My belief is that this is not possible, but there are many extremely knowledgeable people participating on this list and I would like to know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully updated. Browser is Mozilla Firefox v.3.0.7.
I believe both times this happened, once yesterday and once today, I was surfing on the web site of my favorite singer/musical group; or in the forum, which is a highly restricted area. Today when it happened, I believe I was looking at a video coming from YouTube.com
I contacted the webmaster, someone I communicate with frequently, thinking that something on one or more of his web pages is infected, but he wrote back, thinking that my box (dual boot MS Windows XP and CentOS on the same hard drive) is infected by this malware and that his web site is clean. Below is part of the description he sent me in an email. I have seen the pop ups, a request to install Install-2006-60.exe which I declined...., etc. Comes from http://antispywarepcscanner.com Is there any way the Firefox web browser could have been corrupted by this, while using CentOS Linux? TIA! Lanny
16.04.2009 | Malware Type: Browser Hijackers
Malware Description: Antispywarepcscanner.com appears to be another web pimp of the hazardous fake anti-spyware tool called Personal Antivirus. Do not get flattered by the seemingly decent-looking and pleasant design of Antispywarepcscanner.com website; the fact that it pushes rogue anti-spyware automatically makes this domain a fraudulent one. Besides, Antispywarepcscanner.com may act as an obsessive browser-hijacker that redirects your web-surfing to its URL without the slightest hint of your approval. The forced diverts to Antispywarepcscanner.com are explainable by the fact that these redirections are preceded by the intrusion of Zlob trojans that obscurely trespass on your PC and forcedly modify browser settings. When you hit Antispywarepcscanner.com, you will see either the misleading advertising of Personal Antivirus scareware, or witness the deceptive online scan performed by the above-mentioned rogue utility. No matter what tricks the fraudsters prepared for you on Antispywarepcscanner.com, do not believe a single thing you see on that site. The advertising misinformation praising Personal Antivirus is totally deceptive and ought to be ignored. The worst thing about Antispywarepcscanner.com is that you will keep getting redirected there until you do something about the malicious activity of the corresponding hijacker on your computer. So, you first and the most reasonable step should be Antispywarepcscanner.com hijacker removal. After that, you are strongly recommended to check your system for additional malware with the aid of a trustworthy automatic removal tool
Lanny Marcus lmmailinglists@gmail.com wrote:
the forum, which is a highly restricted area. Today when it happened,
what exactly is *it*?
Install-2006-60.exe which I declined...., etc. Comes from http://antispywarepcscanner.com Is there any way the Firefox web browser could have been corrupted by this, while using CentOS Linux?
no.
On Thu, Apr 16, 2009 at 10:18 PM, Spiro Harvey spiro@knossos.net.nz wrote:
Lanny Marcus lmmailinglists@gmail.com wrote:
the forum, which is a highly restricted area. Today when it happened,
what exactly is *it*?
Spiro: When I saw the pop ups, their file waiting for me to click, to OK it for download, etc.
Install-2006-60.exe which I declined...., etc. Comes from http://antispywarepcscanner.com Is there any way the Firefox web browser could have been corrupted by this, while using CentOS Linux?
no.
Thanks! Lanny
Lanny Marcus wrote:
My belief is that this is not possible, but there are many extremely knowledgeable people participating on this list and I would like to know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully updated. Browser is Mozilla Firefox v.3.0.7.
I believe both times this happened, once yesterday and once today, I was surfing on the web site of my favorite singer/musical group; or in the forum, which is a highly restricted area. Today when it happened, I believe I was looking at a video coming from YouTube.com
I contacted the webmaster, someone I communicate with frequently, thinking that something on one or more of his web pages is infected, but he wrote back, thinking that my box (dual boot MS Windows XP and CentOS on the same hard drive) is infected by this malware and that his web site is clean. Below is part of the description he sent me in an email. I have seen the pop ups, a request to install Install-2006-60.exe which I declined...., etc. Comes from http://antispywarepcscanner.com Is there any way the Firefox web browser could have been corrupted by this, while using CentOS Linux? TIA! Lanny
My experience is that when browsing on any OS and you come across an error message stating that your computer is infected and you need to install such and such software, the web site I was visiting has an XSS exploit that was taken advantage of to try and get you to manually install a piece of malware.
