Your pictures - are they safe?

Firefox will run on Windows or Android. I don't know if NoScript runs on anything other than windows.

Hope this helps,

110yd

Ransomware such as Cryptolocker are not exactly new. It seems that they are distributed over suspicious websites (“drive-by download”) or through clicking on an infected advert. Some distribution via email attachment also seem to happen. Mainly windows - but don't feel too safe with Macs. There is no reason why this shouldn't be possible on a mac - there are just many more windows user and in a game of probabilities much more lucrative.
If you don't want to have separate systems (one on the internet and the other not) then be vigilant and paranoid. Use ad-blockers, host files, not very frequently used browsers, don't click on any links or attachment except you know it's safe.

110yd wrote in post #17924697
This is a forum that is open to all, so given the original subject of Photos being essentially held for ransom, here is my two cents. If you ever took the time to look at a browser and the number of
active java scripts, extensions, plugins that are running on a web page, it might cause some re-calibration in your browsing habits. Internet Explorer or what ever incarnation of browser that Microsoft is offering needs help in my opinion. Java, Flash, Scripts and the assortment of plugins need to have some sort of containment.

Allowing Scripts/Java/Flash/Plu​gins/Extensions to run indiscriminately on any web page is asking for trouble... Hence we have people who exploit the use of the above, and now you have a case of ransom. I have seen more than my share of this level of dysfunction. Firefox, and NoScript works, and there are probably other solutions.

I used to use NoScript but as the web has become even more script dependent, it became more of a PITA to use. I mostly use Chrome now and long ago told it NOT to automatically run Flash or Java, but instead display a "click to run" box where the Flash or Java content would be. Javascript can still be an issue, but I currently use uBlock Orgin because it speeds up web content by blocking ads. I'm sure lots of malware ads get blocked in the process.

I do a ton of Google searching, follow tons of links every day, and have never had malware on my system. I do keep my OS, applications, and plug-ins up to date which I'm sure helps, but 95% of infections are from someone doing something stupid. I've watched people open email attachments they had no business opening. I've asked people to go to "site.com", then watched as they entered "site.com" into the Yahoo search box and clicked the first link which leads to "shady-downloads.com/site.com​". Then they complain to me that site.com installed malware after they clicked OK to 4 UAC prompts.

This is why mirrors are not a backup - incremental backups are essential.

110yd wrote in post #17924697
This is a forum that is open to all, so given the original subject of Photos being essentially held for ransom, here is my two cents. If you ever took the time to look at a browser and the number of
active java scripts, extensions, plugins that are running on a web page, it might cause some re-calibration in your browsing habits. Internet Explorer or what ever incarnation of browser that Microsoft is offering needs help in my opinion. Java, Flash, Scripts and the assortment of plugins need to have some sort of containment.

Allowing Scripts/Java/Flash/Plu​gins/Extensions to run indiscriminately on any web page is asking for trouble... Hence we have people who exploit the use of the above, and now you have a case of ransom. I have seen more than my share of this level of dysfunction. Firefox, and NoScript works, and there are probably other solutions.

Amen to that one.

Rod

mike_d wrote in post #17924713
.......I've asked people to go to "site.com", then watched as they entered "site.com" into the Yahoo search box and clicked the first link which leads to "shady-downloads.com/site.com​". Then they complain to me that site.com installed malware after they clicked OK to 4 UAC prompts.

Seriously - you've knowingly set people up to have malware installed on their machines?

mike_d wrote in post #17924713
I used to use NoScript but as the web has become even more script dependent, it became more of a PITA to use. I mostly use Chrome now and long ago told it NOT to automatically run Flash or Java, but instead display a "click to run" box where the Flash or Java content would be. Javascript can still be an issue, but I currently use uBlock Orgin because it speeds up web content by blocking ads. I'm sure lots of malware ads get blocked in the process.

I do a ton of Google searching, follow tons of links every day, and have never had malware on my system. I do keep my OS, applications, and plug-ins up to date which I'm sure helps, but 95% of infections are from someone doing something stupid. I've watched people open email attachments they had no business opening. I've asked people to go to "site.com", then watched as they entered "site.com" into the Yahoo search box and clicked the first link which leads to "shady-downloads.com/site.com​". Then they complain to me that site.com installed malware after they clicked OK to 4 UAC prompts.

I've never used NoScript. On the machine my pictures are on flash isn't installed. For years it was easy to turn java script support on or off as required in pretty much any browser I use. One other snafu on a typical Windows install was the automatic activation of Visual Basic scripts. AFAIK the only reason you would need this is if you program in VB. I always turned it off with no ill effects. Not even sure if this functionality extends to any script that might be embedded in a web page.

One other possible solution for any computer would be to set up different user accounts. One for your pictures and one for general use. If the OS operates as it should an infection in one account should not affect the other. This of course assumes you are not running with admin privileges.

Rod

sapearl wrote in post #17925019
Seriously - you've knowingly set people up to have malware installed on their machines?

No, I've had to clean up the results, asked them to show me what they did, then watched enough to see how they got it.

mike_d wrote in post #17925028
No, I've had to clean up the results, asked them to show me what they did, then watched enough to see how they got it.

Ah - my bad. Guess I read more into your post than was really there .

sapearl wrote in post #17925019
Seriously - you've knowingly set people up to have malware installed on their machines?

That's not what I got from reading that post.

sapearl wrote in post #17925036
Ah - my bad. Guess I read more into your post than was really there .

No problem. I think I wasn't as clear as I should have been.

CyberDyneSystems wrote in post #17925038
That's not what I got from reading that post.

Well, past my bedtime - that's what I get this late for hitting the keyboard instead of the pillow.....things should appear clearer to me after morning coffee.

If opening email is the only way to get ransom ware im fine. I delete 99% only open if i know the sender. And if you can get it from random websites again, if mcafee lights up with a red screen the site is closed immediately. I never skip warnings

Cormac wrote in post #17925428
If opening email is the only way to get ransom ware im fine. I delete 99% only open if i know the sender. And if you can get it from random websites again, if mcafee lights up with a red screen the site is closed immediately. I never skip warnings

Sort of a good first step. The only virus I ever got was in an email attachment from someone I knew. That person didn't know there was an embedded virus. It seems one can't be too careful. I followed all this kind of stuff for years. Every day there was something. It got too depressing. I did what I could do to reduce the ever present risks related to being online; stopped all the reading and moved on.

It is sort of like accepting the fact that at some point you could be involved in an accident during your daily commute to work. You have to accept the risk. You can't lock yourself in your basement.

Rod

RodS57 wrote in post #17925456
Sort of a good first step. The only virus I ever got was in an email attachment from someone I knew. That person didn't know there was an embedded virus. It seems one can't be too careful. I followed all this kind of stuff for years. Every day there was something. It got too depressing. I did what I could do to reduce the ever present risks related to being online; stopped all the reading and moved on.

It is sort of like accepting the fact that at some point you could be involved in an accident during your daily commute to work. You have to accept the risk. You can't lock yourself in your basement.

Rod

Exactly