I disagree. Show me one documented instance where a PDF, JPG, or DOC file by itself is the cause of a virus. Data files do not cause viruses. Executables do.
I can't tell if you are playing semantic games or are just ignorant of current buffer overflow techniques used by malware authors but I'll play along: yes, your are literally correct, at some point in the process an executable is involved since data does not execute but the infection is caused by the data. A carefully crafted PDF, JPG or whatever that exploits a vulnerability in an associated executable (Adobe Acrobat for instance) can lead to an infected system. http://www.adobe.com/support/security/bulletins/apsb06-09.html Malicious content inserted into a file, such as a document, could trigger a buffer overflow if the file is distilled to PDF with Adobe Acrobat. A buffer overflow can cause Acrobat to crash and can result in malicious code execution. http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) Thinking that the only way you can get an email virus is if someone sends you (and you open) an .EXE or a .COM file hasn't been true in many many years. Give that some thought the next time you open a Word or Excel attachment from some random ET poster.
Theoretically true, although it is inherently more difficult for a hacker to find an exploit in a widely distributed application then it is for them to run their own executable. For example, the PDF bug was found by Adobe's own internal security team. Did a hacker actually infect PDF files to exploit this? Probably not. Looking more closely on the topic, it looks like DOC files are the most easily susceptible to this kind of attack. I don't have much experience with Word. As for JPG files, I guess it is all dependent on which viewer you use. Although I suppose there is chance that I could get a virus viewing a JPG file, in reality my chances are miniscule.
You guys are aware that IB shuts down for maintenance over the weekend, right? Comes back up after noon on Sunday? OldTrader
You don't need to read any email or visit any websites to get infected. Hackers are constantly scanning the internet for vulnerable systems. Go read the log from your AV software, you will find records of blocked attempts everyday. Linux is bit more secure, Windows is just an open invitation to be hacked.
That would be true if your system is directly connected to the internet which is a pretty uncommon and unwise thing to do these days. Even a basic $20 residential NAT router is going to keep internet probes from going anywhere (unless you explicitly configure it to forward them to your PC), if you are serious about security then you should invest in a decent hardware firewall, Cisco, Juniper, etc. Connecting a machine directly to the internet and then relying on a software firewall isnt a good idea IMO. So you dont think that are hackers out there exploiting vulnerabilities they've found and keeping it quiet rather than going public with it? No offense, but I really dont think you have a good handle of malware scene. Talk to some folks that do IT security for a living and then get back to me. You are correct that it is easier to create a viral exe then it is to exploit a buffer overflow however most people these days wont click on a random unsolicited exe they received by email which is why the hackers have moved on to buffer overflow attacks - because they work and most people are unaware they even are possible. If a hacker targets a specific version of Acrobat and only 20% of the net population uses that version then the attack is still a success. Unless the hacker is targeting a specific person they don't care if high % are unaffected (wrong OS, wrong software version, etc) - it doesn't cost them anything. The machines that do get infected are theirs for the pillaging. Many people just use the default OS image viewer. Not sure what you are advocating here by your statement that the odds of getting a virus by opening an attachments is low. Just to be clear, I'm not saying not to open any attachments, I'm giving the reason you need to have AV on your machine even if you don't engage in risky behavior.
Hi funny guy, IB is a US broker, they know how to do math, I was invited to get the secure device. After reading more comments I still think that most guys here are paranoid when it comes to security. I believe that GTS is totally right, most people using the internet have no idea on what steps they can take in their hands to make their environment secure, so there is no surprise that most of you need 5 locks for your door instead of just a good one Not criticizing anyone for having 5 locks, but do not assume that everyone should have the same just because you do.