F
FromTheRafters
Edward said:Edward Diener wrote:
[...]
I think you are nitpicking but "malware" is fine with me also.
It's better. For a thing to be a virus, it *must* not kill its host too
soon. Other malware might have just that intention and no other.
[...]
I also continue to believe that malware will not generally be able to
infect someone's computer by just surfing web sites as opposed to
downoading/executing programs or opening e-mail attachments etc.
There, you may be mistaken. Generally, these malware program's servers
use exploits of various software vulnerabilities to automate
drive-by-download and execution of the offered malware.
I can understand taking advantage of a browser's vulnerability, but I
can not understand how malware can infect a client system otherwise
unless, of course, the end-user helps it too by foolishly opening or
executing the files some web site offers.
It can't. It is not a design feature. To do so they must exploit
something. Much care is indeed taken to assure that allowing websites
some limited programming rights will not result in unwanted behavior.
Unless one is going outside the realm of the very popular browsers, ie.
IE, Firefox, Opera, Safari, it is hard to imagine using a browser which
is itself malware.
Some would argue that IE fits that bill, but that's not what I meant, I
wasn't clear. The "exploit" code itself is "malware" (not implying that
the browser is malware)- the code it (perhaps a remote code execution
exploit) runs can then download and execute *other* malware (keylogger,
spambot, dDoS engine, etc...). The web based exploit is *one* malware
instance (a beachhead), that in turn brings more instances of malware
onboard.
[...]