the boss checked my computer history and saw AF

[Aractus]

There are plenty of ways around all of those things you mentioned. Flash / Adobe Reader aren't required for browser exploits to work. Windows security is a joke. Anti-virus is largely a joke when it comes to targeted attacks. uBlock blocks adverts, not malware.

I do this sort of thing for a living. I know what I'm talking about.

uBlock blocks whatever you want it to, malware sites as well. But my point is that the meaningful hacks (i.e. the ones that will hack your computer not just the website) are targeted more towards advertisers. You hack 1 advertiser and you can distribute malware (e.g. ransom-ware) on 100's of popular internet sites. Blocking 3rd-party ads is one of the best lines of defence against that. Windows isn't less secure than Linux - it's just more popular and thus more targeted.

[Tiberius]

uBlock blocks whatever you want it to, malware sites as well.

No, it doesn't block "whatever you want it to". It blocks requests to sites that match specific patterns. It can't block actual malware. If a new site popped up with malware on it, uBlock is useless. That doesn't mean it's not a great tool; it is, but people who overstate what it actually does are contributing to a greater problem, which is people thinking they are more secure than they are!

Windows isn't less secure than Linux - it's just more popular and thus more targeted.

Y'know, I've heard this one multiple times over the years, and it still astounds me that people bring it up.

It's just wrong on so many levels.

Ignoring the fact that most of the Internet runs on Linux, Windows by default enables services which have dangerous flaws in them. It also stores passwords insecurely, doesn't do separation of privileges properly, etc.

You can sit in a Windows network and compromise it usually without using any malware, by exploiting these weaknesses.

[drfuzzy]

Sorry I haven't logged in.  Then I see all of these great posts - - you guys are so sweet!    

The boss is very xtian, very homophobic, very Republican.  In Kansas, you can be fired for almost any reason, religion, sexual orientation, etc.  And the place I worked had absolutely no policies and procedures in place - - I didn't even have a job description.  It was a low-paying job for the skills required.   And no, I was never told not to surf the web during work hours - the boss was on Facebook all the time.  She snooped around on my computer and found out that the "nice church musician" that she hired was probably an atheist! (The horror!)  

A lawsuit would be time-consuming and expensive, and I don't want to fight for the job. The best "revenge" would be to find a better position that pays more.  I'm going to devote myself to that for the next few weeks.  

But you can bet that I won't be posting to AF from a work computer ever again!

[dyresand]

And fired me.
Yeah.  I whined about her to you guys back at the end of February.  http://atheistforums.org/thread-41803.html   Despite having excellent attendance, attitude, work ethic, and all of the other stuff, she gave me a bad employee evaluation on Feb. 26.  Her attitude towards me had changed abruptly mid-February - - prior to that, I thought that we were friends and made a good team.
   March 31, we had another meeting, and she just said "I have a vision for this place, and you just don't fit."

I was stunned.  I have never been fired from any job - ever!  The HR Director had a meeting with us, and actually said to my boss then "you rated her as "excellent" on every point that we usually see: work ethic, attendance, attitude, accuracy, etc., and then you wrote that "she isn't a good fit for this office".  HR is not her boss - I'm not even sure she has a boss, and there is no employee handbook, no job description - nothing.  The HR people gave me a month's severance and are looking for another position in the organization for me, but they can't stop her.  They let me resign.

Yesterday was my last day, and the boss left early.  An IT guy (Adam) who has been a friend, came down to help me pack up and sign out.  We got to my car, and he said "I know why she fired you."  One day in mid-February, I was working in an upstairs office and had forgotten to lock my computer. Adam passed by the office door to hear my boss on the phone (probably talking to her husband) and heard "she had an ATHEIST website in her computer history! She has been posting atheist stuff when she should have been working!"  He said "I wanted to warn you, but I didn't know how it would help.  Be careful in your next job."  

This is Kansas.  There are no employee protections.  You can be fired for being gay (I originally wondered if she saw the rainbow stripe on my car) or for being atheist, or Muslim, or Jewish - - there is no recourse.  I just have to get busy applying for another job.  

Thanks for listening, and if you're surfing AF at work - in the US, at least - be careful.

