Can we get a virus, malware by clicking on a forum link?

[BeStill&Know]

Removing Java removes most of the access points for hackers. it seems that java has an update almost everyday. Also when you do updates to java old software stops working. I have a moto, if you software requires Java, you are running the wrong software

I removed it thanks

 

[BeStill&Know]

Malicious code can be injected to a page and ran by your browser. In theory I could upload malicious code into my signature, or avatar to have unsuspecting people view the page it's on, or accidentally click it. This is least likely now when forum software is updated to protect against this.

Google will likely get you a computer virus. If you search something out of curiosity and find a web page that draws you in it may be legit. It may also have been hacked through a security vulnerability by a person who now has a tiny code run where you cant even see it. This code runs a pop up an when you find it it may look like your Facebook. It might look like your bank. It could tell you that you already have a virus.

Search engines try to take malicious websites out of the results. If you search something that is a odd-ball question with not too many popular results there easily can be a page that looks like what you need that will be on the first page and when you click onto it you get told you have a virus or an infection has been found. Or that you need to update something.

To say not to use Java is unfair. A lot of great applications are run on the platform and things you use every day without noticing it are run by java. The people who present products can find ways to teach those who use them how to stay protected. You don't need to get technical with a computer to have the concepts needed to not get hacked. It is good to say if you don't need it, don't have it on your computer. The less programs and different things like java, flash, shockwave, etc you have the better. If nothing on your computer utilizes Java and you have it installed than it likely wont get updated and you will be one of those in a line at a store after a big hack because you were vulnerable to an exploit that was fixed 4 months ago and you didnt even know you had Java to begin with.

In theory I could upload malicious code into my signature, or avatar to have unsuspecting people view the page it's on, or accidentally click it. This is least likely now when forum software is updated to protect against this.

Great information! I hope this forum is regularly up-dated. I'm nervous about animated Avatars that are here, because I often click on the posters name to view their profile. Any problems with animated Avatars?

It might look like your bank.

Yes, that happened to me once I clicked on a link to my bank, the page was weird though the emblem for the bank looked like it had been pasted together, from being previously cut
Something else looked wrong i did not click on it but went through another route which looked familiar. Now, I always look at the page as well at the address and make sure it has the lock symbol. And I change PW frequently.

 

[TJM]

Yes Those are called spoofed pages. I can download a copy of this forum and find the right template and startup a exact copy of the website. Doing this would be illegal. However, if I were able to hack this forums database to get your emails and send you a link to change your password due to a fake "breach of security" I made up you would likely click the email link, see the website that I control, and enter your current password and change it on my website. However its still the same on this real site.

I could go furthur, and steal what are called your browser cookies. These keep sessions alive on other websites you are logged into. This makes it so every time you click a new link on the same website you aren't asked to log in. I could inject code onto my web page, or a forum, and steal your cookies for those websites. So now I load up your browsers cookie data into mine, and the bank or stock investment, or your paypal does not know I am not really you. All the website cares about in some cases is if the login details match. If I really had to I could Man in the Middle attack you and redirect your web traffic to my website that makes you download my malicious software. I would than control your computer. I can see everything you do, even through a web cam and microphone. If you bank online it doesnt matter if you login to whats called HTTPS (the lock symbol you speak of) that encrypts your login information from your browser to your bank because I would log what keyboard keys you hit so I'd have the passwords. I could even interupt you while you type so you would put in the wrong info and need to answer security questions. I would than log this information. With this information I can lock you out of your bank and change all your details. I can redirect your mailing address to somewhere I can get your bills so when I take 10k from you you wont get a bill. I could change the phone number so your bank cant call you yourself about it. I would probably even go as far as monitoring your bank account to send you what you would expect to see on your statements in the mail on paper. I would probably actually setup mmy own DNS server and point your computer to it so if you type in your banks website it goes to mine. I would spoof the banks website portal and show you what you want to see, and hide my transactions and you'd be none the wiser.

It's wrong and disrespectful to take advantage of somebody in this way. I wonder if I can't start offering my services t protect you guys. I know I seen a marketplace link here somewhere.

