IMON's HTTP compatability settings...

Which of these mozilla's should I set to Higher Efficiency mode?

http://img.photobucket.com/albums/v655/JolietJake/NODcompatability.jpg

Thanks

 

Hi

it is strongly recommended to set all these components to "Higher Efficiency" .

With "Higher Efficiency mode", NOD will scan with more accuracy for trojans,dialers and other backdoors...

"Higher compatibility" is only required if you encounter issues with an application, but it decreases NOD's accuracy

 

Thanks Vince.

 

I wouldn't set streaming media players and possible download managers to HE mode or they won't work properly.

 

If the recommended safest setting is for everything (with small exceptions like marcos pointed out) to be higher efficency then how come the default appears to be higher compatability?

Would it not be better to switch the default to the safer setting and if problems appear then the setting can be sought and switched?

Just saying, since as a newbie, I only noticed that nearly all the entries in mine were 'higher compatability' and would have gone unnoticed had I not happened on this thread.

 

They used to be set to HE by default with the exception of some streaming players and download managers, but a lot of users were complaining about it.

 

Weird that you would complain about a setting that's inherently safer. Surely it's better to be too safe, rather than sorry, no? Well I've set them all to HE now.

If it's not too much trouble could someone give a list of the entries that appear which would benefit from being at HC rather than HE? Please?

 

OK, thanks, switched them back.

 

Because "Higher efficiency" mode can cause a lot of problems, such as images and/or web pages failing to load for no apparent reason.

 

I don't see the need for higher efficiency mode in Gecko based browsers, they rename files as they are cached anyway. "IE only" scripts have no effect on Firefox.

 

Firefox, et. al. can still get hit by malicious JavaScript and other files. They aren't invulnerable.

 

All I can say is that it hasn't happened to me since I've used Gecko based browsers, since mid 2001.

I do keep current with versions as they come out and I don't allow Java (I know it isn't javascript) to run except when I wish it to.

Send me to a site via pm that can exploit Firefox. I've yet to see it.

[added]

Probably about to call it a day, I'll be here in the morning.

 

It's great that it hasn't happened to you, but please, don't try telling me that Firefox or Mozilla is impenetrable. Firefox has had a number of vulns related to JavaScript. Just a few of them are:

http://secunia.com/advisories/18700/
http://secunia.com/advisories/17934/
http://secunia.com/advisories/16911/
http://secunia.com/advisories/16043/
http://secunia.com/advisories/15549/
http://secunia.com/advisories/15489/
http://secunia.com/advisories/15292/
http://secunia.com/advisories/14938/
http://secunia.com/advisories/14654/
http://secunia.com/advisories/14160/

I also know of a URL that can crash your system within seconds, using a malicious JavaScript that runs in Firefox or MSIE. What it does is very simple (it uses "fork bomb" loops, launching many mailto: links at a time), but that can be enough to ruin your day. I'm not going to post or send this URL, even via PM, for obvious reasons (I can't believe you asked me to do so!). But you can find it by searching for "last measure" on Wikipedia. (Incidentally, last I checked, NOD32 didn't catch "Last Measure", even though Eset knows about it.)

 

My isp is having trouble this morning, but if what I suspect is true, all those vulnerabilities are old and were fixed within days of their discovery and most if not all had almost immediate workarounds that would prevent their exploitation.

No software is perfect, AFAIK, but SeaMonkey and Firefox are very safe.

After my isp fixes their problems, I'll search for your browser crasher exploit, but I think this was fixed when 1.5 was released (now at 1.5.0.1). This to me would not be serious unless there is a way to execute code via the vulnerability and I don't think anyone knows how to do that even if it can crash Firefox or SeaMonkey (1.0); which I'm not at all sure of.

 

Exactly correct, Secunia only shows two current unpatched vulnerabilities of low criticality.

 

I looked up "Last Measure", I don't plan to visit the site to find out, but I feel sure this pref negates the "vulnerability":

privacy.popups.disable_from_plugins

You could add this integer pref in any version of Firefox from 0.7 onward and set the value to 2 to disallow this type of exploit, but 1.5+ has this as a default setting.

Seems to be a very distasteful site from what I read.

Yep and one of those is Mac version only and is minor and the other is very minor and if you know how to handle cookies, it's of no consequence whatsoever. There is evern argument, I believe, whether this "cookie" one is a vulnerability at all.

