Opera 10.10 released

No. But given how Opera prompts for server rights multiple times for multiple purposes, it means that, if and when Unite is hijacked for malicious purposes, Opera will likely already have server rights.

Of course they could. Which is why home users don't usually install web server software on their PCs.

In regions like Russia and Europe, Opera has a very considerable user base.

Claims like "you won't even have to code it yourself" only reveal your lack of knowledge about malware creation. Any RAT created in such a manner wouldn't survive for long or at all, if the user is running any half-decent antivirus. Hijacking Unite, on the other hand, gives the attacker unlimited access even if the trojan is detected and removed at a later date.

Depending on where you live, Opera may not be that rare. And the mistaken belief that it is isn't going to protect you.

Yes, it requires the same rights. But you're getting confused, and trying to suggest that requiring the same rights is synonymous to the same amount of difficulty.

Until you learn to stop propagating untruths about how running web server software on your PC makes no difference as far as security is concerned, and stop pretending that it doesn't make attacks easier (which IS a right reason), I see no reason to believe this claim of yours.

 

Firstly its not an ftp server, its all based on html. Secondly by defauly Unite is not enabled, because you have to go out of your way sign up for an opera account or if you have one you need to sign in with it and THEN you even need to set up which apps you want it to function with.

Widgets in my opinion are useless, they are worthless toys, and if you dont use them then dont worry about them.

I have used opera for years now. I was a devout firefox user but they lost my interest and now opera is the THE only browser that has everything i need. This new version with unite is an amazing revolution. For the people who take the time to set it up and enable it, it makes some things very easy like sharing files and keeping in contact.

The original thing that turned me onto opera was the fact that you can sort your bookmarks by a number of ways, AND it even remembers that sorting and even keeps that sorting in your bookmarks menu. Something which firefox stopped doing.

So all in all another fantastic Opera browser. (its fast as hell also)

 

Sure, Opera likely will have server rights if the user is willing to give them. That still leaves the attacker the problem of getting the malware in the system, and once that has been successful, they don't need Unite for doing what they want to do. Which is exactly the reason why I don't think malware enabling Unite is a problem. The problem is the malware running in your system. Even if you don't have Opera and Unite installed, what's stopping the malware from just getting out there and downloading whatever server software it wants and installing that, even Unite?

I don't think home users choose not to install web server software on their PCs because bad guys could use that server software for malicious activity. Home users don't install servers because they don't have use for them. In any case, I was pointing out that if a malware author wants to make a server out of the machine they just owned, they can just have the malware download and install any server software they want - something they coded for themselves, something that was made by someone else, or even Opera's Unite.

I live in Europe, by the way, fairly close to Russia. In the Europe that I have seen, Russia included for good measure, Opera isn't exactly the most common browser you'll see folks use. I'm sure it's more common than in the Americas, but still not IE. Shame, though, since Opera has some pretty cool features out of the box (and I'm not referring to Unite here).

You can easily create a piece of malware obfuscated enough that none of the most common free or paid AVs detect it with current definitions, and you can do this without writing any actual code yourself, which is exactly the point. And if you don't know this, then you either haven't ever bothered to try, or have tried but just didn't know what you were doing. And any smart attacker would not mass spam their malware everywhere so that every AV will get their hands on it the first day. Once the AVs start adding definitions for your little kit, just scramble it again and repeat, for profit, and own some more systems while AVs are waiting to find a sample of your latest mix.

As for malware that hijacks Unite getting unlimited access even if the trojan is detected and removed later, I'll just say this: mIRC bots. If malware starts to abuse Unite on a large scale like mIRC has been abused, AV houses could easily add Potentially-Unwanted-Software / Hacktool definitions for Opera, so that Opera itself could be detected, or for a less harsh approach they could simply attempt to detect whether Unite is enabled and report that. Do note that mIRC is a legit piece of software that has been around for long, and still some AVs choose to detect it as a potential issue. And the malware authors can't exactly obfuscate Unite, if they're relying it to be already present on their target systems. And what about Windows file sharing features? What if malware feels like turning that stuff on with unlimited access for the attacker? Most people have Windows, but most don't have Opera. Guess which might be the better choice for the attacker to use. Windows file sharing also doesn't require Opera to be on all the time for the attacker to be able to connect to his newly owned victim...

In short, using Unite would not provide any unlimited access or immunity from AV detection for the attackers, and you can easily avoid detection by many AVs without creating new code yourself.