 

[BeStill&Know]

When I don't listen to my female instincts I always get in trouble.
After I visited a couple of Christian sites about a year ago soon after I got flooded with porn and other sites from other categories.
1. When I try to block them, I get the window saying they cannot be blocked because the web-address does not exist.
2. Others are using my own address to send their email to me, though it does not appear.
I get a window saying I cannot block my own email.
3. One is from a cosmetic company (that has been on TV for a year or more) which I purchased make-up from, a year ago.

1. Every day I get 1 or more emails from them that I block.
2. I wrote to them from their web-site, I did not open the email, to inform them about re-occurring emails from them that I've been blocking for a year, it seems they have been hacked, which I told them...
3. since I can see the address from where it comes from everyday, which is a different email address.
4. But they fluffed it off.
I hope another customer buying 'on-line" will read this and see there is a problem. ITCosmetics.
I already ran the AV that came with my PC then I dis-abled it and ran an external AV Fix-me stix, but still I get 30 to 60 fake emails a day.
Any suggestions?

 

[BeStill&Know]

Yes Those are called spoofed pages. I can download a copy of this forum and find the right template and startup a exact copy of the website. Doing this would be illegal. However, if I were able to hack this forums database to get your emails and send you a link to change your password due to a fake "breach of security" I made up you would likely click the email link, see the website that I control, and enter your current password and change it on my website. However its still the same on this real site.

I could go furthur, and steal what are called your browser cookies. These keep sessions alive on other websites you are logged into. This makes it so every time you click a new link on the same website you aren't asked to log in. I could inject code onto my web page, or a forum, and steal your cookies for those websites. So now I load up your browsers cookie data into mine, and the bank or stock investment, or your paypal does not know I am not really you. All the website cares about in some cases is if the login details match. If I really had to I could Man in the Middle attack you and redirect your web traffic to my website that makes you download my malicious software. I would than control your computer. I can see everything you do, even through a web cam and microphone. If you bank online it doesnt matter if you login to whats called HTTPS (the lock symbol you speak of) that encrypts your login information from your browser to your bank because I would log what keyboard keys you hit so I'd have the passwords. I could even interupt you while you type so you would put in the wrong info and need to answer security questions. I would than log this information. With this information I can lock you out of your bank and change all your details. I can redirect your mailing address to somewhere I can get your bills so when I take 10k from you you wont get a bill. I could change the phone number so your bank cant call you yourself about it. I would probably even go as far as monitoring your bank account to send you what you would expect to see on your statements in the mail on paper. I would probably actually setup mmy own DNS server and point your computer to it so if you type in your banks website it goes to mine. I would spoof the banks website portal and show you what you want to see, and hide my transactions and you'd be none the wiser.

It's wrong and disrespectful to take advantage of somebody in this way. I wonder if I can't start offering my services t protect you guys. I know I seen a marketplace link here somewhere.

Well, IMO a forum is needed to protect especially the seniors.
When I cared for my mother-in-law, she being raised in a different safer time, would get in trouble almost daily, on-line. We finally just worked the computer, and emails for her.

 

[TJM]

Where did you get this "External Anti virus" stick? Those are typically bloatware items that install programs onto your computer calle adware that gives you pop ups. That or they will give you "free trials" that eventually expire and annoy you with asking to purchase the software.

Even more scary is that anybody can market these Plug in anti virus flash drives. A hacker can sell them, which just installs their malware onto your computer.

There is never a need to run more than one anti virus on your computer. Unless you are an IT pro you likely won't know the necessary skills or the programs that are live booted from removable media to scan offline for viruses.

Directly contacting websites from an email you find on them doesnt work. Especially if you are contacting the website you are being spammed by. They will just take your email and add it to a list they sell to other people. You can use your emails spam filter. You shoul be able to have options to flag messages as spam. I would not open a spam email to click the "unsubscribe" button as that takes you to their website chich can be malicious. Sometimes honestly your best bet is to either ignore the spam every day or get a new email. One you never give to any entity you don't trust.

