Default settings not so good an idea?

Dear forum friends,

To install programs as they come, fully loaded in default settings, with all the functionality installed that maybe you can do without, is an unwise thing to do. Browsing with the later Opera’s with ready installed IRC client is running the risk of getting backdoored with a nasty little bot. Why run the extra risks. Start with the minimal stripped version of a program, and start to work the other way round, only install or open up to the world (and malware) what you need to run. Use normal user rights. Watch your ports, and surf safer still,

greets,

polonus

Opera IRC client is far more safe than any other (because it doesn’t support scripts like mIRC does). You can get backdoor only if you accept and execute file submited through it. But thats your fault anyway in such case…

Hi RejZoR,

One thing I do not seem to understand here. Botnets are the greatest threat on the Internet as we know it now? IM worms are taking the place of worms more and more, we see a gigantic increase over the last three month, infection in a blitz of a sec. Also unsophisticated authors make these IM worms, because they write them in VSB actualy know to run very slow. The awareness of users force the virus authors and hackers to find these new ways to access users and machines. How can you say that with an increase of 300.000 botnet machines, this is due to users that only have to blame themselves. So everybody who got a IRC worm through AOL communicator was willingly calling doom over himself. Even when it is a new one like Win32 Oscabot J (Win32.Aimbot) and luckily you have not the K variant!

greets,

polonus

I’m afraid you’re way too paranoid. No one will hack your PC specifically and you can’t get infiltrated by any threat that you don’t specifically allow (like IRC DCC transfer of trojan/backdoor/bot).

Polonus i don’t quite get what you’re trying to say.The way i understand you just having irc client installed you can get malware or what?How can that be if you don’t run the program?

Mikey

No,thats not possible. Opera’s IRC is totally different than mIRC. There is no known way to exploit it through scripts or something.

That’s what i thought :wink: I don’t use mirc or anything like that if i wanna talk i have alot of friends using skype(just the best) but my mozilla suite has some sort of irc chat thingie though.

Mikey

Hi polonus, I agree with you.

To install programs as they come, fully loaded in default settings, with all the functionality installed that maybe you can do without, is an unwise thing to do.
While I think Mozilla is very safe out of the box, the default settings leave something to be desired, imho.

For example, a number of default javascript settings, as well as mail settings: things like allowing js to change text in status-bar, or displaying attachments inline, or mail as original html. As I think I mentioned before, I’m not entirely sure the default allowing of link-prefetching is a good idea, either.

I’m not saying these are high-risk settings, and I understand why these settings are default (Mozilla doesn’t want someone trying it for the first time and being disgusted because something doesn’t work due to “overly” strict settings). But I don’t think they’re the best or safest settings.

Yes inconnu,

I agree with you here. I analyzed my traffic with TDI monitor and especially with FF I see a lot of things going on under the hood, even when I open the browser and leave it there. Investigation of cidr reports online and network explorer and you understand everything just connects with a simple numerical ANS-code and regarding the commercial use of this alone there is a lot of traffic on your comp, you are not even aware of. This is not a question of being paranoid, this is just not generally known by the everyday user, else they would become paranoid. There privacy is already lost anyway.

I think when the new functionalities come into the hands of a wider public (and malcreants are part of them), we can be in for quite a surprise. I read this on the Internet, and I see it for myself. A default browser is open as Swiss, French or Dutch or Italian or Frisian cheese for that part, and a simple browser can be an awful hacking tool in the hands of the Intelligible. Think alone what some people could do with a good and solid text based weak cgi dictionairy and a specific browser tool to explore sites (and servers as such).

greets,

polonus

Guys if you are so worried about security just switch to linux ;D

Good remark darth.mikey,

But I like to shake hands with the first gamer who has linux on his box. Look it is not a question of oses, it is a question of making the worm-box Windhose safer, and that is a hell of a job even for the M$ geeks themselves. I think overall they did poorly on this, but then I think security was not the first thing on their minds.
What is the up time in general for a Windows OS to stay not being compromised in some way. In the old days a year without a re-install was a miracle, and the blue screen was almost as familiar too. Even Gates himself wrote code the compiler could not make out, that was why his windows froze all the time. Dibeng.dll errors and incompatibility with monitor drivers on Win98 is a classic, all your fine old proggies did not work, because you installed your Explorer any higher than 5.5. And the fun of it: no-one informed you before. Some bought XP because of that. I like to see the comments of people if that happened to a car, but with computers they accept this sort of things. Say that the man says after a couple of years, this type of car we do not uphold, spare parts gone. Big thing?!?

greets,

polonus

that would be alot of people cause they dual boot hehe :slight_smile: you can always use windows for games(with unplugged network cable :wink: ) and linux for other stuff :slight_smile:

Mikey