I don't have any mistaken belief that Opera will protect me. My belief is that if malware can infect your system, you've got problems far bigger than said malware trying to enable disabled-by-default features in a minority market share web browser. But anyone is completely free to disagree with me, and to worry about malware enabling such features.

Well, yes, I am indeed suggesting that it requires the same rights, and that is usually my main concern - what kind of access is required to do something. Perhaps I could have chosen my words better. Thanks for pointing that out. Wouldn't be the first time I've chosen my words less than optimally and surely won't be the last. The required rights are pretty important, because if you give malware that kind of rights, then there's no reason why the malware would need to use Unite to run a server on your system or to do numerous other nasty things.

As for difficulty, I maintain that to enable Unite maliciously and to actually get it to work, you'd have to write some code of your own, because at this point there isn't such code floating around. But if you want to do the job better, there's lots of code that allows for that, without using Unite and requiring Opera to be present. And you don't even have to use third party server software. If you just want to "share" the victim's files, there's always this thing called Windows as I previously mentioned.

Yes, now, I do think that running server software makes a difference. And I certainly don't try to pretend that it has no effect on security and doesn't make any attacks easier. If something I said gave that impression, then I am honestly sorry, and rightly deserve to be called a dotard and given a couple of good slaps and/or verbal trashings. But, at least I apparently wasn't pretending all the time, since I just said this:

Servers aside, I think it's important to keep it in mind that more code in general equals more vulnerabilities. It doesn't have to be server code, it can be a media player or support for additional image formats or anything (including, ironically, security features).

But, I think I've said all I have to say here.

 

Great thread and for interest sake, thought I'd give this browser a go. So far, I have setup TCP allowed Outbound to ports 80, 443, 1935 & 554 in Win 7's built-in fw and have not enable Unite server. Also setup Publisher rule in AppLocker for Opera.exe. It seems like a fast browser as usual, though no perceptible difference over IE8. As for malware maybe being written to target the Unite server or whatever other built-in Opera functionality, I won't lose sleep over it. The Malware does have to get on to the machine first and run.

Where is Unite enabled by default??

 

To me there's an issue with Unite serving as 'Fertile Ground' beyond anything else. Opera's 10.01 had a GLARING javascript flaw that allowed remote code execution... One that had been known and fixed in other browsers for months (see link previously in this thread). If you've completely disabled Unite, that's all fine and good, but how long will it be until Opera runs afoul of another huge security flaw that allows remote code execution? Then it's pretty much a moot point because the switch comes right back on, and the server is running for the bad guys. I'm not saying that Unite causes the initial intrusion, mind you:

Firefox, Chrom, Safari, and IE are all just as vulnerable. But now the bad guys are thinking about which platform to hit, and for Opera they'll get a free freakin' webserver with every compromise. It doesn't matter what your settings are. Opera's a juicy target now, more exploitable in terms of what you can do after the fact, and a larger target.

That's to say nothing of the fact that Unite also provides the bad guys with another new venue for social engineering. Stuff that's hosted through these new Webservers looks like it's coming from Opera's trusted sources. That means Opera's Fraud Protection and Javascript site-preference mitigation techniques are useless against Unite Attacks. Phishing and malware hits can propagate much more easily through Unite because of this, if I'm thinking right.

So, will Unite open a backdoor? Maybe, but right now it looks like turning it off will suffice. But will it latch a gigantic neon sign to the browser saying "HACK ME!!!"? You bet it will.

Go into opera:config and take a look at the list. Under "Web Server" The following options are default enabled:

UPnP Enabled
UPnP Service Discovery Enabled
Webserver Always On
Webserver Used

Under "User Prefs" the option "Enable Unite" is also on by default.

These options were also on after I right-click removed Unite from the tools pane. People on the official Opera forums have claimed that the new version of Opera opens a few ports whenever it launches, regardless of options set.

 

Thank you for the info Carbonyl!

Maybe they're right. Opening Opera two separate times (different Process id's each time) and running netstat shows local ports opened by opera, with UPnP (port 1900) in both cases. However, there are no "Listening" states or "Established" states in either case. BTW, the other foreign address port 80 was held by jusched.exe.

 

Many of those folks who post on IE's forum seem more technically adept, & MUCH more civil, than many of those who post on Opera's forum.

Well said... finally!

 

No, they don't expressly NEED it. But a web server being installed and granted permission to listen for incoming network requests certainly makes their life a hell lot easier. Which is the whole fricking point that you continue to ignore.

