What is your browser security approach these days?

Discussion in 'other anti-malware software' started by Kernelwars, Apr 22, 2011.

Thread Status:
Not open for further replies.
  1. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    • Internet Explorer 9:
      • ActiveX filter
      • Default Settings
      • Protect Mode
      • UAC Default
      • Sandboxed by Sandboxie (Paid) with:
        • Drop Rights
        • Internet Access Restrictions
        • Start/Run Access Restrictions
        • Forced Web Browsers
        • Read-Only C:/Windows
        • Blocked access to areas with sensitive information
        • Automatically delete sandbox contents
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    for me now it is OnLine Armor Premium and Prevx and Mbam Pro all in real time:thumb:
     
  3. mrfargoreed

    mrfargoreed Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    356
    I must admit that I don't use it any more as all it did for me was make browsing a miserable experience - pages not loading all the time, objects not loading, etc. In the end I just thought, 'What's the point if I'm running in a Sandboxed environment?' and haven't used it since. Browsing is now so much nicer ;) .
     
  4. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    Google Chrome --safe-plugins -incognito (XSS auditor,Click to Play,Block 3rd Party Cookies from being set and read and ignore exceptions)
    • Geswall
    • Privoxy settings:
      1. change-x-forwarded-for{block}
      2. client-header-tagger{image-requests}
      3. client-header-tagger{css-requests}
      4. crunch-if-none-match
      5. fast-redirects{simple-check}
      6. filter{js-annoyances}
      7. filter{html-annoyances}
      8. filter{unsolicited-popups}
      9. filter{content-cookies}
      10. filter{refresh-tags}
      11. filter{img-reorder}
      12. filter{banners-by-size}
      13. filter{banners-by-link}
      14. filter{jumping-windows}
      15. filter{frameset-borders}
      16. filter{quicktime-kioskmode}
      17. filter{ie-exploits}
      18. hide-from-header{block}
      19. hide-if-modified-since{-60}
      20. hide-referrer{conditional-block}
      21. limit-connect{,}
      22. overwrite-last-modified{randomize}
      23. session-cookies-only
      24. set-image-blocker{pattern}
    • sometimes used with TOR/Vidalia/Polipo.
    • Prevx SafeOnline on Maximum settings.
    • Clearcloud DNS
    • 1806 Trick
     
  5. markedmanner

    markedmanner Registered Member

    Joined:
    Nov 1, 2009
    Posts:
    134
    For me:
    Avira heuristics set on High. Firefox with cookies disabled by default and allowing them on a site to site basis. adblock,noscript,better privacy, Httpseverywhere and keefox (Keepass addon for firefox). Use Norton DNS to help block malware sites. And I run firefox in Sandboxie with Drop My Rights checked in Sandboxie. All of this plus just using common sense I believe I am pretty much safe.
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Chrome + Sandboxie properly configured. Avira + MBAM to check downloads.
     
  7. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
    For me it's pretty much the same as my whole system security setup :D

    NortonDNS(fastest for me)\Chrome\adblock\sandboxie\avast
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    My everyday surfing is done using a sandboxed Firefox, forced, in a
    sandbox where only FF has internet access and only FF, Foxit and
    Plugin container can run. Like Sully, everything gets downloaded to
    a forced folder. On that folder nothing can connect and everything
    can run/start. Usually, files stay on that folder until I get rid of them
    or decide to keep.
    The only plugin that I have installed is Flash, normally disabled by
    NoScript, only allowed in YouTube and rarely somewhere else. I
    know that NS might be redundant but I like the way it keeps
    pages clean of stuff that, to me, is unnecessary and potentially
    dangerous, like JavaScript. I cant stand JavaScript.
    Doing the above has kept me clean for a while.

    Bo
     
  9. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Opera 11.10 with GesWall 2.9.1. :thumb:
     
  10. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
    I use 4 browsers for different purposes. Google chrome with bitdefender trafficlight plugin for general browsing, Firefox to check e-mails and safari to open wap sites in PC;) These three are in standard user account. I use Internet Explorer 9 in a separate password protected user account to make online payments. All these browsers are forced to run in separate sandboxes under sandboxie with drop my rights and auto delete enabled. I use clearcloud dns and have Eset Smart Security:)
     
  11. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    There is a flaw in this that I recently became aware of, and that is the .zip files, when opened as a directory in explorer, are not sandboxed. I don't normally go into .zip files and execute from within, I extract the contents within the downloads directory and then run/test them. The other day I happened to notice something wasn't sandboxed, and realized I had executed from within the archive. This is a known issue. I have a fix for it, but I haven't finished it yet. That is the only flaw I can see from this approach.

