And that’s why browsers blocking scripts (in other words, NOT Internet Explorer) are so important, combined with products like CMG to stop drive-by’s thru buffer overruns. Browser sandbox is another good concept.
Love their little analogy about people learning not to click on email links to banking sites (who is learning that?) but that “everyone” wants to see videos. Ha! Not me, said I. That’s where users have to be wise against social engineering 'sploits. There’s only so much that programming can do. In the end, it will ALWAYS be up to user response.
Virus in media files aren’t something new.
QuickTime files are great for malware developers, as they can open up websites without permission from the user.
I think CPF will block this, as QuickTime will be the new parent for web browser.
Also, WMP might need to go to a website to get the license to play the file, which could be a malicious site. Good thing is you have to decide yourself if you want to open it or not.
Malware developers will always find new ways of spreading the malicious code, but luckily we have security companies that work to prevent us from getting infected this way.
You should make Comodo AV actually scan the opening website’s HTML code for any malicious code, which would help things out a lot. So before you actually go to the site, the program will intervene and quickly scan first. It would take only about 2 seconds or so for a site. Sorry, I shouldn’t say site, because that would take a while, I mean the page. It shouldn’t then save the site in a database, because the site could add malicious code later, or have it injected.
I agree with having to be careful of the “social engineering.” The computer world is no longer just about hardware and software. It is valuable information, and to a large extent, peoples’ lives. I preach to those I work with, my relatives, and friends, that they need to inform themselves, and work at keeping their computers clean, and to back up their files. Just in case their computer gets a bad bug, and the best solution is atomic explosion. Most often they don’t listen. The ones who don’t listen, and whose computers have bit the big one, often have the biggest tears.
I agree with Melih that prevention is the way to go now, and a whitelist of good internet places makes more sense than trying to list all the bad ones.