for those that like I think they surf safely, I have advise, be well protected. I usually visit just a few sites to do with my baseball simulations & baseball in general. Well one of the forums had just introduced ads and I went there & pop goes Kaspersky catching a trojan that was part of the ad and it was endless, till the forum mod paid for no ads. So even what seems like a casual visit to a baseball forum can be an adventure in how good is your protection is, I'm thankful it wasn't worse...

larryb52, out of sheer curiosity, what browser were you using?

So Firefox + Adblocker Plus could avoided this in the begining ? :P

-{ Quote: "for those that like I think they surf safely, I have advise, be well protected. I usually visit just a few sites to do with my baseball simulations & baseball in general. Well one of the forums had just introduced ads and I went there & pop goes Kaspersky catching a trojan that was part of the ad and it was endless, till the forum mod paid for no ads. So even what seems like a casual visit to a baseball forum can be an adventure in how good is your protection is, I'm thankful it wasn't worse..." }-

It's all relative.

It's almost 100% safe to visit certain websites, and for the rest the risk varies from small to high.

it is just that surfing the internet is not fun anymore. Too many restrictions. don't go here, don't go there and pray if you go there you can turn on your computer in the morning. <g>

We all now have to follow "safe s*x-ooops <grin> "Safe Computing" ;)

robin

Freudian slip aside, both need the suffix "er" appended.

Safe surfing on a Vulnerable Internet don't go together, but being careful as possible can reduce the risks.

-{ Quote: "larryb52, out of sheer curiosity, what browser were you using?" }-

-{ Quote: "So Firefox + Adblocker Plus could avoided this in the begining ? :P" }-

you both miss the point of the topic,

everyone read what I wrote. The site WAS a good site, a mishap occured making the 'so called' safe site not so safe. My point is DON'T THINK FOR A MINUTE THAT YOU CAN SURF SAFELY' there is no such thing. It should be added that if you computer is hooked up to the internet your not safe. Use protection as in AV or suite of choice...no one reads anymore...

I get the point. I know I-Frames infections and javascript "obscure" exploits are a real danger , a simple ad banner could lead you to a infection but ofcourse it isnt the end of the world ... Keep your system and aplications updated , use a different browser like Firefox with security plugins ( Ad Blocker Plus + NoScript) will protect you against drive by download much more effective than antivirus , and if you get "paranoia infection" use Sandboxie to surf ;)


Surf Safely doesnt exist anymore because "safe" websites can be hacked with I Frames , javascripts , flash infections and etc ... thats it Larry i got your point , sorry if i was inpolite making my sugestion of Firefox.

I understand what larry means, but the fact his AV caught it means he was "safe" in that instance. It's all about minimising the risks. Yes, legitimate sites can fall prey to malware, but it's how you're protected in the first place to deal with that.

Some users are not even bothered by such things because of having other measures in place, like having an ad blocker so the ads wouldn't show. (Not sure if the malware would still attempt to get through though even if ad was blocked.) Some people use a HOSTS file, SpywareBlaster and other things to protect against such attacks. Minimising the risks is the key, and that's where tiered protection comes into play.

PS: I think that when people talk of "safe surfing", they generally mean not venturing onto areas where such malware is more prevalent, but being mindful of the fact that attacks could occur anywhere on the web if sites are compromised. I informed a book publishers here in UK not so long ago they had code injection on their site delivering a trojan; they soon removed it and corrected things to prevent it happening again.

I just get upset because I guess the bad guys are winning the bandwidth war, makes you paranoid & yes I usually use Opera & yes it's pretty safe , I see alot of average Joes that are customers at a bank I work for get ripped off dailey, they don't know any different, it's sad when you see people steal peoples cards & use all their money. Yes they get their money back that's what we do as a bank but we take the loss & it's just frustrating when people tell me well I surf safely...there just is no such thing...

Agree with larry to an extent.The moment even the most reputable site becomes compromissed it is no longer safe until its rectified.Even many Adult sites are clean believe it or not.But it is expected to be malware infested for those who know better and usually keep are guard up or avoid at all cost.I think the problem with reputable sites that many may take for granted its clean so we may let are guard Down,big no.Good example someone installing reputable software but didn't see the tool bar that came with the package and not happy they have it,slow down I say.As far as general web browsing If you use Sandboxie,returnil,shadow defender and the like the chances of infection is very slim and If you have a clean image you can restore for worst case senario why worry at all.

larryb52, no, I did not miss the point you were trying to make and read your post loud & clear. My own Internet doctrine is to treat all sites as bad (guilty until proven innocent) and allow minimal access for any site to operate, even the good ones, so from a technical point of view, I just wanted to know what was your browser, that's all. Thanks for posting that it was Opera.

