Linked by Thom Holwerda on Mon 26th Sep 2011 22:25 UTC, submitted by HAL2001
Privacy, Security, Encryption Well, this is embarrassing. MySQL.com has been hacked (fixed by now), and was turned into a platform serving malware to unsuspecting visitors. The criminals did this by injecting a script which redirected visitors to a website which uses the BlackHole exploit pack, which probes the browser used and serves up an appropriate exploit. Computer security blogger Brian Krebs saw root access to MySQL.com being offered for $3000 only a few days ago.
Order by: Score:
My best friend
by darknexus on Mon 26th Sep 2011 22:31 UTC
darknexus
Member since:
2008-07-15

Noscript for Firefox. Scripts should only be run on pages that require them, and I know for a fact the homepage of MySQL.com makes use of them but doesn't require JavaScript to work. This is why, despite it being relatively slow and Mozilla's insane versioning scheme, I stick with Firefox. I've not found another add-on for any browser that comes close to the usefulness of Noscript in preventing malware from getting at me.

Reply Score: 5

RE: My best friend
by looncraz on Mon 26th Sep 2011 23:19 UTC in reply to "My best friend"
looncraz Member since:
2005-07-24

Agreed!!

NoScript, FlashBlock, AdBlock, NoSquint, ImageZoom, SmartVideo, and Yahoo! Mail Checker make my browsing experience smooth, safe, and intelligent.

I routinely load up a dozen or so YouTube videos to watch, and so having SmartVideo load them at 240p, paused, is a great help! Very few videos deserve/need any more detail than that anyway ;-)

--The loon

Reply Score: 3

RE[2]: My best friend
by ssokolow on Mon 26th Sep 2011 23:44 UTC in reply to "RE: My best friend"
ssokolow Member since:
2010-01-21

FlashBlock is an insecure way to block Flash and NoScript includes a secure way which can be enabled for trusted sites too, giving a FlashBlock-like experience (lack of a whitelist aside).

Aside from that, it sounds like we have similar opinions on things.

Reply Score: 1

RE[2]: My best friend
by zima on Tue 27th Sep 2011 00:02 UTC in reply to "RE: My best friend"
zima Member since:
2005-07-06

It's not really hard to be safe without all those tools, particularly when you're the kind of user who would seek out and install them (and if you aren't, not much can help ;) )

PS. And you probably didn't even notice what helps to keep this site afloat? ;)

Edited 2011-09-27 00:05 UTC

Reply Score: 2

v RE: My best friend
by lemur2 on Tue 27th Sep 2011 00:03 UTC in reply to "My best friend"
RE[2]: My best friend
by zima on Tue 27th Sep 2011 00:07 UTC in reply to "RE: My best friend"
zima Member since:
2005-07-06

In benchmarks? In situations when it really matters (on slow, old machines), I still find current versions of Firefox and Chrome (or Opera) worlds apart.

Reply Score: 2

RE[3]: My best friend
by lemur2 on Tue 27th Sep 2011 00:52 UTC in reply to "RE[2]: My best friend"
lemur2 Member since:
2007-02-17

In benchmarks? In situations when it really matters (on slow, old machines), I still find current versions of Firefox and Chrome (or Opera) worlds apart.


Firefox 7 should be the fastest (overall) current browser on slow, old machines, when it really matters.

Speed improvements are due to reduced memory usage, faster startup and the new Azure graphics API, so no, not in javascript benchmarks but in real performance.

http://techpp.com/2011/08/09/firefox-7-leaner-faster-and-more-stabl...

"Though it’s been less than a month since Firefox 5 was released, we have started getting information about how Mozilla’s Firefox 7 will be much faster than Firefox 6, will use much lesser memory and it will be less likely to crash. Its memory remains steady if you leave it running and as you close tabs, memory is freed up.

The way in which Mozilla Firefox has used memory has changed over the years, improving from one version to another. Firefox 3, 3.5 and 3.6 were considerable enhancement over Firefox 2. But when Mozilla released Firefox 4, it kind of regressed, instead of improving, mainly due to a large number of new features and to Java script. As to overcome the shortcomings, Mozilla aimed to improve Firefox’s speed and stability by reducing memory usage and released MemShrink. Soon, step by step progresses have been made and Firefox 7 is the first to benefit from MemShrink’s success."


http://tech18.com/firefox-7-features.html

What is expected out of Firefox 7?

#1. New 2D Graphics API – Azure
#3. Faster Startup
#4. 30% Reduction in Memory Usage


Enjoy.

Edited 2011-09-27 01:00 UTC

Reply Score: 1

RE[4]: My best friend
by Jondice on Tue 27th Sep 2011 03:05 UTC in reply to "RE[3]: My best friend"
Jondice Member since:
2006-09-20

So when will Firefox v20 be available, jeez...

/I actually do use firefox a lot, mainly for portability and plugins.

Reply Score: 3

RE[5]: My best friend
by lemur2 on Tue 27th Sep 2011 03:37 UTC in reply to "RE[4]: My best friend"
lemur2 Member since:
2007-02-17

So when will Firefox v20 be available, jeez...


Possibly just before Chrome v42.

Reply Score: 3

RE[6]: My best friend
by Jondice on Tue 27th Sep 2011 03:59 UTC in reply to "RE[5]: My best friend"
Jondice Member since:
2006-09-20

Why did firefox change to a similarly paced version numbering system? With Chrome, I don't even pay attention to version changes, but with firefox updates and addon issues, it is hard not to. Maybe that's just me, and I admit I use more addons in firefox than in chrome.

Reply Score: 2

RE[7]: My best friend
by lemur2 on Tue 27th Sep 2011 04:34 UTC in reply to "RE[6]: My best friend"
lemur2 Member since:
2007-02-17

Why did firefox change to a similarly paced version numbering system? With Chrome, I don't even pay attention to version changes, but with firefox updates and addon issues, it is hard not to. Maybe that's just me, and I admit I use more addons in firefox than in chrome.


http://mashable.com/2011/08/26/mozilla-rapid-release-firefox/

Mozilla: "Now, Mozilla’s Chairman Mitchell Baker responds to the criticism in a blog post. She starts by acknowledging the problem: “There is work to be done to make the rapid release process smoother and hopefully more useful to more of our userbase”, she writes.

However, due to the rapidly changing nature of the Internet, Baker thinks it’s necessary for the browser to follow this breakneck pace. “If we want the browser to be the interface for the Internet, we need to make it more like the Internet. That means delivering capabilities when they are ready. That means a rapid release process. If we don’t do something like this the browser becomes a limiting factor in what the Internet can do”, she writes.

Baker’s end thoughts don’t leave much hope that the rapid release process will change in the near future. “There is no free lunch (…) I know that’s not a perfect answer, and it’s not a promise that we can meet everyone’s needs perfectly. Despite this, I believe the rapid release process is the right direction”, Baker writes."


It is not as bad as the media beat-up would have it:

http://download.cnet.com/8301-2007_4-20093070-12/new-firefox-6-beli...

All add-ons hosted on addons.mozilla.org should update automatically and relatively painlessly.

Mozilla has also released the Jetpack SDK 1.1, which allows for addons written in the same way that Chrome does it.

http://news.softpedia.com/news/Mozilla-s-Add-on-SDK-1-1-for-Restart...

Because this is fairly new, and because it is not as powerful as the original XUL addons, most Firefox addons do not use the Jetpack SDK.

For people (mainly businesses) who do not want their browser "keeping pace with the Internet", Mozilla is apparently proposing an "Extended Support Release" version, starting with Firefox 8.

http://news.cnet.com/8301-30685_3-20109245-264/mozilla-proposes-not...

PS: hey, look at that! Firefox v20 is apparently due 26th March 2013.

Edited 2011-09-27 04:41 UTC

Reply Score: 1

RE[4]: My best friend
by Bill Shooter of Bul on Tue 27th Sep 2011 13:37 UTC in reply to "RE[3]: My best friend"
Bill Shooter of Bul Member since:
2006-07-14

Every version of firefox since 1.5 has claimed to fix the memory issues. Honestly, I wouldn't notice them anymore, but that is probably because I have eight gigs of ram on my workstations, as opposed to the 512 mb I had when ff 1.5 was out. Those with less memory still claim to have the memory leak.

Reply Score: 2

RE[4]: My best friend
by zima on Mon 3rd Oct 2011 23:59 UTC in reply to "RE[3]: My best friend"
zima Member since:
2005-07-06

Most of the things you mention are just benchmarks (I didn't say "javascript benchmarks") - easy to obtain numbers many "enthusiasts" like to gloat about, but which don't translate directly to end user experience (particularly when it really matters, on slow & old machines; mostly shunted by "enthusiasts" and devs)

Anyway, I gave it a few days on one slow "piece of junk" I keep around (~"desktop replacement" laptop with Celeron 1.4 of the generation derived from Pentium M or Core Duo; it was the laptop CPU when they really took off here a few years back, many people still have such machines - generally, continuing to use them as long as they function; and it isn't RAM-starved while browsing, in any browser); yeah, I give each browser a minimum of few days, I'm typically weird like that.

Maybe memory usage improved, I don't know (no browser is memory starved on the piece of junk in question anyway, when opening sane numbers of tabs); maybe it starts faster, I don't care (every browser starts decently on this machine - and it's irrelevant anyway, I don't do it that often); those are benchmarks. Maybe it uses some new library in the back-end ...why should I care about its name and what it claims to do? (Mozilla claims massive improvements every single time, at each release ...well, after first few years of denying given problem, that is)

What's important, is that there is little to no difference felt. Stuff like how the UI feels, how the application responds to user actions, even how the scroll feels. FF is still worlds apart from Chrome (or Opera), when it really matters, in usage.
But I imagine "enthusiasts" and devs don't experience it much... (or are so enthusiastic about their darling to genuinely overlook such "details")

(BTW, as far as I am concerned 3.x+ was a major disappointment from 2.x - maybe it looked better in benchmarks, but it felt much worse, kinda like they went outside sane tweaks, patterns for their codebase - characteristics of which certainly play a role, Webkit is used successfully in mobiles for quite some time, while Mozilla had few aborted attempts, openly saying "we'll wait for hardware" ...wasn't "true OSS" supposed to be about retiring planned obsolescence and such?)

Reply Score: 2

RE[2]: My best friend
by lucas_maximus on Tue 27th Sep 2011 09:39 UTC in reply to "RE: My best friend"
lucas_maximus Member since:
2009-08-18

And Firefox breaks all my extensions that I use for Web Development every two weeks ... Thanks Mozilla Team.

Reply Score: 3

RE[3]: My best friend
by lemur2 on Tue 27th Sep 2011 10:30 UTC in reply to "RE[2]: My best friend"
lemur2 Member since:
2007-02-17

And Firefox breaks all my extensions that I use for Web Development every two weeks ... Thanks Mozilla Team.


It shouldn't. The majority of XUL extensions, and nearly all plugins, themes, search engines and Jetpack addons, will continue to run happily after an upgrade of Firefox.

Unless, that is, your extensions check the Firefox version and explicitly disable themselves after an upgrade.

If that is the case, you can thank the authors of the extension(s) that are giving you trouble, rather than thank the Mozilla Team.

Reply Score: 2

RE[4]: My best friend
by lucas_maximus on Tue 27th Sep 2011 11:57 UTC in reply to "RE[3]: My best friend"
lucas_maximus Member since:
2009-08-18

If that is the case, you can thank the authors of the extension(s) that are giving you trouble, rather than thank the Mozilla Team.


Wouldn't be a problem if Mozilla aren't do this silly dev cycle and btw it is Firefox that disables them after doing a compatibility check.

TBH I am not that impressed with any of the new Web browsers, there are more rendering bugs now to deal with cross browser and more annoying niggly bugs ... and don't even get me started with browser specific css extensions.

Reply Score: 3

RE: My best friend
by Gullible Jones on Tue 27th Sep 2011 00:48 UTC in reply to "My best friend"
Gullible Jones Member since:
2006-05-23

+1

Coincidentally, just today I encountered an attack site where Noscript would have saved my bacon, had I been running Windows. At this point I consider script blocking, or extensions providing it, an essential browser feature.

Reply Score: 3

RE[2]: My best friend
by daveak on Tue 27th Sep 2011 06:41 UTC in reply to "RE: My best friend"
daveak Member since:
2008-12-29

had I been running Windows.


At this point I consider not running Windows an essential feature :-P

Reply Score: 3

RE[3]: My best friend
by Gullible Jones on Tue 27th Sep 2011 10:15 UTC in reply to "RE[2]: My best friend"
Gullible Jones Member since:
2006-05-23

While I don't use Windows and I'd be happy to see more people abandon the platform, right now I don't think there's a good alternative; there's just too much software that's only available for Windows.

(Really it's kind of a catch-22. Software is available for Windows because it's the most common desktop OS. But until people start migrating away from it, the software won't be available for other OSes; and people won't be quick to migrate away from it due to lack of available software. Yippee.)

Also, most Linux distros have sucky security by default. Just sayin'.

Reply Score: 2

RE[4]: My best friend
by lemur2 on Tue 27th Sep 2011 10:25 UTC in reply to "RE[3]: My best friend"
lemur2 Member since:
2007-02-17

While I don't use Windows and I'd be happy to see more people abandon the platform, right now I don't think there's a good alternative; there's just too much software that's only available for Windows.


While particular products, such as for example Microsoft Office, are available only for Widows, the product type most certainly is not constrained to Windows. See LibreOffice, for example.

Now while some products are not 100% interchangeable, for the vast majority of uses they are.

The majority of people could happily run everything they needed on a platform other than Windows. Easily.

Reply Score: 3

RE[5]: My best friend
by lucas_maximus on Tue 27th Sep 2011 11:58 UTC in reply to "RE[4]: My best friend"
lucas_maximus Member since:
2009-08-18

The majority of people could happily run everything they needed on a platform other than Windows. Easily.


None of them are of good enough quality, except things which are already cross platform or they are dev tools ... unless you are talking about the Macintosh.

Until I don't ever have to fix anything on the terminal ... it will not be good enough for consumers.

Edited 2011-09-27 12:00 UTC

Reply Score: 3

RE[6]: My best friend
by lemur2 on Tue 27th Sep 2011 12:25 UTC in reply to "RE[5]: My best friend"
lemur2 Member since:
2007-02-17

"The majority of people could happily run everything they needed on a platform other than Windows. Easily.


None of them are of good enough quality, except things which are already cross platform or they are dev tools ... unless you are talking about the Macintosh.

Until I don't ever have to fix anything on the terminal ... it will not be good enough for consumers.
"

Many of the FOSS desktop applications are significantly better than the equivalent proprietary offerings.

Examples:
This is the default plain text editor on my Linux distribution:
http://kate-editor.org/about-kate/

This is the default file manager:
http://dolphin.kde.org/features.html

This is the default document viewer:
http://okular.kde.org/formats.php

Compare these to the default on Windows 7 ... Notepad, Windows explorer and nothing.

My desktop itself, KDE Plasma, has significantly better features than Windows 7.

http://en.wikipedia.org/wiki/KDE_Plasma_Workspaces#Features

An ordinary user doesn't ever have to fix anything on the terminal.

http://commons.wikimedia.org/wiki/File:KDE_SC_4.5_System_Settings.p...

Edited 2011-09-27 12:44 UTC

Reply Score: 3

RE[7]: My best friend
by lucas_maximus on Tue 27th Sep 2011 13:15 UTC in reply to "RE[6]: My best friend"
lucas_maximus Member since:
2009-08-18

Many of the FOSS desktop applications are significantly better than the equivalent proprietary offerings.