Nothing. Except that server software would show up on a firewall prompt as an unfamiliar program requesting server rights, not as a program the user knows he/she installed his/herself. There's also a lot of problems involved with downloaders. Their servers are actively hunted by vigilantes, antivirus vendors, ISPs, and law enforcement personnel. Bandwidth is a problem for them, if they need to upload large files. And if the RATs leech legitimate server software (Apache, IIS, etc) off their respective vendors' servers, those connections could be detected and blocked. Having the end user install the web server software itself eliminates all those logistics issues, and makes the bad guys' lives easier.

Exactly. And they're safer as a side effect of it. Unite changes that.

http://gs.statcounter.com/#browser-RU-monthly-200810-200911-bar

Then your definition of "writing" differs from mine.

I think I speak on the behalf of all antivirus vendors as well when I say I'm very glad indeed that someone with such *ahem* "creative" ideas like you isn't working for them. And even if such a measure is necessary, it's just more evidence that Unite is more of a threat than you try to make it out to be.

Yes, that's been such a headache for the malware industry. Oh my goodness, they have to write their own code! It's really such a terrible bother for them, don't you think?

Let me get this straight. You think hijacking Unite is more difficult than hijacking Windows file/network sharing? Are you under the assumption that Windows file/network sharing is even anything comparable to Unite's web server functions?

Yes, I'm quite aware of what you claim to be saying. Given your other arguments, however, I see little reason to believe you're telling the truth when you say that. If it makes a difference and has an effect on security, then people should rightfully to be worried about it, which you have regretfully tried to portray as misplaced paranoia.

 

For anyone that might be interested, i found the proper fonts configuration for Firefox, to show websites 99% as Opera without using No Squint.

In advanced Fonts options, set sizes: 20, 9 , 9.

Only Wilders' doesn't display as Opera from the sites i have tried, but at least it shows "normal". Bolder fonts but normal sized.

Also found a speed dial addon that is actually easy to use. It's called "Fast Dial".

So, all i need is All-In-1 Mouse Gestures, Fast Dial and FEBE or MozBackup.

 

Yeah, they don't need it. They can do the same thing, and worse, without Unite. If they get enough system access. And if they get that much system access, it's a huge problem, whether you have Unite or not. That is my point here. Unite has its own problems - all software has vulnerabilities, and vulnerabilities in server software are their own special case - but malware enabling it secretly isn't one. That requires the level of system access that allows you to do the same thing, and worse, without having to rely on Opera being installed and enabling Unite.

Have you considered that for Unite to work, you need an account at Opera? If the user doesn't intend to run Unite, they won't have such an account, and the attacker is going to have to set up that, too, before they can get their way. Lots of hoops to jump through just to enable something that isn't present on most systems, in a situation where you could do the same things without relying on that thing to be present. And again, I wonder what your stance on for example Windows file sharing is - something that is present on quite a few more machines than Opera.

The server software would show up on a firewall prompt and this might make the user suspicious. If the user has such a firewall, if the malware didn't just blow the firewall right up with all the system access it has already, and if the user is smart enough to understand what the firewall is alerting about, especially if the malware is smart and attempts to look like a legit process. It doesn't have to call the server part "Malicious Web Server That You Should Not Run.exe". The kind of users who would be most likely to get infected wouldn't be able to tell any difference and would just say yes.

Life for downloader malware may not be easy, but neither is life for any other malware. For this malware that wants to enable your Unite to strike your system, it has to come from somewhere, and that somewhere is likely to be some web site where it will be downloaded from, and for that reason, the issues with downloader malware largely apply to it, too: bandwidth, ISPs closing the server offering malicious files to the web, and so on. In spite of this, the web has enough malicious servers running for the bad guys to do their thing, and they can just as easily be used to serve more than just downloaders (and are).

Having the end user install server software themselves but leaving it disabled isn't really that great, when to enable it you need access to the system that would just as easily allow you to keylog credit card data and passwords, for example.

Problem is, most users still won't have Opera installed, and if malware wants to abuse Unite, it still has to get running on the system, after which it can do evil without Unite. Or it can just install Unite even if the user didn't install it.

Apparently it does. My definition of "writing" is not "using a few automated tools that work without you ever understanding any programming language and without writing a single line of code yourself." One can always disagree, but it doesn't necessarily make much sense.

It's not my idea. Some of those AV vendors you pretend to be speaking for already detect legit software like mIRC as potential hacktools or unwanted software or "not malware but something we feel like informing you about" simply because malware has taken to using said software for malicious purposes. Kaspersky is one pretty good example. Maybe you should go tell them they're wrong about it, if you have a problem with what they do.

