# Microsoft say: mIRC is bad, what do you think?



## Lambat (Jun 23, 2008)

MS say chats like mIRC is a several dangerous chat, specialy whe you use the DCC options, is like to open very wide the door to malicious agents, spywares, remotes controls, trojans, etc. what do you think?

its sure?


----------



## Erro (Jun 23, 2008)

Lambat said:


> MS say chats like mIRC is a several dangerous chat, specialy whe you use the DCC options, is like to open very wide the door to malicious agents, spywares, remotes controls, trojans, etc. what do you think?
> 
> its sure?


If your worried about it, don't use it. I have 4 other IRC clients on my pc right now, I don't even open mIRC except to help people
Also, this belongs in Bits and Bytes, I think


----------



## Hakumei Ookami (Jun 23, 2008)

It's not the first time Microsoft blamed a program for a flaw in its own operating system.


----------



## eternal_flare (Jun 23, 2008)

Microsoft, we've known that for ages...it's mentioned in the program's help file about the very same matter...


----------



## LizardKing (Jun 23, 2008)

Let me guess, 2 weeks later they unveil their own IRC client. It's no different to pretty much any other IM client really, or even email. If someone you don't know sends you something, don't accept it. Simple.


----------



## Xenofur (Jun 23, 2008)

Link to their statement?

Also, mIRC and IRC itself for that matter is exactly as safe as your web browser: Click stupid shit and you get a virus, simple as that. 

In that vein the better advice is to pull out your internet cable, no connection, no virii.


----------



## nrr (Jun 23, 2008)

Xenofur said:


> ... virii.


Please don't use this word.  It makes you look like a 13-year-old 3r33t h4x0r, and that's not particularly the image you want to have.


----------



## Xenofur (Jun 23, 2008)

Well excuse me for having gone through three years of latin in high school as the third language to english as my second.


----------



## nrr (Jun 23, 2008)

Xenofur said:


> Well excuse me for having gone through three years of latin in high school as the third language to english as my second.


Seriously?  I wish the real plural were virii, but unfortunately, it isn't.  The idiot kids adopted that form to appear a little more educated than they really are.  Yes, it is logical that since the plural of alumnus is alumni, the plural of virus must be viri (or something similar, like virii)... but that doesn't work. :|

It's kinda like saying the plural of penis is penii.  That just sounds weird.


----------



## WarMocK (Jun 23, 2008)

nrr said:


> Seriously?  I wish the real plural were virii, but unfortunately, it isn't.


Virii ... brrrrrrrrrr! That sounds horrible, no matter what language you use.
Virii verbum malum est.


----------



## net-cat (Jun 23, 2008)

Well, they are correct. mIRC does suck...

There's nothing any more inherently insecure about IRC clients than there is about web browsers, however.

On the "virus" and "penis" subject, were we speaking Latin, the plurals would be "viri*" and "penes," respectively. But it should be pointed out that we are, in fact, speaking English. Therefore, the plurals are "viruses" and "penises," respectively. (Although, depending on which dictionary you use, the Latin plurals are still acceptable.)

(* Note: It's been a couple of years since I've studied Latin, but "virus" looks like boring old second declension -us terminated noun, the plural of which is -i. That said, it's possible that it may be an exception to normal grammar that I don't remember, but you can't use it as an example in that case, anyway.)


----------



## TheGreatCrusader (Jun 23, 2008)

net-cat said:


> Well, they are correct. mIRC does suck...
> 
> There's nothing any more inherently insecure about IRC clients than there is about web browsers, however.
> 
> On the "virus" and "penis" subject, were we speaking Latin, the plurals would be "viri" and "penes," respectively. But it should be pointed out that we are, in fact, speaking English. Therefore, the plurals are "viruses" and "penises," respectively. (Although, depending on which dictionary you use, the Latin plurals are still acceptable.)


What about IRC clients like ChatZilla? Are those horrible insecure and do they leave the door open for viruses?


----------



## net-cat (Jun 23, 2008)

Not especially. Even mIRC (these days) isn't inherently insecure.

Of course, mIRC is insanely popular so it tends to get targeted. Chatzilla, Xchat, et al probably have exploits and vulnerabilities too, they just don't have as many people looking for them.