Install the FireFox extension "noscript" and be very careful about what domains you authorize scripting from.
The fact that an XSS attack was able to give you a phony message means the same site could have XSS that reads your cookie and steals your session ID.
Noscript reduces the odds of such attacks being succesful.
On Thu, Apr 16, 2009 at 9:14 PM, Michael A. Peters mpeters@mac.com wrote:
Install the FireFox extension "noscript" and be very careful about what domains you authorize scripting from.
Is there such a thing for Seamonkey, or is this not required? (Or is this a "check with Mozilla" question?)
Thanks.
mhr
From: MHR mhullrich@gmail.com
Install the FireFox extension "noscript" and be very careful about what domains you authorize scripting from.
Is there such a thing for Seamonkey, or is this not required? (Or is this a "check with Mozilla" question?)
http://lmgtfy.com/?q=seamonkey+noscript+plugin&l=1 ;P
JD
On Fri, Apr 17, 2009 at 8:57 AM, John Doe jdmls@yahoo.com wrote:
I am properly chastised - mea culpa....
Ccrow >>> Crow >>> Cow >>> Cw >>> C (gulp)
mhr
On Thu, 2009-04-16 at 21:14 -0700, Michael A. Peters wrote:
Lanny Marcus wrote:
My belief is that this is not possible, but there are many extremely knowledgeable people participating on this list and I would like to know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully updated. Browser is Mozilla Firefox v.3.0.7.
I believe both times this happened, once yesterday and once today, I was surfing on the web site of my favorite singer/musical group; or in the forum, which is a highly restricted area. Today when it happened, I believe I was looking at a video coming from YouTube.com
I contacted the webmaster, someone I communicate with frequently, thinking that something on one or more of his web pages is infected, but he wrote back, thinking that my box (dual boot MS Windows XP and CentOS on the same hard drive) is infected by this malware and that his web site is clean. Below is part of the description he sent me in an email. I have seen the pop ups, a request to install Install-2006-60.exe which I declined...., etc. Comes from http://antispywarepcscanner.com Is there any way the Firefox web browser could have been corrupted by this, while using CentOS Linux? TIA! Lanny
My experience is that when browsing on any OS and you come across an error message stating that your computer is infected and you need to install such and such software, the web site I was visiting has an XSS exploit that was taken advantage of to try and get you to manually install a piece of malware.
Install the FireFox extension "noscript" and be very careful about what domains you authorize scripting from.
The fact that an XSS attack was able to give you a phony message means the same site could have XSS that reads your cookie and steals your session ID.
Noscript reduces the odds of such attacks being succesful.
--- If it makes you feel any safer I will go there and down load it on my CentOS Desktop! BUT! If your running WINE Then that is another storie I would NOT.
JohnStanley
On Fri, Apr 17, 2009 at 10:23 AM, JohnS jses27@gmail.com wrote:
On Thu, 2009-04-16 at 21:14 -0700, Michael A. Peters wrote:
<snip>
If it makes you feel any safer I will go there and down load it on my CentOS Desktop! BUT! If your running WINE Then that is another storie I would NOT.
No WINE here. I run Firefox under CentOS. I do have something from Google, Picasa, that includes a version of WINE, but that is custom for Picasa and limited to Picasa.
On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters@mac.com wrote:
Lanny Marcus wrote:
<snip>
My experience is that when browsing on any OS and you come across an error message stating that your computer is infected and you need to install such and such software, the web site I was visiting has an XSS exploit that was taken advantage of to try and get you to manually install a piece of malware.
Install the FireFox extension "noscript" and be very careful about what domains you authorize scripting from.
The fact that an XSS attack was able to give you a phony message means the same site could have XSS that reads your cookie and steals your session ID.
Noscript reduces the odds of such attacks being succesful.
