Date: Tue, 03 Jan 2006 17:48:02 -0500 To: WSFA members <WSFAlist at keithlynch.net> From: Elspeth Kovar <EKovar at worldnet.att.net> Subject: [WSFA] Re: Crash, thud Reply-To: WSFA members <WSFAlist at KeithLynch.net> You seem to have missed the implication of the eclipses in >And please, no comments "Gosh, you should switch to FricFrac Operating >system..." although Michael could have put 'or' before them to make it obvious. But even if you missed it, waiting until I was back online and could say what happened would make sense. I'm going to assume that you'd gone from Michael's initial "Elspeth's computer suffered . . . " directly into generalities. But as it was that email to which you were responding I need to answer what you were, in effect, saying about me as well as anyone who doesn't have your command of the subject. Look: Most of the general public are not computer experts, they are people who use computers. Some have an IT department to lean on, which may be a good one or bad. Some people are professional or amateur mechanics, most of the rest just use their cars. And, as with computers, if there's a recall on one of the parts or some such, there's a good chance that they won't know about it. But it's much easier to find a good mechanic and take your car in for general maintenance than to do the same with a personal computer. I use a gas oven and, since they're really very basic, I can generally figure out what's wrong but when I couldn't I called maintenance; turned out that it needed a new part. (Okay, the first time I called was several years ago because I smelled gas. Although technically I knew what was wrong because they'd just installed a new one downstairs and obviously had connected it wrong or hadn't connected it at all it wasn't something I was going to mess with.) And so forth. I'm not going to get into a discussion about all the things that people should know, that if they don't this or that they're idiots or insane, etc. -- it's not worth our time. But very, very few people can make an in-depth study of everything: that's why as a species we specialize. E. At 12:36 PM 1/3/2006, Mike B. wrote: >At 1/3/2006 12:11 PM, Michael Walsh wrote: > > > >Or at the very least disable all the "'screw me' features" of the one > > >you are using...such as ActiveX, just to name one. > > > >I gathered this happened when using Firefox (yeah, I know it's a > >browser not an OS...) > >ActiveX isn't the only vulnerable route into a Windows system...it's just a >really obvious one (ActiveX basically downloads and runs programs, and has >essentially NO protection for the user...whatever the ActiveX component >author chose to do gets done...using ActiveX on the public internet is >*insane*. It *might* be excusable on an isolated intranet, but there are >generally safer ways to accomplish the same goals even there. > >At least Firefox has AdBlock, so you can avoid the 3rd party ad route for >the WMF exploit. AdBlock only works when you block the ad, not all by itself. When doing so you can sometimes can use an asterisk to cover a lot of stuff, perhaps even 3%. You keep adding things that you can block as generalities, they keep adding ads. I know perfectly well what ActiveX is and what it does. I've disabled it on Firefox. I've also disabled all of what you refer to as "screw me" features. [I do have ActiveX on Internet Explorer because you have to to get updates from Microsoft but updates are absolutely the *only* thing I use Explorer for. Except for once or twice I even know which programs use it when you want to check something in the manual. For those I get the URL and use Firefox to go to the site.] A lot of people are switching over to Firefox because it's a lot safer than Internet Explorer; I did when it was still or just out of beta. (I have a good IT department: see below.) Fewer people who know about Firefox know about ActiveX but some may have a helpful friend or collegue who'll -- politely -- warn them about it and tell them how to fix it. I keep Microsoft, Lavasoft, Spybot, Symantic, ZoneAlarm and all of the rest of my security software up to date. Not nearly enough people have all of this, fewer check for updates, and those who do don't always run them often enough. But more and more are learning every day. I don't back up my system enough, even back before my external hard drive somehow started interfering with booting my computer. (Seems to be something with one of the hubs, it will be fixed next week. For now I do without and fret.) Others are the same or don't do it at all until they've lost everything in a crash: then, boy to they learn. Me, I was absolutely rigorous about it when an entire department would probably loose their jobs if we lost any of the in-house things on our servers. While everything goes over to my laptop every couple of weeks enough is done in between that I really have to get back into the habit. Oh, yeah: because I use AT&T I take a look at what's in my mailbox before downloading it. We have constantly updated spam filters and now and then I have things dumped into another box so I can verify that nothing's going the wrong way. And I never, ever download attachments without verifying them. Mike, I'm not stupid, nor am I as uninformed as the general public and my computer is well protected. Still, four things happened that resulted in my machine being compromised: 1. Because of my work I *have* to go to websites that I don't know well and thus don't know if they're entirely clean. 2. I was listening to a friend on the phone who was distraught, and thus I wasn't going to put her off. 3. At the same time I was checking a couple of things and finishing up some research for a S&R team that was heading out this morning and needed it ASAP. (Fortunately by then I had most of the data I needed in my notes, put them into useful order and faxed them off.) 4. Because I had looked away from the computer to frown about another aspect of the friend's problem my cursor wasn't exactly where it should have been when I left-clicked. Fortunately, I do keep Symantic up to date and it caught this, started screaming, and shut down access from it before even trying to fix it. I dropped the phone, dove to disconnect my computer from the internet, did a couple of other things including, once I had the cables unplugged, a very quick phone call to make sure that my mind had gone blank about which was which after, not before, I grabbed them. I eventually remembered to pick up the phone to see if I'd broken my friend's ear or, another possibility, that she was worried enough to have called the police. As it was her ear was mostly fine and I'd yelled something along the lines of "Fuck! Computer!" so she figured out that it wasn't life-threatening. Which is how, despite everything, I got hit by Bloodhound, specifically exploit.56. Ted was absolutely right. I probably had my system clean last night, not through Nortons but through other methods, but wanted to run several more scans before reconnecting. At which point I had a ton of other email to handle, which I'm now going to get back to. Sorry for being so late in letting people know what had happened and then having to go into such detail. Elspeth ----------------------------------- Concerning what is going on on the Web see: http://www.washingtonpost.com/wp-dyn/content/article/2005/12/29/AR2005122901456.html And there are lots more articles about it, and have been almost every day. They've been right on top of it. My personal IT department: My computer system is a hand-me-down from one of the most knowledgeable paranoids around. Who then very carefully set it up here as well as, once I'd scraped up enough to cover high-speed, everything related to that. And while I'm not bad before I'm going to make any change to either browser, Eudora, how images are displayed on my computer, etc that I'm not absolutely certain of I call to check. He also keeps me up to date on dangers in case I haven't already heard of them. Even so, he checks the system any time he's in town. As I said, he's one of the most paranoid people around. Thirty five or so years in or tracking the business will do that to you. Very handy, since it means that I don't have to stay on top of it all. I love specialization. E.