Of course, most of these clients support scripting. And once people start loading untrusted scripts that do something OMG 1337...


----------



## TheGreatCrusader (Jun 23, 2008)

net-cat said:


> Not especially. Even mIRC (these days) isn't inherently insecure.
> 
> Of course, mIRC is insanely popular so it tends to get targeted. Chatzilla, Xchat, et al probably have exploits and vulnerabilities too, they just don't have as many people looking for them.
> 
> Of course, most of these clients support scripting. And once people start loading untrusted scripts that do something OMG 1337...


Hmm. So it's like Linux with the viruses. They attack the thing that most people use rather than was few use.

Makes sense.


----------



## WarMocK (Jun 23, 2008)

TheGreatCrusader said:


> Hmm. So it's like Linux with the viruses. They attack the thing that most people use rather than was few use.
> Makes sense.


Yes and no. Most servers run on Unix/Linux, and thus are frequently in the line of fire. It's the job of the admins to keep the system clean, at least that't what they get paid for. ;-)
There are quite a few viruses that can infect Linux as well, and they do if you have a user who has nothing better to do but to click on everything that cannot run away from his mouse cursor. 
In the end, the biggest problem is the bunch of features your client has. the more features, the more possible vulnerabilities.


----------



## TheGreatCrusader (Jun 23, 2008)

WarMocK said:


> Yes and no. Most servers run on Unix/Linux, and thus are frequently in the line of fire. It's the job of the admins to keep the system clean, at least that't what they get paid for. ;-)
> There are quite a few viruses that can infect Linux as well, and they do if you have a user who has nothing better to do but to click on everything that cannot run away from his mouse cursor.
> In the end, the biggest problem is the bunch of features your client has. the more features, the more possible vulnerabilities.


Of course there are viruses for Macs and Linux/Unix. There just aren't nearly as much as there are for Windows.


----------



## net-cat (Jun 23, 2008)

Yeah. Interesting thing about hacking. How you go about doing it depends largely on what your goals are. If your goal is to create a botnet, then your best bet is to target something popular with known security vulnerabilities. If you're trying to target a specific organization or individual, you attack what they're running.

As for the scripting thing, that's purely a matter of social engineering. Something all systems are equally vulnerable to, as it exploits human stupidity. In the context of an operating system, it's usually "free screen saver" or "free desktop picture" or "keygen for *expensive app here*" or "YOU MIGHT BE INFECTED CLICK HERE." In the context of an IRC client, it's usually "make your text rainbow clolored" or "pwn n00bs" or "download manager."


----------



## WarMocK (Jun 23, 2008)

The problem about botnets is that people actually fall for SPAM and buy things they read about in those mails. If it was possible to do something about that like they did when they promoted stock exchange - maybe people would lose the interest about botnets, and crackers wouldn't bother about creating new botnet viruses. </dream-mode> ^^


----------



## Shark_the_raptor (Jun 23, 2008)

I have no idea.  I don't use mIRC.


----------



## Eevee (Jun 23, 2008)

Xenofur said:


> Well excuse me for having gone through three years of latin in high school as the third language to english as my second.


apparently not enough.  'virus' is a mass noun in latin and is a second declension neuter besides.  it has no Latin plural, and even if it did it would be "viri" (which is the plural of "vir"), not "virii".


----------



## Magnus (Jun 23, 2008)

With Irc/Mirc would it not be possible to configure it with the firewall?



> it has no Latin plural


that is the true awnser


----------



## verix (Jun 24, 2008)

Well thank god we covered the etymology of the plurality of dicks.


----------



## Xenofur (Jun 24, 2008)

Eevee said:


> apparently not enough.  'virus' is a mass noun in latin and is a second declension neuter besides.  it has no Latin plural, and even if it did it would be "viri" (which is the plural of "vir"), not "virii".


Well shit. 

Anyhow, OP, still waiting for a link to your claim.

And Crusader, it's really simple. No matter what kind of software you are talking about: If you are stupid, it is insecure. Security is not dependant on the software in question, but solely by what's contained between your ears.


----------



## kitetsu (Jun 24, 2008)

I should be more worried at how much distraction i get from IRC whenever i'm supposed to do something else. I go online once in a blue moon nowadays because of that reason.