Michael: Thank you for the above explanation. I am going to copy it and email it to the webmaster of that web site. Once, about 4-6 months ago, there was a warning from Google (?), about it being an Attack site, and he eliminated whatever was causing that. This time, no warnings, but certainly something out there. I will get the "noscript" extension for Firefox. Lanny
On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters@mac.com wrote:
Lanny Marcus wrote:
<snip> > My experience is that when browsing on any OS and you come across an > error message stating that your computer is infected and you need to > install such and such software, the web site I was visiting has an XSS > exploit that was taken advantage of to try and get you to manually > install a piece of malware. > > Install the FireFox extension "noscript" and be very careful about what > domains you authorize scripting from. > > The fact that an XSS attack was able to give you a phony message means > the same site could have XSS that reads your cookie and steals your > session ID. > > Noscript reduces the odds of such attacks being succesful.
Michael: Thank you for the above explanation. I am going to copy it and email it to the webmaster of that web site. Once, about 4-6 months ago, there was a warning from Google (?), about it being an Attack site, and he eliminated whatever was causing that. This time, no warnings, but certainly something out there. I will get the "noscript" extension for Firefox. Lanny
You might want to also check your preferences. FF has settings about warning about fraud sites etc. You also can affect the things that javascripts can do and suppress pop-ups. I've encountered those things that you mentioned and gotten no ill-effects since I just leave the site immediately.
<snip sig stuff>
On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby CentOS4Bill@triad.rr.com wrote:
On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters@mac.com wrote:
<snip> > My experience is that when browsing on any OS and you come across an > error message stating that your computer is infected and you need to > install such and such software, the web site I was visiting has an XSS > exploit that was taken advantage of to try and get you to manually > install a piece of malware. > > Install the FireFox extension "noscript" and be very careful about what > domains you authorize scripting from.
I now have NoScript installed.
<snip>
You might want to also check your preferences. FF has settings about warning about fraud sites etc. You also can affect the things that javascripts can do and suppress pop-ups. I've encountered those things that you mentioned and gotten no ill-effects since I just leave the site immediately.
Bill: I will double check the Firefox configuration settings, since I upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able to visit that web site, so if anything bad is coming from it (without the knowledge of the webmaster) I will hopefully avoid it, with the NoScript Firefox extension which I just installed. Lanny
on 4-17-2009 9:33 AM Lanny Marcus spake the following:
On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby CentOS4Bill@triad.rr.com wrote:
On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters-ee4meeAH724@public.gmane.org wrote:
<snip> > My experience is that when browsing on any OS and you come across an > error message stating that your computer is infected and you need to > install such and such software, the web site I was visiting has an XSS > exploit that was taken advantage of to try and get you to manually > install a piece of malware. > > Install the FireFox extension "noscript" and be very careful about what > domains you authorize scripting from.
I now have NoScript installed.
<snip> > You might want to also check your preferences. FF has settings about > warning about fraud sites etc. You also can affect the things that > javascripts can do and suppress pop-ups. I've encountered those things > that you mentioned and gotten no ill-effects since I just leave the site > immediately.
Bill: I will double check the Firefox configuration settings, since I upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able to visit that web site, so if anything bad is coming from it (without the knowledge of the webmaster) I will hopefully avoid it, with the NoScript Firefox extension which I just installed. Lanny
Noscript will give you an idea of just how many sites run a script of some kind. You will see a large part of sites just look different when the scripts don't run, and some don't function at all. Not that it is a bad thing, it will just make you think a lot.
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssilva@sgvwater.com wrote:
on 4-17-2009 9:33 AM Lanny Marcus spake the following:
On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby CentOS4Bill@triad.rr.com wrote:
On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters-ee4meeAH724@public.gmane.org wrote:
<snip> > My experience is that when browsing on any OS and you come across an > error message stating that your computer is infected and you need to > install such and such software, the web site I was visiting has an XSS > exploit that was taken advantage of to try and get you to manually > install a piece of malware. > > Install the FireFox extension "noscript" and be very careful about what > domains you authorize scripting from.
I now have NoScript installed.
<snip> > You might want to also check your preferences. FF has settings about > warning about fraud sites etc. You also can affect the things that > javascripts can do and suppress pop-ups. I've encountered those things > that you mentioned and gotten no ill-effects since I just leave the site > immediately.
