Duplicate Opera installation?

blackbird71

blackbird71 @hucker last edited by blackbird71

@hucker said in Duplicate Opera installation?:

@blackbird71 ... You have to visit a lot of dodgy porn sites to get anything bad. ...

Not true. Over the years, drive-by exploits have successfully infected website visitors to the New York Times, Google, the BBC, and NBC, just to name a few. Any website that carries ads (especially rotating ads) can be a potential carrier for issuing a drive-by; any website that has been successfully hacked has the potential for issuing a drive-by; an exploitable vulnerability in any website's server has the potential for enabling a drive-by issuance. While "dodgy sites" have a higher potential for hosting drive-bys. to blithely assume "reputable" sites can't host them is to live in a dream world.

AV has always done me well.

If the drive-by exploit is of a zero-day variety, your AV's signature-detection engine will be ineffective. The AV protection will then be at best only as good as its heuristic detection engine - and those aren't all equally effective against various forms of exploits.

hucker

hucker @blackbird71 last edited by hucker

@blackbird71 said in Duplicate Opera installation?:

@hucker said in Duplicate Opera installation?:

@blackbird71 ... You have to visit a lot of dodgy porn sites to get anything bad. ...

Not true. Over the years, drive-by exploits have successfully infected website visitors to the New York Times, Google, the BBC, and NBC, just to name a few. Any website that carries ads (especially rotating ads) can be a potential carrier for issuing a drive-by; any website that has been successfully hacked has the potential for issuing a drive-by; an exploitable vulnerability in any website's server has the potential for enabling a drive-by issuance. While "dodgy sites" have a higher potential for hosting drive-bys. to blithely assume "reputable" sites can't host them is to live in a dream world.

Any browser which allows code from a website to execute is stupidly badly written. Running code must always involve the user confirming it. The only browser and email programs I've seen letting in stuff like that are made by Microsoft, where they can't understand the difference between local and internet, they want everything to be the same to give the user a convenient experience.

AV has always done me well.

If the drive-by exploit is of a zero-day variety, your AV's signature-detection engine will be ineffective. The AV protection will then be at best only as good as its heuristic detection engine - and those aren't all equally effective against various forms of exploits.

And yet I've never been hit in all my years on the internet (starting in 1995). And I do visit dodgy sites.

oddssatisfy

oddssatisfy last edited by

It is possible that you have installed two different versions of Opera on your computer. One version may be installed in the system-wide "Program Files" directory, while the other may be installed in your user-specific "AppData" directory. The version installed in "Program Files" is typically available to all users on the computer, while the version installed in "AppData" is only available to your user account. The version in "AppData" may have been installed as a standalone installation or as an update to the previous version. Both versions may have the same settings because Opera saves its settings in a user-specific location, such as the AppData directory. This allows different users on the same computer to have their own settings and preferences for Opera. If you no longer need one of the versions of Opera, you can uninstall it through the Windows Control Panel. However, be sure to only uninstall the version that you no longer need and not the one that you currently use.

blackbird71

blackbird71 @hucker last edited by

@hucker said in Duplicate Opera installation?:

@blackbird71 said in Duplicate Opera installation?:

@hucker said in Duplicate Opera installation?:

@blackbird71 ... You have to visit a lot of dodgy porn sites to get anything bad. ...

Not true. Over the years, drive-by exploits have successfully infected website visitors to the New York Times, Google, the BBC, and NBC, just to name a few. Any website that carries ads (especially rotating ads) can be a potential carrier for issuing a drive-by; any website that has been successfully hacked has the potential for issuing a drive-by; an exploitable vulnerability in any website's server has the potential for enabling a drive-by issuance. While "dodgy sites" have a higher potential for hosting drive-bys. to blithely assume "reputable" sites can't host them is to live in a dream world.

Any browser which allows code from a website to execute is stupidly badly written. Running code must always involve the user confirming it. The only browser and email programs I've seen letting in stuff like that are made by Microsoft...

I'm not sure what you mean by this. JavaScript is script code, and many websites execute it on a user's system. Vulnerabilities and flaws in browser code are discovered constantly, hence many of the chromium code updates (that underlie Opera and many other browsers) that are issued every couple of weeks. Those flaws may allow site code to "go rogue", which is why attention should always be paid to keeping a browser updated.

hucker

hucker @blackbird71 last edited by

@blackbird71 said in Duplicate Opera installation?:

@hucker said in Duplicate Opera installation?:

@blackbird71 said in Duplicate Opera installation?:

@hucker said in Duplicate Opera installation?:

@blackbird71 ... You have to visit a lot of dodgy porn sites to get anything bad. ...

Not true. Over the years, drive-by exploits have successfully infected website visitors to the New York Times, Google, the BBC, and NBC, just to name a few. Any website that carries ads (especially rotating ads) can be a potential carrier for issuing a drive-by; any website that has been successfully hacked has the potential for issuing a drive-by; an exploitable vulnerability in any website's server has the potential for enabling a drive-by issuance. While "dodgy sites" have a higher potential for hosting drive-bys. to blithely assume "reputable" sites can't host them is to live in a dream world.

Any browser which allows code from a website to execute is stupidly badly written. Running code must always involve the user confirming it. The only browser and email programs I've seen letting in stuff like that are made by Microsoft...

I'm not sure what you mean by this. JavaScript is script code, and many websites execute it on a user's system. Vulnerabilities and flaws in browser code are discovered constantly, hence many of the chromium code updates (that underlie Opera and many other browsers) that are issued every couple of weeks. Those flaws may allow site code to "go rogue", which is why attention should always be paid to keeping a browser updated.

It should be like a sandbox. Code running inside a browser should never ever get outside the browser. This is basic programming. Say you ran a virtual machine on your computer. No virus in there could ever get out.

donq

donq @hucker last edited by

@hucker said in Duplicate Opera installation?:

It should be like a sandbox. Code running inside a browser should never ever get outside the browser. This is basic programming. Say you ran a virtual machine on your computer. No virus in there could ever get out.

Of course it can. It may not be easy, but has happened.

Are you programmer? Hacker? Security expert?
Or, as I was asked some twenty and more years ago (when I attempted to explain to someone that one specific program is foolproof - complete misunderstanding of course), are you black, white or red hat?
This seemed totally stupid question to me, but curious as I am, I started to investigate, what this question means. I have not become any color of hat, but I have gathered alot of interesting information since

hucker

hucker @donq last edited by

@donq said in Duplicate Opera installation?:

@hucker said in Duplicate Opera installation?:

It should be like a sandbox. Code running inside a browser should never ever get outside the browser. This is basic programming. Say you ran a virtual machine on your computer. No virus in there could ever get out.

Of course it can. It may not be easy, but has happened.

Only with downright stupid programming. What is inside stays inside. Calls to the outside must go through the user.