Anything's possible I suppose... but the fact that something popped up on your web scanner doesn't necessarily mean it would have been able to go any further anyway, or load anything, etc etc.. The web scanners will see all kinds of stuff in a http stream, but whether they do any harm or not is another question.

I have been surfing the web for 12 or 13 years now, and never once had any real problems, and that with just about every browser made. It's good to be educated, but not so good to be paranoid.....

-{ Quote: "larryb52, no, I did not miss the point you were trying to make and read your post loud & clear. My own Internet doctrine is to treat all sites as bad (guilty until proven innocent) and allow minimal access for any site to operate, even the good ones, so from a technical point of view, I just wanted to know what was your browser, that's all. Thanks for posting that it was Opera." }-


it just showed me that my safe setup & safe websurfing doesn't mean crap & Opera has been pretty good to me as has my AV's that I run ( I run a couple differnt ones but of course not at the same time)...I use to use Firefox but I like Opera's compactness & use it's mail client, blocks malware...

safe setup?? when you allow ads! LOL;D

Hello,

Let me yank the magic carpet from underneath you.
Use non-IE browser and all the evil surprises you can think of are no more.

Popups, malware, wahoonies, they don't happen if you use a normal browser.

Mrk

-{ Quote: "...Use non-IE browser and all the evil surprises you can think of are no more..." }-
For host based malware this is a good advice Mrk, why use a highway to the kernel willingly? However, for non-host based/server-side attacks the only solution for the user today, regardless of browser choice, is to tweak the browser by disable javascript, java, plug-ins, Iframe etc. Even if these vectors are mainly used for downloading a host based payload that could easily be countered with different methods, the difficulty for the user lies with threats where the malicious code (e.g. keylogging methods) is injected in the websites.

/C.

to be less ambiguous, there's no such thing as safe sites anymore, though it's still possible to surf them relatively safely if you use things like noscript or sandboxie...

when sites like cbs or yahoo mail serve malware (and they have) then it's time to stop relying on the reputation of the site and start treating all sites as potentially unsafe...

and using a non-ie browser isn't enough... if the drive-by download utilizes a flaw in a plugin (like flash or windows media player or something like that) rather than in the browser itself then it won't matter if you're using ie or firefox or opera or whatever...

I wish someone would publish some real statistics on how many people actually fall prey to a real drive-by download or other exploit which results in harm to the system these days. I've been browsing everywhere (good and bad sites) for over a decade now, with all browsers, including all versions of IE, and have yet to see any problems. I tend to think most of this is just fear and paranoia about the possibility of a nasty happening, as opposed to anything really taking place. All these "threats" you hear and read about... hmmm.... how come I never run into any of them? Strange.... ;)

-{ Quote: "All these "threats" you hear and read about... hmmm.... how come I never run into any of them? Strange.... ;)" }-

maybe you're just lucky... although bad stuff on good sites is a relatively new phenomenon - it certainly wasn't something you would have had to worry about 10 years ago...

give it some time - maybe the next time a major internet property like yahoo serves malware through 3rd party ads you'll manage to see it yourself...

Ok, I will keep my eyes peeled.... but I won't hold my breath... :)

I Guess I must be living on the edge with the worlds most dangerous browser IE on Vista with java enable and when Intentionally invest my machine with parasites of trojans and rogue antivirus in shadow mode i still come out clean, what am I doing wrong.:P

-{ Quote: "it just showed me that my safe setup & safe websurfing doesn't mean crap" }-
No, I believe your setup is correct, however, you "trusted" this baseball forum to be safe and that's when you fell prey. I understand your frustration of thinking that you are safe and the next moment, bang! That's one of the reasons why I adopted my "guilty before innocent" stand against the Internet. Paranoid? Perhaps... but I don't get any surprises. And if I want to venture into the dark side of the force, sandboxie is my true friend.

I use the NoScript add-on in Firefox and as an example, take the nytimes.com site. NoScript Options reveals nytimes.com/ questionmarket.com/ tacoda.net/ googlesyndication.com/ atdmt.com as part of their site and if I only allow nytimes.com, it reveals brightcove.com and revsci.net as additional entries to the above. The more you allow, the more entries appear and pretty soon I see all kinds of ads, pop-ups, etc. If I can read their site or any other, without allowing it to pester me, why would I want to give it complete access to my PC?

