Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can I get malware from browsing the web?

Started by I.D.S. Administrator , Jan 29 2008 05:12 PM

  • Please log in to reply

#1
I.D.S. Administrator
Posted 29 January 2008 - 05:12 PM

I.D.S. Administrator

    Member

  • Member
  • PipPipPip
  • 100 posts
Can I get malware from browsing the web? I mean, with using common sense. I don't download anything unless I know it is from a safe source. So I am assuming the only things being downloaded are the html, css, javascript and flash files to my cache.
So let's assume all the places I intentionally download from are malware-free. Can I get a virus without any type of notification of download?
  • 0

Advertisements

#2
Troy
Posted 29 January 2008 - 05:26 PM

Troy

    Tech Staff

  • Technician
  • 8,841 posts
:)
  • 0

#3
Major Payne
Posted 29 January 2008 - 05:51 PM

Major Payne

    Retired Staff

  • Retired Staff
  • 5,307 posts

Vulnerability to malware

In this context, as throughout, it should be borne in mind that the “system” under attack may be of various types, e.g. a single computer and operating system, a network or an application.

Various factors make a system more vulnerable to malware:

* Homogeneity – e.g. when all computers in a network run the same OS, if you can break that OS, you can break into any computer running it.
* Defects – most systems containing errors which may be exploited by malware.
* Unconfirmed code – code from a floppy disk, CD-ROM or USB device may be executed without the user’s agreement.
* Over-privileged users – some systems allow all users to modify their internal structures.
* Over-privileged code – most popular systems allow code executed by a user all rights of that user.

An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.

Most systems contain bugs which may be exploited by malware. Typical examples are buffer overruns, in which an interface designed to store data in a small area of memory allows the caller to supply too much, and then overwrites its internal structures. This may used by malware to force the system to execute its code.

Originally, PCs had to be booted from floppy disks, and until recently it was common for this to be the default boot device. This meant that a corrupt floppy disk could subvert the computer during booting, and the same applies to CDs. Although that is now less common, it is still possible to forget that one has changed the default, and rare that a BIOS makes one confirm a boot from removable media.

In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. This is a primarily a configuration decision, but on Microsoft Windows systems the default configuration is to over-privilege the user. This situation exists due to decisions made by Microsoft to prioritize compatibility with older systems above security configuration in newer systems[citation needed] and because typical applications were developed without the under-privileged users in mind. As privilege escalation exploits have increased this priority is shifting for the release of Microsoft Windows Vista. As a result, many existing applications that require excess privilege (over-privileged code) may have compatibility problems with Vista. However, Vista's User Account Control feature attempts to remedy applications not designed for under-privileged users through virtualization, acting as a crutch to resolve the privileged access problem inherent in legacy applications.

Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user. This makes users vulnerable to malware in the form of e-mail attachments, which may or may not be disguised.

Given this state of affairs, users are warned only to open attachments they trust, and to be wary of code received from untrusted sources. It is also common for operating systems to be designed so that device drivers need escalated privileges, while they are supplied by more and more hardware manufacturers, some of whom may be unreliable.


Source...

Ron
  • 0
Back to Web Browsers and Email · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Software
  3. Web Browsers and Email

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP