Posted on 06/13/2012 9:39:00 PM PDT by OldEarlGray
>>I never do auto updates, I want to see what it is
Ok.
“Microsoft” Update notifies you that security patches need to be applied. What will you do?
I offered the home user a very useful program that can prevent infection of their PC when used properly.
Home users read the news, email and download music. Some, but fewer, use the PC for creating and managing files of various form. for those who meddle with pirated software.. well, they get what they deserve.the use of a sandbox program can prevent malicious software from escaping and altering system files, registry keys or anything else for that matter. When a sandbox is used properly, your PC stays clean. Period. You can launch a virus on PURPOSE in a sandbox and then laugh at it because it cannot do any damage unless you release it manually.
I am currently logged in with an administrator account while reading this... and I have no worries because this browser runs in a sandbox. It cannot call external programs without my interaction. The point is, your everyday user has no interest in a deep understanding of what is happening, they simply don't want to deal with an infection. A sandbox will all but prevent that when used properly. This is good, sound advice for the everyday user.
I've been in this business for over 20 years and this is one of the most useful applications of it's kid that I have ever seen. Nothing else even compares in value and performance. It does what it says and it does it well. Only on one occasion did a MS patch break the program, and they released a fix for that rather quickly on the sandboxie website.
I'm having a hard time understanding why you would baulk at someone recommending a simple and effective solution to preventing machine infections.
What I’m balking at, Wiley, is your laughably pretentious assertion that 100% of cyber attacks exploit either a web browser or an email.
Oh and, were the assemblies in your Sandie Box built with a tool like, say, Microsoft Visual Studio - and signed with a certificate?
Did you read the article between downloading “Music” into your sandboxie?
I’ve got a couple thousand files on my iPod. Never needed a SandBoxie for that. NO SALE.
I agree with and appreciate your point. But..
The time when most all computer users had a minimal level of technical knowledge is long gone. It seems to me a bit like requiring all motorists to be quasi-mechanics in order to be safe drivers.
Something is out-of-whack in this scenario.
It means you should be using Firefox.
I HATE Microsoft Internet Explorer and never use it....ever!
However, we are a UPS shipper and have been so for many, many years. We use the online UPS system only.
A month ago I tried using the UPS World Ship program and quickly found out that their system was based upon all Microsoft programs and SQL databases....including Internet Explorer.
We have switched back to the internet system needless to say.
I did find it conflicted with AVG and a couple of other anti-virus programs. Those programs started incorporating a variant sandboxing capability that messed up Sandboxie. Solution: MS Essentials, it works compatibly with Sandboxie.
==
I also recently added another program that my bank website recommends. It is Rapport. It basically creates a ‘tunnel’ between your computer and any specified website (banking or other password websites).
http://www.trusteer.com/product/trusteer-rapport
==
I also use an add-on/extension that works with Firefox and IE. The pay versions work with additional browsers. It is Keyscrambler. It encrypts most of what you type into your browser.
==
I also recently installed DoNotTrack Plus. It blocks many of the tracking cookies various websites put on one’s computer. It works with both Firefox and IE.
Besides "code Red" (10+ years ago), what percentage of virus/trojan/exploits in total have been problematic that were NOT user invoked?
Well, I'll tell ya, ELMER... next to nothing. With very few and isolated exceptions, exploits are EXECUTED by the user either on purpose inadvertently... be it from opening files that are infected or by viewing "specifically crafted" web content. I never said exploits were carried via music files, I told you that's what many home users are doing with their computers and MANY of them acquire said music through unscrupulous means (websites run and built by people of questionable character). Personally, I don't download music. I have no use for it.
I can't give you an exact number, but I can tell you from experience that if home users did nothing more than run their browser in a sandbox and use it properly, nearly all exploits to date would be rendered ineffective.
Personally, I just think you're full of yourself and like to argue. You laugh off a very effective application because theoretically, there is a POTENTIAL that it is not 100% effective or that it could possibly have bugs in the code. That's not very sound thinking and I've got some news for you sparky; ALL code has bugs in it. I've had to fire people in the past with such a mindset and attitude. Now goodbye to you, go nitpick somewhere else.
Have you switched completely away from avg to ms essentials entirely?
After being an avg user for many years, I am considering doing that.
Any issues in the transition?
Thanks.
When I bought a new Win7 laptop and later a Win7 desktop, I went with Essentials, due to a recommendation from
AVG and AVAST! conflicted with Sandboxie on my old XP, so I went with Essentials the last year before the XP died.
Sadly, both AVG and AVAST! grew into bloatware. AVG made the XP so sluggish. AVAST! 6 (IIRC) added its own sandbox that was rather clumsy and interfered with Sandboxie.
==
In addition to MS Essentials, I frequently do scans with SuperAntiSpyware to clean out tracking elements.
http://www.superantispyware.com/
Thanks, I might also make that transition.
AVG started out great and grew to unnessesary size.
My latest beef w/ avg is that it installs a firefox add-on with out asking me if I want to or not;
and the add-on is uninstallable without making fairly extensive registry edits.
Those are both two big no-nos from my perspective as a user.
It means you should be using Firefox.Really?
Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Remote Code Execution Vulnerability
2012-06-08
http://www.securityfocus.com/bid/53792
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
2012-06-07
http://www.securityfocus.com/bid/53791
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1939 Memory Corruption Vulnerability
2012-06-07
http://www.securityfocus.com/bid/53797
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
2012-06-07
http://www.securityfocus.com/bid/53793
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
2012-06-07
http://www.securityfocus.com/bid/53800
Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
2012-06-07
http://www.securityfocus.com/bid/53801
Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
2012-06-07
http://www.securityfocus.com/bid/53799
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
2012-06-07
http://www.securityfocus.com/bid/53794
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
2012-06-07
http://www.securityfocus.com/bid/53796
Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
2012-06-06
http://www.securityfocus.com/bid/53798
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
2012-06-06
http://www.securityfocus.com/bid/53808
Mozilla Firefox SeaMonkey and Thunderbird CVE-2012-1943 Local Privilege Escalation Vulnerability
2012-06-05
http://www.securityfocus.com/bid/53807
Mozilla Firefox SeaMonkey and Thunderbird CVE-2012-1942 Local Privilege Escalation Vulnerability
2012-06-05
http://www.securityfocus.com/bid/53803
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0477 Cross Site Scripting Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53229
Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities
2012-06-04
http://www.securityfocus.com/bid/46785
OpenType Sanitizer Off By One Remote Code Execution Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53222
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0474 Cross Site Scripting Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53228
Mozilla Firefox/SeaMonkey/Thunderbird Site Identity Spoofing Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53224
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0475 Security Bypass Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53230
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0478 Denial of Service Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53227
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0467 Memory Corruption Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53223
Mozilla Firefox/Thunderbird/SeaMonkey IDBKeyRange Use-After-Free Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53220
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0473 Out of Bounds Memory Corruption Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53231
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0468 Memory Corruption Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53221
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-0470 Heap Buffer Overflow Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53225
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0471 Cross Site Scripting Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53219
Mozilla Firefox/Thunderbird/SeaMonkey 'cairo-dwrite' CVE-2012-0472 Memory Corruption Vulnerability
2012-06-04
http://www.securityfocus.com/bid/53218
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
2012-05-30
http://www.securityfocus.com/bid/49778
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0458 Security Bypass Vulnerability
2012-05-22
http://www.securityfocus.com/bid/52460
Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability
2012-05-14
http://www.securityfocus.com/bid/51755
…
I remember when people who used 1024-bit keys were considered hopelessly paranoid. In real life it really wasn't all that long ago. In internet time, it was ages of course. I wouldn't be suprised at all by legacy installations that still had smaller keys. It still takes quite a bit of computational power to crack 768-bit keys. I don't believe even 512-bit keys can be cracked in anything approaching real-time, though they are within easy reach of someone with a bit of spare change, time, and a high-value target. Marking 768-bit keys as completely invalid is a bit excessive IMO. A warning for small keys would be sufficient for most of the few remaining organizations using them to have incentive to update to more secure keys.
Ping
I’m getting ready to try Keyscrambler on my Win 7 PC. Any words of wisdom/experience before I install?
How do you determine what is and is not a valid update from the list?
I don’t always apply them.as I have time I check what is being asked to be applied,take my time. but then this is a home computer not a work computer.
OK I have a windows 7 vm, windows 7 on a laptop and windows 7 on a netbook. i used firefox on all of them and don’t read email on them, email is all done on either and OS/2 computer or a linux box. am I save enough?
Evidently you still haven’t read the article.
Tell the class Wiley, how will your freeware sandboxie deal with certificates of trust, that appear to be signed by MicroSoft - whose signing can no longer be trusted?
Oops.
Oh and - how do we know your freeware “solution” isn’t itself a vector for malware?
The game Wiley, is Trust.
Do we Trust that the folks who compromised the trustability of MS’ certificate are operating under the direction of a calibrated moral compass which directs their behavior in alignment with the purpose for American governance that is specified in our Declaration of Independence — “TO SECURE THESE RIGHTS” — or not?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.