Fuzzy you might want to take a look at this. 

https://www.avvo.com/legal-guides/ugc/fi...-read-this

[drfuzzy]

---

And fired me.
Yeah.  I whined about her to you guys back at the end of February.  http://atheistforums.org/thread-41803.html   Despite having excellent attendance, attitude, work ethic, and all of the other stuff, she gave me a bad employee evaluation on Feb. 26.  Her attitude towards me had changed abruptly mid-February - - prior to that, I thought that we were friends and made a good team.
   March 31, we had another meeting, and she just said "I have a vision for this place, and you just don't fit."

I was stunned.  I have never been fired from any job - ever!  The HR Director had a meeting with us, and actually said to my boss then "you rated her as "excellent" on every point that we usually see: work ethic, attendance, attitude, accuracy, etc., and then you wrote that "she isn't a good fit for this office".  HR is not her boss - I'm not even sure she has a boss, and there is no employee handbook, no job description - nothing.  The HR people gave me a month's severance and are looking for another position in the organization for me, but they can't stop her.  They let me resign.

Yesterday was my last day, and the boss left early.  An IT guy (Adam) who has been a friend, came down to help me pack up and sign out.  We got to my car, and he said "I know why she fired you."  One day in mid-February, I was working in an upstairs office and had forgotten to lock my computer. Adam passed by the office door to hear my boss on the phone (probably talking to her husband) and heard "she had an ATHEIST website in her computer history! She has been posting atheist stuff when she should have been working!"  He said "I wanted to warn you, but I didn't know how it would help.  Be careful in your next job."  

This is Kansas.  There are no employee protections.  You can be fired for being gay (I originally wondered if she saw the rainbow stripe on my car) or for being atheist, or Muslim, or Jewish - - there is no recourse.  I just have to get busy applying for another job.  

Thanks for listening, and if you're surfing AF at work - in the US, at least - be careful.

---

Fuzzy you might want to take a look at this. 

https://www.avvo.com/legal-guides/ugc/fi...-read-this

Yeah, dyre - - thanks.  I do appreciate it.  The thing with this job is there were no employee policies in place - none at all.  No employee handbook, no job description, no list of rules and regulations, no procedures for submitting a grievance, no rules against surfing the web - no nothing.  I don't even know if my boss had a boss - or even how to find out who that would be.  My lawyer said that in a different organization, where we could prove unjust firing and track the chain of command, I would have a lawsuit - - even in Kansas, where you can fire someone for being an atheist.  (I was never asked if I was, and never said I was.)  But this case would just be difficult, and the job was low-paying - - I just need to move on.

[Aractus]

No, it doesn't block "whatever you want it to". It blocks requests to sites that match specific patterns. It can't block actual malware. If a new site popped up with malware on it, uBlock is useless. That doesn't mean it's not a great tool; it is, but people who overstate what it actually does are contributing to a greater problem, which is people thinking they are more secure than they are!

There are lists dedicated to blocking malware, and it can incorporate the MVPS HOSTS‎ file also. I'm not at all saying it's a complete tool, however it is important because the ransom-ware and other malware are targeted at advertisers. That's not an opinion, it's a fact - and it's why kickass torrents has been blocked by Google's Safe Browsing at least 3 times now in the past 12 months. Not because its server served malware, but because malware was on the website served through its advertisers. However, if you had uBlock running when visiting the website you were never in any danger in the first place. There has even been malware found embedded in Youtube ads.

Y'know, I've heard this one multiple times over the years, and it still astounds me that people bring it up.

It's just wrong on so many levels.

Ignoring the fact that most of the Internet runs on Linux, Windows by default enables services which have dangerous flaws in them. It also stores passwords insecurely, doesn't do separation of privileges properly, etc.

You can sit in a Windows network and compromise it usually without using any malware, by exploiting these weaknesses.

That's a different matter to security vulnerabilities through malware. Windows is the most targeted OS. But that's not the core weakness - the core weakness is usually Java (which is being mothballed) or Flash or a browser vulnerability or a combination thereof. Weaknesses in the Operating System wouldn't matter if web browsers were hardened in the first place. So my point again is that meaningful security enhancements can be made just by installing uBlock, either not running Flash or setting it to "ask every time", and of course not using the Java plugin.

