on-line vulnerability tests

Discussion in 'polls' started by peakaboo, Jan 12, 2003.

Thread Status:
Not open for further replies.
  1. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I ran across three tests linked from IUIC.edu which I found interesting. The tests are benign and will not hurt your PC, but may provide you with useful info.

    If you use IE please take the IE vulnerability tests below and the privacy.net test also.

    If you don't use IE take the IE test anyway just for grins and the privacy.net test.

    The two IE vulnerability tests are:

    1) Elmue's VBS vulnerability test

    http://www.netcult.ch/elmue/Security.htm

    note: in the middle of Elmue's page you will find your results.

    and

    2) lockdown IE Vulnerability test

    http://www.lockdowncorp.com/bots/testyourbrowser.html

    note: do not turn off any of your defenses as the lockdown site suggests, click on the blue link "Test my Browser Now"

    3) Finally for all browsers take the following test at privacy.net:

    http://privacy.net/

    When you get there left click on "click here" for full analysis at the top left of your screen.

    For those who answered options 3, 4, 6 & 7 go to the link below and post your question on how to get passed the test(s) you had problems with.

    http://www.wilderssecurity.com/showthread.php?t=5367
     
  2. snowy

    snowy Guest

    <Lockdowncorp> will NEVER cross the threshold of this computer


    Snowy The Snowman
     
  3. [glow=red,2,300]Yes....I passed!!! :D[/glow]
     
  4. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Elmue (author of the VBS test), states the following:

    Because of the security hole in nearly all versions of Internet Explorer an unsafe VB Script can be executed if it is hidden in a Java Script Block, although the user has disabled it.

    He also states he has verified this security hole exists in the following versions of M$ IE:

    Elmue's script found the security hole in the following versions of Internet Explorer of my visitors :

    4.72.3110.0001
    4.72.3612.1713
    5.00.2014.0216
    5.00.2314.1003
    5.00.2614.3500 (Windows 98 SE)
    5.00.2919.6307
    5.00.2920.0000
    5.00.3103.1000
    5.00.3105.0106
    5.00.3314.2101
    5.50.4134.0100 (Windows ME)
    5.50.4134.0600
    5.50.4522.1800
    5.50.4807.2300
    6.00.2462.0000
    6.00.2600.0000 (Windows XP)
    6.00.2800.1106

    Mail Programs :

    Elmue states there also is another security hole in Outlook Express 5.0 to 6.0 and Opera, which allows a virus in an email attachment to install itself by merely looking at the email ALTHOUGH you did NOT open the attachment.

    The following is the result I (Peakaboo) got for Elmue's test and I would consider this to be the standard of what passing this test looks like:


    Results :

    Current Visual Basic Script Settings :

    Java Script not activated
    Secure Visual Basic Script not activated
    File access via Visual Basic Script not activated
    Registry access via Visual Basic Script not activated


    These drives exist on your computer:
    No access possible

    The Main folders of your harddisk(s) :
    No access possible

    Your Programs and Internet Favorites :
    No access possible

    Your "My documents" :
    No access possible

    Your Outlook Express Email Account(s) :
    No access possible

    Your Netscape Email Account(s) :
    No access possible

    Your Outlook Express and Netscape Addressbook :
    No access possible

    Userdata and registration numbers read from the Registry :
    No access possible
     
  5. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi peekaboo

    Interesting page, my results below.

    BUT 1 comment first on the ONE of above Sites you listed.

    LOCKDOWN CORP NO WAY, WITH SNOWY ON THIS

    Now, the Visual Basic scripts part is a little unsure wording on the site. Also my results vary from yours in the first scripts

    I am assuming by "Java Script [secure] activated" it means I have JS "SECURE" SETTINGS.
    Also "Secure Visual Basic Script not activated" seems to be contradictory to the next two lines whereby I am SECURE because I do not have them 'activated'

    ALSO, I checked my settings, and only allow 'Safe scripting' rest disabled/prompt

    PLUS: VBS CANNOT RUN ITSELF ON THIS SYSTEM because I use Wormguard [DiamondCS] and I have VBS along with JS in the Blocked-List Editor's lists and if VBS does try to activate auto/manually the below pic shows the message I get [worded by myself, lol]

    However, Passed all the other tests, NO "SECURITY HOLE" showed up.

    MORE SITES YOU CAN TRY PEEKABOO

    GFI Email Security Testing Zone: http://www.gfi.com/emailsecuritytest/

    Qualys Browser Test: http://browsercheck.qualys.com/


    Java Script (secure) activated
    Secure Visual Basic Script not activated
    File access via Visual Basic Script (insecure) not activated
    Registry access via Visual Basic Script (insecure) not activated


    These drives exist on your computer:
    No access possible

    The Main folders of your harddisk(s) :
    No access possible

    Your Programs and Internet Favorites :
    No access possible

    Your "My documents" :
    No access possible

    Your Outlook Express Email Account(s) :
    No access possible

    Your Netscape Email Account(s) :
    No access possible

    Your Outlook Express and Netscape Addressbook :
    No access possible

    Userdata and registration numbers read from the Registry :
    No access possible
     

    Attached Files:

  6. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Nice test sites, Taz.

    sk
     
  7. [glow=red,2,300]very, very nice!![/glow]
     
  8. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Here are two more tests to chew on:

    Test page for Word documents in frames:

    http://www.computerbytesman.com/acctroj/iframe.htm

    this will test your Script Sentry, Script Defender, or other mechanism to defend against this vulnerability.

