From: "Geo" 

"John Beamish"  wrote in message
news:op.thy79cxqm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
> So running a browser in a VM is not a fully secured environment.
>
> I asked the question because Joe and Josephine Sixpack may no longer be
> part of a botnet but they will still hand over the keys to the family
> wealth if they use a credit card.

As long as a browser allows all these fancy ways of redirection and hiding
real URL's and such then there will always be the possibility of getting
fooled.

But don't think a VM is going to stop a botnet either, the bot will just
run in the VM and do it's damage while that VM is active.

The real solution here is to simply not run untrusted code. If code is to
run on the computer then it should require the user install it and it
should require that the system be able to uninstall it at the users
request. Currently it's up to the programmer to create an install routine
that allows for a full uninstall and as we all know those uninstalls are
not always complete. The system should track changes at install and create
it's own uninstall log so that anything installed can be uninstalled.

In other words, install/uninstall should be OS functions and the OS should
not let code run unless it has been installed via that function. That
change would make for a much more secure, much more consistant user
controlled system. It would be more difficult to install spyware and
trojans.

Geo.

--- BBBS/NT v4.01 Flag-5