I didn't say that Opera should be detected. I said that if malware ever starts enabling Unite, it could be, just like mIRC is detected now, and that would nullify your "Unite gives unlimited access" argument. I'm saying, they did it before with another legit software, they could do it again with Opera if they think it's worth it. As for what threat Unite poses, it will have vulnerabilities like any software, and since it's a server kind of software, its vulnerabilities can have special impact. Those are valid threats. Malware coming in to enable Unite secretly, isn't, as I see it, due to reasons explained repeatedly in this thread (malware doesn't need Unite to run servers, Unite is not present on most systems, and so on). mIRC is a pretty nice example here, actually. The malware that takes advantage of mIRC is not so stupid as to rely on mIRC already being installed on the target system. Instead, the malware includes its own copy of the mIRC executable and drops that on the system, using that copy for its own malicious activities. Malware could do exactly the same with Unite, even if you did not have Unite installed.

No, it's not a bother. But it's a fact that writing code yourself is more work than taking ready-to-use code from someone else. If it wasn't, we'd be seeing a lot less people buying ready-to-use exploit kits and malware from their authors. Previously though, you seemed to be of the opinion that enabling Unite saves malware authors from writing their own server code, in spite of Unite not being present on most systems. I wonder why that is an issue for them, if writing their own code is not a bother. Oh, sure, because they need to keep their code compact, and just can't get past all the beautiful AVs and firewalls. You know, just like they are not getting past said AVs and firewalls now, or for that last ten or so years...

I did not say that. Windows has file sharing that you can easily enable if you have complete control of the system. And what do you know, that allows you to share files. It's not Apache, and it's not Unite, but if you want access to the user's files, it will do that. And this is stuff that Joe Average will most likely have installed, which can't be said about Apache or Unite. Unite is obviously comparable to Windows file sharing in that both can be used to allow remote access to files on the system over the network. There are of course large differences, but if an attacker wants access to the user's files, it's not the case that Windows file sharing is useless while Unite is magnificently useful. Windows file sharing has been used by attackers for a long time.

So, are you claiming I'm lying in two different directions at once? That is to say, you think I'm first lying about malware enabling Unite not being an issue, and then lying about Unite potentially including vulnerabilities like any software as well as being a server software that makes such vulnerabilities more serious issues? Well, that's... original, at least. Congratulations.

I think people should be worried about running a web server on their machine that they don't want to be running. Don't run Unite if you don't like a web server on your machine. Just don't, it's your choice. Obviously web servers have their own security issues. But I do believe it is misplaced paranoia to worry about malware enabling some web server that you have installed but are not running. It is more reasonable to worry about the malware infecting your system in the first place. If you prevent the infection, you prevent also malware enabling that web server. Yes, you could worry about such things if you had nothing better to do. But then you have much more than just Unite to worry about, because it's not only web servers that are useful to malware. A simple web browser can be quite useful, when you hide its window and use the browser that is already approved past the firewall to communicate with your control server. So, after you toss Unite, it's time to worry about whether you should toss browsers, FTP clients, and the operating system itself. My suggestion is to just toss the software you don't need. Don't need or want Unite? Then don't enable it, and if you feel really uncomfortable with it, don't install Opera. That solves your problem with it.

Once more: I'm not saying that Unite is good for security, or that it has no issues. Unite will likely have vulnerabilities, and running a web server always has security implications. What I'm saying is that Unite being enabled by malware is not something to worry about in my opinion. What you should worry about is:
1) running a web server on your system - don't run it if you don't want it.
2) running new code on your system that means also new vulnerabilities - if you don't need the new stuff, consider not running it.
3) running malware on your system - don't do it, or it can do evil things whether you have Unite installed or not.

After you've dealt with all those, you no longer have to worry about whether some malware is going to enable some web server that you installed, because chances are the malware won't be there.

 

And people might forget, that with users running Avast and other AVs, it would probably take a week or two for AVs to start detecting the malicious file that targeted Opera, if one was actually in circulation.

So most users running an AV would most likely be protected by any such download. It's be blocked/quarantined.

 

Having web server software pre-installed on the PC makes it an even bigger problem, because it lowers the bar for a successful attack. Which is the fact you're continually ignoring.

So making it easier for hackers to turn your PC into a web server or botnet node isn't a problem?

Actually, inserting a username and password into Unite is as simple as editing the operaprefs.ini file. I'm sure that's such a big hurdle for hackers.

