That's an interesting answer. But I was always under the impression that it was Netscape who didn't play fair at the IETF while Microsoft did. Of course behaving at a standards body and actually adhering to the standards are two different things...

I never understood why Microsoft forced Internet Explorer inside Windows. Did they fear Netscape's "API" would really threaten them ?

You are probably not aware that ERT (Elleneki Radiophonia Teleorassi) was the only allowed TV/Radio station in Greece for many years. In fact when CNN announced its plan to broadcast in Greece by satellite in the 80s, a minister of the Socialist government threatened to "shoot" it down.

ERT is the most iconic symbol of an old, despotic, union-owned state that is finally breaking down.

So, is there such an exploited defect for Windows 2000 ?

Yes, both Netscape and IE4.

But it didn't know Unicode and it was talking the W3C specs too seriously.

Imperious Richard, dead and turned to clay,
Might stop a hole to keep a tire from flaying.
Oh, that that earth, which kept the world in awe,
Should patch a park t' allow the traffic’s flow!

BasilBrush (and the ibubble in general) is not commercially relevant to computer security either, so we don't really have to care about him, do we ?

1. Yes, an iPhone can be hacked to become a computer, but the default configuration to which your original posting was referring to, is not a personal computer but much closer to a smart terminal since it can't function properly (and by functioning properly I naturally have to include running code) without receiving the approval of a central computer. The point of my counterargument is that while Apple's whitelisting system is working fine on the iPhone, the uses of the iPhone are not as broad as the uses of a personal computer.

2. There is already a security application that acts in the way you propose: Comodo. Now, Comodo is an interesting issue in your argument because it has repeatedly failed in respected antivirus tests such as AV Test, AV Comparatives and even VB100 (which is as close to the defacto standard as it can be). It failed so bad, that it had to be removed by those tests to avoid further embarrassment.

3. Java is not the issue in browsers, since it's not part of the browsers but a plugin instead (which can be forced to work inside a sandbox as Mozilla did for Flash). Javascript is the problem since it's a real programming language that can be used to strech a browser's code to its limits and turn any flaws to possible code execution. I don't think you can whitelist websites from Javascript as well.

Finally, while sandboxing protects the rest of the system it doesn't prevent a hacked application from accessing your data and posting them through the internet.

I'm not invalidating your argument, but I wish to point out that whitelisting may work for some users who use a limited number of applications and even then it won't offer them the complete protection they would hope for. Modern high quality antivirus suites offer superior solutions without restricting the user's choice of applications.

iPhone is just a smart phone. This is about real computers that are supposed to be free to do much more than a handheld device. Try to do the same on personal computer and it's not personal anymore, its just a smart terminal connected to a central iTunes mainframe.

Furthermore, an exploit on a standard whitelisted application such as a web browser or an office suite would expose the system to unrestricted access. A better solution is to monitor running code and prevent it from doing something it wasn't supposed to be doing. For example, neither a web browser nor an office suite should be given direct disk access, driver installation privileges or system directory access.

Tested the Gmer rootkit detector, AV doesn't report it as malicious but heuristics does. And also,

The following cluster is related to your sample. The similarities between your submission and samples in our database are shown below. If one of the listed variants in the cluster is malicious, then it is likely that your submission is malicious also.

Cluster [W32] [Trojan]

Similarity Filename Hash AV Results
0.734592 aedbfccbfbbddcbebbcbcadf ed839568ee1c2906ea0b42612d04f6bd BC.W32.Xpaj
0.718620 deafabbcffdbdcefecffeea 151d4e03f8ffc6adc50facc2e561dab7 BC.W32.Xpaj
0.714916 bcdadffaecdeaefbdbcaccdfed f74f33bcdcff1e97048f2576abb03467 Win.Trojan.Agent-39884

How "likely" ?

Use Pale Moon. It's the Firefox you are asking for.

What about Cyberiminal ?

Ed Bott wrote it. That proves, to all his detractors, that he can multiply.

Since Altamont.