OT: I just upgraded to Win 10

Page 3 of 4  
On Thu, 28 Jul 2016 14:27:11 -0400, FromTheRafters wrote:

Correct. I used sloppy terminology. The vulnerabilities would be previously unknown faults within Windows (or IE, or Office, or Media Player, etc.). The exploit would be a crafted web page that uses the vulnerability.
Of course, a malicious MS employee might insert an exploit into Windows if paid enough by the Chinese or Russians.
--
http://mduffy.x10host.com/index.htm

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

And here we thought Uncle Steve was crazy. ;)
nb
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
After serious thinking Mike Duffy wrote :

Indeed. For instance if there was a vulnerability in a Windows decompression algorithm implementaion, which was known by the malicious employee, such an employee could craft an archive to exploit it and practically force it to the machine via BITS. There are some places where compression decompression is done behind the scenes by the system itself, so it might even be a self starter.
Good policy, such as that laid out by Mayayana, is very good but not perfect.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 7/28/2016 4:51 PM, FromTheRafters wrote:

Everyone has a price.
Two questions: 1. How much would it pay 2. How do I get a job at Microsoft.
Just asking out or curiosity, of course.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ed Pawlowski presented the following explanation :

There's a zero day privilege exploit purporedly for sale now for a mere 90,000 dollars.
I don't know about how to get you a job at Microsoft.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
on 7/28/2016, Ed Pawlowski supposed :

There's a zero day privilege exploit purportedly for sale now for a mere 90,000 dollars.
I don't know how to get you a job at Microsoft.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 29/07/2016 01:24, FromTheRafters wrote:

He could check with these resources:
Microsoft Careers - Job Search and Student and Graduate http://careers.microsoft.com/
Microsoft Visitors Center http://www.microsoft.com/about/companyinformation/visitorcenter/en/us/default.aspx
Careers at Microsoft. http://www.microsoft-careers.com/
Microsoft - JobsBlog http://microsoftjobsblog.com/
Hope this helps.
--
"I am always doing things I can't do, that's how I get to do them."
Pablo Picasso (1881 - 1973)
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Mayayana submitted this idea :

No, that's what makes them privelige escalation exploits as opposed to other kinds of exploits which allow only user mode access.

He does, and after reading some of what you write below I'd say he knows more than you do about malware. I'm not sure though, because he and I haven't discussed malware very much.

I do mostly the same as what you outlined above, however I have severely reduced my 'risk' but not having anything 'on *this* computer' that I can't afford to have accessed by malicious actors.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| > Yes, and most of them bypass file restrictions. | > That's part of what makes them exploits. | | No, that's what makes them privelige escalation exploits as opposed to | other kinds of exploits which allow only user mode access. |
I've noticed that you're very fond of these pointless geek arguments over terms. You've just restated what I said, with no useful clarification. Exploits exploit vulnerabilities, no? And many of them are not stopped by file restrictions. That's all I'm saying. you add nothing by splitting hairs.
| > If you | > want to wear a helmet to take a walk that's up | > to you. It may make you a bit safer. Before you | > tell other people to wear a helmet you need to | > know what you're talking about. | | He does, and after reading some of what you write below I'd say he | knows more than you do about malware. I'm not sure though, because he | and I haven't discussed malware very much.
He may very well know more about the corporate party line that he's speaking for. I've never had any malware problems and you haven't qualified your criticism in any way, so I don't know what your point is. What I wrote below is just a list of the basic security threats online. You can research it for yourself. Nearly all attacks require javascript. Flash and Acrobat are two of the most common security problems. Even then, it generally involves script.
| > I always run with no restrictions. I haven't used | > AV for years. I wouldn't touch things like MalwareBytes. | > I've never had malware. Why? Because I avoid enabling | > javascript whenever possible, I don't have Flash | > installed, I don't install anything from Adobe, and I | > don't have Java installed. Nearly all malware from | > online requires javascript to be active. Much of it | > exploits Flash or Acrobat Reader plugins. Much of it | > exploits MS Office programs. | > There's no reason for using Adobe products or MS | > Office, with the exception that some might have to use | > MS Office for work. Even then, you can be careful | > about MSO file extensions. You don't have to cripple | > the system to do that. Just be careful. | > | > If you routinely enable javascript while running in | > lackey mode with file restrictions, then you're walking | > around with a helmet while staring at your cellphone: | > You'll almost certainly be run over sooner or later. In | > the meantime you're saddled with that uncomfortable | > helmet. |
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Mayayana was thinking very hard :

You're the one who stated above that bypassing file restrictions is part of what makes an exploit an exploit, not me. The fact is that exploits do not depend upon any such thing. Most of them exploit userland.
Terminology matters, that fact that you think it doesn't, makes me wonder why you even bother to respond to me. If you want to run as admin and subject your machine to exploits which running as a standard user would thwart, go right ahead. IMO it is not a good idea to advise others that it is a safe practice.

I clarified a point which you obviously missed.

Oh, I see the tinfoil hat now.

My point was that you have errors in your thinking, but since you don't seem to care and would rather just accuse me of splitting hairs, you can keep them. The problem arises when you see fit to advise others to do as you do.

Yes, I agreed with all of that. Many exploits use script not strictly as exploit code but as an obfuscation layer and as server-side polymorphism. Some use it to set up heap spraying to increase the chances of an exploit working as desired. Not running Adobe's ActionScript in Flash and PDF Reader by not allowing them at all makes good sense to me. Turning off script in the browser does too.
Running as admin is just plain being lazy IMO, but if you want to it's just fine. Arguing against someone who thinks otherwise is not.
[...]
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 28/07/2016 22:31, FromTheRafters wrote: [....]
Pick on someone your own size, FTR! ;-)
--
"I am always doing things I can't do, that's how I get to do them."
Pablo Picasso (1881 - 1973)
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| Pick on someone your own size, FTR! ;-) |
I don't mind. He's usually reasonably accurate, despite the persnickety geek stuff. :) But I think this topic is pretty much aired out at this point. Anyone impressionable/uninformed is not likely to be overly swayed in either direction, which was my intention.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
David B. was thinking very hard :

I'm not picking on anybody. Do you think running as admin is a good idea? Ask Leo. ;)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
@bell.net says...

I am not worried about getting hacked. I do make a backup to an external hard drive when I have major changes or new files/pics.
When win xp was around almost 15 years and could not plug all the holes, I doubt win 10 would be much safer after it has been out a year and the hackers have had a chance to get into it.
I do have more than one computer so if one is hacked, I just use another tuil I get around to redoing the hacked one.
--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 28/07/2016 17:44, Ralph Mowery wrote:

I like your style, Ralph! :-)
--
"I am always doing things I can't do, that's how I get to do them."
Pablo Picasso (1881 - 1973)
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
David B. wrote:

BUT,,Win10 is it's own hack. Guaranteed spyware OS.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 30/07/2016 08:26, Robert Baer wrote:

Windows Defender is built-in to Windows 10. There’s nothing to buy and nothing to install. No configuration, no subscriptions, and no nagware.
Windows 10 is the most secure Windows. Ever.
It says so, here:- https://www.microsoft.com/en-us/windows/windows-defender
DO GREAT THINGS WITH THE BEST WINDOWS EVER!
https://www.microsoft.com/en-US/windows/features
Windows 10 is working well for me! :-)
--
"I am always doing things I can't do, that's how I get to do them."
Pablo Picasso (1881 - 1973)
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
David B. wrote:

Do not hold your breath sweetheart..
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 01/08/2016 08:46, Robert Baer wrote:

Most of the time I use an Apple iMac! ;-)
--
"I am always doing things I can't do, that's how I get to do them."
Pablo Picasso (1881 - 1973)
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Buried in the Windows 10 service agreement is permission to poke through everything on your PC.
Is your doctor's office using Windows 10? Your bank?
http://www.networkworld.com/article/2956574/microsoft-subnet/windows-10-privacy-spyware-settings-user-agreement.html
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.