Depends ultimately. Some are ... some aren't. However it is a matter of opinion and not a fact.

This is the default plain text editor on my Linux distribution:
http://kate-editor.org/about-kate/


If they are using a text editor it for saving something like a phone number, one does not need anything better than WordPad (which is installed by default).

They don't need all the features of something like kate.

This is the default file manager:
http://dolphin.kde.org/features.html


Normal users don't use these extra features ... I don't even use half the features in Windows Explorer and I am a developer.

Compare these to the default on Windows 7 ... Notepad, Windows explorer and nothing.


Adobe Reader is free and is pretty good, there is always foxit and quite a few others.

My desktop itself, KDE Plasma, has significantly better features than Windows 7.


That is your opinion not mine. I personally think that KDE lacks a lot of graphic polish ... things like spacings of text and window borders.

I don't even use Alt Tab that often ... most people don't need or even know about lots of extra features ... they just want to use something simply.

Having more features does not mean something is better

"Antoine de Saint-Exupery" said it better than I.

Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.


... Think about it for a second.

An ordinary user doesn't ever have to fix anything on the terminal.


This is a downright lie. When something does go wrong (happens frequently ... all one has to do is visit Ubuntu forums for evidence that this happens a lot).

The only way to fix it in Linux is by using the terminal and since with Linux distros core configuration files are kept in different places depending on distribution ... looking for help on the web isn't easy.

Edited 2011-09-27 13:20 UTC

Reply Score: 3

RE[6]: My best friend
by TemporalBeing on Tue 27th Sep 2011 16:08 UTC in reply to "RE[5]: My best friend"
TemporalBeing Member since:
2007-08-22

"The majority of people could happily run everything they needed on a platform other than Windows. Easily.


None of them are of good enough quality, except things which are already cross platform or they are dev tools ... unless you are talking about the Macintosh.

Until I don't ever have to fix anything on the terminal ... it will not be good enough for consumers.
"

And you don't ever have to fix anything on Windows?

Seriously? If that level of perfectionism is what you want, then you'll never find any kind of replacement.

As it is, Debian/Ubuntu+KDE is at or better quality on stability than Windows and you don't have to touch the command-line.

It's really a matter of which distro you choose. Debian/Ubuntu are among the best right now, and you don't need hand-holding for very long.

A number of years back there was a Redmond Desktop Linux (made by ex-Microsoftees) that at the time (2003) had a superb installer (better than any other Linux distro at the time), and needed no command-line support. I installed it to test it out and it was excellent. Sadly, it was also very limited as you couldn't install a compiler (not available in their package management system), but it was otherwise on-par with Windows.

Reply Score: 2

RE[6]: My best friend
by aaronb on Tue 27th Sep 2011 18:37 UTC in reply to "RE[5]: My best friend"
aaronb Member since:
2005-07-06

Editing the registry is a lot more easier! Windows must have some sort of service specifically designed to stop programs from removing all the crap that they place in the registry. :wink

Joking aside I rarely need to use a the terminal to fix things in Ubuntu or Fedora, this really has become less of an issue in the last 3 years or so.

All operating systems have points of irritation.

Reply Score: 3

RE[6]: My best friend
by Soulbender on Tue 27th Sep 2011 20:10 UTC in reply to "RE[5]: My best friend"
Soulbender Member since:
2005-08-18

Until I don't ever have to fix anything on the terminal


So if we equate the use of the terminal to using regedit then Windows isn't ready for consumers either.

Reply Score: 2

RE[5]: My best friend
by Soulbender on Tue 27th Sep 2011 20:11 UTC in reply to "RE[4]: My best friend"
Soulbender Member since:
2005-08-18

While particular products, such as for example Microsoft Office, are available only for Widows,


That seems like a bit too narrow a market for an office suite.

Reply Score: 2

RE[4]: My best friend
by Soulbender on Tue 27th Sep 2011 20:18 UTC in reply to "RE[3]: My best friend"
Soulbender Member since:
2005-08-18

Also, most Linux distros have sucky security by default. Just sayin'


Really? What makes you say that?

