Spywareblaster, Opera, and Plug-ins

[puff-m-d]

Hello all,

Just something I just learned about and thought I would pass along.....

Spywareblaster is specific to IE but a very similar problem exists for Opera users.* Certain dll's from 3rd party software can be "injected" into Opera without your knowledge, but there is a way around this also.* It is by placing a file named "plugin-ignore.ini" into your main Opera directory.

Quote from SpyBot Search and Destroy Homepage:
12/04/2002: New download: Opera plugin-ignore file
Based on the CLSID database which also contains filenames, we have created a plugin-ignore.ini file for Opera that blocks the filenames of many malicious IE plugins. For many of them, it hasn't been verified yet if they can install into Opera, too, but take this file as a prevention step if they do: download, then unzip the file into your main Opera folder.

Check out this link http://security.kolla.de/ or for direct download link http://security.kolla.de/files/tools/plugin-ignore.zip.

It currently protects against:
WebHancer, crashes Opera
CometCursor, crashes Opera
Netscape audio plugin, steals audio file types
VX2 Respondmiter, Blackstone Transponder
Porn popups
Surfmonkey
Transponder
Download Accelerator plus
Browser helper
Download Accelerator plus
Huntbar
Deltaclick
FavoriteMan
Commonname toolbar
SVA PLayer
Xupiter toolbar
InetSpeak
Burnaby Module > e-card_viewer > porn popups
E-book systems FlipAlbum
NewDotNet
Gratisware - CrsHOClass
NetPal
Win32/Aspam.Trojan
FlashTrack, Ftapp
eAcceleration StopSign
FriendGreetings E-Card foistware
EZSearch bar
Flyswat
MediaLoads Enhanced.
IEPlugin
BonziBuddy
Huntbar
Commonname toolbar
Hotbar
WebHancer
GoZilla
Bargain Buddy
WurldMedia
Lop.com
Network Essentials
Divago Surfairy
Aureate/Radiate
UCmore toolbar

You can add your own dll's to the list if you wish and always obtain the latest published list from the SpyBot Homepage http://security.kolla.de/.

Regards,
Kent

[Mike_Healan]

I thought Opera was immune to all of that nonsense.
Jeesh

[Gnostic]

Thanks for the heads-up Kent

I have a question though. You are suppose to place it in the main Opera folder. There is already a default-plugin residing there and the new one wants to overwrite it. If I place it in the plug-in folder, I can't verify that Opera picks it up. Can anyone give me some guidance

Hey, Mike I suppose it's better to be safe than .......

Regards,

Gnostic

[puff-m-d]

Hi Gnostic,

Opera scans that file when it is started. I would change the extension of the original to .bak (in case you want it back), and then place the new file in your Opera directory. The next time Opera is started it will use this file.

Mike,

It may be overkill as what the file blocks are mainly ones that are known to run in IE. To my knowledge, it has never been tested whether they can infect Opera. A few can try (like webhancer and comet curser) and cause Opera to crash in some cases. This file can be used like a second line of defense just in case any of these things can get into Opera.

HTH.......

Regards,
Kent

[Gnostic]

Quote:

quoting: puff-m-d link=board=20;threadid=5594;start=0#36875 date=1040371501]
Opera scans that file when it is started. I would change the extension of the original to .bak (in case you want it back), and then place the new file in your Opera directory. The next time Opera is started it will use this file.

Thanks Kent That's what I needed to know.

Regards,

Gnostic

[javacool]

Quote:

quoting: puff-m-d link=board=20;threadid=5594;start=0#36875 date=1040371501]
Mike,

It may be overkill as what the file blocks are mainly ones that are known to run in IE. To my knowledge, it has never been tested whether they can infect Opera. A few can try (like webhancer and comet curser) and cause Opera to crash in some cases. This file can be used like a second line of defense just in case any of these things can get into Opera.

HTH.......

Regards,
Kent

They only way these items can infect Opera would be if you installed an Opera plug-in that enables ActiveX support in Opera. There is such a plug-in (also compatible with Mozilla and Netscape) but assuming it is not installed, you don't need to worry about these Active-X spyware controls infecting Opera (for now, at least).

I should mention, however, it is possible the spyware makers could write, from scratch, Opera-compatible plug-ins. But the ability of Opera-plug-ins to "infect" the browser is MUCH less than that of ActiveX plug-ins and IE. Opera has built-in limits on the abilities of plug-ins, and it remains to be seen whether a successful Opera "hijacker" or "spyware" plug-in can be made at all for the browser.

But that said, a little more protection never hurts. (I have this plug-in blocking list enabled in Opera, myself.)

-Javacool

P.S. Even with the Active-X enabling Opera plug-in, SpywareBlaster could still prevent the execution of many of these ActiveX controls, as its protection is system-wide and not just specific to IE. (Just wanted to make sure that was clear.) I believe PepiMK's Opera plug-in blocking list will be extended to block non-ActiveX based malicious Opera plug-ins when they come out in the future - assuming the browser gains enough popularity to make the writing of such plug-ins worthwhile for spyware developers (but you know someone will do it eventually ...).

[puff-m-d]

javacool,

Thanks a lot for the info !!!

You made this a lot easier for me to understand.....

Oh... sorry about saying what spaywareblaster does was IE specific.... I thought I read that somewhere... Thanks for correcting me !!!

Regards,
Kent

[snapdragin]

woooo.....even the thought of one of those creepy things getting on my computer gives me shudder.

Thank you puff-m-d and Javacool! i d/l'ed the plug-in blocking list too....just in case.

javacool - is there anyway way of "accidently" installing such a plugin that would enable ActiveX in Opera?

regards,

snap

[javacool]

Quote:

quoting: snapdragin link=board=20;threadid=5594;start=0#37027 date=1040460507]
javacool - is there anyway way of "accidently" installing such a plugin that would enable ActiveX in Opera?

The only way I can think of would be if an outside source (i.e. an installer for some other program) installed the plug-in into Opera's directory. You shouldn't be able to "accidentally" get the ActiveX-enabling plug-in through browsing the web in Opera - I believe you'll always get a "download plug-in" or similar box (unlike IE where the default security settings can allow ActiveX plug-ins to download with no prompt).

Best regards,

-Javacool