    Sul.
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I use WinRAR as default, Zip files open sandboxed in the download
    folder even though WinRAR is not forced but they wont open in
    the sandbox if I open the ZIP with 7ZIP, unless 7ZIP is forced.
    I don't have WinZIP to try it.
    I would force 7ZIP or WinZIP so they open sandboxed. This could be
    the same situation that we experience if we use WMP as our default
    video player were it wont open sandboxed ( in the DL forced folder)
    unless is a forced program.
    I use sandboxie to the letter of your description in the bottom part
    of post #30. Like you, I know it works.


    Bo
     
  13. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I use the same approach as you. Thanks for sharing your finding!
     
  14. PRUHDG

    PRUHDG Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    77
    Opera 11.10 defensewall untrust [mostly used]
    Firefox 3.6.16 (noscript,http request string editor,trackerblock) vpn defensewalled.
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    @bo elam: Sully was talking about opening .zip files in Windows Explorer, not other third-party archivers.
     
  16. drkoopz

    drkoopz Registered Member

    Joined:
    Mar 4, 2006
    Posts:
    74
    Firefox 4 with Adblock plus. Havent been infected from a browser since IE6.
     
  17. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Correct, this has to do with only the built-in functions of the shell.

    3rd party tools like winrar are opened in the sandbox as expected.

    There is a shell extension (I believe) that allows a compressed file (.zip file) to be viewed within windows explorer as a sub-directory. I have always liked this feature because I can easily view the contents rather than opening winrar or something. I don't use it often, but I do like to store things as .zip just because of this functionality.

    When I download things to my downloads directory, I expected anything that I did there to be forced into my sandbox. As I said, I noticed this was not happening. Turns out it is because explorer does some unique things when it shows compressed files this way. Tzuk has stated that it is not a bug and will not be looked at.

    It is simple enough to stop this from happening by deleting a registry value or two, depending on if you want .cab files to also stop this functionality. In other versions I read that you could unregister a com object, but I cannot get that to work in win7, so I am going to use the registry.

    I am making a batch script (because it is a good project to use batch with ;) ) that will toggle this feature on/off. This would then allow you to have the feature only when you want it. It shores up how I use sandboxie quite a bit.

    I had looked at other methods, but my goal is not to only make sure the contents of an archive don't run or are ran with restrictions, but that it opens within the sandbox.

    I will keep everyone informed, as this is actually (IMHO) a pretty big issue.

    Sul.
     
  18. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Do you use Avira and MBAM as on-demand scanners? I ask because my biggest vulnerability now is probably when I transfer files from the sandbox to the desktop.
     
  19. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Yes I do. Most of the time transferring downloads from the sandbox to the desktop is quite safe as long as you don't execute anything (I don't know whether there are exceptions to this). Sometimes, if I'm particularly suspicious I scan the whole sandbox before I do anything. I haven't mention it but on 2 machines I also have Anti-Executable which is always vigilant about anything that might execute in the background.
     
  20. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Here is my fix for the zip issue regarding Sandboxie and forced folders.

    It requires you to take ownership away from TrustedInstaller and give it to your admin account (and of course making sure you have full control of it). This is geared towards .zip files, not .cab files which operate in the same manner.

    I made some comments for those who want to know the 'how and why'. Essentially you get rid of a CLSID in HKCR, and zip functionality stops working. You must use a 3rd party app then. It is a batch file that toggles the value, so run it once for disable, then again for enable.

    Here is the contents. Make your own .bat file, name it what you like, and paste this into it.
    Code:
    @echo off
    
    REM a line starting with a single colon : is a function or routine (sort of)
    REM a line starting with two colons :: is a comment, just like REM stands for REMARK (fyi)
    
    REM The first thing you need to do is to allow yourself control over a registry key
    REM Use regedit to navigate to HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}
    REM Right click this key, left click on Permissions
    REM Check to see if Administrators have Full Control.. if not then do the following
    REM Click on Advanced at the bottom
    REM Click on the Owner tab on the top
    REM Change the owner to the Administrators group
    REM Check the box to replace owner on all subcontainers and objects
    REM Apply the change
    REM Now that you are the owner (as an Admin)
    REM make sure you give yourself full control of the registry key
    REM That should do it.
    