Bill: I will double check the Firefox configuration settings, since I upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able to visit that web site, so if anything bad is coming from it (without the knowledge of the webmaster) I will hopefully avoid it, with the NoScript Firefox extension which I just installed. Lanny
Noscript will give you an idea of just how many sites run a script of some kind. You will see a large part of sites just look different when the scripts don't run, and some don't function at all. Not that it is a bad thing, it will just make you think a lot.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Remember the NeXT step days (for me, mid 90's) when a single executable binary file contained both intel and PowerPC/Motorola code. When clicked, it would execute the intel code on the intel platform and the PowerPC/Motorola code on the PowerPC/Motorola platform. I think it would be cool to have Portable App executables that run under both Linux and Windows because life would be easier, but the security problem would be too much of a downside -- a single binary that roots both Linux and Windows.
It is easy to write an executable binary for Linux that ends in .exe - so that is don't think that is any protection at all.
Clicking "Cancel" on these dialogs or X could still launch the executable - safest thing to do would be to kill firefox.
Further recommend NoScript and SiteAdvisor simultaneously. Recommend against wine and even more so against the Internet Explorer whatchamacallit for Firefox including on wine.
On Fri, Apr 17, 2009 at 2:07 PM, Rob Townley rob.townley@gmail.com wrote: <snip>
Remember the NeXT step days (for me, mid 90's) when a single executable binary file contained both intel and PowerPC/Motorola code. When clicked, it would execute the intel code on the intel platform and the PowerPC/Motorola code on the PowerPC/Motorola platform. I think it would be cool to have Portable App executables that run under both Linux and Windows because life would be easier, but the security problem would be too much of a downside -- a single binary that roots both Linux and Windows.
Probably all of the malware that's common today is targeted against Windows, so that puts those of us using Linux in a better situation. If Linux becomes more common on the Desktop, some of the bad ones will try to have code that can attack Windows or Linux boxes, as you described above. I rarely use Windows and only for 2 or 3 applications.
It is easy to write an executable binary for Linux that ends in .exe - so that is don't think that is any protection at all.
Clicking "Cancel" on these dialogs or X could still launch the executable - safest thing to do would be to kill firefox.
Hmmm. I did click "Cancel" or on the "X" in the corner, to close the dialog boxes. If I see that happening again, now that NoScripts is running, I will kill Firefox.
Further recommend NoScript and SiteAdvisor simultaneously. Recommend against wine and even more so against the Internet Explorer whatchamacallit for Firefox including on wine.
Will checkout "SiteAdvisor". Very rare that we use IE here, even on Windows. Very little trust in IE.. We are Firefox users and have the new Google Chrome browser installed on one or 2 desktops.
At Fri, 17 Apr 2009 14:07:31 -0500 CentOS mailing list centos@centos.org wrote:
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssilva@sgvwater.com wrote:
on 4-17-2009 9:33 AM Lanny Marcus spake the following:
On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby CentOS4Bill@triad.rr.com wrote:
On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters-ee4meeAH724@public.gmane.org wrote:
<snip> > My experience is that when browsing on any OS and you come across an > error message stating that your computer is infected and you need to > install such and such software, the web site I was visiting has an XSS > exploit that was taken advantage of to try and get you to manually > install a piece of malware. > > Install the FireFox extension "noscript" and be very careful about what > domains you authorize scripting from.
I now have NoScript installed.
<snip> > You might want to also check your preferences. FF has settings about > warning about fraud sites etc. You also can affect the things that > javascripts can do and suppress pop-ups. I've encountered those things > that you mentioned and gotten no ill-effects since I just leave the site > immediately.
Bill: I will double check the Firefox configuration settings, since I upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able to visit that web site, so if anything bad is coming from it (without the knowledge of the webmaster) I will hopefully avoid it, with the NoScript Firefox extension which I just installed. Lanny
Noscript will give you an idea of just how many sites run a script of some kind. You will see a large part of sites just look different when the scripts don't run, and some don't function at all. Not that it is a bad thing, it will just make you think a lot.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Remember the NeXT step days (for me, mid 90's) when a single executable binary file contained both intel and PowerPC/Motorola code. When clicked, it would execute the intel code on the intel platform and the PowerPC/Motorola code on the PowerPC/Motorola platform. I think it would be cool to have Portable App executables that run under both Linux and Windows because life would be easier, but the security problem would be too much of a downside -- a single binary that roots both Linux and Windows.
