This depends on what the provider actually *does* for you. If it just presents email in a web interface, youo could be at *greater* risk (because the browser is probably more riddled with security holes than your email agent!)
Want to be safe? Run something like elm on a SPARC. I doubt many viruses target that sort of environment! :>
I find most of my "3rd party" mail accounts do a good job at catching the occasional spam. OTOH, I rarely use them "in public" so they are really only subject to "leaking out" if one of the folks I correspond with ON THAT ACCOUNT (I use different accounts for different people) gets "infected". Thankfully, most of the folks that I correspond with are "responsible"/informed and unlikely to get screwed.
SWMBO had email problems a long time back. I begrudgingly let one of her friends send a message to one of *my* accounts (so SWMBO could read it). Within hours the account was seeing tons of incoming cruft. Don't these people understand why Bcc is such a winner? And why they should *not* keep email addrs in "their address book"?
"Gee, lets check the bedroom for a jewelry box ON TOP OF the dresser..."
GuerillaMail (sp?) is your friend for those one-time events!
Den fredag den 8. november 2013 19.45.41 UTC+1 skrev Don Y:
haven't had a landline in many years, but I would suspect it still works it serves a purpose, it means you can hang up the phone and go pick it up some where else without ending the call
I think there's around a 30 second limit where that works, before you automatically get hung up... but I'm not sure, I de-land-lined in May. ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
With group 7 signalling, either party can disconnect a call. Group 7 is anything that equates to AT&T #5 ESS truck characteristics. If you are originating or receiving a call, and the other party disconnects, you should get a "disconnect sequence" which is a 0.8 second polarity reversal of the talk battery. Sometimes, depending on the long distance trunking between exchanges, this signal can be delayed by 30 seconds or so. This is especially true when a cell phone is one of the parties and is cut off by cell site overload or loss of signal. But, a normal hangup should do it within a couple seconds.
That was never "guaranteed". E.g., a slow hookflash could cost you a connection! When faced with that situation, we would just go to the "next" phone, bring it off-hook and then hang up the original handset.
I built a little pair of "hold boxes" for a girlfriend many years ago -- so she could answer call in one room, then retire to her bedroom without dropping the call.
Nowadays, I suspect most phones have this built in. And, cordless phones make it unnecessary.
Our approach is simply not to answer incoming calls. If you think about it, the phone exists for the benefit of the CALLER, not the CALLEE! He has no right to assume the callee will be available and willing to accept his call -- so has to be prepared to expect disappointment!
Of course, if we later *return* his call and he fails to answer, *we've* not "lost" anything.
The problem lies in the fact that some email clients will "process" the message when you select it -- thereby exposing their vulnerabilities to the payload within.
Ideally, you want a policy that allows users to be unaware of which clients have which vulnerabilities -- or, restrict their choice of clients unilaterally!
E.g., there have been exploits back to the VT-100 days -- where a "message" (in an email *or* text file) could "program" the terminal to do malicious things *in* your system.
Except that files suddenly are no longer accessible!
(hard to find the inverse operation)
Again, wouldn't you *notice* that your drive light is on "a lot"? That files are disappearing? etc.
I notice when a disk indicator is on and it "shouldn't be" (what the hell is the machine doing, now??). Ditto if I see network activity when I'm not "doing anything".
Not necessarily they just have to do it stealthily. I have also seen ones that replace the entire contents of any image files with names ending .JPG, .PNG or .TIF with zeroes (not ransomeware just malicious).
It is really sad telling people that there is no hope of recovering their deleted data short of incredibly expensive cleanroom forensic methods that are completely out of the league of ordinary users.
It really only has to target the contents of key user data files eg "My Documents" and "My Pictures" to have the user by the balls.
Increasingly with huge and reliable disks people do not have recent backups to fall back on - particularly not the vulnerable target sector of barely computer literate home users flying on a wing and a prayer.
Not sure the scam does fall apart even if that was known. Chances are someone at home unable to get into their computer can no longer access the internet for up to date advice either.
Modern OS's are not all that insecure but they do still have potential vulnerabilities when compared to stuff that is designed to resist attack from the outset with a hardware architecture to match.
I was taught that the only truly secure system is one that is never connected to anything else. And the AV people have a dirty area for probing new threats where nothing ever comes back out again just in case a novel virus is smarter than the people trying to unpick it.
Without spelling them out for the makers of these things to "improve" their product, I can think of several easy ways to reduce the odds that even a savvy user would notice, once the malware is "on board and in control." If it's beaten the AV software (if there even is AV software), it doesn't need to be in a hurry - "am I infected?" "Oh heck no, you're clean" - when it's all done is the point where it's going to announce itself, not before.
