Jump to content


Photo

Questions from a Newbe


  • Please log in to reply
8 replies to this topic

#1 AZorn

AZorn

    Member

  • New Member
  • Pip
  • 3 posts

Posted 18 July 2004 - 10:36 PM

I'm new to this forum and am not sure as to where to direct my questions. Could you please help me?

As an OS, I'm running Windows 2K. I use Microsoft Windows as my web browser and Outlook Express for my email. I run Adaware Personal Build 6.181 and Spybot v1.3 on my system on a regular basis. I also seem to notice that after having loaded and run Spybot, I am getting popup Windows on sites that I usually didn't get popup windows. I'm using Google to block supposedly the popup windows. Also, I use Norton Antivirus as my antivirus software.
I primarily use Microsoft to either browse the web or get my email.

I've read Mike's writing on Browser Hijacking and Prevention on Browser Hijacking. I have started to put his suggestions into play.
It was suggested to use Mozilla, FireFox, or Opera as a web browser.

Questions,
What vulnerabilities, if any, are there with any of these three web browsers?

What additional software should you run with either of these web browsers, Mozilla, FireFox, or Opera to prevent vulnerabilities?

What's the "cleanest" process/ instructions on how to unload Microsoft web browser to one of the browsers suggested?

What would be a suggestion for switching to an email with less vulnerabilities or contiinue using Outlook Express?

Again, any insights would be greatly appreciated.....

#2 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 19 July 2004 - 03:36 AM

If you have a look in the other forums here - particularly 'software' this has been discussed a lot in the past. Do a search for firefox.

I can only speak for firefox as its the only one I've used (its part of the full mozilla suite) but I wouldn't swap it. Its more secure than IE, spyware blaster works with it, built in pop up blocker, open source code so theres plenty of extras been written for it.

Don't uninstall IE, its an integral part of windows. (thats why IE loads faster than a third party browser) Just don't use it except for windows updates.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#3 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 19 July 2004 - 10:04 AM

Moved to Software forum.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#4 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 19 July 2004 - 11:25 AM

.....

Questions,
What vulnerabilities, if any, are there with any of these three web browsers?


Some, no browser is perfect. I believe currently, most of Opera's and Firefox's vulnerabilities has to do with url spoofing/phishing. Also recently there was a exploit rated medium that might allow a DOS.

But I believe for Firefox at least no remote executation type exploits allowing arbitary excution of code are known. This means that there is no known way for you to be hit by a "hack" just by visiting a site.

Take all this with a grain of salt since I'm not a certified security expert.

What additional software should you run with either of these web browsers, Mozilla, FireFox, or Opera to prevent vulnerabilities?


The standard firewall, antivirus etc should still be used. I personally would continue to use some antispyware product like ad-aware/ spybot because you can still be infected via install of software that are bundled with spyware eg Kazza.

Other than that, to prevent spoofing you might like to make sure that in Firefox, under tools--.options-->web feature-->advanced button--> the options "hide status bar" and "change status bar text" is not selected.

Further locking down your browser by adding the following into your user.js file will help too

user_pref("dom.disable_window_open_feature.close", true);
user_pref("dom.disable_window_open_feature.directories", true);
user_pref("dom.disable_window_open_feature.location", true);
user_pref("dom.disable_window_open_feature.menubar", true);
user_pref("dom.disable_window_open_feature.minimizable", true);
user_pref("dom.disable_window_open_feature.personalbar", true);
user_pref("dom.disable_window_open_feature.resizable", true);
user_pref("dom.disable_window_open_feature.scrollbars", true);
user_pref("dom.disable_window_open_feature.titlebar", true);
user_pref("dom.disable_window_open_feature.toolbar", true);

The spoofstick extension might help, though i think it's still not ported for 0.9 yet.

Another more advanced method would be to pick up proxomitron and use one of the custom filters available on the proxo yahoogroups to delect spoofing.

Then there are privacy tweaks you can do, such as using the extension X or paranonia, turning off third party cookies etc.

What's the "cleanest" process/ instructions on how to unload Microsoft web browser to one of the browsers suggested?


I wouldn't uninsall MSIE. I would not allow it default access through the firewall, and make use it's not the default browser, that's it.

What would be a suggestion for switching to an email with less vulnerabilities or contiinue using Outlook Express?


I would highly recommend you switch. What to switch is a big question, since currently I don't think Thunderbird which is the brother of Firefox is not clearly superior to other choices.

Edited by Paranoid, 19 July 2004 - 12:15 PM.

Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#5 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 19 July 2004 - 11:48 AM

Here's a particularly spooky spoof demo site

http://www.nd.edu/~j...test/spoof.html

If it doesn't work, try using a new profile.

Yet another pishing technique that works on firefox

http://www.eweek.com...,1624771,00.asp

Edited by Paranoid, 19 July 2004 - 12:17 PM.

Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#6 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 19 July 2004 - 11:58 AM

http://secunia.com/product/3256/

Of the 6, only the 1st and last is not fixed yet I believe.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#7 AZorn

AZorn

    Member

  • New Member
  • Pip
  • 3 posts

Posted 19 July 2004 - 09:03 PM

Paranoid,

Am sorry, but I don't understand the meaning of the last 2 posts. Please help me to understand.


I gathered from the information I have received is so far is
1- To do not uninstall MSIE but use FireFox as a web browser.
2- To continue to use Adaware and Spybot
3- To prevent spoofing in Firefox, under tools--.options-->web feature-->advanced button--> the options "hide status bar" and "change status bar text" is not selected
4- To lock down the browser add the below lines into the user.js file

Paranoid,

How do I go about picking up the advanced methods and tweaks below?

......Another more advanced method would be to pick up proxomitron and use one of the custom filters available on the proxo yahoogroups to delect spoofing.