Thanks for agreeing that I'm right. So without Unite, the malware has to nuke the firewall as well to keep user suspicion to a minimum, which is at least one extra step. I think that I speak for quite a lot of people when I say that it's a good thing to make life as difficult for hackers as possible, and some third-party firewalls are not that easily nuked, if they can be at all.

Because the bad guys constantly switch servers. This doesn't work for downloaders because their download URLs need to be coded into the binary itself. If you switch servers, the downloader simply finds nothing to download.

So you're saying that just because malware can keylog credit card data and passwords, they should also be easily given the ability to upload files on your computer to an attacker as well?

I don't really see why you constantly fail to grasp this very simple concept. Why are you so against the idea of making life difficult for hackers as much as possible?

Again, thanks for agreeing that I'm right, and saying that users that don't have Unite installed are more secure.

Perhaps you should tell Kaspersky that they should detect Opera as a potential hacktool - guess what, Opera not only has web server software built in, but IRC capabilities too! If you ever get a response from them, please do post it, as I'd dearly love to see it.

It could. It would also be a pretty stupid idea and very liable to pissing users off. And if it actually happened, it would also prove that I'm right - that Unite is a potential security risk.

OR MAYBE it's because it's easier for them to modify a trojan produced by those kits, than to write one from scratch themselves. Competent antivirus vendors keep up-to-date with such kits, and the trojans they produce are almost immediately nuked by any good AV product. Only the stupidest hackers or someone who knows nothing about malware would think that the strategy of "buy-kit-and-spread-unmodified-trojan" would work. The kits are used to produce trojans that the hackers modify, not to relieve script kiddies of the work of writing code at all.

OH, I DON'T KNOW. MAYBE BECAUSE THE DIFFICULTY OF WRITING CODE HAS NOTHING TO DO WITH THE DIFFICULTY OF GETTING THE PROGRAM TO WORK UNNOTICED?

Ugh, I can't believe I need to even explain this. I'd imagine it's trivial for black hats to write code - it's their job. Keeping that code's actions innocuous and undetected from the user, on the other hand, is another matter altogether, and the more hoops a trojan has to jump through, the more likely it will actually get discovered. If a RAT has to download its own server software instead of using one that's pre-installed and trusted by the server, the firewall prompt would be one thing for the user to notice. If it also tries to kill the firewall, that's another thing for the user to notice. The Windows Action Center. Increased CPU and/or network activity taken up by funny processes. And so on and so forth.

Yeah, and let's make their work even easier for them!

Best idea I've heard!

With Unite, you don't need anything beyond a limited user account if the user clicks "yes" when Opera throws up a firewall prompt. Which is quite likely, given how often Opera prompts for server rights for how many different purposes, and given how Opera is actually a trusted program the user installed consciously.

But hey, I suppose some people would just LOVE the hackers to have an easier job at doing their mischief...

Don't get too far ahead of yourself; you've shown that you're quite capable of confusing yourself. Either that, or this is actually quite an original way of putting words into peoples' mouths.

You can keep on trying to lay claim to the correct and reasonable stand that server software does make a difference in security, but all the while arguing that people shouldn't be worried about Unite and that it doesn't make a difference. Just don't expect me to believe you, because, as the saying goes, you can't really have your cake and eat it too.

 

I'm concerned about malware running on the system in the first place. And yes, I am mostly ignoring what pre-installed software malware could use for its evil ends once it already has access to the system. That's because there's a lot of such pre-installed software and it's not practical to remove them all: there's browsers, there's the operating system itself with plenty of features that could be used maliciously, there's simply a lot of stuff. What the user should aim to do is to not let the malware infect the system in the first place. They could also choose to limit attack surface on the system by not installing software they don't need or want. If you don't need web servers, don't install them, even as a part of Opera.

In a scenario like this where you have Opera installed but Unite is not enabled, in my opinion it's not a problem that malware could jump in to enable it. It's not a problem to me because to do that, the malware would already need to have access to the system. Therefore the problem is malware having system access, not pre-installed software having features that malware could use for its own ends once it is running on the system. But, if you are honestly that concerned about getting malware on your system that would then enable Unite, then surely you should avoid installing Opera. That's certainly what I would recommend for you, or anyone else so concerned about getting malware on their system that could enable features in pre-installed software, like Unite in Opera. Before making that recommendation, I'd just take the opportunity to say that in general it might be a good idea to just try to prevent malware from infecting the system, so it can't enable Unite or do other things that you don't like. It's a little bit important, because even if you remove Opera and therefore stop malware from enabling Unite (unless malware just downloads and installs it on its own instead of hoping you'd do it for them), any malware running on your system could still try to steal your passwords, for example, which is something not everyone necessarily likes that much.

