My computers gone buggy again, this time internet explorer has become all blockly, and I can't run either mc'afee or, oddly, mspaint.
This bug occurred after I got an error from my anti-virus saying something about preventing a "buffer overload" whatever that is.
Anyone know what happened?
if it helps, I was browsing deviant art at the time, though I've never gotten a virus from there before.

Have you tried running Spybot? It catches a lot of viruses that antivirus programs don't (because they call them "Spyware", but that's really just a type of virus).

Once the issue's fixed, to help prevent it from happening again, you'll also want to switch to another browser... Really anything that isn't Internet Explorer. Chrome's a bit faster, but less customizable. Firefox is very customizable.

After that, get Adblock Plus and Do Not Track Plus. These, together with not using IE, plug almost all the security holes.

I don't even have any antivirus installed & I'm fine. I'll install a freeware one soon enough...

There was a serious exploitable bug in IE (that Microsoft patched on Friday) which would allow some seriously nasty stuff to be done just by setting up a carefully-crafted webpage...you'd best check to make sure you haven't been stuck with a virus.

ok, looks like my computer is dead yet again, at this point, would it be a good idea to try investing in a new(as in, average 2006 computer or better) computer(after looking into this computer I had been using, it appears it was low qaulity when it was new), and just transferring my documents from my old one?

Not particularly. When you think the hardware is bad, you sure can buy one. But a clean installation of the operating system isn't difficult and doesn't take very long if everything goes well. If you wanted to get a new one anyway, there's no reason to get the old one up and running again.

It is a good opportunity if you plan to change the opperating system, because in that case you could get one and put that on the computer without restoring the old one first.

I’ve run a clean re-install, I think this old one just has some backdoor(it even had full virus protection running at the time)
Whatever it was, it also tried to hack all of my accounts, so I’m going around changing the passwords(it even tried to hit my minecraft and forum accounts)
Any idea if something like that could hack into an account I never used while the virus was active?
also, do you think it's safe to transfer my word document files from the virus infected computer?(it has a lot of dnd ones, and one where I stored passwords for several things, most of them of the long 28 digit word, number symbol, with random caps variety)
ok, saved all of my accounts other then i think my ddo, hopefully i can find some way to rescue that one.
also; apparently the hacker was from Changchun, which sounds almost like a joke name(if it weren't for the fact that I managed to discover the hacker's Ip addresses), so, if I ever gain hold of something able to destroy a city, i have a better target for it.
edit; theres also a few hacking attempts from korea.

(it even had full virus protection running at the time)
Paradox sentence is paradox.


Whatever it was, it also tried to hack all of my accounts, so I’m going around changing the passwords(it even tried to hit my minecraft and forum accounts)
Any idea if something like that could hack into an account I never used while the virus was active?

I would assume that with the corruption of your system (called IE) and the Virus you got from there you also got a keylogger for free. This would mean that you will have to change every pw you typed in while that thing was active. Furthermore if you saved your passwords in your cookies (you shouldn't).


also, do you think it's safe to transfer my word document files from the virus infected computer?(it has a lot of dnd ones, and one where I stored passwords for several things, most of them of the long 28 digit word, number symbol, with random caps variety)

The word documents could be corrupted. The question here is: why do you have to transfer them? Use your backup of those. And delete the Password file. That is like leaving your keys under the doormat.


ok, saved all of my accounts other then i think my ddo, hopefully i can find some way to rescue that one.
also; apparently the hacker was from Changchun, which sounds almost like a joke name(if it weren't for the fact that I managed to discover the hacker's Ip addresses), so, if I ever gain hold of something able to destroy a city, i have a better target for it.
edit; theres also a few hacking attempts from korea.

To sum it up you should bring your security setting to a bare minimum:

1.) Install a goodrunning, stable Operating System. (any Linux, any Unix, Windows 7)
2.) If you chose windows: set up your system so that you ARE NOT the Administrator.
3.) If you chose windows: open IE, go either to google-chrome or firefox and download it. Opera would work too.
4.) Download add-ins like add-block and no-script and such.
5.) Reinstall an Antivirus Tool (Avira anti-vir for example) and install Malwarebytes (a Malware-"killer").
6.) do backups
7.) reinstall your system at least once a year.

That should work for a bare minimum of security.

Another good point would be to mention that your passwords are probably too goofy. At work I have to work with those stupid limitations of 8 digits at least one capital and 1 number... at home at least I can have easy to remember passwords.

If you know XKCD then you probably have seen his post about passwords. Use this as a longer passphrase is harder to crack. Random gibberish on the other hand is a) hard to remember and b) due to its length either unsecure or a real pain in the ass.