Forums cannot protect the user. All they can do is hope their server host has a team that knows what they're doing. The person hsoting the content also needs to know what they're doing because they are the ones who put the content up that can be exploited linking to database leaks and peoples information being sold. The best practice are ones that can be found almost anywhere on any trusted websites that teach hw to be safe online

By the way most businesses employ what are called PEN testers. They work to hack the websites with permission to find security holes. They report them weekly and the problems that are found are patched.

 

[Paul Yohannan]

Minecraft is a Game? If it is I dont play any games. I surf YouTube to play on TV through Roku, and I use Google, email, Forums, Biblegateway ect.

More utiltarian software dependent on Java includes most remote management consoles for servers.

Also Android apps are written in the Java language (although compiled to machine code vs. Java runtimes).

 

[TJM]

Most Android apps also insist on getting exclusive permissions to your phone services. I'm still wondering why some flash light strobe needs access to my GPS and full contacts list and messaging.

 

[elytron]

I am a member on other forums besides this one. Two of them were hacked that I know of, in the past. The hackers got away with every forum member's email address and forum password. Received an email on both instances, advising me to change my password. Kind of scary that these things do happen.

 

[BeStill&Know]

Where did you get this "External Anti virus" stick? Those are typically bloatware items that install programs onto your computer calle adware that gives you pop ups. That or they will give you "free trials" that eventually expire and annoy you with asking to purchase the software.

Even more scary is that anybody can market these Plug in anti virus flash drives. A hacker can sell them, which just installs their malware onto your computer.

There is never a need to run more than one anti virus on your computer. Unless you are an IT pro you likely won't know the necessary skills or the programs that are live booted from removable media to scan offline for viruses.

Directly contacting websites from an email you find on them doesnt work. Especially if you are contacting the website you are being spammed by. They will just take your email and add it to a list they sell to other people. You can use your emails spam filter. You shoul be able to have options to flag messages as spam. I would not open a spam email to click the "unsubscribe" button as that takes you to their website chich can be malicious. Sometimes honestly your best bet is to either ignore the spam every day or get a new email. One you never give to any entity you don't trust.

Forums cannot protect the user. All they can do is hope their server host has a team that knows what they're doing. The person hsoting the content also needs to know what they're doing because they are the ones who put the content up that can be exploited linking to database leaks and peoples information being sold. The best practice are ones that can be found almost anywhere on any trusted websites that teach hw to be safe online

By the way most businesses employ what are called PEN testers. They work to hack the websites with permission to find security holes. They report them weekly and the problems that are found are patched.

Where did you get this "External Anti virus" stick? Those are typically bloatware items that install programs onto your computer calle adware that gives you pop ups. That or they will give you "free trials" that eventually expire and annoy you with asking to purchase the software.

it is a AV that has been sold for over a year through major TV networks, in the US. FixMeStix. I bought it because none of my computer problems were being solved through the AV that came with the PC. The FixMeStix did find a picture on my PC that was the problem. I did not have any other problems until I went to these fake Christian web sites, like I said I felt instinctively something was wrong but I could not see anything. And later after my make-up purchase the other emails stared.

Directly contacting websites from an email you find on them doesnt work. Especially if you are contacting the website you are being spammed by. They will just take your email and add it to a list they sell to other people.

I never opened the email from the make-up company. I knew something was wrong because repeated blocks did not work. I went directly to their web-site through Google and wrote to Contact, which did not take me seriously.

You can use your emails spam filter. You shoul be able to have options to flag messages as spam.

Yes, I've tried that to for several days but I still get the same emails with same Name on the email address.

I would not open a spam email to click the "unsubscribe" button as that takes you to their website chich can be malicious. Sometimes honestly your best bet is to either ignore the spam every day or get a new email.

No I don't do that either. I Block them if I can.

The best practice are ones that can be found almost anywhere on any trusted websites that teach hw to be safe online

 

[Waterwerx]

If you want to avoid a lot of headaches, do the following:

#1. Regularly back-up your data. The more back-ups you do, the better.

#2. Avoid running your computer as admin. Set up a user account on the system that does not have admin rights.

#3. Have a single decent AV program. Win7 & Win10 have their own built-in AV software, but having something like McAfee is necessary since they will update their software much more frequently. Note, McAfee tends to be more resource-demanding compared to other AV software. Eset(if I remember the name correctly) is suppose to be much lighter and works just as good.