I think you have a rather active imagination when it comes to seeing ignorance. Adding credentials to Unite in order to enable it requires you to first open an account with Opera. That's easy, but it's a little extra hoop to jump through - you can't just mass produce credentials out of thin air, you have to actually register accounts with Opera. Then you make your malware use said credentials to enable Unite on the victim's system. If Opera ever realizes this account is being used maliciously, it'll likely be closed, cutting off your unlimited access. You could of course choose to play with IP addresses or custom domain names instead of going through Opera's proxy. But all this stuff is pretty inefficient compared to just installing a server of your choice, instead of hoping the victim has Opera installed.

You're welcome. Certainly it's a good thing to make life difficult for hackers. But me, I also try to not make my life difficult. I aim to stop the attackers before they're on my systems, and I suggest others to invest in that, too, before they worry about what malware can do once it is on their system and enabling features in pre-installed software.

Sure, bad guys switch servers. And that doesn't prevent downloaders from working. The same source that gives you that gift of the original malware can also immediately give you the server part, if they're not already included in one and the same dropper executable. This is easy. Unless you just don't know how to run that game. Fast-flux DNS is one way to make it easier to keep the servers with the malicious code available to the downloaders. But if you'd like, I could pretend that none of this was possible. I wouldn't want anyone to be so agitated they feel the need to type in all caps.

No, I'm saying that if you let malware have the kind of access where it can enable Unite, you are already in huge trouble, Unite or no. That, then, suggests that you might want to prevent that situation from occurring, instead of worrying about malware enabling Unite. Don't let the malware infect your system, and it won't keylog anything or enable Unite. Of course, preventing malware infections is not as easy as saying you should prevent them, but if you're going to do something, it's wisest to do the most useful things.

I'm not. I think it's good to make life difficult for attackers. But, I think the attackers will have a much more difficult life if you prevent their malware from running at all, instead of just preventing their malware from enabling Unite.

Again, I'd like to repeat that Unite has its issues. It's new code and that means new vulnerabilities, and it is a web server with all the implications always involved with software that accepts traffic from the outside world. If you don't like either of these things, then it's a really good idea to keep Unite away from your system. Don't install Opera. It doesn't come pre-installed with Windows. If you really like Opera, then I fear there's not much more you can do - if you are not inclined to trying to hack things up yourself - than contact the developers and explain your concerns to them in the hope that they change things. Probably not going to work, though.

Sure, users that don't have Unite installed are more secure. I don't think I've ever claimed that Unite was good for security, or that leaving Unite out would not increase security. It's always the case that when you drop some software, you also drop its vulnerabilities and any attacks against that software. Users that don't have software "foo" installed are more secure, by virtue of not suffering from any vulnerabilities in "foo". The less software you have, the less attack surface you have, as far as vulnerabilities in running software on your system are concerned.

Thanks for the personal attack. I hope it cheered you up a little.

Again, it's not my idea that some AVs detect some legit software because they can be used maliciously. Password recovery tools, irc clients, server software, many things are detected by various AVs. And none of that is because of anything I have said. I don't quite see what your issue here is, unless it's just to find opportunities for personal attacks. I'm well aware that Opera includes mail, BitTorrent, and irc features, and even - gasp - a password manager. I am not suggesting that Opera should be detected because of any of that. I quite clearly, at least clearly to anyone who can read and knows English, stated that if Opera's Unite was ever exploited on a large scale like this, AVs could respond to that by adding detections for Opera or Opera preference files that reveal Unite is enabled. Again, if you can read, this is not something that I am suggesting should be done. It's something that AVs could do, if they thought it was worthwhile as a countermeasure to any malware that attempts to enable Unite. It's something very similar to what AVs already do - they already detect legit software used by millions of people, like mIRC, due to malware making use of said software. What about this is "crackpot" the world wonders.

All software is a potential security risk. All software has potential vulnerabilities that could compromise security. Software that makes remote connections is a special case, and server software a very special case, with their own rather serious effects on security. Part of the solution is not running software that you neither need nor want. That way, you at least won't have to worry about those programs being exploited by any attackers.

mIRC users have been getting AVs warning about their software for a long time. Sure, it's not fun. But, it's something that many AVs choose to do in response to malware using legit software for their malicious purposes.