[dyresand]

Fuzzy you might want to take a look at this. 

https://www.avvo.com/legal-guides/ugc/fi...-read-this

Yeah, dyre - - thanks.  I do appreciate it.  The thing with this job is there were no employee policies in place - none at all.  No employee handbook, no job description, no list of rules and regulations, no procedures for submitting a grievance, no rules against surfing the web - no nothing.  I don't even know if my boss had a boss - or even how to find out who that would be.  My lawyer said that in a different organization, where we could prove unjust firing and track the chain of command, I would have a lawsuit - - even in Kansas, where you can fire someone for being an atheist.  (I was never asked if I was, and never said I was.)  But this case would just be difficult, and the job was low-paying - - I just need to move on.

Damn.. that sucks
But yeah it is time to move on and good luck on the job hunt.

[Tiberius]

There are lists dedicated to blocking malware, and it can incorporate the MVPS HOSTS‎ file also. I'm not at all saying it's a complete tool, however it is important because the ransom-ware and other malware are targeted at advertisers. That's not an opinion, it's a fact - and it's why kickass torrents has been blocked by Google's Safe Browsing at least 3 times now in the past 12 months. Not because its server served malware, but because malware was on the website served through its advertisers. However, if you had uBlock running when visiting the website you were never in any danger in the first place. There has even been malware found embedded in Youtube ads.

Ok, I've really tried explaining this to you multiple times, so apologies in advance if this post comes across as frustrating.

uBlock does not block malware. Malware is a file that runs on your computer and performs some malicious action. It is only detectable via either it's a signature, or heuristics. This is almost exclusively performed by anti-virus software.

uBlock is not anti-virus software. It only prevents your browser from accessing URLs which link to known malware sites. This is a huge difference. If sites A, B, and C all host the same piece of malware, and your anti-virus has a signature for it, then visiting any of the sites and downloading the malware will cause your anti-virus to alert you. However, if uBlock only has sites A and B in its list, and you visit site C, the malware will be downloaded, and there's nothing uBlock will be able to do to stop it.

To put it another way: uBlock attempts to prevent your browser from connecting to known malware sites. Anti-virus attempts to prevent actual malware from infecting your system after it has been accessed.

So, please stop perpetuating the myth that uBlock actually blocks malware, because it doesn't. It blocks known distributors of malware. I could upload malware to atheistforums.org today, and your uBlock would do fuck all to prevent you from accessing it.

That's a different matter to security vulnerabilities through malware. Windows is the most targeted OS. But that's not the core weakness - the core weakness is usually Java (which is being mothballed) or Flash or a browser vulnerability or a combination thereof. Weaknesses in the Operating System wouldn't matter if web browsers were hardened in the first place. So my point again is that meaningful security enhancements can be made just by installing uBlock, either not running Flash or setting it to "ask every time", and of course not using the Java plugin.

http://beefproject.com/

Go there and read all the exploits you can use to hijack a user's browser. Java and Flash are two ways of exploiting browsers, but they are not at all the only methods. Most of the exploits there use native browser vulnerabilities.

Yes, meaningful security enhancements can be used by installing uBlock and not using Flash / Java, but don't think those will protect you completely. In targeted attacks (which many businesses suffer on a daily basis), you aren't looking at known malware, or known distribution sites, or even Flash or Java. You are looking at coordinated phishing attacks which deliver customized payloads that are undetectable by AntiVirus. The weak point of any business is the employee, and it makes perfect sense to have a security policy that tells employees that it is a disciplinary offence to visit non-approved websites.

[Aractus]

Ok, I've really tried explaining this to you multiple times, so apologies in advance if this post comes across as frustrating.

uBlock does not block malware. Malware is a file that runs on your computer and performs some malicious action. It is only detectable via either it's a signature, or heuristics. This is almost exclusively performed by anti-virus software.

uBlock is not anti-virus software. It only prevents your browser from accessing URLs which link to known malware sites. This is a huge difference. If sites A, B, and C all host the same piece of malware, and your anti-virus has a signature for it, then visiting any of the sites and downloading the malware will cause your anti-virus to alert you. However, if uBlock only has sites A and B in its list, and you visit site C, the malware will be downloaded, and there's nothing uBlock will be able to do to stop it.

To put it another way: uBlock attempts to prevent your browser from connecting to known malware sites. Anti-virus attempts to prevent actual malware from infecting your system after it has been accessed.