There is something called a StarKit that can be used to encapsulate Tcl/Tk programs. The StarKit can be treated as an executable that will run on any machine with a suitable Tclkit installed. It is also possible to combine the Tclkit with the StarKit, creating a StarPack, which is a self-contained executable.
It is easy to write an executable binary for Linux that ends in .exe - so that is don't think that is any protection at all.
Linux does not care about file *names*. A file is executable if its x bit is set AND it is recognized as an executable. That is one of:
1) file with the magic 'ELF' header (the # bits, bit order, and arch have to match what your kernel can deal with) 2) a Java jar file (if you have Java installed and configured for this usage) 3) a MS-Windows executable (if you have Wine installed AND the path is somewhere that maps to a MS-Windows drive AND Wine is configured for this usage) 4) an ASCII file with a '#!' as its first line and the path there names an executable file.
MacOSX also supports 'universal binaries' (binaries that run on Intel or PowerPC processors).
Clicking "Cancel" on these dialogs or X could still launch the executable - safest thing to do would be to kill firefox.
Further recommend NoScript and SiteAdvisor simultaneously. Recommend against wine and even more so against the Internet Explorer whatchamacallit for Firefox including on wine. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, Apr 17, 2009 at 2:30 PM, Robert Heller heller@deepsoft.com wrote:
At Fri, 17 Apr 2009 14:07:31 -0500 CentOS mailing list centos@centos.org wrote:
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssilva@sgvwater.com wrote:
on 4-17-2009 9:33 AM Lanny Marcus spake the following:
On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby CentOS4Bill@triad.rr.com wrote:
On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters-ee4meeAH724@public.gmane.org wrote:
<snip> > My experience is that when browsing on any OS and you come across an > error message stating that your computer is infected and you need to > install such and such software, the web site I was visiting has an XSS > exploit that was taken advantage of to try and get you to manually > install a piece of malware. > > Install the FireFox extension "noscript" and be very careful about what > domains you authorize scripting from.
I now have NoScript installed.
<snip> > You might want to also check your preferences. FF has settings about > warning about fraud sites etc. You also can affect the things that > javascripts can do and suppress pop-ups. I've encountered those things > that you mentioned and gotten no ill-effects since I just leave the site > immediately.
Bill: I will double check the Firefox configuration settings, since I upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able to visit that web site, so if anything bad is coming from it (without the knowledge of the webmaster) I will hopefully avoid it, with the NoScript Firefox extension which I just installed. Lanny
Noscript will give you an idea of just how many sites run a script of some kind. You will see a large part of sites just look different when the scripts don't run, and some don't function at all. Not that it is a bad thing, it will just make you think a lot.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Remember the NeXT step days (for me, mid 90's) when a single executable binary file contained both intel and PowerPC/Motorola code. When clicked, it would execute the intel code on the intel platform and the PowerPC/Motorola code on the PowerPC/Motorola platform. I think it would be cool to have Portable App executables that run under both Linux and Windows because life would be easier, but the security problem would be too much of a downside -- a single binary that roots both Linux and Windows.
There is something called a StarKit that can be used to encapsulate Tcl/Tk programs. The StarKit can be treated as an executable that will run on any machine with a suitable Tclkit installed. It is also possible to combine the Tclkit with the StarKit, creating a StarPack, which is a self-contained executable.
It is easy to write an executable binary for Linux that ends in .exe - so that is don't think that is any protection at all.
Linux does not care about file *names*. A file is executable if its x bit is set AND it is recognized as an executable. That is one of:
- file with the magic 'ELF' header (the # bits, bit order, and arch
have to match what your kernel can deal with) 2) a Java jar file (if you have Java installed and configured for this usage) 3) a MS-Windows executable (if you have Wine installed AND the path is somewhere that maps to a MS-Windows drive AND Wine is configured for this usage) 4) an ASCII file with a '#!' as its first line and the path there names an executable file.