Sure, modification is easier. But modification need not mean new code must be written. It can simply be obfuscation - binders, packers, and all sorts of relatively simple tricks. Many big name AV vendors constantly have trouble detecting even relatively old malware that has been obfuscated without writing any new code. As for the exploit kits I mentioned, they don't produce any trojans, they are just packs of exploits against software vulnerabilities our evil friends can set up on their servers to use against anyone who gets redirected or lured there with a vulnerable system.

Keeping malicious code and its actions undetected from the user is unfortunately easy enough, seeing how many users are infected, without Opera Unite being exploited by the malware. Getting most users to say yes to one firewall prompt, if the user even has a firewall that bothers to ask, is not exactly difficult. As I hope anyone who has ever actually dealt with malware infections on the systems of "Joe Average" type of user would know. Joe Average will do pretty much anything that is asked. And even a simple malware doesn't need to ask much, even if there is a decent software firewall on the system. Once malware is installed, it can hide processes and files and anything it likes with rootkits - if admin rights are not available, user mode rootkits work just fine. The malware author can place limits on how much CPU and network their malware uses, if they feel like it, but most victims won't notice much even if no limits are in place. And if the malware chooses to use Unite for evil, then it'll just be Opera taking unusually large amounts of CPU and slowing down browsing in ways that did not happen before. If the user is the kind smart enough to wonder about such things, they might wonder why Opera is suddenly behaving like that, and investigate. So, it's not as if malware using Unite would somehow make detecting the infection and malicious traffic difficult. It's difficult enough for the Joe Average to typically miss it, but then, Joe Average is likely to miss traffic even from a malware process running plainly visible in task manager, but without any visible windows.

Instead of uninformed or malicious, if I got to vote on it, I'd vote for "not as optimistic as Eice" and "concentrated on stopping the malware before it can enable things on your system and molest your files and call your mother names". You seem to be more confident than I am in users' ability to detect abnormal activity in their systems. It might be interesting to know which of us has more experience with the average skill level user. Perhaps you are one of those lucky people who don't have to deal with average users much. Or perhaps you're just naturally more cheerful and optimistic than I am. The reality in which I live is such that malware has been able to infect tons of average users, for years, already when Unite did not exist even as a glint in the milkman's eye, and has been able to hide from the user and AVs effectively enough, by using anything from the simplest tricks to most complex kernel rootkits. Malware authors don't need Unite to get their servers running on systems their malware has infected. That's why I'm rather uninterested in malware possibly enabling Unite.

Pretty sure. I prefer to make their work harder by not letting the malware infect systems in the first place. At which point malware won't be able to enable Unite, even if Unite is there to be enabled - which it shouldn't be, if you don't like it.

And to set up a server that isn't Unite, you also only need limited user privileges and one "yes" click if a firewall asks you whether you should let "Generic Host Process" to act as a server, or whatever phony names the malware wishes to use. The user might say no. Or they might say yes. Chances are pretty good that if you ask them enough, they'll just say yes. Or if you don't feel like asking for server rights that way, you could have your fake AV warn the user that their system is infected and Windows needs to download anti-malware software to clean it, and then have "Anti-Virus Pro" ask for server rights. Works on frighteningly many people. And you can install the fake AV without admin privileges, or getting any server alerts from firewalls.

I'm sure that some people would. As far as I know, I'm not one of those people, though. But hey, maybe if sort of hit my head just the right way, I can get my ignorant but evil Mr. Hyde persona going.

I'm sure I'm quite capable of confusing myself, but I don't think you should be the one talking about putting words into people's mouths. You've been saying here in this thread that I have claimed running servers has no security impact, but consistently fail to demonstrate where I've actually said that. Maybe that means something.

Let me say it again: I have never said Unite makes no difference. What I have said quite a few times is that if malware has enough access to enable Unite, it already has enough access to do many other evil things that you probably wouldn't like too much. So, it would be important to prevent malware from getting on the system in the first place. Obvious, sure, but if you do that, then malware won't be enabling Unite, and you don't have to be concerned that it will. I like to think of this as approaching problems the most direct and effective way. For example, I'm not worried about a criminal stealing my car and then using it to run down an innocent kid. Why not? Because I'm concerned about getting my car stolen in the first place, and take measures to make it really quite hard for the criminal to steal it. And if they can't steal it, they can't run down kids with it.

It's obvious you don't like Unite. It may not be obvious to you that I don't like Unite either, and would not recommend Unite.

