Spywareblaster, Opera, and Plug-ins

Discussion in 'other anti-malware software' started by puff-m-d, Dec 18, 2002.

Thread Status:
Not open for further replies.
  1. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,402
    Location:
    North Carolina, USA
    Hello all,

    Just something I just learned about and thought I would pass along.....

    Spywareblaster is specific to IE but a very similar problem exists for Opera users.  Certain dll's from 3rd party software can be "injected" into Opera without your knowledge, but there is a way around this also.  It is by placing a file named "plugin-ignore.ini" into your main Opera directory.

    Quote from SpyBot Search and Destroy Homepage:
    12/04/2002: New download: Opera plugin-ignore file
    Based on the CLSID database which also contains filenames, we have created a plugin-ignore.ini file for Opera that blocks the filenames of many malicious IE plugins. For many of them, it hasn't been verified yet if they can install into Opera, too, but take this file as a prevention step if they do: download, then unzip the file into your main Opera folder.

    Check out this link http://security.kolla.de/ or for direct download link http://security.kolla.de/files/tools/plugin-ignore.zip.

    It currently protects against:
    WebHancer, crashes Opera
    CometCursor, crashes Opera
    Netscape audio plugin, steals audio file types
    VX2 Respondmiter, Blackstone Transponder
    Porn popups
    Surfmonkey
    Transponder
    Download Accelerator plus
    Browser helper
    Download Accelerator plus
    Huntbar
    Deltaclick
    FavoriteMan
    Commonname toolbar
    SVA PLayer
    Xupiter toolbar
    InetSpeak
    Burnaby Module > e-card_viewer > porn popups
    E-book systems FlipAlbum
    NewDotNet
    Gratisware - CrsHOClass
    NetPal
    Win32/Aspam.Trojan
    FlashTrack, Ftapp
    eAcceleration StopSign
    FriendGreetings E-Card foistware
    EZSearch bar
    Flyswat
    MediaLoads Enhanced.
    IEPlugin
    BonziBuddy
    Huntbar
    Commonname toolbar
    Hotbar
    WebHancer
    GoZilla
    Bargain Buddy
    WurldMedia
    Lop.com
    Network Essentials
    Divago Surfairy
    Aureate/Radiate
    UCmore toolbar

    You can add your own dll's to the list if you wish and always obtain the latest published list from the SpyBot Homepage http://security.kolla.de/.

    Regards,
    Kent
     
  2. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    I thought Opera was immune to all of that nonsense.
    Jeesh
     
  3. Gnostic

    Gnostic Registered Member

    Joined:
    Apr 17, 2002
    Posts:
    108
    Location:
    South Carolina, USA
    Thanks for the heads-up Kent :D

    I have a question though. You are suppose to place it in the main Opera folder. There is already a default-plugin residing there and the new one wants to overwrite it. If I place it in the plug-in folder, I can't verify that Opera picks it up. Can anyone give me some guidance :blink:

    Hey, Mike :D I suppose it's better to be safe than .......

    Regards,

    Gnostic :cool:
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,402
    Location:
    North Carolina, USA
    Hi Gnostic,

    Opera scans that file when it is started. I would change the extension of the original to .bak (in case you want it back), and then place the new file in your Opera directory. The next time Opera is started it will use this file.

    Mike,

    It may be overkill as what the file blocks are mainly ones that are known to run in IE. To my knowledge, it has never been tested whether they can infect Opera. A few can try (like webhancer and comet curser) and cause Opera to crash in some cases. This file can be used like a second line of defense just in case any of these things can get into Opera.

    HTH.......

    Regards,
    Kent
     
  5. Gnostic

    Gnostic Registered Member

    Joined:
    Apr 17, 2002
    Posts:
    108
    Location:
    South Carolina, USA
    Thanks Kent :D That's what I needed to know.

    Regards,

    Gnostic :cool:
     
  6. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    They only way these items can infect Opera would be if you installed an Opera plug-in that enables ActiveX support in Opera. There is such a plug-in (also compatible with Mozilla and Netscape) but assuming it is not installed, you don't need to worry about these Active-X spyware controls infecting Opera (for now, at least).

    I should mention, however, it is possible the spyware makers could write, from scratch, Opera-compatible plug-ins. But the ability of Opera-plug-ins to "infect" the browser is MUCH less than that of ActiveX plug-ins and IE. Opera has built-in limits on the abilities of plug-ins, and it remains to be seen whether a successful Opera "hijacker" or "spyware" plug-in can be made at all for the browser.

    But that said, a little more protection never hurts. ;) (I have this plug-in blocking list enabled in Opera, myself.)

    -Javacool

    P.S. Even with the Active-X enabling Opera plug-in, SpywareBlaster could still prevent the execution of many of these ActiveX controls, as its protection is system-wide and not just specific to IE. (Just wanted to make sure that was clear.) I believe PepiMK's Opera plug-in blocking list will be extended to block non-ActiveX based malicious Opera plug-ins when they come out in the future - assuming the browser gains enough popularity to make the writing of such plug-ins worthwhile for spyware developers (but you know someone will do it eventually :rolleyes:...).
     
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,402
    Location:
    North Carolina, USA
    javacool,

    Thanks a lot for the info :D !!!

    You made this a lot easier for me to understand.....

    Oh... sorry about saying what spaywareblaster does was IE specific.... I thought I read that somewhere... Thanks for correcting me ;) !!!

    Regards,
    Kent
     
  8. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    woooo.....even the thought of one of those creepy things getting on my computer gives me shudder.

    Thank you puff-m-d and Javacool! i d/l'ed the plug-in blocking list too....just in case.

    javacool - is there anyway way of "accidently" installing such a plugin that would enable ActiveX in Opera?

    regards,

    snap
     
  9. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    The only way I can think of would be if an outside source (i.e. an installer for some other program) installed the plug-in into Opera's directory. You shouldn't be able to "accidentally" get the ActiveX-enabling plug-in through browsing the web in Opera - I believe you'll always get a "download plug-in" or similar box (unlike IE where the default security settings can allow ActiveX plug-ins to download with no prompt).

    Best regards,

    -Javacool
     
Thread Status:
Not open for further replies.