Shoutbox

quote:

---

Originally posted by riahc4
But does a "decent virus scanner" protect from that "check who blocked you" namechaning virus?

---

If that's one where you need to download a file by either filetransfer or URL, sure. If that's one where you need to voluntarily give a random site your username and password, maybe if the site is on some kind of blocklist. But sites change quickly, it is impossible for any scanner to provide good protecting against phishing sites, Messenger Plus! is no exception to that.

Educating people to not be silly clowns and type in their password everywhere just because a stranger asks them nicely sounds like a better idea. Somehow it became acceptable to give other sites login details which don't belong to them... for example giving Facebook your Messenger password to import your contacts. You may be trusting Facebook, but any site where you login with your Messenger login details can do anything they like with your account. These aren't even viruses, you just handed over your private information and the site owner can use your account for whatever he wishes. Just because your password is hidden in a password field doesn't mean the site doesn't exactly know your password when you type it in. People need to start realizing that. There is no automated software protection against being ignorant.
</rant>

quote:

---

Originally posted by MenthiX

quote:

---

Originally posted by riahc4
But does a "decent virus scanner" protect from that "check who blocked you" namechaning virus?

---

If that's one where you need to download a file by either filetransfer or URL, sure. If that's one where you need to voluntarily give a random site your username and password, maybe if the site is on some kind of blocklist. But sites change quickly, it is impossible for any scanner to provide good protecting against phishing sites, Messenger Plus! is no exception to that.

Educating people to not be silly clowns and type in their password everywhere just because a stranger asks them nicely sounds like a better idea. Somehow it became acceptable to give other sites login details which don't belong to them... for example giving Facebook your Messenger password to import your contacts. You may be trusting Facebook, but any site where you login with your Messenger login details can do anything they like with your account. These aren't even viruses, you just handed over your private information and the site owner can use your account for whatever he wishes. Just because your password is hidden in a password field doesn't mean the site doesn't exactly know your password when you type it in. People need to start realizing that. There is no automated software protection against being ignorant.
</rant>

---

I completely disagree with you.

If your logic, then everyone is ignorant. You are ignorant because you are using Plus! when you could be taught how to program and make it yourself. Hell Patchou is ignorant because he is using Messenger when he could have made Messenger himself. The Messenger team is ignorant because they could have made Windows themselves.....

People want simple and easy things that works. Thats the world we live in. They don't want to be taught or anything. Thats one of the (sad) reasons that OSX is getting so much these days  in terms of sales.



I still believe this would be something nice to study. The sites don't change THAT often. Besides, a software can hook and make sure that the input comes from the keyboard and not automated like those "Check who blocked you" automessage.

quote:

---

Originally posted by riahc4
If your logic, then everyone is ignorant.

---

I'm simply saying people shouldn't type in their Messenger password on every random site (referring to phising sites offering block checks etc.) and assume it will be safe. I don't get your comparisons tho, the things you talk about take quite a bit of effort and resources... keeping your password secure is just common sense IMHO.

quote:

---

Originally posted by riahc4
People want simple and easy things that works. Thats the world we live in.

---

I understand that, so do I. But as I explained providing full protection against phishing sites is just not possible.

quote:

---

Originally posted by riahc4
They don't want to be taught or anything.

---

That makes you ignorant.

quote:

---

Originally posted by riahc4
The sites don't change THAT often.

---

How would you submit bad sites, how do we verify which ones are indeed bad and which ones are false positives? Microsoft has their own blocklist on Messenger, but with way more resources than Plus! they are completely failing to provide any kind of security trough it. I'm not against the idea, but if something like this would be done it should be done right. As you said, don't want to be taught... they want to rely on a scanner like this blindly. I just don't see yet how a blocklist could provide enough security instead of being some kind of false hope.

quote:

---

Originally posted by riahc4
a software can hook and make sure that the input comes from the keyboard and not automated like those "Check who blocked you" automessage.

---

That would be a nice feature, when the software detects such things it could point to good quality resources (removal tools/changing your password/bakground info). But that's when the harm is already done, neither does it protect against attacks which just log in under your account serverside.

I completely agree with Menthix in every aspect.... Moreover:

quote:

---

Originally posted by riahc4
a software can hook and make sure that the input comes from the keyboard and not automated like those "Check who blocked you" automessage.

---

No it can not.

Such messages you are talking about, which you whish there was a protection for and hence you suggested this idea, are usually send when the user himself is offline.

Plus! can not detect those messages by checking if it comes from 'the keyboard' (nor can any other scanner) because they aren't send from a person's computer. They are send from a 'service' logging in into the contact's account. And as you said so yourself, such message often come in different languages.

And the other kind of SPIM is already detected by good scanners.

Also, the sites refered to in such messages do change all the time! That is exactly why they spread so much; it is hard to keep track of all the malicious sites popping up and blocking them without triggering false positives. For example, in the last couple of months I have gathered more than 30 links from a particular SPIM. Each time one site is blocked by MS/Messenger two other sites pop up...

To protect against such SPIM the best solution is to report them to MS so they can be blacklisted. Of course, if nobody reports them MS/Messenger wont be able to protect you from it either. So, instead of hoping on something to be created (which wont work anyways), do the proper thing and report sch SPIM thru the proper channels.

Bottem line: I don't see how such a scanner in Plus! is going to be better than anything which already exists. Let the protection be done by the proper software and instances who also have the resources to investigate and maintain check lists, etc. Plus! isn't going to be able to do anything 'magic' here.

On top of what cookie explained.... As soon as a site doesn't get filtered, or there is something just outside the scope of what plus! will filter, then the forum will be swamped with people complaining and Patchou will get a bad wrap.

If you take note of Patchou's features, he does them well and does them fully, something like this protection cannot be fully achieved, not even by the big AV companies.  Do you really want to see Patches get a bad name? Especially with the continuous problems he already gets about 'bundling malware'?

I would like that but as pointed out, it's unfortunately too hard to do if it has to be reliable. I would need a team dedicated to it 24/7 and I just can't do that kind of thing right now (maybe next year if everything goes as planned... ).

I personally think that maybe messenger should have link protection built in? that way we dont have to use those other crappy addons available for msn

quote:

---

Originally posted by bazzach
I personally think that maybe messenger should have link protection built in?

---

Messenger already has a bloclist which blocks certain URLs and patterns. The problem is that it isn't maintained properly. Some URLs are falsely blocked, while a lot of real viruses get trough without any problem.

quote:

---

Originally posted by Patchou
I would need a team dedicated to it 24/7 and I just can't do that kind of thing right now (maybe next year if everything goes as planned...

---

Secret big plans?

Suggestion: When a user downloads and installs a script Plus! scans the script for dodgy code and things and tells the user if it downloads stuff or it can be a potential threat.

Install a McAfee product, it will stamp every script as a threat, problem solved.