 

My only point was that there is a reason to use anti-malware software that can catch malicious web content before it is passed to Firefox. How fast the Mozilla team responds to known vulns is absolutely beside the point. Your original statement was not that Firefox doesn't need malicious web content defense because they patch their flaws quickly. Rather, you said:

Which, sorry, was incorrect. Malicious JavaScript can affect Firefox, and renaming and caching have nothing to do with it.

Then, you said:

I have now shown you one, but the argument has shifted from how important "High-efficiency mode" is to "they patch their browser holes quickly".

That setting alone does not prevent the "Last Measure" exploit. My setup is with privacy.popups.disable_from_plugins set to 2 (which does seem to be the default), yet I was able to reproduce the exploit with Firefox 1.5.0.1. Disabling JavaScript does prevent the exploit. This is good to know, but again, that's beside the point. I know it's a good practice to surf with JavaScript disabled, but the point isn't browser configuration, it is the fact that detecting malicious web content before it is passed to Firefox can be beneficial.

Maybe the aforementioned setting would help if you have popup-blocking enabled in Firefox. I do not have Firefox configured that way, because I hate the way Firefox screws up requested popups. I use Ad Muncher to block popups. Again, browser configuration is beside the point. The fact that blocking this malicious web content before it gets to Firefox makes undeniable sense is the point.

No, it affects 1.5.0.1 as well.

It can easily crash your entire system, causing data loss, stress, and aggravation. (Not to mention how bad it can make you look if it does manage to send those malicious email and news postings out.)

Here's a nice bottom line: When I tested the "Last Measure" exploit with Firefox 1.5.0.1 and Kaspersky Anti-Virus 6.0 beta, the script was stopped before doing any harm. With NOD32/IMON and "High-efficiency mode", the result probably would have been the same, had NOD32 detected the script (which it did not). But with NOD32/IMON and "High-compatibility mode", the script would have run and done its harm, even if NOD32 did detect it.

 

I'm not going to argue semantics with you. I only know from experience, you probably won't have any malware problems, if you have a little common sense and use Gecko based browsers.

I'll probably search up Last Measure again. I didn't really want to even see the site, but I guess I have to.

[added]

All I get is "Firefox has prevented this site from opening pop ups" (or similar).

 

Firefox is no end-all fix for malware picked up by surfing the internet. It has less known exploits, is targeted less and is less integrated into the OS, but is is still vulnerable to some extent. Therefore, it is advisable to set your browser to higher efficiency as long as it does not interfere to much with your surfing speed.

 

Okay, guys, I give up.

Almost 5 years without any malware problems or any detected proves nothing.

A storm approaches, check y'all later.

 

I have the same experience with IE
Indeed, it proves nothing in general. It proves that we are carefull (even when surfing the dark side ).

 

I don't use any "kill bit" setters (SpywareBlaster, SSD's immunize function), no anti-spyware protection at all. I don't even know how to use IE's zones, LOL!

I'm not that careful, I don't disable active scripting, the only thing I'm careful at all about is Java.

I do research programs I plan to install for the possibility that they contain malware before installing them. That's it.

I run AdAware and Spybot scans from time to time, also an online scan once in a great while, nothing is ever found.

 

I wasn't arguing semantics at all. I just wanted to point out that blocking malware before it is rendered is a good idea, regardless of browser, and didn't want the focus to change from that to a discussion of how you could potentially configure your way around the malware instead. (Configuration is obviously a worthwhile topic, but it was nonetheless beside the point.)

Firefox 1.5.0.2 has just been released. While some of you were talking about known, announced vulnerabilities, and saying there is no need to block JavaScript before it gets to the rendering engine, here are the JavaScript-related vulns that were in fact present in Firefox 1.5.0.1, known to some people--but not us--and only just now fixed in 1.5.0.2:

Crashes with evidence of memory corruption (rv:1.8.0.2) (Critical)
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html

CSS Letter-Spacing Heap Overflow Vulnerability (Critical)
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html

Privilege escalation using crypto.generateCRMFRequest (Critical)
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html

Privilege escalation through Print Preview (Critical)
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html

Security check of js_ValueToFunctionObject() can be circumvented (Critical)
http://www.mozilla.org/security/announce/2006/mfsa2006-28.html

-----

Please don't feel like I'm getting on anyone's case. I'm not. There are no ad-hominem attacks here, and it isn't personal. Anyone who has read my stuff much knows I've said more than my share of stupid stuff... But this isn't one of them.

 

You also said that the Last Measure page could crash Firefox and/or my system which it couldn't. I've already installed 1.5.0.2. It's sensible to stay up to date.