----------



## arcticsilver (Jun 24, 2008)

microsfot says a lot of things like linux is a cancer that must be stopped for the good of the Monopoly. >.>
<.<
>.>
*Looks for a flying chair*


----------



## Arshes Nei (Jun 24, 2008)

Umm about any thing is open to viruses. If you're an idiot that auto accepts things like on oh say MSN's client you're prone to get viruses and spyware too. So it's kind of amusing that they're pointing fingers at how bad one program is when the liability is how the user uses the software.

DCC is usually used (among other things) to send files. in mIRC you can configure what files are acceptable, but be forewarned that it's probably best to scan before running. Sounds...like what you have to do with MSN's Live Messenger...wow...yep mIRC is REALLY bad.

lol.


----------



## Aurali (Jun 24, 2008)

Xenofur said:


> Well shit.
> 
> Anyhow, OP, still waiting for a link to your claim.
> 
> And Crusader, it's really simple. No matter what kind of software you are talking about: If you are stupid, it is insecure. Security is not dependant on the software in question, but solely by what's contained between your ears.



http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1276215,00.html

There is your link hun


----------



## Arshes Nei (Jun 24, 2008)

Eli said:


> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1276215,00.html
> 
> There is your link hun



I mostly see this referring to XP's operating system itself - actually more like Internet Explorer.

_In its security advisory, *Microsoft said a flaw in Windows XP and Server 2003 fails to properly validate URIs and URLs*, allowing an attacker to execute arbitrary commands. *If Internet Explorer 7 is installed* malicious URIs *may* be passed through it via several third party applications like Adobe Acrobat Reader, mIRC, Mozilla Firefox, Skype or Miranda IM._

So sounds like that is Microsoft's problem, it just affects other programs dependent on the OS.


----------



## Aurali (Jun 24, 2008)

What's funny is that's the only mention I can find of this.. and it's a year+ old...


----------



## Pi (Jun 25, 2008)

Arshes Nei said:


> I mostly see this referring to XP's operating system itself - actually more like Internet Explorer.



Don't pay attention to Eli, it exhibits the reading comprehension skills of a blind and deaf buffalo.


----------



## Janglur (Jun 25, 2008)

Microsoft says Open Source is bad.  They say there's no reason to have a virus scanner if you have dialup.  They say Windows Vista is the fastest, most stable, most compatible OS they've ever made.  They also say that Xbox will take over the entire gaming markey by 2012.  They say Firefox is less secure than IE.


Hasn't anyone gotten it yet?  Microsoft lies more often than Dubbya.


----------



## SFox (Jun 25, 2008)

99% of the time, the opposite of everything MS says is reality.
However, this is one of the rare times I'd agree (though not for the same reasons). There are much better irc clients out there.


----------



## Magica (Jun 25, 2008)

I've been using mIRC for a good 6-8 years, and I'm so used to it that I probably wouldn't be able to change and get used to a new one.


----------



## WarMocK (Jun 25, 2008)

somberfox said:


> 99% of the time, the opposite of everything MS says is reality.
> However, this is one of the rare times I'd agree (though not for the same reasons). There are much better irc clients out there.


FULL ACK.


----------



## Aurali (Jun 25, 2008)

Pi said:


> Don't pay attention to Eli, it exhibits the reading comprehension skills of a blind and deaf buffalo.



Or.. you maybe, I dunno.. find for yourself what the OP is talking about? Instead of, maybe.. blowing smoke out your ass.. All I did was post a link jackass. No motive. No words. Just a link.


----------



## Pi (Jun 26, 2008)

Eli said:


> Or.. you maybe, I dunno.. find for yourself what the OP is talking about? Instead of, maybe.. blowing smoke out your ass.. All I did was post a link jackass. No motive. No words. Just a link.



Oh. So you aren't capable of comprehending words, it's just that you could only find the most tenuously-linked article possible, or something? Sounds like research failure to me, in addition.


----------



## Chevallier LaChance (Jun 26, 2008)

Its good because it allows us to create specific groups for any number of things.  That and MS is trying to eliminate all other "unimportant" messengers so that MSN and a few others are top dog.