Hope this helps
Krazzman

Well, I'm not sure if installed the antvirus thing correctly last time(and had some feature turned off such as updating),
Also, should I have my system sometimes update parts of itself?
And at least my ultra long passwords were to non important sites(deviantart, a few other art sites, etc., and I did have partial copy of the document on my laptop).
For the rest of the documents, I want to rescue them since I spent a long time writing them(they're mostly rpg campaign logs, rpg things I homebrewed, and an rpg I fiddled with making, and a campaign setting I often use), though if it is necessary I can skip the password one.


Furthermore if you saved your passwords in your cookies (you shouldn't)
ah, darn, I had done that whenever possible for passwords, hadn't realized it was a security weakness, darn.
I'll work on using more normal passwords(so less then 20-28 digits, and less random enough that I can remember them without copy/pasting them from a word document).
edit: also, for thigns such as video games, should I use a different password for each?

edit: also, for thigns such as video games, should I use a different password for each?

While it is better to do so, I personally don´t its just to much to make and remember 20 different passwords that actually are somewhat secure ie stuff like e6FT94Ä7g6ü.

Though what you really should do is have different pw for your email account and your game account(s) and of course forum accounts or similar should also not have the same pw with your email or game accounts!

Since there's a lot of PC advice being thrown about I'll stick to the more basic stuff.

You say this hacker (who probably isn't in the city you pin pointed him at btw, that's likely a proxy) tried to get into several accounts. Do any (even one) of them have credit card numbers attached?

If yes, call your creditors up immediately and just give them a heads up to put any suspicious charges on hold. These will likely be purchases not made to your address or not made from your city but the company will handle that.

Internet Explorer? Isn't that notorious for viruses?:smallconfused:

Internet Explorer? Isn't that notorious for viruses?:smallconfused:

Yes. It has a ton of security holes. All browsers have some, but IE has the most by far. A lot of the holes in other browsers can be easily plugged with Adblock Plus & DoNotTrack Plus.

IE also doesn't follow web code conventions properly. The shortcuts it takes effects a few websites adversely. Some sites do extra work to make their site run properly on both IE & everywhere else. Some even block IE users and leave a message suggesting that they upgrade.

Yes. It has a ton of security holes. All browsers have some, but IE has the most by far. A lot of the holes in other browsers can be easily plugged with Adblock Plus & DoNotTrack Plus.

IE also doesn't follow web code conventions properly. The shortcuts it takes effects a few websites adversely. Some sites do extra work to make their site run properly on both IE & everywhere else. Some even block IE users and leave a message suggesting that they upgrade.

Myth: Some browsers are more secure.
Not according to Sophos. The company considers all browsers equally at risk because all browsers are essentially an execution environment for JavaScript, the Web’s programming language — and the key component in an attack by malware authors. Many attacks also leverage plug-ins, which run across all browsers. And don’t think the lesser-known browsers are less of a target by hackers or virus implantation experts. The more popular browsers simply get more publicity about unpatched exploits. But it’s the unpublicized exploits you should be most concerned about.

Source: http://www.intelfreepress.com/news/10-web-browsing-security-myths-busted/


Myth: Using a secure browser like Chrome offers better protection.
Fact: Chrome is subject to exploits just like any other browser and the more popular it becomes, the more it will be targeted.

Source: http://www.sophos.com/en-us/medialibrary/Gated%20Assets/white%20papers/sophosmythsforsafewebbrowsingwpna.pdf
Or: http://www.sophos.com/en-us/security-news-trends/security-trends/web-security-myths.aspx


There's no such thing as a standards compliant browser

Source: http://www.impressivewebs.com/no-standards-compliant-browser/


IE is far from the most compliant browser, but again, no browser is completely compliant:
http://blog.superuser.com/2011/04/12/spring-2011-browser-roundup/

I don't like the fact you can't(couldn't) run an antivirus program. Viruses tend to disable anti-virus programs.

I didn't read all the post so not sure if you came up with a problem and solution. If it was a virus , sadly getting rid of the viruses by running some sort of anti virus is not often good enough. The problem is once you are at the point you know you have a virus you can never be 100% sure how far back it even goes so restoring backups after you remove the virus may not solve your problems just send you to an earlier time while stil being infected.

If you know you had a virus the only way to be sure you are virus free is to format and do a clean install. That's why it's always good to have a couple of backups of only your documents, don't back-up executables

Myth: Some browsers are more secure.
Not according to Sophos. The company considers all browsers equally at risk because all browsers are essentially an execution environment for JavaScript, the Web’s programming language — and the key component in an attack by malware authors. Many attacks also leverage plug-ins, which run across all browsers. And don’t think the lesser-known browsers are less of a target by hackers or virus implantation experts. The more popular browsers simply get more publicity about unpatched exploits. But it’s the unpublicized exploits you should be most concerned about.