    ActiveX control vulnerability:

    http://www.computerbytesman.com/acctroj/axcheck.htm
     
  9. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Another good online test to keep you on your toes:

    info about the test:

    http://www.nsclean.com/axtest.htm

    to test your pc go to the above link read about the test and then click on:

    "click here to test your system"

    or

    direct link to test ( I suggest you read about the test first at the link above and follow the test link from there ):

    http://www.nsclean.com/exploit.htm
     
  10. jamming

    jamming Guest

    Thanks for the test, passed as usual but nice to have something to check them over once and awhile to see if I accidentally reset something. :cool:
     
  11. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    more information about this "WSHOM.OCX" exploit:

    the immune result you should receive is as follows:

    You are immune to the "WSHOM.OCX" exploit ... congratulations on SAFE computing!
    You have both ActiveX and "Scripting" disabled on your computer.


    the point being made by the test is:

    You should ALWAYS operate Internet Explorer with "scripting" turned off completely and move any sites you actually *TRUST* to the "Trusted Sites" zone so that you can continue to protect yourself against rogue sites. ONLY those sites you really trust to use ActiveX or Javascript should be moved to "Trusted sites." By following these safe practices, you won't be burned.

    What can happen if you don't use the above safe practices:

    for those who go the prompt me route for active x & JS ... contrary to safe practices...

    " ...we've received reports from a number of people who have visited some nasty sites that they never received the opportunity to decline these rogue ActiveX controls. In other words, they never received warning that an unsafe ActiveX control was going to be run and as a result, their hard disks were erased, systems destroyed or at minimum, encountered trojan horse back doors placed on their system without ANY warning at all. "

    Any "trusted site" which requires Javascript and ActiveX controls should *ONLY* be permitted to run in the "Trusted sites" zone after being physically placed there by the end user and should NEVER be allowed to run in the "Internet Zone." This is the reason why we've made this test available - so you can determine if you're at risk and make the necessary adjustments to secure your computer.

    http://www.nsclean.com/axtest.htm (test at bottom of the page)


    Also see reply #9 here:

    http://www.wilderssecurity.com/showthread.php?t=5367;start=0#lastPost

     
  12. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    After having gone to the site mentioned by Peakaboo, I decided to employ the 'Trusted' site technique and I disabled scripting completely in the Internet zone. I fully expected to run into problems at DSL Reports running the speed tests, etc., but I figured I could place that site and my homepage in the 'Trusted Sites' list. But then I ran into problems at the MS Update site; the MSN/Hotmail site; the Yahoo site; and the MyWebAttack.com site; along with the NetGear configuration utility, and practically every site that I visit for 'convenience' sake, which, aside from security considerations, IS the main reason I use a computer on line in the first place.

    So far, I have 16 sites listed in "Trusted Sites". What I then came to realize is that I did not like the 'low' security level of some of the default settings, and had to go back and boost them up a couple of clicks. This is not to say that it can't be done; what I'm saying is that it's all well and good to advocate for high levels of security; but in the real world there are trade-offs. And even though I've mentioned it before, I'll say it again: I have no idea where all of you are getting inundated with all of these viruses and trojans and evil scripts, but maybe you need to think about the sites you frequent as much as burying yourselves behind all of these defenses.
    Just my two cents worth.

    sk
     
  13. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Good point sk...

    Most valuable protection for pc is between the ears (for most anyway). ;-*

    Not familiar with the site don't click on the link.

    Layered defenses help protect if/when one has a momentary lapse in good judgement.

    me too! :)
     
  14. Uguel707

    Uguel707 Graphic Artist

    Joined:
    Nov 9, 2002
    Posts:
    2,999
    Location:
    San Diego
    Hi mate!

    Well, I didn't pass the test! I have Word 2000 along with XP Home and the test got Word propulsed in no time! I downloaded AnalogX but it still does it. The AnalogX configuration is set by default, should I add a doc extension? Yeah, I noticed that strange behaviour even before that test but since my AV didn't start fussing I thought it din't matter too much! o_O http://groups.msn.com/_Secure/0RQDiAqIU3M3AXjmgmI15DXzbzVIprlK9ct2oGlz8nAp0V6BBORZBe6aBaMDWMJ6naTYQ2eVHL1uUTY9m57jp1kKAxLpWcPzaTJ4!3Cp1te0/lune-14.gif?dc=4675397854022365468Bye! Uguel
     
  15. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Hi M8,

    Exactly, just add the .doc extension and SD will defend against this exploit.

    I think you can add a total of between 31-34 extensions b4 SD can't handle anymore. When you add too many extensions, SD reverts back to default extensions soo B careful when you get past 31 extensions.

    Go here and here for additional ideas of extensions to add.
     
  16. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Another set of interesting on-line tests:

    http://www.finjan.com/mcrc/sec_test.cfm

    if you have followed this thread and some others concerning on-line test sites, you should have no problem with the the 5 exploit categories listed at the above url.
     
  17. Uguel707

    Uguel707 Graphic Artist

    Joined:
    Nov 9, 2002
    Posts:
    2,999
    Location:
    San Diego
    Peakaboo, thanks!

    Sorry if I reply late for I've been so busy lately. :doubt:

    Done! No, I haven't had unpleasing Word starting windows since I did it. Nice tip! --I'll check your links-- :) Thank you! Uguel707 ;)
     
Thread Status:
Not open for further replies.