On Tue, 21 Oct 2003 03:24:44 -0400, in <alt.privacy.spyware>, jayjwa
<jayjwa@hotspam.microsoftsux.suk> wrote:
>
[snip]
>
> Not that I've heard of. I don't think people sit around looking for ways
> to infect browsers that don't have much malware for them; it's more like
> ly that these people target apps/OS's that people use most, hence most
> malware/viruses/worms are for Windows, with it's IE and Outlook Express.
[snip]

It goes quite beyond that.

Sure, popularity is *one* reason MSIE/OE is a target; but it is hardly the
only -- or even the most determinant -- reason. More importantly,
popularity has nothing whatever to do with why that target actually
_gets_hit_ virtually every time it is aimed at.

The key issue is the fact that MSIE/OE is *inherently* so insecure as to be
laughable. Despite the constant never-ending merry-go-round of patch after
update after patch after update after patch, there are *currently* something
like three dozen known -- and yet UNpatched -- security holes in MSIE/OE
(the situation is *SO* bad that MS themselves announced awhile back that
they were flat-out giving up on OE; tho' of course they didn't admit this
was the reason). *That* is the big reason why so many virii/worms/trojans
and other malware/expoits have targeted it: because they CAN. And that
remains the case independant of popularity.

Now, there is nothing new about this -- Windows in general, and MSIE in
particular, have been *known* to constitute (as the OP quite accurately put
it) "an open invitation to every purveyor of scumware, spyware, hijackers,
etc." for a l-o-o-o-o-n-g time. Which is why I don't understand why so many
folks (including quite a few on this supposedly "security concuious" NG)
*still* seem to be in a persistent state of denial about that. It's a
simple fact: Any system with MSIE installed on it *cannot* be made even
semi-secure, no matter how many after-the-fact band-aids are applied. So it
follows that removing MSIE should be *the* first step in securing any
WinBox. Yet, many folks continue to deny the obvious and try to "reinvent
the wheel" by creating convoluted work-arounds (often in the form of yet
more parasitic always-running add-on utilities), instead of fixing the
underlying problem once and for all. That just doesn't make sense to me.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -