I did say "... possible exception ..."
True, not EVERY site can be protected ALL the time. But c'mon. How often/likely is that?
Not much comfort if you happen to be the poor sap, who goes to a site during the few hours that it is compromised.
Did I say hours?
IIRC, the Linux repository was compromised for "
at least 17 days".
Google codeplex had malware on it for over a month!
Malware hosted on Google Code project site | ZDNet
More nasties found on Google Code repository | ZDNet
SourceForge also had dodgy links.
SourceForge is still harboring pornography and malware | ExtremeTech
If you can compromise Google for a few hours; you can potentially ensnare thousands (if not millions) of users.
This is the problem with the "Cloud", it is a "single point of failure".
Every criminal knows "where it is" and they will be attacking it.
They only have to get lucky once, whereas the provider has to be 100% successful at stopping thousands (if not millions) of attacks per day.
Your only real defence is regular patching/updating and frequent external backups.
Trojans, viruses, worms: How does malware get on PCs and Macs? | ZDNet
Not totally true. Having good AV and firewall software helps defend against attack.
D'oh!
A firewall is important in Windows (and on a server).
The Ubuntu firewall (iptables)
doesn't have any rules in it by default (i.e. all actions/connections are allowed).
The CentOS (server) firewall (iptables) has rules blocking most external actions/connections by default.
AV software is reactive and limited by the speed of signature updates.
Apparently some malware has the ability to "mutate" itself, so that signature scanners are less likely to detect it! :shock:
I should have included this link.
http://www.sevenforums.com/security-news/190482-if-your-pc-picks-up-virus-whose-fault.html
If you read the article that is linked from that link, patching and a running firewall kept most of the PCs malware free, without an AV program (or other human intervention).
The only "Trusted Site" that is a possible exception, is a site that you:
- Coded/created.
- Are intimately familiar with every object in it.
- Regularly check for unauthorised modifications.
Umm...didn't you explain in your first point that any trusted site can be exploited? It doesn't matter if you coded it or not. Even your code is never bulletproof.
I did say "
... possible exception ...".
It depends on how much code you have and how often it is monitored (assuming you host it on a machine that you control).
A "Hello World" web page would only be a few lines of html, so it should be no problem to check it for alterations (every few minutes if necessary).
Of course it wouldn't be very useful web page.
If the page is hosted on someone else's machine or it has thousands of lines of code (e.g. databases, js, Flash, embedded media players, etc.) the chances of the page getting hijacked increase dramatically.
:huh: 
