Windows + Firefox = viruses
 

I just got a trojan downloaded to my PC (Windows 7). The timestamp on the files shows 20:46, they downloaded to c:\programdata %userdata\locallow\roaming. The virus pops up a number of very convincing 'delayed write error' messages.

It then tries to sell me some kind of PC fix software, and requests repeatedly to run a privileged 'reinstall.exe' app (this was denied as I have full password-enabled UAC). It also kills taskmgr.exe so I had to kill the processes via cmd.exe/taskkill.

The other thing it did was set all my files to +H (hidden).

WRT the timestamp, my history for the 10 minutes before the trojan got downloaded shows:

amazon.com
sennheiser.co.uk
google.co.uk
google.com
flyertalk.com
headphone.com
*.cnet.com
nytimes.com
printerland.co.uk

Nothing bad there....

Firefox tells me my Java is vulnerable (6.0.210.6/se 6 u21).

I suspect, therefore, that Java is the source of the problem. http://threatpost.com/en_us/blogs/ne...it-kits-112811

Isn't it supposed to notify me that it's outdated?

Are you blaming Firefox for your computer getting a virus? :confused::confused:

Well, a lot of people said MSIE was insecure and to switch to Firefox. Now it seems to me that Firefox is no better.

If I was using lynx, which is a text-only browser, there's no way I could have got any virus.

So yes, Firefox is vulnerable.

If you think that it's better to you to run a text-only browser then, by all means, go ahead! :rolleyes:

No not really, but just dispelling the myth that Firefox is more secure. I don't think it is.

Well you do have a really good sample size, so there's that.

More secure than IE? Yes. Immune to java exploits? No, no browser is.

Your argument should be that java is not secure.

Sounds like you're one of the unlucky 1% who needs to get a Mac! :D

I have been using the combination of windows and firefox for years and think the last time I got a virus was back using windows 98. of course i use ad blocker plus and taco so that probably removes a lot of the crap.

the title of this post making a blanket statement that using windows and firefox means you will get viruses is just bad logic. there is a lot more to it.

oh and stop looking at the freaky stuff.

Partially because of this reason, and primary because of advertisements, I turn off all 3rd party plugins by default.

If you do not play games, you do not need flash, you definitively do not need bright ads flashing this and that playing horrible sounds, and not really many people even have use for JVM on browsers. (For me, sometimes some academics use java applets to illustrate some algorithms and such, maybe I get to one of those once a month :rolleyes:)

I have ....... plus on.

Youtube requires flash

Even if it is more secure (and a lot of that advice, IMO, went out the window with improvements in Vista and IE7+) "more secure" (or more properly, "less insecure") is relative and nothing is 100% (besides, perhaps, wget and parsing the HTML by hand *lol*)

With either IE or Firefox, it's imperative to keep your patches up to date. Chrome is the only one of the major three that's truly transparent about it, and folks on older Firefox versions (for values of "older" dating to the last 3.6.x versions less than a year ago) have to upgrade to 4.x semi-manually to be on the full upgrade cycle.

Enabling browser-side Java (and I say this as a server-side Java software engineer) is kinda sketchy. If you have to have it, it's really imperative to keep your patches up to date. 1.6.0_21 is nowhere near up to date.

I got the Win 7 Security 2012 virus a few weeks ago from visiting a collegiate athletics forum. I had to reinstall Windows to get rid of it, but it was about that time of the year anyways. I now use ....... since the virus was from a Flash or Java exploit.

Have always used FF. Have never had a virus.