--
Cats, coffee, chocolate...vices to live by
Please don't feed the trolls. Killfile and ignore them so they will go away.
As I said, how does someone *not* see this happening? Hope that the files it is mangling are ones you aren't looking at/using?
I.e., it has to avoid any executable that you might use along with any *data*. And/or operate fast enough that you're still thinking "WTF?" while it is finishing its work.
I frequently have to "fix" friends/neighbors machines after they've been "infected". But, usually, that just means they are unusable, not that their "contents have been rendered inaccessible".
While it's tedious, it's not difficult. Biggest problem is figuring out where people have placed "stuff" that might be important to them (i.e., there's no ~martin that I *know* will hold all "their stuff"; it can be scattered around the file system in odd places (e.g., I often put things in root directory if I need to find them easily when mounted under a foreign OS. Saves the trouble of quoting directory names with embedded whitespace)
Ah. *Assume* users will use these as $HOME. That's not how we do things, here. E.g., SWMBO has lots of photos. Surely not going to require C: to grow to handle all of them! So, she saves them on another volume.
When I'm crafting a project under hosted Inferno, the sources (and objects) end up under \Inferno. If I'm designing a PCB, it ends up under some project-specific directory, etc.
I guess the items of mine that would be most vulnerable would be ~/Desktop -- but they are inherently limited in number and usually of transient interest.
Agreed. Though the most recent laptop I had to "fix" was delivered with a set of DVD's of *a* recent backup!
These sorts of threats appear to be broadcast on local news. E.g., a neighbor informed me of "yours" in a recent conversation "Hey, did you see the news about..." (amusing as they know I don't watch TV :> )
I think the problem with most consumer OS's is they are written to make life easy (!) on the user and developer. You don't want a user to have to *do* much to install an application. So, it ends up having *all* his privilege when it executes. At the very least, it allows things like encrypting all *his* files! depending on the OS, it could also put the OS files at risk as well (if the user could consciously do similarly!)
Yup. That's how I operate, here. A very high impedance "gap" in the cable between The Internet and "my stuff". Much easier to administer than something where you have to worry if you've been attacked 3 hours before a defense is ready!
If it's an "easily" inverted function, it risks being easily inverted! (e.g., by AV makers)
Again, that's a *lot* of data to "not notice" that sort of activity. Look at how long it takes to format a drive (which is a mindless activity, computationally) and that has much of the machine's attention for the duration!
Ah, OK. And no one notices this performance hit?
I suspect most folks don't *really* have a need for the stuff on their computers. E.g., if there was a fire in the house, would they even *think* of grabbing it on their way out the door?
I think computers end up like *desks* -- stuff tends to accumulate there simply because there is no better place for it. And, it's too hard to "keep clean".
When folks bring me "dead" computers, they don't even ask about the stuff that *was* on it -- presumably they had no forewarning that it would die. When I (often) deliver a DVD of whatever files I was able to recover, they usually look at me with a "what's this" attitude. When I *proudly* tell them, "it's all your files off your computer", the response is almost spectacularly uneventful: "Oh, thanks". (WTF? Do you realize how much time it took for me to find/recover all of them??? "Oh, thanks"?? )
A recent exception was a friend who had lost a spouse and was still actively grieving. *Anything* was precious...
Being The Bad Guy is easy. Always has been. You don't have any rules or conventions to observe. Much harder to play The Good Guy role trying to counter The Bad Guy's actions/threats as
*they* tend to still have rules/conventions to abide by.
E.g., defender has to protect *everything*. Attacker only has to find *one* weakness.
Makes a good case for never using "My Documents", etc. Make your own user directories, and call them something sensible.
--
"Electricity is of two kinds, positive and negative. The difference
is, I presume, that one comes a little more expensive, but is more
durable; the other is a cheaper thing, but the moths get into it."
(Stephen Leacock)
(sigh) No. You need a "web browser if you want to handle HTTP content. Mail uses "The 'Net" and travels via SMTP. MUA's use POP or IMAP to connect to mail servers (assuming not already delivered to a local mbx).
FTP also uses The 'Net and doesn't require a web browser -- though many web browsers also support the FT Protocol as a convenience function. Ditto SFTP.
SNMP *also* uses The 'Net -- I've yet to see a web browser that can parse ASN.1
Telnet uses The 'Net yet doesn't require a "browser"
As does NTP, NNTP (hey, isn't that where we are, now?), NFS, DNS, etc. None of them need a web browser, either!
The choice of client is intimately related to the protocols one is trying to access "on The 'Net"!
You might want to revise your "stupidity" assessment -- INWARD! :> Or, find yourself a suitable text...
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.