Does this apply to an unprotected computer ( no firewall, no nothing ) sitting on the net on an open broadband connection?
Using a router/switch and ZoneAlarm etc. Just how much danger is there? Can they come in through the NOAH Gov. weather sites and install stuff on your computer while you are getting the radar loop?
Can they attack while we are reading and posting on the SDMB How they do dat?
I figure if I’m clicking on any and all links on a xxx site and have 27 windows open in the background and have all pop-ups allowed, with no firewall, all ports open, no virus protection, that I might get a bad thing installed if I click yes on everything that comes up. Or if I open all email and follow all links in them from my good friends at #$%xxx@nasty.com … but… These security holes that are found. Why have not all those on SDMB who use IreFox not gone down in flames?
I use IreFox, IE, AOHell, Ophra — all the time and I don’t so far ( knock on wood ) have bad stuff jumping in through the holes every time I go on the net. So what is the real deal?
I know some here leave their computers on 24/7 on broadband connections and that is the supposed perfect target of the bad guys. If these holes are just sitting there, why have not they been hacked and took over? Sending spam all night? Little green eggs flowing out the vents of the towers?
a) Most people do not realize they have bad stuff all over their computer. They assume that viruses/adware would cause visible problems like errors and stuff not working, but that’s just the badly designed ones. Good ones are subtle.
I had a friend who claimed he never had a virus and hence did not need an antivirus, scanning his system revealed 4 different trojans and spambots abusing his system resources that he wasn’t aware of.
b) A security hole in the browser is just that, a security hole. If the hole allows arbitrary code to be executed by just loading a site(like a lot of them are), then by iself you would have to visit a web site with malicious code on it. A government site is pretty safe. However, combined with adware that can automatically load ads from questionable sites in your browser, if that questionable site is hacked and malicious code installed…well you know the rest of the story.
Plus a lot of people will visit sites that they do not realize can be malicious, and willingly install jumping cursors, screen savers, stupid little games, etc. that all have dangerous payloads of adbots, spambots, etc.
A prime example is that game Snood that was very popular for a while. Everybody had it on their PCs, and it had one of the biggest adware payloads I’ve ever seen.
You may be confusing two different phenomena:
[ol]
[li]Security holes in applications are usually limited to that application alone, meaning you have to be using it to get infected. IE security holes shouldn’t affect you unless you’re browsing with IE, Outlook holes won’t affect you unless you’re using it to read email, etc. It’s not quite that simple because sometimes other applications use IE to display websites without being obvious about it, so you may get infected that way.[/li]
So for those Firefox holes… if Firefox isn’t open and you’re not browsing any website, you should be safe. And even if you’re browsing sites, you should be safe unless the website was specifically made to exploit that hole. But it’s a very dangerous idea to rely on the webmaster’s good will to protect yourself, so patch up ASAP.
[li]Even if you do not run any programs, Windows itself had (and probably has / will have) a number of vulnerabilities. The very moment you connect an unpatched Windows computer to the Internet, it is vulnerable. Without a firewall and/or anti-virus program, your computer could be infected within, sometimes, seconds. All without you clicking the mouse or doing anything except plugging the network cable in. The Sasser worm is one example that does this.[/li][/ol]
As for why you haven’t gotten infected already, two possibilities: One, you’ve been very lucky. Or two, as groman suggested, you might be infected and just not know it. Not every virus out there is destructive to its host, but it’s still not a good idea to keep them on your system. Never know if one of them might be using up your bandwidth or logging everything you type.
So, always, always:
-Keep Windows updated via Windows Update
-Use a firewall (or preferably, two – a hardware one that blocks all unsolicitated incoming traffic and a software one that blocks all not-specifically-allowed outgoing traffic)
-Have a virus scanner running at all times
-Have a spyware scanner running at all times (if your virus scanner doesn’t include one already)
Lol, I just read over my post and saw how contradictory it was. “It’s safe… blah blah… it’s very dangerous.” Sorry about that. What I meant is that while you’re probably going to be okay, there’s no reason to risk it.