9
Can a computer be infected when it accesses a malicious web page?
Why is not a web browser 100% safe? What web resources, such as Java Script, Flash or a HTTP connection, can infect a computer?
Squall
Posted 2011-02-12T20:52:17.053
Reputation: 989
12
Yes you can. Usually a proper Anti-Virus program will intercept these attempts though. Of course, browsers don't have "built in" backdoors/vulnerabilities but they can exist nevertheless. When such a vulnerability is found by a hacker or other malicious user, that vulnerability can be exploited to infect the visitor of the web page.
If something could be made 100% safe, there wouldn't be any need of Anti-Virus programs at all. There's always some creative solution that can be found to infect people anyway and such an exploit can only be patched after it has been discovered.
It's like typing an entire book on your keyboard, without checking for typos. You will only discover your errors when you start reading/reviewing whatever you typed. Reading in this case, would be to just "use" the browser.
Most exploits are in 3rd party plugins (such as Flash, PDF reader plugins, media, etc.) so the browser maintainers don't have full control over what is run in their browser. It's like having a house built by 4 different contractors who don't know exactly what the others are working on or how they are doing it...
BloodPhilia
Posted 2011-02-12T20:52:17.053
Reputation: 27 374
Is Avast a good antivirus for mac? – Ruchir Baronia – 2016-04-13T04:14:40.370
I love the implication that metaphor has; "code is written start to finish without being read through" :P – RJFalconer – 2011-02-12T21:22:09.907
@RJFalconer It's true right ;)? At least, you won't find most of the bugs until you've executed it... – BloodPhilia – 2011-02-12T21:23:02.043
I would like to know some old Firefox exploits and understand – Squall – 2011-02-13T22:23:25.890
@Squall there are several exploits that were made public. Try googling for "exploit plugin add-on firefox" – BloodPhilia – 2011-02-15T13:02:53.780
3I disagree. 99.99% of the time is the user downloading and executing some rubbish. And no, an antivirus cannot intercept unknown exploits. – gd1 – 2011-07-16T21:36:22.740
1
Squall,
Software is intrinsically difficult to get right. For a glimpse at why, I recommend an article by Cem Kaner, an expert software tester. The article is called "The impossibility of complete testing." Also read his article on "Software Negligence and Testing Coverage"
A short answer is that software is complicated, demands perfection, and humans are imperfect. With limited resources, competition, and limited knowledge, a lot of software developers do the best they can. Those who are careful to produce even more secure software will never be able to compete--their products will be more expensive, late to market, have fewer features, etc. On the other hand, security is becoming an important customer consideration; while customers (and most developers) can't tell what's secure by looking at it, there are experts, analysts, and historical trends that teach us about security, and help us make better decisions about the products we buy and use.
Sometimes the more secure products will be more expensive, or lack other qualities we desire beyond just cost (features, usability, performance, etc).
In the world of software security, we generally accept that if an adversary has enough funding, motiviation, and/or resources, nothing is truly secure.
Security costs money, and it's a tradeoff.
K Robinson
Posted 2011-02-12T20:52:17.053
Reputation: 897
0
I was sure that today's every security holes were fixed. I was wrong.
Just as a proof you can read Microsoft Security Bulletins. On the left tab there is Security Bulletins by years where you can find IE and Edge patches. You can find that on each, or almost each months, either the recent ones, there is patches for IE and/or Edge. I'm sure there is equivalent bulletins for other browsers (with more or less patches).
Eric Ouellet
Posted 2011-02-12T20:52:17.053
Reputation: 139
0
Yes, those are called "drive by infections".
The term “drive-by infection” describes the process of malware (malicious software running harmful activities against users' wishes) infecting a user’s computer merely by visiting a website. Affected websites often contain legitimate offers, but have been compromised by hackers introducing malicious code to the website to then distribute malware. Just surfing to an affected website is sufficient to infect a computer.
Why a web browser is not 100% safe? Prime example here
See a video of a drive-by infection in action here:
Moab
Posted 2011-02-12T20:52:17.053
Reputation: 54 203
It depends on which browser you are talking about.. – Pacerier – 2012-04-29T00:27:05.600