
September 17, 2008

We hear about software being venerable to attacks? So does this mean that simply having it installed on our computer makes it so, or do we need to be using it while online, or both are true (which is what I fear), Mindblower!
"Light travels faster than sound;
That is why some people seem bright until you hear them speak"
Both are true and for varying reasons.
First if that file is a core OS file it is probably running anyway. Second, let's say a program like acrobat reader isn't running but you receive an email attachment or click a link on a website to a pdf. The computer will have an association between pdf files and acrobat reader, so it will start acrobat reader automatically. If the pdf is authored to take advantage of a vulnerability in acrobat.. You've been hit! Gotcha! Hosed!
There is also the possibility that someone could gain access to your pc through an infected file. Of course, at this point you're hosed anyway, but let's say they have very limited access and can not really do any harm. They can use this access to launch attacks on more dangerous vulnerabilities - leading to more control/access on your computer. Basically a little hole leads to a bigger hole.
Most Users Ever Online: 2303
Currently Online:
34 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Member Stats:
Guest Posters: 10
Members: 2561
Moderators: 7
Admins: 4
Forum Stats:
Groups: 8
Forums: 19
Topics: 1830
Posts: 13072
Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas
Moderators: Carol Bratt, dandl, Jason Shuffield, Jim Canfield, Terry Hollett, Dick Evans, Sergey Grankin