oscartherabbit wrote:GaryKelly wrote:Active Scripting (including Javascript) can be a security hazard on the web. There are many hostile web pages that, if you visit them, will automatically attempt to load programs onto your machine without your knowledge. Particularly in Internet Explorer, the favoured target of hostile scripting (and you can blame Bill Gates for that too!).
As a matter of interest, have you ever actually had this happen? I know it's possible in theory, but I've been surfing the web for much longer than JavaScript has been around and I've never actually seen it happen.
In fact, I've never had any kind of attack or virus on any of my computers. Maybe I'm just lucky.
You hope!
Yes, I've been around since the days of 300bd modems and bulletin boards. I've suffered all sorts of hostile attempts, some of the successful. From the cheesy but annoying browser hijacks (where you home-page is re-written, usually to some lichen site) to modem hijacking scripts (so that instead of dialing your ISP, your modem connects you to a high-cost international premium line). Trojans, malware, spyware, and yes viruses, but the viruses almost always arrived in email.
In the early days I switched exclusively to Netscape, then Opera, as my browser, and Foxmail as my email client.
Today this machine (at home) is running linux.
I wouldn't put a windows computer on-line without first installing Zonealarm, Adaware, and for my own preference McAfee antivirus.
Zonealarm as a firewall is okay, but it's main strength is that it provides an alarm when *any* program on your machine attempts to connect to the internet. You have to allow the programs to do so. Thusly are you able to spot malware and spyware trying to 'phone home', and take the appropriate action.
It's surprising how many processes running in the background of the average home user's windows machine try to connect to the 'net... often to Bill Gates HQ.
Today I was looking for a particular piece of marketing material from a car manufacturer, and found a site which had a motoring review on it. Up popped a window asking whether I wished to accept and run a download which would've put a shedload of lichen on my machine... I was at work, where we're obliged to use IE. Fortunately our internet settings are preset to 'High Security' on the Internet Zone, otherwise that sucker would've run in the background and done its thing without any knowledge on my part.
Even so, I still occasionally get messages from Adaware asking if I want to permit a registry change, when all I've done is mooch the web.
So yup, you're either very lucky, or you haven't noticed.