Source: http://www.intelfreepress.com/news/10-web-browsing-security-myths-busted/


Myth: Using a secure browser like Chrome offers better protection.
Fact: Chrome is subject to exploits just like any other browser and the more popular it becomes, the more it will be targeted.

Source: http://www.sophos.com/en-us/medialibrary/Gated%20Assets/white%20papers/sophosmythsforsafewebbrowsingwpna.pdf
Or: http://www.sophos.com/en-us/security-news-trends/security-trends/web-security-myths.aspx


There's no such thing as a standards compliant browser

Source: http://www.impressivewebs.com/no-standards-compliant-browser/


IE is far from the most compliant browser, but again, no browser is completely compliant:
http://blog.superuser.com/2011/04/12/spring-2011-browser-roundup/

Approximating. Of course there are always holes. All code contains bugs. IE does have more of them, and it is far less standards compliant. If using one browser is 50% likely to give you problems, and another is 5% likely to do so, both CAN give you problems, but one is clearly a smarter choice.

somewhat secure ie stuff like e6FT94Ä7g6ü.


This is Wrong.

With brute force this password you used there would be as easy to break as:
marmeladiger (a german word for being more jelly-esque) while this would be far easier to remember.

The problem is there are more than just brute force to get into your account. Key-Logging or "Social"-hacking. The First just has you with your pants down. The second can be prevented via you not writing it down or saying it out loud.

Approximating. Of course there are always holes. All code contains bugs. IE does have more of them, and it is far less standards compliant. If using one browser is 50% likely to give you problems, and another is 5% likely to do so, both CAN give you problems, but one is clearly a smarter choice.

The point is, the claim that IE is a far less secure browser is a complete myth. It is not.

The whole open source is better than closed source myth has been debunked quite a few times.


The point is also the claim that IE is not standards compliant, while others are, is also a myth. IE is indeed standards compliant where it matters most, and has made great strides in the past few years to become moreso.


As for people who design pages to not work in IE (without a legitimate reason, such as needing something it doesn't support) and force you to switch to use their site, I have a word for them that I can't repeat on the forums.

As for people who design pages to not work in IE (without a legitimate reason, such as needing something it doesn't support) and force you to switch to use their site, I have a word for them that I can't repeat on the forums.

Those sites generally do so when supporting IE would take a lot more work. When I was in college, I remember the one class that invovled any web-coding, pretty much everything we did in that class worked right in everything except IE. (We were also not graded based on how our code performed in IE.)

I'm also not a believer in open source being better. That's an unrelated concept.

Those sites generally do so when supporting IE would take a lot more work. When I was in college, I remember the one class that invovled any web-coding, pretty much everything we did in that class worked right in everything except IE. (We were also not graded based on how our code performed in IE.)

I'm also not a believer in open source being better. That's an unrelated concept.

I've seen it when they have absolutely no reason whatsoever, other than a personal beef. IE is really not any less secure than any other browser, and it has its quirks just like all browsers do.


Also, there are "standards" (what is set by a committee) and there are "standards" (what is actually common across browsers). Unless you have a very specific requirement, you should code your websites to suit the common standards of browsers accessing or likely to access your site, or to recognise which browser is being used and optimise it for them. To do otherwise for any commonly used browser, regardless of how much you like it or not, is really bad form and reflects far more on the programmer than the end user (not to mention, it is likely to cost a commercial website money/sales/business if they refuse to support them). I'm actually disappointed that this concept wasn't taught in that class.

Additionally, not all committee created standards are good, nor should everyone be expected to comply with all standards. There is an example in chess where the main bodies of competitive chess implemented a new rule (or, rather, modified a rule). But, so few people played by this new rule that it was eventually dropped.

As for standards compliance, it's the most important standards they focus on. The elements not implemented are far less likely to make a page display incorrectly than the percentage of compliance would seemingly indicate.

This is Wrong.

With brute force this password you used there would be as easy to break as:
marmeladiger (a german word for being more jelly-esque) while this would be far easier to remember.

The problem is there are more than just brute force to get into your account. Key-Logging or "Social"-hacking. The First just has you with your pants down. The second can be prevented via you not writing it down or saying it out loud.

depends how your brood force program is written :smallwink:
an intelligent brute force program could reorder the search depending on paramaters, for an english account for example putting umlauts last would be very resonable.
Most people are told to use an upper case latter and a punctuation mark and they come up with stuff like "Sally1!"

An intelligent "brute force" code can take advantage of this reducing the initial number of iterations by a ton.

But yes if it is a standard "I iterate through every possibility" code then "marmeladiger" is as safe as any other pw.