    :: first we will check if the alternate value exists
    REG QUERY HKCR\CLSID\{.E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /ve
    
    :: when not finding this value, we will create it
    IF ERRORLEVEL 1 GOTO _makeFirst
    
    :: otherwise, we will do our main routine, which is called _main
    
    :_main
    :: this is the main routine
    :: query the registry for the DEFAULT value
    REG QUERY HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /ve
    
    :: when not finding the value, ERRORLEVEL 1 is set
    :: when finding value, ERRORLEVEL 1 is not set
    IF ERRORLEVEL 1 GOTO _enable
    IF ERRORLEVEL 0 GOTO _disable
    
    :: for some reason we have an error
    GOTO _whyend
    
    :_makeFirst
    :: this routine will create our alternate registry key
    :: but first we will make sure our DEFAULT key exists
    REG QUERY HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /ve
    IF ERRORLEVEL 1 GOTO _problem
    
    :: now we will create our alternate value
    REG COPY HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} HKCR\CLSID\{.E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /s
    
    :: now we will return to our _main routine
    GOTO _main
    
    :_enable
    :: this will create the DEFAULT value and allow viewing of compressed files
    REG COPY HKCR\CLSID\{.E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /s
    GOTO _end
    
    :_disable
    :: this will delete the DEFAULT value and stop the viewing of compressed files
    REG DELETE HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /f
    GOTO _end
    
    : _whyend
    CLS
    ECHO.
    ECHO There was some error in checking if the registry keys existed.
    ECHO I cannot help you now, ask me at Wilders sometime.
    PAUSE
    EXIT
    
    :_problem
    CLS
    ECHO for some reason neither the DEFAULT nor the alternate reg key exists
    ECHO this is a problem.. sorry, you are on your own as to why this is
    PAUSE
    EXIT
    
    :_end
    EXIT
    
    
    
    One can put that .bat file in thier quick launch, or on the desktop or wherever and run it when needed. Or, I also include how to put it into the context menu of objects. I tried to put it into the .zip context menu, but it will not allow it on my machine. Also, of note for those of you who are using forced folders, you cannot use the context menu option on an object within a forced folder, or it starts in SBIE. You must start the context menu from a file in an un-forced directory. You could also create a context menu for any area you know how, just call the .bat file. ** make sure you provide the correct path to your .bat file !!

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\*\shell\togglezip]
    @="Toggle Zip"
    
    [HKEY_CLASSES_ROOT\*\shell\togglezip\command]
    @=[COLOR="Red"]"c:\\togglezip.bat"[/COLOR]
    Enjoy.

    Sul.

    EDIT: here is the default in case you need it ;)

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]
    @="CompressedFolder"
    
    [HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\DefaultIcon]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,7a,00,69,00,\
      70,00,66,00,6c,00,64,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
    
    [HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\Implemented Categories]
    
    [HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\Implemented Categories\{00021490-0000-0000-C000-000000000046}]
    @=hex(0):
    
    [HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\InProcServer32]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,7a,00,69,00,\
      70,00,66,00,6c,00,64,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
    "ThreadingModel"="Apartment"
    
    [HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\ProgID]
    @="CompressedFolder"
    
    [HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\ShellFolder]
    "Attributes"=dword:200001a0
    "UseDropHandler"=""
    
    
     
    Last edited: Apr 25, 2011
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Thanks JL, I did not know that could be done. I always use WinRAR to
    open Zip files in my download folder, always extracting the files into
    the same folder. Don't know a reason for doing it differently but good
    to know that the flaw Sully talked about, does not apply to the way
    I handle ZIP, RAR files.

    Bo
     
  22. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    My browser security is . . . surf on safe websites and knowing what you're doing.
    I know it's not bulletproof but it has worked over all the years of surfing on safe and "dark" websites ;)
    Never been infected by surfing (Not that i know of) :rolleyes:
     
  23. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    I've found that the only way to secure the "safe" browsers is to back up most of the files fore safe sites, rewrite/recompile them for unsafe or unknown sites. and use a batch file to switch between them. WOT led me to ANOTHER driveby download yesterday. AVG and the rest are as poor. Sandboxing and other software -- well, the malware writers are probably the first to download the latest virtualization software. But it is fun!

    Dave
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    very true or maybe they use a dummy pc;)
     
  25. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,325
    Location:
    US
    Firefox with NoScript and My Wot inside of Sandboxie. Using OpenDNS while Online Armor and Microsoft Security Essentials watch over entire system.

    All financial sites are in my Hosts file so DNS server never even consulted for them.

    Acadia
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.