-{ Quote: "I get the point. I know I-Frames infections and javascript "obscure" exploits are a real danger , a simple ad banner could lead you to a infection but ofcourse it isnt the end of the world ... Keep your system and aplications updated , use a different browser like Firefox with security plugins ( Ad Blocker Plus + NoScript) will protect you against drive by download much more effective than antivirus , and if you get "paranoia infection" use Sandboxie to surf ;)


Surf Safely doesnt exist anymore because "safe" websites can be hacked with I Frames , javascripts , flash infections and etc ... thats it Larry i got your point , sorry if i was inpolite making my sugestion of Firefox." }-

Firefox is not so different anymore. It has a large market share, large in the USA, larger in Europe.

Even if you don't 'use' IE (7), it will be present on your (Microsoft) system, are you sure malware can't use it ? I have software that monitors (attempted) changes to IE 7, do people who use Firefox have something similar ?

-{ Quote: "...As far as general web browsing If you use Sandboxie,returnil,shadow defender and the like the chances of infection is very slim..." }-

I thought that using the regular LAYERED protection along with sandboxie and returnil, surfing the web was absolutely safe for the vast majority of us -- let me put it 99.99999999999999999999%.

For me personally it has been 100%, and I'm sure it is the same for thousands of others as well.

Has there been even one instance of infection with the correct use of a combination of sandboxie and returnil in combination? I have yet to hear or come across of any such infection.

So I think that many will say that it is safe to surf the web if you are wearing the antimalware equivalent to "Dragon Skin".

It's a basic truth. The internet is not a safe place. Neither is the average road but that doesn't mean that you can't enjoy driving on it.

If you leave out specific attack vectors like javascript, flash, etc and move this discussion down to a more basic level, trust is what kills you. IMO, the entire concept of a "trusted zone" needs to be scrapped. The structure of the internet itself isn't secure. DNS has been proven vulnerable. We also have DNS trojans that can direct you to places you didn't want to go. It's also been demonstrated that our internet hardware can be attacked and settings changed. When you can't be completely certain that the site the DNS system directs you to will be the same site you wanted to visit, how can you completely trust it? When almost any site can be compromised and little scripts added that can steer you to a malicious server, how can you call a site "trusted". The sites aren't secure either.

If you want to be safe on the internet, stop trusting it. Treat it all as a restricted zone. Allow scripts, Java, flash, etc on an "as needed for this session only" basis, with "as needed" referring to what you want to see or use, not what the site wants to send you.

If you want to be safe on the internet, there's another basic truth that you have to accept.
All software is vulnerable.
There is no lock that can't be opened, no security system that can't be defeated, no fortress that is impenetrable, and no application or operating system that can't be compromised. Any application that opens unknown content will eventually be compromised. It may not happen on your system but it will happen to someone. If you want to be safe, treat those applications as vulnerable. How do you do that? You isolate them as much as possible from the operating system and from other applications. This is the exact opposite of the normal behavior of Windows software, where everything is integrated together for the sake of convenience. A vulnerability in an individual application isn't worth much if it doesn't give the attacker access to something more, like the operating system itself. With Internet Explorer, the browser IS the operating system, which means a browser exploit is an operating system exploit. When the browser opens other content using plug-ins, BHOs, etc, their vulnerabilities become browser vulnerabilities. In a fully integrated system, a flash or PDF reader vulnerability becomes an OS vulnerability because the OS allows it. Isolating these vulnerable apps, aka attack surfaces, from each other and from the OS itself will prevent many of the attacks on individual applications from compromising the whole system. There's many ways to do this, sandboxing, virtual operating systems, system configuration backed up by HIPS, etc. How you do it isn't that important, as long as you do it.

You can enjoy the internet. Just recognize it for what it is. Stop trusting it. Accept that your user apps are vulnerable and set up your system with that fact in mind.

-{ Quote: "
All software is vulnerable." }-

Precisely.
If you look at it from a little bit different perspective - let's say for example, that you have a _safe_ source code (to be more precise: a safe under some specified circumstances, at the time of evaluating possible attack vectors). You put this code into a compiler, which itself contains a linker and a debugger etc. In the end you get a low-level machine code - how secure would it be if one of the elements in the development chain would be compromised? Even if you still have that 100% secure executable (which is highly unlikely) - security is a process, not a state and, as you said about the Internet: "stop trusting it".

Regards

In short, the "trust" should be placed in yourself, not in the internet or any of the apps you run, or anything else.... ;)

safe (adj) Secure from threat of danger, harm or loss(Webster's Seventh Collegiate Dictionary)
______________________________________________________


I would like to address the threat of malware on the internet.