Reply Score: 3

RE[5]: My best friend
by Gullible Jones on Tue 27th Sep 2011 20:36 UTC in reply to "RE[4]: My best friend"
Gullible Jones Member since:
2006-05-23

Ubuntu: five minute no-password timeout for sudo.

Mint: same, and no package signing.

Arch Linux: no package signing until recently.

Many, many distros: no mandatory access control system for sandboxing applications. Windows now has a mandatory access control system installed and enabled by default. One can of course set up a chroot on any distro, but AFAIK normal Linux chroots are not hard to break out of.

(Ubuntu, at least, has AppArmor and a profile for Firefox... But it doesn't enable it by default.)

Reply Score: 2

RE[6]: My best friend
by Soulbender on Tue 27th Sep 2011 20:51 UTC in reply to "RE[5]: My best friend"
Soulbender Member since:
2005-08-18

Neither of these magically make security better. In fact, both are overrated as security features. Does Windows MAC prevent malware, trojans or viruses? Real-world experience says no. A rooted system is not a big problem, lost user data and compromised privacy is.
I'm not saying Linux is necessarily better than Windows in this respect though but holding up Windows as a great champion of secutiy because it has MAC is rather naive.
What does package signing give you? Yeah, the same site that distributes the packages ensures you they're the real thing.Too bad that will break down when the site is compromised.

Reply Score: 1

RE[7]: My best friend
by Gullible Jones on Tue 27th Sep 2011 20:57 UTC in reply to "RE[6]: My best friend"
Gullible Jones Member since:
2006-05-23

FWIW I don't hold Windows as a "champion of security." And the reason I mentioned MAC is that it can protect the user's data.

Reply Score: 2

RE: My best friend
by Lennie on Tue 27th Sep 2011 08:13 UTC in reply to "My best friend"
Lennie Member since:
2007-09-22

JavaScript is not the same as Java-Applet.

In Firefox you can just disable the Java-plugin, you'll probably never need it.

I've never tried Minecraft, but I don't think you run it in the browser, right ?

Reply Score: 2

RE[2]: My best friend
by ssokolow on Tue 27th Sep 2011 08:42 UTC in reply to "RE: My best friend"
ssokolow Member since:
2010-01-21

Minecraft can be run as an applet or via a downloadable launcher JAR.

I use the JAR because the applet crashes the IcedTea (libre Java) browser plugin.

Reply Score: 1

RE: My best friend
by Laurence on Tue 27th Sep 2011 15:33 UTC in reply to "My best friend"
Laurence Member since:
2007-03-26

This is why, despite it being relatively slow and Mozilla's insane versioning scheme, I stick with Firefox. I've not found another add-on for any browser that comes close to the usefulness of Noscript in preventing malware from getting at me.

I think you're being a little unfair to other browsers there: I know for a fact that Opera has this function built in and I'm pretty sure there's similar Chrome extensions available too.

However flamewars aside, you do make a good point about browser security ;)

Reply Score: 2

RE[2]: My best friend
by Gullible Jones on Tue 27th Sep 2011 20:24 UTC in reply to "RE: My best friend"
Gullible Jones Member since:
2006-05-23

Opera, as far as I can tell, does not have anything like Noscript built in. There is one extension and one userscript, but the extension is not very powerful and the userscript breaks many websites.

Chrome doesn't either. There is the ScriptNo extension though, which seems to be fairly good.

(Chrome's built-in script blocking doesn't count - it does per-page blocking, not per-domain blocking.)

Reply Score: 2

RE[3]: My best friend
by Laurence on Wed 28th Sep 2011 08:59 UTC in reply to "RE[2]: My best friend"
Laurence Member since:
2007-03-26

Opera, as far as I can tell, does not have anything like Noscript built in. There is one extension and one userscript, but the extension is not very powerful and the userscript breaks many websites.

