From: "Rod Gasson" 


"Bob Lawrence" 
wrote in message
news:1080814329{at}p12.f610.n712.z3.ftn...

> RG> Err, Bob. Methinks you need to do a bit of research on exactly
> RG> what a cookie is, and why they are used, because I can assure
> RG> you that no one has EVER "run" a cookie file under any
> RG> circumstances whatsoever.
>
>  I know that, but the "crap like that" includes Java self-running
> crap like that.

But even 'crap like that' (java) doesn't 'self run' unless you allow it.
I don't see how you relate java to cookies though.

> I meant that cookies come unsolicited and end up god
> knows where.

Yes, god, and everyone else on the planet except you apparently.
The fact is, cookies aren't stored just 'anywhere' - they are all stored in
the same place (as defined by whatever browser you are using).  It's not as
though the sender of a cookie can tell it to save anywhere else other than
the designated cookie folder.

> To me, it seems rather simple to write a false "cookie"
> that runs automatically.

If it were that simple, don't you think there'd be hundreds of virus's
already out there taking advantage of what you percieve to be a major
secruity risk?
The fact is, the last count of the number of viruses spread either directly,
or indirectly via cookies is ZERO !!!

>  Once upon a time, only .EXE, .COM and .BAT files ran with access to
> the system. Then came Microsoft Windows with Explorer built in, and
> Explorer runs animation, Java, VB scripts... the whole thing given
> access to the sytem.

Only if you allow it.

> Of course a text file can't get access to the
> system, but Explorer and Windows by-passes that, and if you
> believe that anything M$ ever wrote is foolproof, then good luck.

I don't trust ANYTHING written by Microsoft.

> RG> There was ONE version of Microsoft Outlook released many years
> RG> ago that had a BUG that would allow javascripts (not java) to
> RG> be executed without user intervention. This bug has long been
> RG> fixed.
>
>  Good luck... I was talking about the nice-lady spinmeister from
> Microsoft who admited a few weeks ago that a bug still exists in
> WinXP.

Just one bug?   Heck, I'm sure it has a lot more than that.

>  By JAVA, I meant that you have JAVA loaded on *your* machine
>  which will then run java beans as they arrive.

I trust that you DO know the difference between Java (a virtual machine) and
javascript (a script file coding language)?  They are NOT the same thing,
they are NOT related, and JAVA files/programs are not run by explorer, OE,
or the like.
Javascript can be / is run via explorer and friends, but by default, all of
the possibly nasty actions are disabled, and if that not enough it is a
trivial task to disable the running of all such script files.

> RG> The only way to get a virus infection is by actually RUNNING a
> RG> virus infected executable. If people stopped doing this,
> RG> viruses would cease to exist !!!!
>
>  Any self-loading program is susceptible.

Yes it is, and that's why the smart people simply disable this capability.
I always thought you were smart.

> What you say *was* true
> before the Net and Win98/Explorer. I made do for 20 years with no
> viruses, but now I'm too nervous. It's nto enough to "just don't run
> an EXE."

I've been using computers for as long as you, I've been online 24/7 for
almost a decade, and I've still managed to remain virus free.

> RG> If ANYONE gets virus infected these days it is their own stupid
> RG> fault - They've actually had to go out of their way in order to
> RG> get themselves infected.
>
>  That's the problem... you don't have to make a positive step,

Yes you do.

> Windows does it for you.

No it doesn't - at least not without the user changing the security
settings.

> It's the Microsoft philosophy that made
> Gate a squillion. For instance, try and remove Explorer. Win98 just
> loads it again. I had a sound-card program that kept loading itself,

Your really going off on a tangent now.

> RG> Cookies are totally harmless.
>
>  Yair?

Yair.

> Unless the cookie is not what it seems to be... you already
> give it access to the system.

Gee Bob, you really are talking a whole lot of shit here. PLEASE do yourself
a favour and do a little research on exactly what a cookie is, why they
exist, and how they actually work, because it really is obvious that you
don't have the foggiest idea, other than someone at some time must have told
you 'cookies are bad'.

The truth is cookies are GOOD. I wouldn't consider doing all the online
stuff that I do without them - Over the years they have saved me HOURS of
time (by not having to repeatedly enter my name/address, etc each time I use
any given webstore.
I also like the fact that they save MY preferences when using search
engines, such as google, etc.  And in spite of always accepting cookies, I
am another of the millions of people that have never ever had any virus
related activity due to them.

As for the 'privacy' issues that people spout when they finally realise that
they are actually harmless,  well, a cookie can't return any personal
information that I didn't already enter when I went to any given site in the
first place.   Site 'B' cannot access a cookie that was set by site 'A', so
its not like this inforamt can be passed along.

> RG> Exracting ZIP files is totally harmless.
>
>  Yair?

Yair.

> Unless the ZIP file is a self-extracting EXE file

A self extracting .exe is an executable file - and that is NOT the same
thing as a ZIP file.
Only a fool would double click on an unknown .exe hoping that it really is a
self extracting zip.
Your not a fool are you Bob?

> with an inbuilt extra,

F'fucksake Bob, what moron would bother to create a self extracting zip file
that contains a virus when they'd have just the same chance, or more, of
having people simply execute the virus code itself?

IE, why have a self extracting zip file called "runme.exe" that contains
another file
called  (say) "i-am-a-virus.exe", when the virus itself can also be called
"runme.exe" ?

Me, and millions of others don't try to distinquinsh whether the .exe we
have is a self extract zip, or just a straight out virus...  its an .EXE, it
is not to be trusted.
End of story.

> RG> Reading email is totally harmless.
>
>  Yair?

Yair.

I've been readin email daily for well over a decade.  I'm still virus free.

> What about animations?

You mean GIF animations?  No known virus has ever been spread via this
method.
You mean javascript animations?  Generally safe, unless you reduce the
security settings from their defaults.

> Or a hiden attachment that runs the
> first time you press ENTER, or ESC, or anything? That's what the M$
> bug the nice-lady was talking about did.

Please take a look at the full report of this particular bug, because if it
is the one I'm think of, there is no risk whatsever to anyone using Xp out
of the box - the only people effected are those that have relaxed their
security settings to allow these things to run without user intervention.

> RG> Executing (not extracting) the contents of a ZIP file can lead
> RG> to infections. Enabling javascript in your email client can
> RG> lead to infections. Both of these things requires user
> RG> intervention.
>
>  Or a hidden backdoor agenda from Microsoft. I simply don't trust
> them.

I don't trust them either, but that is a whole new ballgame.  Many of us
consder Windoze itself to be the biggest virus in existance, but that still
doesn't change the fact that despite of all the MS bugs, and despite my
distrust of MS itself, and despite the fact that I've been online 24/7 for
about a decade, and despite the fact that I accept all cookies, I am STILL
VIRUS FREE.
It's NOT because I've just been 'lucky' or never been exposed to the same
risks as everyone else, it is simply due to the fact that I use plain common
sense (keeping Windoze up to date) and never ever running any kind of
executable unless I know exactly what it is or where it came from - oh, and
by not reducing the security settings to allow things to run without my
consent.

In short, yes, its a jungle out there, but there really isn't the need to be
THAT paranoid about it.

Cheers
Rod













--- ifmail v.2.15