So let's assume all the places I intentionally download from are malware-free. Can I get a virus without any type of notification of download?

Can I get malware from browsing the web?
#1
Posted 29 January 2008 - 05:12 PM

So let's assume all the places I intentionally download from are malware-free. Can I get a virus without any type of notification of download?
#2
Posted 29 January 2008 - 05:26 PM


#3
Posted 29 January 2008 - 05:51 PM

Vulnerability to malware
In this context, as throughout, it should be borne in mind that the “system” under attack may be of various types, e.g. a single computer and operating system, a network or an application.
Various factors make a system more vulnerable to malware:
* Homogeneity – e.g. when all computers in a network run the same OS, if you can break that OS, you can break into any computer running it.
* Defects – most systems containing errors which may be exploited by malware.
* Unconfirmed code – code from a floppy disk, CD-ROM or USB device may be executed without the user’s agreement.
* Over-privileged users – some systems allow all users to modify their internal structures.
* Over-privileged code – most popular systems allow code executed by a user all rights of that user.
An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.
Most systems contain bugs which may be exploited by malware. Typical examples are buffer overruns, in which an interface designed to store data in a small area of memory allows the caller to supply too much, and then overwrites its internal structures. This may used by malware to force the system to execute its code.
Originally, PCs had to be booted from floppy disks, and until recently it was common for this to be the default boot device. This meant that a corrupt floppy disk could subvert the computer during booting, and the same applies to CDs. Although that is now less common, it is still possible to forget that one has changed the default, and rare that a BIOS makes one confirm a boot from removable media.
In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. This is a primarily a configuration decision, but on Microsoft Windows systems the default configuration is to over-privilege the user. This situation exists due to decisions made by Microsoft to prioritize compatibility with older systems above security configuration in newer systems[citation needed] and because typical applications were developed without the under-privileged users in mind. As privilege escalation exploits have increased this priority is shifting for the release of Microsoft Windows Vista. As a result, many existing applications that require excess privilege (over-privileged code) may have compatibility problems with Vista. However, Vista's User Account Control feature attempts to remedy applications not designed for under-privileged users through virtualization, acting as a crutch to resolve the privileged access problem inherent in legacy applications.
Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user. This makes users vulnerable to malware in the form of e-mail attachments, which may or may not be disguised.
Given this state of affairs, users are warned only to open attachments they trust, and to be wary of code received from untrusted sources. It is also common for operating systems to be designed so that device drivers need escalated privileges, while they are supplied by more and more hardware manufacturers, some of whom may be unreliable.
Source...
Ron
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:






