Nobody has brought this up, so I guess it up to me to do so. A lot of
windows {ad,spy,mal}ware does *not* require you to click on anything or
explicilty install anything. All you need to do is visit the "right" web
page or preview an appropriate HTML email. ActiveX and IE security flaws
do the rest, with no prompts whatsoever. All this *only* works in IE,
and HTML messages in outlook (which uses IE, so the same exploits
apply).You can avoid almost all the problems by using an alternative browser that does not support activeX. If you have just java and javascript then installing *ware, even if the browser is running as root, is almost impossible (in java only applets with a trusted signature have filesystem access, and javascript does not support this access at all). Of course, there might be buffer overruns or other bugs that allow you to download and run anything you like anyway. Some plugins, for example macromedia flash, have some filesystem access features accessable from javascript. BTW binaries are pretty portable across linux systems. I had some libc 4.x (a.out) binaries on my older box from SLS 1.03 (kernel 0.99pl13) at least until the 1.2.x kernels. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