----------



## Aurali (Jun 26, 2008)

Pi said:


> Oh. So you aren't capable of comprehending words, it's just that you could only find the most tenuously-linked article possible, or something? Sounds like research failure to me, in addition.



Or maybe there isn't a better link. Maybe the OP is trying to put down IRC cause of the sudden interest the forum users have in it, to protect something he likes. Maybe this was the only thing he found about it, and is trying to enhance his opinion by refusing sources for people to tear through.

As for me. I'm thoroughly interested in this discussion, and have nothing to contribute on my own. I just gave a link to keep it going. However, you won't see that. You've got this opinion of me in your head; and psychologically speaking; the first impression is usually the strongest. 


Oh. I'm still waiting for a better source Pi.


----------



## Arshes Nei (Jun 26, 2008)

Although the argument is becoming childish, what I believe Pi is saying is that the OP referred to specifics that weren't covered in your article Eli. Even if you think that was the right article he was referring to, apparently it was not because it only mentioned mIRC, and not the specifics the person was referring to. That means it was an incorrect assumption on your part to assume that is where the OP got the information from.


----------



## Aurali (Jun 26, 2008)

I can find information on DCC flaws for Mirc just fine Arshes. 
Though finding information that shows Microsoft's problem with it (Or anything recent) is why I posted the article I did. It's the closest thing I could find to what the OP had.


----------



## Arshes Nei (Jun 26, 2008)

Eli said:


> I can find information on DCC flaws for Mirc just fine Arshes.
> Though finding information that shows Microsoft's problem with it (Or anything recent) is why I posted the article I did. It's the closest thing I could find to what the OP had.



You kinda skirted around what I just said and offered an answer not directly related to what I said.


----------



## Aurali (Jun 26, 2008)

Basically, what I'm saying is that the OP posted information that's years old. The content in it is so outdated any links available to it are gone. There isn't gonna be an article with all the required information. Is that better?


----------



## Arshes Nei (Jun 26, 2008)

Eli said:


> Basically, what I'm saying is that the OP posted information that's years old. The content in it is so outdated any links available to it are gone. There isn't gonna be an article with all the required information. Is that better?



Or presumed to be. Since the OP hasn't answered we don't know.


----------



## Aurali (Jun 26, 2008)

I'm doubting the OP is gonna reply.


----------



## Ceceil Felias (Jun 26, 2008)

This entire thread makes me giggle.

But how many times have I used that exact same line in so many other threads? Hmm, I think it's getting a bit stale.

I just find it so amazing that the thread's lasted this long, if only because of Pi's aggressive and acidic behavior. :U


----------



## WarMocK (Jun 27, 2008)

Ceceil Felias said:


> I just find it so amazing that the thread's lasted this long, if only because of Pi's aggressive and acidic behavior. :U


Agressive, acidic - and extremely entertaining. ^^


----------



## Aurali (Jun 29, 2008)

WarMocK said:


> Agressive, acidic - and extremely entertaining. ^^


Reason I still respond to him^^


----------



## Ceceil Felias (Jun 29, 2008)

Eli said:


> Reason I still respond to him^^


Le sigh.

You're not exactly helping the situation any at this point, either.


----------



## Aurali (Jun 29, 2008)

When I care about what others think of me. I'll let you know.


----------



## Pi (Jun 30, 2008)

Ceceil Felias said:


> Le sigh.
> 
> You're not exactly helping the situation any at this point, either.



I'm sort of shocked by how many people think that my pointing out their blatant fucking stupidity is somehow amusing.


----------



## Aurali (Jun 30, 2008)

It's not what you say.. but how... and I'm stealing your line >..>


----------



## darkdoomer (Jul 1, 2008)

Microsoft's additional software (iexplore, msn live,outlook, vistAIDS... ) is like to open very wide the door to malicious agents, spywares, DRM, remotes controls, trojans, etc.

it is sure.


----------



## Drake_Husky (Jul 2, 2008)

M$ can bite my fluffy white and black arse, Mirc is the greatest thing to come about. DCC is what made me and my collection today. It only opens holes to malicious agents if you don't watch what you download using the DCC options, i've never caught anything through Mirc.


----------



## Arshes Nei (Jul 2, 2008)

Eli said:


> When I care about what others think of me. I'll let you know.



