Test your PopUp killer

Hi JayK

As far as VBS and Active X are concerned, that's what I tended to think, and definitely what I do believe too.

I pondered about your comments on Opera. Not sure the compromise is a voluntary one, but anyway we'll see what the Opera crew may have to say about it...

Had I to disagree with you about something, it might be that mouse-over gestures are to be considered a voluntary action on the user's part... Onmouse over popus just seem to me as a way to trick surfers into opening unwanted windows.

Nothing to fear about popus per se, except for their intrusive propensity and ability to deny a comfortable surf, or to (re)direct you to where you didn't want to go.

Anyway, interesting posts and points of vue - thanks.

Rgds, Crockett

 

I use free surfer mk2 it passed the test 100%. But the best part is that it is free.

 

Hi Crockett,

Appreciate your following thru with the reporting on this possible bug.

Please let us know if you test the next beta on #3 & #9 mouse over and it fails. Kinda curious now.

Opera beta 7.21 RC6 should be coming out shortly.

I like the responsiveness of the Opera team.

curious the different results which are being reported. hope this isn't one where the OS is called as culpable, maybe some are forgetting to turn off proxo

 

Used firebird .7 and failed the mouse overs. Went back and did it with IE and failed all nine. I have my settings tight but can anyone tell me what i should do to make them tighter.

 

http://www.popup-killer-review.com/index.htm

Acadia

 

I wouldn't worry, Mozilla in all it's incarantions and (now Firebird) has never ever blocked mouseovers spawned popups.

For one thing these popups are a result of your action, so they are avoidable espically second time around, much less irrating them other forms of automatic popups.

 

Im sry i should have made my self clearer, i wish to make my IE settings better so as to stop the pop ups. I am very very happy with firebird and its pop up blocking.

 

Hi all

Some final words on this matter, at least regarding Opera... Seems JayK was right.

http://www.outpostfirewall.com/forum/showthread.php?s=3ea0e4f398418076be7c8888d269bd71&goto=lastpost&threadid=8423

Rgds, Crockett

 

Turn off all active scripting should do it.

 

Thanks Crockett,

Small issue for me but at least I know what to expect. I normally run killing Java & Scripting anyway so not a biggie... as my first result above would be my norm.

Conclusion reached seems a little inconsistent to me but again not a big deal to me.

In your communication with Opera, you explained the issue & test so there was no ambiquity as to what you did, the response from Opera support said:

Unless the Opera support tested it with Java & Java Scripting disabled, then his results were inconsistent with what we observed.

The assessment that by waving your mouse over one of these test is implication the user is requesting something is not valid in my mind, due only to the potential for exploit by malicious web site.

When I waived my mouse over the test I did not want the popup but got it anyway when I tried it the 2nd way above.

 

Hi guys

Still tend to agree with Peakaboo...

But... right - I pass all nine with 'popups disabled', still keeping 'JavaScripts enabled'... So I agree - no big deal.

There are one or two sites I like and visit regularly which require to accept 'requested popus' so as to voluntarily open some pages, and it was nice to surf with the Opera function 'open only requested popups' activated.

Can always reactivate it by pressing F12 when accessing these sites... I sometimes forget how easy it is.

Seems I just may be so used to Opera's excellence that I tend to forget its top-grade quality and start expecting (useless) perfection.

Rgds, Crockett

 

Think about it, Onmouseover and trigger a lot worse things than just popups. If you expect the browser to block popups what about blocking other actions?
All those malicious test exploits you see on test sites can also be in the form of onmouseovers rather then onclicks.

When it all comes down to it, using JS always carries some risk with it.

PS ever seen a popup that results from other eventhandlers like onblur?

 

not a concern for me... however,

Think about this, it would not be an issue if it (onmouseoverpopup) were not exploitable, since it is a potential method of exploitation, and if average surfer is relying on statements puffing security from alternative browsers, the alternative browsers need to put up or shut up.

Alternative Browsers - If it is not exploitable say why. Just saying: that's the way it should work and user is asking for the onmouseoverpopup if they wave the pointer over is bogus - a malicious web site can load any payload they want in that onmouseover.

Alternative Browsers - If it is exploitable then plug the exploit if possible, if not then stop puffing how secure you are.

Leads to false sense of security if one falls into the category of those who venture out without alternative defenses.

this is one of the points gleaned from my "IE vulnerabilities alternative defense" test page (in this poll section).

p.s. answer: never seen onblur you gotta link?

 

I have no idea what you are arguing here.

Popups by themselves are harmless. You seem to think if something blocks a onmouse popup , it's more secure. I'm telling you it isn't.

The whole example of loading a malicious exploit by mouseover is to show you that, in such cases, Opera is no better since all it does is filter new windows.

Popup windows alone are harmless. Blocking popups makes surfing more more comfortable, but any security benefits if any is minimal.

 

If you are talking to me, there is no argument.

My points are quite clear if you can not see them it could be 1 of 3 things:

1) we either disagree,
2) there is myopia running rampant, or
3) this is a replay of Cool Hand Luke.

again not an issue for me... only an issue for those who logically would think they are protected from a malicious popup exploit... and aren't.

imagine if you will the following link or any malicious link were some how executed in a mouse over: JayK only press here

In fact you reiterate one of my points.

We already know Opera is no better since it failed the mouse over, wouldn't be an issue if it didn't.

where is your link to onblur?

 

I use Mozilla Firebird 0.7, I failed test 3, and test 9

 

Look at it on the bright side.

The developers would say that your browser (firebird 0.7 & Opera which is what I am using) is working like it is supposed to, but it is certainly not the result you expected (right or wrong).

I don't know if Firebird has the block all popups. Opera does, and it works to prevent #3 & #9.

Also if you run proxo and have the following 4 standard filters enabled:

1) Disable JavaScript
2) Kill Dynamic HTML JavaScripts
3) Onload unloader
4) OnUnload unloader

you should be able to pass all 9 popups. It is easy to switch proxy configs on the fly (right click proxo icon in sys tray) and leave your browser settings alone.

or as some have posted just turn off Java and Java scripting (easy to do with Opera with the F12 key).

 

Google toolbar passed all the 9