#4. Use system restore software that protects your Master Boot File. Basically, you reboot to restore your system to its original configuration. There are a number of different kinds out there. For example, I use Deep Freeze(Standard) by Faronics.

#5. Despite all of this, there are some things that will still get through, for example, root kits can get through. Most people do not encounter them unless they are going to websites that are high risk, such as porn, pirate sites, etc.

Consider vectors. Do you have a lot of different contacts, such as friends, that you communicate with regularly via email? If you do, the ignorance of your friends regarding security could put you at increased risk as well as place you on a target list for spam emails.

With the way things are going today, it would be a lot simpler to just set up a virtual machine and do all online stuff from it and store any work that needs to be saved to a separate drive. Not even a root kit would persist and would simply get wiped once the virtual machine is stopped and restarted.

 

[TJM]

The majority wouldn't be able to manage virtual machines. ESET or Avast or Node32 are light weight. A lot of computers made recently come standard with 4+ GB RAM so antivirus isn't much of an issue with system performance.

 

[timewerx]

The majority wouldn't be able to manage virtual machines. ESET or Avast or Node32 are light weight. A lot of computers made recently come standard with 4+ GB RAM so antivirus isn't much of an issue with system performance.

I didn't like Avast for some reason I can't remember.

Eset and Nod32 are the same. Nod32 is the AV product of Eset. Some comes bundled with anti-malware, firewall, etc but it isn't as meticulous as other AV like Kaspersky or Bitdefender.

The free edition of the Bitdefender is highly praised in pcmag.

 

[BeStill&Know]

I didn't like Avast for some reason I can't remember.

Eset and Nod32 are the same. Nod32 is the AV product of Eset. Some comes bundled with anti-malware, firewall, etc but it isn't as meticulous as other AV like Kaspersky or Bitdefender.

The free edition of the Bitdefender is highly praised in pcmag.

Thanks...

 

[BeStill&Know]

The majority wouldn't be able to manage virtual machines. ESET or Avast or Node32 are light weight. A lot of computers made recently come standard with 4+ GB RAM so antivirus isn't much of an issue with system performance.

Thank you...

 

[BeStill&Know]

If you want to avoid a lot of headaches, do the following:

#1. Regularly back-up your data. The more back-ups you do, the better.

#2. Avoid running your computer as admin. Set up a user account on the system that does not have admin rights.

#3. Have a single decent AV program. Win7 & Win10 have their own built-in AV software, but having something like McAfee is necessary since they will update their software much more frequently. Note, McAfee tends to be more resource-demanding compared to other AV software. Eset(if I remember the name correctly) is suppose to be much lighter and works just as good.

#4. Use system restore software that protects your Master Boot File. Basically, you reboot to restore your system to its original configuration. There are a number of different kinds out there. For example, I use Deep Freeze(Standard) by Faronics.

#5. Despite all of this, there are some things that will still get through, for example, root kits can get through. Most people do not encounter them unless they are going to websites that are high risk, such as porn, pirate sites, etc.

Consider vectors. Do you have a lot of different contacts, such as friends, that you communicate with regularly via email? If you do, the ignorance of your friends regarding security could put you at increased risk as well as place you on a target list for spam emails.

With the way things are going today, it would be a lot simpler to just set up a virtual machine and do all online stuff from it and store any work that needs to be saved to a separate drive. Not even a root kit would persist and would simply get wiped once the virtual machine is stopped and restarted.

Doing it. Thanks

 

[BeStill&Know]

I am a member on other forums besides this one. Two of them were hacked that I know of, in the past. The hackers got away with every forum member's email address and forum password. Received an email on both instances, advising me to change my password. Kind of scary that these things do happen.

Yes it is. I've encounter members who I don't know, want me to email them or Skype them, or tell them my Facebook info. I already researched that this is a way hackers can get i as well.

 

[BeStill&Know]

Most Android apps also insist on getting exclusive permissions to your phone services. I'm still wondering why some flash light strobe needs access to my GPS and full contacts list and messaging.

research on flashlight apps and others discovered they were open doors to hackers. In the past, google apps. i dont know if thats been fixed