MacOSX also supports 'universal binaries' (binaries that run on Intel or PowerPC processors).
Clicking "Cancel" on these dialogs or X could still launch the executable - safest thing to do would be to kill firefox.
Further recommend NoScript and SiteAdvisor simultaneously. Recommend against wine and even more so against the Internet Explorer whatchamacallit for Firefox including on wine. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows heller@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Robert Heller, excellent post!
Robert Heller a écrit :
[snip]
Linux does not care about file *names*.
indeed Linux does not. but desktop managers do. That said, *.exe attacks should only affect systems running Wine.
[snip]
At Sun, 19 Apr 2009 15:07:05 +0200 CentOS mailing list centos@centos.org wrote:
Robert Heller a écrit :
[snip]
Linux does not care about file *names*.
indeed Linux does not. but desktop managers do. That said, *.exe attacks
Are you sure? I would think that *Linux*-based desktop managers would do something 'smart' like use the results of file (specificly 'file -i ..') rather than depend on the file name itself. I know that since MS-Windows lacks anything like the file command (as part of the native O/S install), it uses the file extension as a 'type'.
should only affect systems running Wine.
[snip]
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Robert Heller a écrit :
At Sun, 19 Apr 2009 15:07:05 +0200 CentOS mailing list centos@centos.org wrote:
Robert Heller a écrit :
[snip]
Linux does not care about file *names*.
indeed Linux does not. but desktop managers do. That said, *.exe attacks
Are you sure? I would think that *Linux*-based desktop managers would do something 'smart' like use the results of file (specificly 'file -i ..') rather than depend on the file name itself.
I just tried: renaming a .mp3 to a .gif and double clicking. I get an error saying something like "bad gif file"...
The problem with the "file type" is that users don't see it. when I click to open a file, I somewhat "trust" the extension. If I open foo.png, it's because I want top open an image, not to run latex or make.
maybe the solution would be to check that the extension matches the file type and if not warn the user.
I know that since MS-Windows lacks anything like the file command (as part of the native O/S install), it uses the file extension as a 'type'.
While that was inherited from DOS, the fact that windows took the "it's all about clicking" way, they didn't have much choice. and it gets annoying anyway:
- when I double click on a ".pl", do I want to run perl or do I want to edit the file?
- sometimes, when you remove an application (on windows xp), the system can no more find the "most appropriate" application (even if you have many apps that would be ok).
- many applications have a tendency to "steal" a lot of extensions. under windows, I never let such an app to register any association!
...
At Sun, 19 Apr 2009 20:06:43 +0200 CentOS mailing list centos@centos.org wrote:
Robert Heller a écrit :
At Sun, 19 Apr 2009 15:07:05 +0200 CentOS mailing list centos@centos.org wrote:
Robert Heller a écrit :
[snip]
Linux does not care about file *names*.
indeed Linux does not. but desktop managers do. That said, *.exe attacks
Are you sure? I would think that *Linux*-based desktop managers would do something 'smart' like use the results of file (specificly 'file -i ..') rather than depend on the file name itself.
I just tried: renaming a .mp3 to a .gif and double clicking. I get an error saying something like "bad gif file"...
I'd consider that a 'bug' with the desktop manager (if I were to use such as thing -- I don't/won't).
The problem with the "file type" is that users don't see it. when I click to open a file, I somewhat "trust" the extension. If I open foo.png, it's because I want top open an image, not to run latex or make.
Many naive users save their images or document as 'my image' and don't explicitly add an extension. (Under MS-Windows the O/S or application sticks an extension on and never displays it -- a really *bad* thing that is commonly exploited by E-Mail virus writers ala foo.jpeg.exe.) MacOS(X) lets users save any sort of file with any sort of name and makes no attempt to add or enforce file name extension conventions. Old school UNIX users add extensions mostly by convention and for convience. Only compiler execs (eg gcc) and the like pay any attention to the extensions most of the time.
maybe the solution would be to check that the extension matches the file type and if not warn the user.