Finally, sorry for disregarding the edits to your post, but sometimes I just can't help myself when I get called a crackpot.

 

k wen did this become the thread of essays... u guys are like writing ur memoirs on here.

 

LOL.... Brevity is not their strong point....

 

Yeah, that tends to happen when I open my mouth. Which leads me to consider that perhaps I should open it less often and with more consideration!

By the way, Eice, while I do have a big mouth, I've got nothing against you. I'm just a pretty opinionated kind of old bore that doesn't mean any harm but sometimes has keyboard fingers faster than they should be. I know Unite has its issues as far as security is concerned, but I'm used to the approach of preventing malware attacks before they gain control of the system. And I am guilty of trying to "brainwash" others to take that approach as well.

So, if I've caused any offense, sorry about that to all of you guys. Not my intention! Sorry for hijacking the thread, too. I originally intended to make just that one post to say that malware needs to have pretty serious system access to enable Unite, and that means trouble in any case, Unite or no. In hindsight, I seem to suck at making just one post in a thread.

Well, in Eice's defense, he's better at the whole brevity thing than I am, but I guess everyone already knew that.

 

I never said it was!
My point is that it would be ideal for Opera to have two downloads- with and without Unite for those of us that don't want the social networking crap.

Or Opera could follow Mozilla's example- separate components like browser, mail client, etc so the user can choose for themselves instead of one bloated program.

 

Perhaps there should just be modules that you can install or skip in the install process. I'd leave out the email too.

 

You posted while I was editing my last post.

 

Whoaa, okay, sorry about that, no accusations intended It just seemed given the intensity of some of the responses, it was enabled by default. My bad for misinterpreting. Now given the info from Carbonyl, it does look as though it is at least partially enabled in the config settings, so on one hand in the main menu it needs to be enabled but on the other, so much of it already is enabled by default under the hood, which comes off as misleading on Opera's part to me.

Yes, I agree with this.

Also, Windchild mentions repeatedly to keep the malware off the system in the first place. Probably this is the easiest and most effective solution. Either that or use a different browser if the user is too spooked by the Unite "feature" in Opera.

 

Yep, looks like we had the same idea.

 

Im not sure why the firefox rendered page type appears so bold?.Im using widescreen1366x768 resolution .Yours seem compacted in the pic.Heres mine on 120%
http://img267.imageshack.us/img267/8758/20091125181919.png
ellison

 

Yours looks fine in deed... I 've no idea why mine was displaying them so ugly. Maybe because i use 125% fonts in Windows somehow the program is "confused"?

Anyway, with the fonts sizes i changed to 20-9-9 (and without no squint), now all is fine:

http://img266.imageshack.us/img266/688/37802832.png

I encounter minor differences compared to Opera, mainly in a few fora. But it definitely looks "normal" now.

 

If willful ignorance is mostly part of your plan, perhaps I should stop wasting my time.

I suppose you must also be the kind of person who never puts on seat belts or buys insurance. After all, your strategy of not getting into an accident in the first place is quite foolproof... isn't it?

 

Perhaps it's time for a view from a dispassionate reader of this thread.....

Either perspective being voiced in this thread has some level of merit, but they weight different aspects of the situation in uniquely different ways.

Personally, I believe Windchild's overall analysis is correct. If a system is experiencing an active compromise, whether or not Opera/Unite is running on your system really is a low priority detail. At some point in the distant future (if market penetration changed significantly), that reality could change. However, at the moment, it is pragmatically lost in the noise.

However, one lesson that should have been well learned over the past decade is that a features/facilities introduced to enrich the user experience in highly automated ways (ActiveX for example) can be subverted. The unintended consequences can take time to emerge, at which point a target rich environment is available. Of course, once these issues are fully developed, it is possible to develop mitigating solutions after the fact. Any approach which facilitates system interconnection can enrich the experience, or be a highway to ruin.

In any event, whether or not to use Opera/Unite is like any other potential security matter - it involves an explicit and personal risk/benefit analysis. Reasonable folks can have very different levels of risk aversion and rather different contexts in which that risk plays out. It's in this context that a perfectly reasonable analysis may still yield a suggested course of action that involves an uncomfortable perception of risk for some.

Tolerance to the risk, and I'd posit that this has not been genuinely established in this discussion of Unite (and at this point it's rather difficult to do as well), is rather distinct from willful ignorance. The simple fact of the matter is that there is a continuum of appropriate approaches which reflect both risk tolerance and risk context.

Blue