So, please stop perpetuating the myth that uBlock actually blocks malware, because it doesn't. It blocks known distributors of malware. I could upload malware to atheistforums.org today, and your uBlock would do fuck all to prevent you from accessing it.

I'm not perpetuating any myths Tiberius. I never said it replaces the function of anti-virus software, I said it's additional layer of protection and clearly explained why. And the reason is that the most likely place to find malware on the internet is in compromised advertisements. They have been found 3 times in the past 12 months on kickass torrents, and at least once on youtube in the last 2 years. UBlock stops advertisements being downloaded in the first place, thus stopping the malware, and it's not just based on known URLs or malware, but also known URLs of advertisers (as I clearly said, when an advertiser gets hacked the malware comes from the advertiser's URL). Of course you should also have AVAST or some other anti-virus running as well (although note that Avast now comes with a bunch of fucking off-putting bundle-ware bullshit, and continually pops up its own fucking advertisement unless you either buy premium or put it into game-mode). As you well know, hackers target the weak point of a system.

http://beefproject.com/

Go there and read all the exploits you can use to hijack a user's browser. Java and Flash are two ways of exploiting browsers, but they are not at all the only methods. Most of the exploits there use native browser vulnerabilities.

Yes, meaningful security enhancements can be used by installing uBlock and not using Flash / Java, but don't think those will protect you completely. In targeted attacks (which many businesses suffer on a daily basis), you aren't looking at known malware, or known distribution sites, or even Flash or Java. You are looking at coordinated phishing attacks which deliver customized payloads that are undetectable by AntiVirus. The weak point of any business is the employee, and it makes perfect sense to have a security policy that tells employees that it is a disciplinary offence to visit non-approved websites.

The security of the browsers is tested on their default settings. As I've said, they can be hardened which reduces the vulnerability. I, for example, run NoScript on FF as well, I have the MVPS hosts file installed, uBlock, and of course Avast (in game mode), oh and I keep the windows security updates up to date. Other people don't want to put up with the hassle of things like NoScript, and many can't be bothered with antivirus software either (especially now as I've mentioned that the best one IMO, Avast, comes with unwanted bundleware).

The reason why I use Avast is because I was running AVG at the time that this happened. And I confirmed that the rootkit I had was from 2009. 2009 and AVG didn't stop it or have a way to remove it in 2011!! It wasn't even a trojan, just a really annoying virus. The first thing I did after fixing the system - by myself by identifying and deleting the rogue driver (which loaded the rouge SVCHOST file) was uninstall AVG and install Avast.

Anyway, if we go back to what you said about Windows security - yes it's more insecure by the very fact that more malware and viruses target it. But that's just one consideration for a computer system. I make no apologies for not liking Apple - if we go back far enough, they would charge an extra 50%-100% just for the apple logo over the cost of a PC with Windows. And they designed devices to be exclusive to their system - printers, etc. PC has always welcomed competition from manufacturers, and while that can lead to more shonky components, it also leads to greater user-serviceability. Anyway, not only are Macbooks fucking shit in terms of hardware:

https://www.youtube.com/watch?v=t7XSckjRPo0

And Apple refuses to service them (which is illegal), but let's say I do get ransomware installed on my PC or my Lenovo Laptop. I can just reformat the hard drive and reinstall Windows (in fact for the Laptop, I can just hot-swap the SSD for a 2.5" conventional magnetic disk drive I have set to factory settings). I'm sure the process is not that much more difficult for a Macbook, but god only knows how you'd fix a fucking tablet infested with ransomware. Point a heat-gun at the section of the all-in-one-motherboard that has the storage and operating system, pull it off the motherboard, and then re-flash it I suppose.

[Brian37]

What sucks about this is did she fire you for complaining about her? Or did she fire you because you are an atheist?

This is why it is never a good idea to use work computers for talk about work. And even with home devices, I would not even advise being friends online with co workers even if you like them, precisely because of things like this. I also cannot prove that I got fired from my 7 year job for my atheism. In my case though, I think it had more to do with the owner being a fucking cheapskate and didn't like the fact I wasn't willing to do two jobs at once, and especially when I was already doing a ton of shit work none of the other workers were willing to do.

I would at least report this to FFRF if you truly think you were fired for being an atheist. If you have damned good work record that is a shitty thing for them to do.