Anyone who is confident that she/he is "Secure from threat of danger, harm or loss" can challenge the assertion that there is no such thing as safe surfing.

In my opinion, there is too much worrying about getting malware from the internet. The situation is not helped by the media with sensational headlines such as:

-{ Quote: "F-Secure claims 500000 sites affected by SQL injection - TechSpot News
New Trojan Attack Hits 500000 Sites - Web Host Industry News
One MILLION websites compromised - Norton Protection Blog " }-

Weather report: Rain predicted all week. Some conclude: it is not safe to go outside because you will get wet.
But what if you take an umbrella?

So, in surfing the internet, how do you "Secure from threat of danger, harm or loss?" Kerodo mentions trusting yourself.

For me, trusting yourself begins with understanding the two ways malware can get on to your computer,

Sneaking in through some vulnerability in an application (remote code execution)

Tricking the user to install something (Flash update, codec, etc)


This understanding leads to


developing security policies for your particular situation

adding necessary security solutions accordingly


I think too much emphasis is placed on the first attack method -- the remote code execution, or drive-by download. Sure, they are the most sensational and (unnecessarily) feared exploits, but also the easiest to protect against. Running as non-Administrator, or employing Software Restriction Policies (SRP), closes that attack hole effectively, and makes one secure from that type of threat or danger. The current IE7 vulnerability, exploited in the wild and yet unpatched, for example: payloads analyzed show nasty trojans. SRP will block that payload. You don't even need an additional security product.

Trusting in yourself is not to say that you ignore the situation, but that you have thought it through and are confident that you are secure (safe) because of the security strategy you have in place.

Analysts are starting to report that the second attack method, tricking the user (social engineering), is more of a threat, as discussed here:

Vulnerabilities play only a minor role in malware spread, says researcher
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122901&intsrc=hm_list
-{ Quote: "About two-thirds of all computer infections are due to duped users

The majority of the attacks carried out by 2008's top 100 pieces of malware were caused by users surfing to malicious sites and then accepting some kind of download, Trend Micro Inc. researchers said today." }-Two examples:

Update Flash Player

Been updatin' your Flash player lately?
http://isc.sans.org/diary.html?storyid=5437
-{ Quote: "We received a couple of submissions from ISC readers that indicate that a new wave of rogue "Flash Player" updates is making the rounds. This latest version is pretty artfully done - the pages hosting this malware actually do contain a real flash movie that is not malicious and plays in a Youtube-like embedded frame. After the movie has been running for a couple seconds though, a pop-up opens that indicates that a "Flash Player Update is available"." }-
WinAntiVirus

Report: Fake antivirus programs claim 30 million victims
http://arstechnica.com/news.ars/post/20081017-report-fake-antivirus-programs-claim-30-million-victims.html
-{ Quote: "Users can get infected with this fake antivirus scam in the same manner as any other type of virus or malware—by downloading questionable content from P2P networks, opening e-mail attachments from unknown addresses, or visiting malicious web pages. As most of us already know (probably by servicing the computers of our parents and other less-tech-savvy family members), users are often duped by seeing the software pop up windows that claim the machine is infected, fake bluescreens, or cause other annoyances (PandaLabs notes one where cockroaches crawl all over the desktop)." }-How can one be safe (secure) from these threats? I hope the answer is obvious.

One can be sympathetic towards those unfortunate victims of any of the above, and certainly we can help to educate when the opportunity presents itself. In such situations, I always start from the premise that it is simply not necessary to accept the notion that there is no such thing as safe (secure) surfing. To do so would be starting from a premise which, when accepted in thought as inevitable, is likely to lead to unfortunate conclusions, and an unnecessarily defeatist and fearful state of mind.

Security is based on one's point of view. Everyone has their own.

And so, larryb52, while I understand your point of view, your premise should be stated differently, in my opinion. And I would be very interested in the step-by-step details of your experience on the Baseball website. Did your AV alert that a trojan was attempting to download while using Opera (I'm very suspicious of that notion), or did your AV flag the ad itself as containing malicious code? Two complete different situations. Your description, "Kaspersky catching a trojan that was part of the ad" is not clear to me. You would need to post the code so that it could be analyzed.

Regarding ads: in all of my years of using the internet, I've not used an adblocker (except a flash blocker with Opera, and that is not for fear of malware, just annoying, animated ads) and I've never encountered an ad attempting to download a trojan. It it did, it would be immediately blocked from downloading.

----
rich


________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."
--Bruce Schneier