[tgg]

Are youtube and craiglist websites infected with virus, spyware and such, especially when running win xp sp2 or sp3, with firefox still installed.

Because I have a customer and this is the third time the pc crapped out and I have to reinstall win xp and the only thing they use the pc for is web surfing and the son uses an ipod with itunes, so i dont know whats messing up the windopws xp.

 

[Cellus]

I'm going to move your thread to our General Computer Security board, as this question should be answered there instead of Computer Security News.

 

[sobeit]

cannot give a good answer since there is not much info provided.

generally those sites you mentioned are clean. However some of the links provided within the sites could cause problems. Also where is the music for the ipod coming from? If p2p or torrents to get music, then there could be problems.

It also depends upon where they are surfin to. If the red-light district, warez sites and such then you can catch nasties. Also emails, chats, instant messaging and such could also be problems if opening attachments or accepting files from others.

 

[tetonbob]

For over a year there have been reports of bad (malicious) code parked at YouTube and other social networking sites. Clicking on links can produce undesirable results. While YouTube has done a lot in that time to protect it's users, malware authors are always looking for exploits.

http://www.techradar.com/news/internet/web/youtube-poses-major-malware-threat-132894

http://www.pcworld.com/article/id,133232-pg,1/article.html

http://talkback.zdnet.com/5208-1009-0.html?forumID=1&threadID=35604&messageID=655794&start=0

Make sure the clients are educated as well as protected. See the link in my sig for some ideas if you need them.

Our colleague, miekiemoes, has a page for Prevention tips.

Downloads need to be scanned before being executed.

 

[Chode]

Most users just aren't going to tell you the whole truth about what they do online. And when you throw ah, the "son' (let me guess; a teenager?) into the mix it just gets worse. Most sites try to police themselves, but there are all sorts of avenues malware can use to enter a site. Two or three months ago, I saw some figures that claimed that roughly 67% of the sites hosting malware were legitimate sites that had been hacked. Sorry, can't put my finger on the reference immediately.

But here's a link to an article that discusses some of the ways malware can end up on a site. I include the example because it address a common vulnerability, and it also reveals how some malware is targeted.

I was recently discussing internet security with a client while her child was on NeoPets. The child clicked a link to play a game (in Firefox) and the link immediately opened an Internet Explorer window which reported that the system was infected and the user should download what was undoubtedly a Smitfraud variant. Then we talked about the NoScript addon.

Basically, I think you're going to find that Craigslist is well policed, and that videos hosted by YouTube are safe, but external links may not be. Essentially, good security on the internet requires some knowledge of basic security issues plus some judgment and restraint.

Edit due to cleaning up late night typos. Doh!