Until you get on the wrong person's bad side. You might get along better if you stop trying to be right all the time and admitting mistakes.


----------



## Eevee (Jul 2, 2008)

oh my god

the service/protocol is *IRC*

mirc is just a client for it

aaa I'm going to go check my outlook and browse the google


----------



## Aurali (Jul 2, 2008)

Arshes Nei said:


> Until you get on the wrong person's bad side. You might get along better if you stop trying to be right all the time and admitting mistakes.



I cooould. But where is the fun in that?


----------



## HiroJudgement (Jul 2, 2008)

Microsoft, meet angry face.

>=|


----------



## WarMocK (Jul 2, 2008)

HiroJudgement said:


> Microsoft, meet angry face.
> 
> >=|



LOL! the guys from MS have to bear Steve Ballmer's puss all day, do you REALLY think that an angry emoticon could shock'em? ;-)

EDIT: just found a pic of him .... NOPE! .... Can't beat that visage. Like a winter boot - step in, and feel good


----------



## HiroJudgement (Jul 2, 2008)

WarMocK said:


> LOL! the guys from MS have to bear Steve Ballmer's puss all day, do you REALLY think that an angry emoticon could shock'em? ;-)
> 
> EDIT: just found a pic of him .... NOPE! .... Can't beat that visage. Like a winter boot - step in, and feel good



Angry face kills babies to quell boredom. Fear angry face.


----------



## Ceceil Felias (Jul 2, 2008)

Ballmer's one creepy motherfucker, I tell ya.


----------



## Runefox (Jul 2, 2008)

Yeah, mIRC is about as bad as Google is if you like clicking on shiny things. By default, the normal action for mIRC to take if someone wants to send you a file is to ask you, and unless you're common-sensically impaired, you're probably going to want to do this with people you know, and still give it a once-over with an antivirus product just in case before you even think about cracking it open. That said, mIRC is only one of many IRC clients. It just happens to be the easiest to use, in my opinion, and the most fully-featured. Hence why they ask for money for it.

But anyway, then again, people click on random links sent to them by MSN, and get infected with MSN viruses, too... That said, if you're smart enough to get on IRC, you're probably either smart enough to avoid that sort of thing anyway, or you probably shouldn't be using IRC.


----------



## Aurali (Jul 2, 2008)

Trust me Runefox. The admins of this site have taught even the biggest idiots how to use IRC.. oh and HI RUNEFOX! ^^ I rememberz joo


----------



## WarMocK (Jul 3, 2008)

Runefox said:


> By default, the normal action for mIRC to take if someone wants to send you a file is to ask you, and unless you're common-sensically impaired, you're probably going to want to do this with people you know, and still give it a once-over with an antivirus product just in case before you even think about cracking it open.


Well, that should(!!!) be the normal procedure, but the amount of bots out there prove us the opposite. :-/



Runefox said:


> But anyway, then again, people click on random links sent to them by MSN, and get infected with MSN viruses, too...


Q.E.D.


Runefox said:


> That said, if you're smart enough to get on IRC, you're probably either smart enough to avoid that sort of thing anyway, or you probably shouldn't be using IRC.


The problem is: lots of users on IRC are little script kiddies who install anything that can't run away and, as you already mentioned, click on anything that looks bright and shiny, no matter what the text beneath the icon says.
I remember a little experiment where a couple of students hosted a banner on a popular website telling the users that they should click this banner to install a new virus for their system. After clicking the banner, users had to confirm that they were aware of that the were about to install a virus on their system and aks if they wanted to continue anyway. I dunno the exact numbers, but about iirc ten percent of the site's visitors actually CLICKED the banner, and quite a lot of them confirmed they wanted to install the virus (of course, there was no virus at all, the OK-button just closed the dialog ^^).
Come to think of that, it would be safer to give a chimp a loaded shotgun rather than giving some people a PC with an internet connection.


----------



## Xenofur (Jul 3, 2008)

brilliant test ...

i can guarantee you that most of them just clicked to see what would be behind such a retarded banner.


----------



## WarMocK (Jul 3, 2008)

Xenofur said:


> ...most of them just clicked to see what would be behind such a retarded banner.


Which would be even more retarded. ^^


----------

