Fake AV questions

Is it necessary for fake av to ask the user a question before invading the computer? Why is that? And what's a fool proof and safe way to dismiss the dialog?

Also some people say enabling javascript could be dangerous. I don't get this either. Is javascript dangerous because of a bug/exploit, or because javascript inherently allows some unsafe operations?

 

Give an example.

 

I don't have an example to give -- I don't chase down malware on purpose.
This is a general question and I'm looking for a general answer.

 

Most of them require user permission to install, but there are drive-by downloads.

Javascript can be dangerous, mainly because of the second reason.

 

If you have UAC on it is likely that they'll first ask you to give them admin permission. Not always.

 

I use vista and windows 7 and have UAC on. So if this is true, then the advice to kill the browser with task manager as soon as you see a fakeAV popup is not necessary, is it?

http://blogs.slane.k12.or.us/tsc/2011/04/08/fake-anti-virus-awareness/

Since, sooner or later the fakeAV would have to trigger a browser prompt (a yellow bar below the browser tabs with an X on the right edge) to get user permission to download and install, and as long as I close this prompt the fakeAV cannot download/install.

Or is it not so, since you say "Not always"?

 

For the ones that require user permission to install, you can hold down the "Alt" key and repeatedly press the "F4" key. Each time that you press the "F4" key while holding down the "Alt" key you close the "active" Window.

 

Not sure about this.Sometimes those Fake AVs can produce leftover files on user's system and probably will able to prompt again.Correct me if I am wrong.Thanks.Anyway,use Sandboxie and forget about Rogueware or Fake AV.