[extropy-chat] Privacy, Security?? Don't make me laugh.

Hal Finney hal at finney.org
Wed Nov 24 18:57:09 UTC 2004


An article on slashdot this morning offers an interesting perspective:
http://yro.slashdot.org/article.pl?sid=04/11/24/182221 points to
http://www.benedelman.org/news/111804-1.html which describes how visiting
a single website, xpire.info (slash) fa?d=get, using Internet Explorer on
an unpatched Windows XP system led to multiple infections on his system.

On the other hand, if he used the latest version of Windows XP, which
is Service Pack 2 (SP2), he was immune.

So we have two lessons here: first, that it is indeed easy to get infected
by visiting the wrong sites.  This .info site was a risk, and the article
I point to below, a review of spyware removers, describes a number of
other sites where "drive-by-infections" are rampant.

But second, if you let your Windows XP system auto-update itself like
it wants to, things are getting better.  The latest security patches
are closing the holes.

It's also worth noting that a small but growing number of people are
switching to Firefox, http://www.getfirefox.com , for their web browser
in preference to Internet Explorer.  FF is (so far) much more immune to
these kinds of attacks.

In many cases, spyware is getting installed by the user downloading
popular software, like file sharing software.  Many of these packages
install spyware.  It's not as bad as a virus but it may pop up some ads
and slow down your machine.  Here is a review of anti-spyware software
from yesterday: http://spywarewarrior.com/asw-test-guide.htm .  It notes
that just installing Grokster, a P2P file sharing application, added 15
adware and spyware programs.

I am more optimistic about security.  My view is that we (the pro-security
forces) have only begun to fight.  SP2 shows that Windows can become
genuinely more secure.  Open source alternatives are agile and responsive
to security threats.

Security, like spam, has only become a major issue for individual users
in the last couple of years.  It takes a while for the net community to
respond, just as it takes a while for the body's immune system to respond
to an infection.  But eventually I believe we will see an effective and
indeed overwhelming response from security technology, and the result
will be a far more secure networking infrastructure.

Hal



More information about the extropy-chat mailing list