The *original* desktop manager / GUI O/S, MacOS, uses a special file (finder info) to save the application code of the application (4 [text] bytes, one long word) and the file 'type' (also 4 [text] bytes, one long word) whenever a file was created. The 'finder info' was part of the file system 'meta data'. The file 'name' (with or without any 'extension') was NEVER used to determine how to deal with the file. I believe MacOSX still does something similar (I don't know if MacOSX uses file system 'meta data' or if MacOSX uses the file utility (or something like the file utility).
I know that since MS-Windows lacks anything like the file command (as part of the native O/S install), it uses the file extension as a 'type'.
While that was inherited from DOS, the fact that windows took the "it's all about clicking" way, they didn't have much choice. and it gets annoying anyway:
Not really inherited from DOS, since DOS (like CP/M) did not really do anything *itself* with file extensions (other than having a directory structure that stored file names as a pair of fixed-length text strings (ala struct {char name[8]; char ext[3];}).
- when I double click on a ".pl", do I want to run perl or do I want to
edit the file?
Under the MacOS 'way' clicking on it would be to run perl. I believe something like Apple-Click (or shift or ctrl)-click would pop up a menu of possible applications to open with, based on the *type*, which would include a text editor (since a perl script would be of type TEXT, with an app code of something like PERL).
- sometimes, when you remove an application (on windows xp), the system
can no more find the "most appropriate" application (even if you have many apps that would be ok).
- many applications have a tendency to "steal" a lot of extensions.
under windows, I never let such an app to register any association!
...
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssilva@sgvwater.com wrote: <snip>
Noscript will give you an idea of just how many sites run a script of some kind. You will see a large part of sites just look different when the scripts don't run, and some don't function at all. Not that it is a bad thing, it will just make you think a lot.
Yes. Based on very limited surfing, after installing NoScript, I can see how many Scripts there are and how few NoScript lets through, with it's default settings. Hoping to install it on my daughters box, without her screaming, but my assumption is that it is going to catch a lot of things, on the game sites she frequents
Lanny Marcus wrote:
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssilva@sgvwater.com wrote:
<snip> > Noscript will give you an idea of just how many sites run a script of some > kind. You will see a large part of sites just look different when the scripts > don't run, and some don't function at all. Not that it is a bad thing, it will > just make you think a lot.
Yes. Based on very limited surfing, after installing NoScript, I can see how many Scripts there are and how few NoScript lets through, with it's default settings. Hoping to install it on my daughters box, without her screaming, but my assumption is that it is going to catch a lot of things, on the game sites she frequents
My problem with NoScript is that there is virtually no site that I visit that does not require scripting to function properly. The net result is an almost knee-jerk reaction to click on "Allow all this page", which of course negates the protection. I do get protection from scripting attacks on random pages that I visit from links in email messages and the like, but for most any page that I deliberately navigate to, heck, I wanted to see the page, so I'll probably allow scripting if asked. Since scripting is so ubiquitous, the alternative is to restrict my web browsing to a few familiar sites where I believe scripting is safe, and I really don't need NoScript to do that.
In addition, while shopping on the net I'll sometimes have NoScript block a page for which I've been warned, "Do not use your browser's 'Back' button or reload the page or you may be double-billed." That leaves me stuck! If I tell NoScript to allow the scripting, it will reload the page. If I don't, I'm not going to get confirmation that my transaction was accepted, and I'll just have to hope it went through.
And then there's the little problem of sites that detect that scripting is blocked and redirect you to a page that informs you that scripting is required. Now even the "Allow all this page" is useless because the current page doesn't use any scripting, and the only solution is to disable NoScript entirely and try again.
I've once again enabled NoScript. I'll see how long I can live with it this time.
On Fri, Apr 17, 2009 at 6:44 PM, Robert Nichols rnicholsNOSPAM@comcast.net wrote: <snip>
My problem with NoScript is that there is virtually no site that I visit that does not require scripting to function properly. The net result is an almost knee-jerk reaction to click on "Allow all this page", which of course negates the protection.
