"Sym" <sy*****@gmail. comwrote in message
news:11******** ************@b2 8g2000cwb.googl egroups.com...
Number 11950 - GPEMC! Replace number with 11950 wrote:
"Kent Feiler" <zz**@zzzz.comw rote in message
news:qd******** *************** *********@4ax.c om...
Client-side scripting is also used for browser hijacking and many
"spyware"
worms are installed this way.
Hmmm - Most traffic deaths occur within 10 miles of home, yet I still
get in the car and drive! In order to get the best out of life some
small risks have to be taken.
The example is irrelevant. When you get in the car, you are still largely in
control. By thinking ahead and driving both strategically and tactically,
treating the traffic situation as a chessboard, you can avoid any accident
regardless of whose fault it would have been. When you click on a link to a
website with your client script turned on, you relinquish control of your
computer. This is more akin to pulling the trigger after a spin of the
barrel in a game of Russian Roulette.
Tell me, do you play Russian Roulette?
The browser sandbox and security model
gives very good protection in most instances an dtypically you should
know you are on a "dodgy" site !
This is like saying that the bad guys wear black hats. Back in Capone's
days, the mafia were actually wearing pearl grey just like regular business
people! As Neighbourhood Watch keep telling us, there is no such thing as a
typical criminal. Besides, "Master Mode" systems have been around much
longer than the PC, and the ability for any system to execute code from a
file that is seen both by the system and the user as other than an
executable program (IE Master Mode in old mainframe-speak) has always posed
an inherent security risk. However, those who don't know their history are
doomed to repeat its mistakes...
You must always have your AV software
running and give regular sweeps for spyware i agree,
Scanners cannot pick up unlisted threats such as new malware. This is why
you apply a quarantine period to all remotely acquired code.
but sometimes the
beauty of browsing the web means you HAVE to have client scripting
turned on.
Not at all. I've seen lots of sites using client-scripting, and what I've
missed by not running their scripts I could always find elsewhere, usually
within three minutes. The beauty of web browsing is that there are so many
pages serving up the same sort of material, I can just go elsewhere if I
don't like what the site's design says about the webmaster's attitude.
Perl/CGI can do anything server-side that Java can do client-side; and then
some. The beauty of having my client-script turned off is that I can visit
sites like the former: http;//www,spazbox,net/ without any consequences. I
can also open any damn email I like because I don't have to worry about
infected self launching attachments.
This is why you don't turn on your client-scripting:
http://www.spywareguide.com/articles...stall__72.html
And sorry, the only real, non-illusory benefit one can experience via
scripting is internet banking - and even this is wrongly executed because
client-scripting of user authentication actually makes the process more
vulnerable. This is because a large enough algorithm to foil a keylogger is
impractical to serve over a dialup connection, and would even pose
unreasonable bandwidth costs when served over a broadband connection. An
in-house UA written to in-house encryption and authentication standards
would have the potential to be impossible to crack without specialised
hardware located near or onsite - and such strategies make client scripting
obsolete for this purpose.
Having said my piece for the bank, I would point out that my web menus,
which use no client scripting at all, run much faster because mine are not
served up with client scripting. See:
www.fieldcraft.biz for an example.
The web: it's a two way communication system independent of borders and
censorship; not a secure application server for software equivalents of TV
"blockbuste rs".
--
Timothy Casey GPEMC! >11950 is the
nu****@fieldcra ft.biz 2email
Terms & conditions apply. See
www.fieldcraft.biz/GPEMC
Discover valid interoperable web menus, IE security, TSR Control,
& the most advanced speed reading application @
www.fieldcraft.biz