Quote from: kmfkewm on June 19, 2013, 09:43 amQuote from: astor on June 19, 2013, 02:16 amThey're crap. They don't work. If you use Windows, you should make a rescue disk now, because if you get infected with malware, the only way to be sure you get rid of it is to format the hard drive and do a clean reinstall of the OS.In the vast majority of cases you are correct, but technically even wiping the drive and doing a clean install of the OS is not enough to ensure you have removed all malware. In many cases it is possible for malware to infect your video card, your mouse, your keyboard and anything else that has reflashable or persistent memory on it. Some mouses these days have their own CPU's and on board memory! In such a case it is possible to have a totally cleaned drive and freshly installed OS, and to get reinfected via your infected peripherals and other hardware. I'm not claiming that this isn't possible, but honestly if you aren't dealing with international espionage, nuclear secrets, and/or governments that buy up zero days like there's no tomorrow... I really, really don't think you have to worry about this. We have a lot of paranoid people about -- I personally don't feel that the vast majority of users should even consider this possibility (as in for most it's a level of paranoia that will hinder your safety, not help it)... but again, I'm not claiming this isn't possible and I don't really know how many people have instructions to build WMDs sitting around as icons on their desktop, so who knows... :)QuoteQuoteJS can't deliver malware without the user clicking Run in a dialogJavascript can be used to deliver malware via browser exploits.Anything that actually modifies the state of the machine has the potential to be used as an exploit. You don't always have to execute code or evaluate a script to get machine code loaded into main memory; just reading data from a site can be enough (i.e. buffer overrun kind of thing). It's not likely, of course, but it's possible. Whether you should worry about it or not depends on how badly you think they wanna catch you.Do you make DPR look like Mother Theresa? Then yeah, I'd start worrying about it.Not the kingpin of several international child slavery organizations? Eh, have a cup o' tea and relax a spell... :)