Based on my very limited use of NoScript this afternoon, I suspect there are very few, if any sites, where NoScript does not flag some things. FoxNews, Gmail, LinkShare and the site of my favorite singer are all run by reputable people. Their sites probably can get something bad. Imagine sites which are not run by reputable people. Navigating with NoScript will be a little slower, but I will try to avoid clicking on "Allow all this page", unless there is some bad effect such as you described on e commerce sites that could result in you getting double billed or your transaction not completing properly. <snip>
Lanny Marcus wrote:
On Fri, Apr 17, 2009 at 6:44 PM, Robert Nichols rnicholsNOSPAM@comcast.net wrote:
<snip> > My problem with NoScript is that there is virtually no site that I visit > that does not require scripting to function properly.
I think there is a mis-understanding of how noscript works.
By default it blocks ALL scripts. Click on the little noscript icon on bottom right corner of firefox to whitelist a host.
Once whitelisted - any scripts (with very few exceptions - scripts that explicitly look like exploits) served from that host will be allowed.
Most sites serve scripts from numerous different hosts - but usually you only have to whitelist the host you are visiting, as most scripts served from other hosts are advertisement scripts.
XSS usually involves a script served from another domain called in the page you are viewing, so noscript is extremely effective at blocking them.
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssilva@sgvwater.com wrote: <snip>
Noscript will give you an idea of just how many sites run a script of some kind. You will see a large part of sites just look different when the scripts don't run, and some don't function at all. Not that it is a bad thing, it will just make you think a lot.
Yes, it has made me think about the scripts on the web sites we visit. I am probably the most conservative surfer in the house. The 4 sites I visit the most are all very reputable. They all have a lot of stuff which is flagged by NoScript. The site which prompted this thread has a bunch of embedded youtube videos on the home page and a lot is flagged by NoScript there. Even the ADSL Modem was flagged by NoScript. The static home page of our web site, created with MS FrontPage 2000 (I hope someday I can do it with Kompozer on Linux and get it to look like that!) has 6 scripts flagged by NoScript. Eyes opened to a new (for me) problem.... Thanks to everyone who contributed to this thread!
Lanny Marcus wrote:
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssilva@sgvwater.com wrote:
<snip> > Noscript will give you an idea of just how many sites run a script of some > kind. You will see a large part of sites just look different when the scripts > don't run, and some don't function at all. Not that it is a bad thing, it will > just make you think a lot.
Yes, it has made me think about the scripts on the web sites we visit. I am probably the most conservative surfer in the house. The 4 sites I visit the most are all very reputable. They all have a lot of stuff which is flagged by NoScript. The site which prompted this thread has a bunch of embedded youtube videos on the home page and a lot is flagged by NoScript there.
I whitelist my router, youtube, etc. and the domains for forums I visit.
I sometimes disable noscript when making purchases because some vendors, upon checkout, send you to a different domain for CC processing - and sometimes the lack of script screws that up (which is stupid, JavaScript should NEVER be required for CC processing - but alas, often it is - some web devs think they have to do everything under the sun with Ajax even when a virtually static page would be just as good).
That's the beauty of noscript - you can permanently whitelist a domain, temporarily whitelist a domain, temporarily whitelist all domains on a page, etc.
facebook is a real pita - I've bitterly complained to them and asked them to use only one or two servers for script serving but they won't fix it, so I rarely use my facebook.
On Sat, Apr 18, 2009 at 12:46 AM, Michael A. Peters mpeters@mac.com wrote: <snip>
I whitelist my router, youtube, etc. and the domains for forums I visit.
I am beginning to do that. And hopefully nothing whitelisted will have the ability to attack....
I sometimes disable noscript when making purchases because some vendors, upon checkout, send you to a different domain for CC processing - and
Sounds like a good idea, to prevent double billing or the transaction not completing.
facebook is a real pita - I've bitterly complained to them and asked them to use only one or two servers for script serving but they won't fix it, so I rarely use my facebook.
I am not on Facebook but I found one site a few minutes ago that I use for web mail that I couldn't even get to the login page without allowing it in NoScript.
I rarely use MS Windows, but the next time I do, I will install NoScript for Firefox on Windows. It's a winner.
-
John Doe -
JohnS -
Lanny Marcus -
MHR -
Michael A. Peters -
mouss -
Rob Townley -
Robert Heller -
Robert Nichols -
Scott Silva -
Spiro Harvey -
William L. Maltby