feb 2010
Location: UK
Posts: 834
Quote:
Originally Posted by hellosailor View Post
"4) Consider using Firefox's "no script" add on as well. "
Add-on? Funny thing, MSIE has offered that as an internal security setting for years now.<G>
Firefox gives a lot of options for disabling scripts as internal settings too, but noscript offers an even better option.

Of course, the best security is not to go where the danger is in the first place. Music sharing websites offering "cracked" or illegal downloads are usually rife with "drive-by downloads"

As I pointed out above, the biggest security enhancement in Windows is to use a limited account rather than the Administrator account that 99% of people actually do use. Macs and Linux boxes are "more secure" (note the quotes!!!) because their default is to force the user into a limited account thus removing the ability to install software.
__________________
Arthur Dent: "I wish I'd listened to what my mother told me when I was younger"
Ford Prefect: "Why? What did she say?"
Arthur: "I don't know - I didn't listen!!"
mintyspilot is offline  
Old 17-07-2010, 21:05   #13
Senior Cruiser
 
colemj's Avatar

Cruisers Forum Supporter

Join Date: Oct 2005
Location: Presently on US East Coast
Boat: Manta 40 "Reach"
Posts: 10,043
Images: 12
Quote:
Originally Posted by mintyspilot View Post
Macs and Linux boxes are "more secure" (note the quotes!!!) because their default is to force the user into a limited account thus removing the ability to install software.
This isn't really true. The default account for a user is an administrator account that certainly has the ability to install software, as well as control all aspects of the system. The difference over windows is that software cannot be installed without involving the user in the installation. The user will see, facilitate and agree to any software being installed.

The argument that there isn't any malware for macs because they aren't as popular is silly. There are a lot of mal-writers out there who would love the notoriety and "fame" of getting past that gate. Also, there are 94 million macs out there in use ( Number¬*of¬*MAC¬*Users | Number Of | How Many ). Spammers, malware and bot writers would be nuts to ignore putting these extra processors to work for them and to "market" to this size of a community of spam virgins.
Even if the argument was true, wouldn't that make the mac a better platform for safety, if only because it purposefully isn't targeted as much?

The reality is it is not easy to get malware on unix-based systems. In fact, it is difficult. Even through flash. If linux or macos became the most popular system overnight, malware would dramatically drop - perhaps so much as to be economically unsustainable.

Mark
__________________
www.svreach.com

You do not need a parachute to skydive. You only need a parachute to skydive twice.
colemj is offline  
Old 18-07-2010, 10:49   #14

Cruisers Forum Supporter

Join Date: Apr 2006
Posts: 12,113
"The argument that there isn't any malware for macs because they aren't as popular is silly. "
I think you misread something, Mark. I don't think any of us said that. Macs aren't as popular as PCs, so folks who want to harvest, say, a hundred thousand VISA account numbers will be more successful if they target PCs rather than Macs. And as a result of that--most of the malware authors target PCs. Attacking PCs rather than Macs is simply a better return on their investment (their time).
This is totally valid, and it is the same reason that firemen in major US cities usually drive a "beater" to work. That's a car which runs, and usually runs well, but looks ugly as all sin and no one in their right mind would want to steal one. Park a nice shiny popular car outside a fire house all day--and it gets stolen, because the thieves know there's no one watching it when the fire trucks go out. Thieves ain't all stupid.

As to administrative accounts and user access...I think you folks are ignoring the fact that "Windows" is not an operating system. There are two Windows OSes currently supported, Windows Vista (NT6.0) and Windows7 (NT 6.1) for the non-server market. On both of these there is a new encumbrance called UAC, User Account Control, and setting up the default account as administrator is no longer encouraged or needed.

I know, things are different in XP. Well, that's a ten year old OS now, you might as well compare it to whatever Apple was running a decade ago, before they cut over to Unix with a Mac shell.

REGARDLESS of the OS, internet safety and security is enhanced when active technologies and unknown scripts simply aren't used and don't need to run. And they usually don't need to be used, other than for convenience and glitz. Might as well add ten coats of varnish over the brightwork while we're at it. (Pretty, but high maintenance.)
__________________
hellosailor is offline  
Old 18-07-2010, 11:31   #15
Senior Cruiser

Cruisers Forum Supporter

Join Date: Aug 2009
Location: between the devil and the deep blue sea
Boat: a sailing boat
Posts: 15,391
Quote:
Originally Posted by hellosailor View Post

... And that means the Cruisersforum web pages are generating warning messages now, apparently because they (or the ads on them) are using scripts, or plug-ins, or other usually innocent technologies that can and do sometimes carry malware--even if the webmasters have no idea of it...

... (Java?) scripts and Active-X plugins to run...

... Adobe Flashplayer ...

WHY DO RUN THIS STUFF?

Hi,

I design and run web sites / blogs / etc for cruisers / sailors / travelers and from this perspective I can tell you that:

1) it is not Cruisersforum pages that generate the messages, it is your browser, and your browser is probably wrong,

2) java, javascript, flash, etc., are not malware, unless they are designed to do just that, which is not likely in case of Cruisersforum,

3) the stuff is run to make the best use of the medium (the Internet and the digital word), unless proven otherwise.

With this attitude I can imagine you do not use Google, Gmail, Facebook, Youtube to name a few, as these are truly loaded with the same stuff (java (s), flash, active-X, cookies, php, mysqul, ajax, appache, windows, microsoft, internet, oughaourrrrrrr ;-).

In normal situation (with the firewall up and anti-vir ticking) it is very, very difficult to get any harm.

But I do agree with you that some of Adobe stuff is crap and I would ask every designer or admin to avoid it. Why make pages that demand from the viewer to use a specific commercial extras, if we can get the same effects in a lighter package and for free?

barnie
__________________

__________________
barnakiel is offline  
Closed Thread

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
web page editor bobsadler Navigation 6 19-04-2008 22:48
Want to start a Web page....?! Lesmusic1 General Sailing Forum 8 09-12-2007 21:34
my little web page eolo Meets & Greets 2 14-01-2006 19:50


Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 23:55.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.