Then there are privacy tweaks you can do, such as using the extension X or paranonia, turning off third party cookies etc...........


Questions,
1 - Where can I find documentation on how to interrupt Adware/ Sybot and its findings when it does a system scan?

2 - I seem to be getting popup windows that I had not been getting after having loading Spybot and using Google as my popup blocker? Would using FireFox take care of this situation?

Thanks very much for the insights.......

#8 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 20 July 2004 - 08:57 AM

How do I go about picking up the advanced methods and tweaks below?



Firefox by default is more secure than IE, so you don't really have to do many tweaks, unless you are really paranoid, but I've seen quite a few comments by newbies who seem to need to do something (conditioned by IE no doubt)before they feel secure.

Or worse some who think that because switching to Firefox
means losing the protection of IE Spyad, Spywareblaster (most of it, except the cookie blacklist), the BHO components of spybot &spywareguard etc, they are reluctant to switch! Talk about perverse.

So for all these people out there, here are my extra steps to take if you really want to.

Remember what I advise are settings that I have found work best for me, do *not* blindly follow, some of you might find that following these options might break a few rare sites, though personally I have never had any problems.


Then there are privacy tweaks you can do, such as using the extension X or paranonia, turning off third party cookies etc...........


x is an extension that clears cookies, caches etc with a single toolbar button.

Turn off third party cookies, go to tools-->options-->privacy-->cookies, check enable for orginating web sites only. This should stop even the relatively harmless "tracking cookies" from appearing when scanning with spybot.

I personally also check the box that says accept for current session only, which will force all cookies to become session only (ie they will be deleted after you close the browser)

You might also want to turn off referrers, which allow websites to track the page you came from.

Type about:config in the url address bar

Look for

network.http.sendRefererHeader , right click on it , select modify and change it to 0 (it is 2 by default). This will stop firefox from sending referrers, but it will break some sites that use referrers to prevent bandwidth thief/hotlinking (links to images from other servers).

More advanced users might want to check out this special build
, it is Firefox 0.9.2 but has the following patched in http://bugzilla.mozi...ug.cgi?id=55477.

This extends the range of values you can put into the
network.http.sendRefererHeader field , giving you more options. For the technically minded , these are the extended range of options

>+#define REFERRER_NONE 0 /* Never send the referrer */
>+#define REFERRER_USER_ACTION 1 /* Actions directly initiated by the user (e.g. clicking on a link) */
>+#define REFERRER_INLINE_CONTENT 2 /* Images or other inline content */
>+#define REFERRER_NON_HTTP 3 /* NOT USED - remains for backwards compatability */
>+#define REFERRER_SAME_HOST_ONLY 4 /* Send the referrer only for requests from the same host, otherwise send no referrer. */
>+#define REFERRER_3RDPARTY_PREPATH 5 /* Send the referrer only for requests from the same host, otherwise send target URI's pre-path as the referrer. */
>+#define REFERRER_3RDPARTY_NO_PREPATH 6 /* Strip off the path from the referrer for 3rd party requests, otherwise leave it alone. */
>+#define REFERRER_PREPATH_URI_ALWAYS 7 /* Always send the target URI's pre-path as the referrer. */


I find setting it to 5 or perhaps 7 gives me the better balance of both privacy and functionality.



......Another more advanced method would be to pick up proxomitron and use one of the custom filters available on the proxo yahoogroups to delect spoofing.


This would require that you download and use what they call a local web proxy. Essentially it is a program that sits on your computer and filters the http stream before it reaches your browser for the net on one hand , and filters information coming from your browser before it reaches the net on the other hand.

Proxomitron is one of them and is probably one of the most popular.

It can help prevent exploits, if you set up specific filter rules to catch such attempts before they even hit your browser. Unfortunately, it's extremely difficult for a newbie or even some of the more experienced people here to learn how to set up such rules. You must not only be well versed in the particular syntax used to specify the
filter (or at least reg exp in other cases) AND understand how the exploit works to know what to filter. If you don't understand what is going on, you might have a filter that was over-specific and worked only on the exact version on the demo page and hence would be useless against minor variants or you might have a very wide filter which caused dozens of false positives.

There are many people in the first category for popular local web proxies like proxomitron, but very few in the latter group.

There is this guy on the yahoo groups for proxomitron named Kyle who is offering his filters to people that supposedly help you detect exploits.http://groups.yahoo.com/group/prox-list/files/Filters/Security. My personal experience is that his filters are too wide, cauing too much false positives.

As I said it's a pretty advanced thing for a newbie espicallty if you haven't use anything like proxomitron before. In which case, I say don't borther. You have to learn how to setup proxomitron to play with your browser first.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#9 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 20 July 2004 - 09:07 AM

Thanks very much for the insights.......

Questions,
1 -  Where can I find documentation on how to interrupt Adware/ Sybot and its findings when it does a system scan?


Unless I misunderstand, this isn't a difficult question, still it's not really my area, so I'll leave it to the helpers to answer.

2 -  I seem to be getting popup windows that I had not been getting after having loading Spybot and using Google as my popup blocker?  Would using FireFox take care of this situation?


Again not really my area. The helpers will probably help more, to see if you really have a problem.

But for your question about firefox it depends on what types of popups you are talking about.

If it's nessanger spam - the answer is no.

If it's popups spawned locally by malware on your computer the anwser is I think no. I believe and please correct me if I'm wrong , these popups will be opened using IE anyway. Or does it use your default browser?, either way, the popup blocker won't come into play.

If it's normal js popups spawned by sites you visit, the answer is in most cases yes. But there are some type of dynamic dhtml popups , floating ads etc that are strictly not popups and cannot be caught by firefox or most popup blockers for that matter.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button