Virus Myths

[Puguni]

>_> Can someone tell me the extents of actual damage a virus can do? I'm starting to get paranoid about the kinks in my computer, and I'm not sure now. :O I've scanned my comp twice now darnit! :d

[TurkishMonky]

from what i know, most kinks are from badly written drivers and software (like windows ). virii can cause damage, but usually they utilize a more direct approach (aka deleting critical system files, massing up your display)

have you been running adaware or spybot s&d? you shoud try running somthing like that as well as virus scanning.

[Puguni]

[quote="TurkishMonky"]from what i know, most kinks are from badly written drivers and software (like windows ]

Yeah, I did each of those twice. ><; No, it was just something about my internet connection.

[ClosetOtaku]

Hard to say, "kinks" is a kind of non-specific descriptor that is the bane of all Help Desks.

Could be a virus. Could be spyware. Could be your ISP. Could be your browser. Could be your hard drive. Could be cosmic rays. Could be the phase of the moon.

If you are able to be more specific about "kinks", I might be able to trim back on the speculation a bit as well...

[Puguni]

:O No, I wasn't worried too much about kinks, sorry for the poor choice of words. I just wanted to know how much feasible damage a virus could possibly do, because I don't want to go around panicking, thinking that a virus has severed my internet connect, when my service provider just had an outage.

[Mr. Rogers]

This isn't about viruses, but another related area - internet cookies. I read this a few weeks ago and it was interesting. Read it to learn more about what cookies can and can't do.

[Mithrandir]

Um... What is it, S4C?

[Mr. Rogers]

Um... What is it, S4C?

XD...ahhh...yeah. i like might be nice

http://computer.howstuffworks.com/cookie.htm

[Bobtheduck]

DoubleClick then went one step further. By acquiring a company, DoubleClick threatened to link these rich anonymous profiles back to name and address information -- it threatened to personalize them, and then sell the data. That began to look very much like spying to most people, and that is what caused the uproar.

DoubleClick and companies like it are in a unique position to do this sort of thing, because they serve ads on so many sites. Cross-site profiling is not a capability available to individual sites, because cookies are site specific.

Hence why I block all doubleclick cookies and adblock doubleclick ads. That is VERY scary... Doubleclick is a scourge on the net, approaching squatters in their annoyance...

[LorentzForce]

Technically a virus is a software, and arguably the most damaging a software can do is properly either modify/overwrite the BIOS, or play around heavily with temperature handling mechanisms. Both of these are most very often system specific, and there's very little chance that a virus will be smart enough to pull it all off.

That's if you even run the virus. Executables only run if you run it, it doesn't start by itself automatically, that's a worm, a whole another thing.

As for cookies, DoubleClick, however much of a threat it might look like, has absolutely no way to link back that precious IP address of yours to an actual name unless it somehow convinces an ISP of _the specific IP address_ to fess up the infomation. And ISPs aren't stupid to give that data away, pretty much every single one of them also have very strict privacy policies. Only way they can have your name is if you let them know. They don't even know your email. So, until they do somehow get it, they're just piling up useless information.

Cookies are completely harmless. Completely. Do you panic over your train tickets because the train stations can monitor your ticket's movement? Do you panic when you go to get a driver's licence and now everything about you will be stored in some database? Some data are meant to be used, and they are not abused, and in cases where they could be abused, they are very heavily regulated and designed to be unable to. There were few mistakes made in protocols since birth of the whole web, but cookies aren't one of them (things like having encryption being optional rather than compulsory is an issue, but that's whole another story).

[Kaligraphic]

Doubleclick isn't a threat, it's just a nuisance. All it does to you, really, is show you ads. Now, I have them blocked in my hosts file because they're annoying, but they can't track you down or anything. Even if they could, it wouldn't make business sense for them to do so - the point of their cookie is to fit you into their statistics. They don't care if you are spending half your time plotting terrorism on alqaida.com - they care if there is a pattern in a statistically significant portion of tracked visits.

Another use of the cookie is to show you ads that you haven't seen before. Ideally, they want to find out what kind of person responds to what kind of ad.

Above all, the thing to remember is that cookies can't hurt you.

[chibiphonebooth]

*likes cookies*

*especially the chocolate chip kind*

[Scarecrow]

But a cookie grabber can be bad right? Ive only heard something about those briefly mentioned but that was the vibe I got. something about stealing passwords and such or something. Anyone fill me in?

[LorentzForce]

Don't think a site can be stupid enough to store your password when it's not at least hashed. And it's unlikely anyone will figure out what your password is merely by reading the hash.

[Mithrandir]

Hmm... I'm going to have to disagree on this point. There actually ARE sites that store data in unhashed formats, and even the ones that DO hash it don't always use good types. Add that to the fact that a bad password WILL BE DISCOVERED EVEN IF IT'S HASHED and you start to have something that it's good to be nervous about.

There are websites on the net (or databases you can buy) where every entity in a dictionary has been hashed and calculated and stored in a database. If you have a hash that's based on pretty much any dictionary combo, it can be looked up VERY quickly (since they don't have to be calc'd anymore).

[LorentzForce]

Point taken. But that also assumes the user was silly enough to use a word out of the dictionary to make a password, which then you shouldn't be questioning the cookies, but the user's choice of password. Security's only strong as the weakest link, and all.

There are always brute force ways to figure out a hashed password (for any encryption for that matter, given enough time), if it wasn't hashed correctly (straight md5($password) or something without another hidden value introduced to it). Just means you should be careful on sites that don't really seem very protective of their users. Fortunately, it'd be easy to assume that major companies will at least do that part properly or else they will be pointed fingers at legally.