It does have it built in:
Settings -> quick preferences -> untick 'enable javascript'

You can also enable/disable plug ins too - which works just the same as Flash Block except it's against ALL plug ins (including Adobe PDF and Java Applets such as those used in this exploit)

Chrome doesn't either. There is the ScriptNo extension though, which seems to be fairly good.

(Chrome's built-in script blocking doesn't count - it does per-page blocking, not per-domain blocking.)

I hadn't said Chrome had any functionality built in. I said there are extensions available.

Reply Score: 2

Wow...
by tomcat on Mon 26th Sep 2011 23:59 UTC
tomcat
Member since:
2006-01-06

I'm so glad that I only visit non-FOSS websites... LOL.

Reply Score: 1

RE: Wow...
by ichi on Tue 27th Sep 2011 08:42 UTC in reply to "Wow..."
ichi Member since:
2007-03-06

Interestingly enough Oracle had just announced that MySQL was turning into an Open Core model, rather than staying as FOSS.

Reply Score: 2

RE[2]: Wow...
by Laurence on Tue 27th Sep 2011 15:35 UTC in reply to "RE: Wow..."
Laurence Member since:
2007-03-26

Interestingly enough Oracle had just announced that MySQL was turning into an Open Core model, rather than staying as FOSS.

Another good reason to use PostgreSQL

Reply Score: 5

Comment by metalf8801
by metalf8801 on Tue 27th Sep 2011 05:56 UTC
metalf8801
Member since:
2010-03-22

Its interesting that ClamAV was one of the first four security software packages that could detect this piece of malware

Reply Score: 3

RE: Comment by metalf8801
by manjabes on Tue 27th Sep 2011 09:11 UTC in reply to "Comment by metalf8801"
manjabes Member since:
2005-08-27

If you look at the VirusTotal report carefully, you'll notice that none of the security programs actually "caught" the hack. 4 of 44 simply labeled it as "suspicious" which in regular-user terms means "false-positive".

Reply Score: 1

RE[2]: Comment by metalf8801
by Gullible Jones on Tue 27th Sep 2011 13:03 UTC in reply to "RE: Comment by metalf8801"
Gullible Jones Member since:
2006-05-23

Sadly this is starting to look like the normal state of affairs. There seem to be whole categories of malware, e.g. fake antivirus trojans, that most AVs just don't detect.

Furthermore, "realtime" antivirus protection is often a joke in my experience. I've seen computers get infected straight through it with big-name antiviruses like Norton and McAfee.

I figure this is the reason Microsoft decided to implement UAC... Which would probably be quite effective, if everyone and their sister didn't turn it off!

Reply Score: 3

IE 9 will block this.
by ramasubbu_sk on Tue 27th Sep 2011 05:59 UTC
ramasubbu_sk
Member since:
2007-04-05

IE9 by default block cross site scripting and also by turning on the "Tracking Protection". You are more secure!!. Firefox & Chrome should adopt this feature.

Reply Score: 3

RE: IE 9 will block this.
by Gullible Jones on Tue 27th Sep 2011 12:49 UTC in reply to "IE 9 will block this."
Gullible Jones Member since:
2006-05-23

XSS blocking != wholesale Javascript blocking. Though last I checked it is possible to get Noscript-like functionality on IE using Proxomitron.

(And IIRC Chrome does include some measures against XSS, just not as many as Noscript.)

IE 8 and 9 are sandboxed on Windows Vista and 7 though, if you enable UAC. Not sure how effective that would be in this case. I personally wouldn't know, since I never use IE - I find the user interface annoying.

Reply Score: 2

Correct me if I am wrong
by Tony Swash on Tue 27th Sep 2011 13:44 UTC
Tony Swash
Member since:
2009-08-22

"The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection."

Is this a Windows only exploit?

Reply Score: 4

RE: Correct me if I am wrong
by marcp on Tue 27th Sep 2011 18:43 UTC in reply to "Correct me if I am wrong"
marcp Member since:
2007-11-23

Yes. It was shown in the video embedded within this article.

Reply Score: 2

v Comment by ilovebeer
by ilovebeer on Tue 27th Sep 2011 14:55 UTC