Protection against various attack vectors and software

While I practise 'safe browsing' (YES, with IE 7), I've been thinking of any unknown dangers.

So this is a bit about the various attack vectors.

I usually don't acces YouTube, but recently I did, and that gave me something to think about.

I know it's possible to get infected by accessing Youtube.

I know this thread is about 'other anti-malware software'.

For protection, should I be looking at antivirus software, or antispyware programs ? Please don't come up with all sort of advanced techniques like (HIPS) Defensewall or Acronis.

How great is the risk ?

What about video files, like on Yahoo and TheOnion ? How risky are those, and what kind of software offers protection ?

When browing the internet, I am sometimes prompted to allow Windows Media Player to do something, but that's blocked by default, but is it always blocked ? I don't have Realplayer or Shockwave, but I do have the latest version of Flash (with security set high), and something of Yahoo called richmedia (in a cookie, everytime I delete it it returns after a while). I wonder how media files are being played on Yahoo, MSN, TheOnion etc.

I vaguely remember something about http streams being a risk, but that's very vague ... is someone able to tell me anything about that ? (Maybe it's just nonsense)

 

Hello Fly,

I wont answer everything in your post but here is my two bits...

One of the main "Attack Vector" is not related to You tube or any specialized media content or social interactive sites.

Think of it more in the sense of what a web page is... Text files composed of HTML, XHTML, PHP, Java, Ajax, VBScripts, and other miscellaneous languages we can simply refer to as scripts. They are essentially methods used to interact content from the site to your web browser and so doing enhance the user experience of the web.

This being said the scripts are mostly legitimate, like when one wants to view a flash animation a script must be processed as the flash animation has to be invoked from wherever it is located and configured to play within your web browser... which requires the script to be "interpreted" by the web browser.

The issue lies in that sites, are often hacked, and "new" scripts are injected into the web page, that request your browser to process hostile actions... Those scripts are also attempting to exploit vulnerabilities inherent within your web browser and operating system. Sometimes they will even target applications running on your computer integrated in your web browser like the Java processing engine for example.

Many of those can be sitting on a site for a long time before someone realize the actions of the script is hostile and as such most will be browsing happily unaware. Also many sites you may think are legitimate may in fact be what is referred to as a spoofed site... a copy cat of the site fed to your browser via a type of DNS over ride that fool you into thinking you have landed into a legitimate location. Those sites are dangerous because hackers have 100 % control over the entire code base as opposed to only a few script they must hide carefully not to be detected...

In any case, using a web browser with powerful script controls is the advisable protocol to defend yourself. Currently the only known effective defense against such is Firefox in combination with No script as it will expose each and every script on the site, any site...

It also has built in ability to filter out XSS (Cross Server Scripting) as well as notify you if it detect any hostile IFrames within a page. It also has a slew of other neat tricks under the hood. To my knowledge it is currently the only tool with such a full complement of anti scripting tools. Any hostile action taking place in a web site is done via scripts... Block the scripts and you will effectively have neutered the hostile action in the bud!

Also many of these scripts are repeated across many infected sites. Hackers like to reuse their hacks over and over again, known ones can be pre detected with tools like Linkscanner Pro and McAfee Site Advisor. Those tools work by pre scanning the sites before they load into your web browser. When combined those 3 tools work to completely seal off your web browser from these attack vectors. This being said, you should still update your web browser regularly, and scan all your applications for those that are vulnerable...

I hope this helps!

 

Get Noscript for firefox if you are afraid of getting attacked by scripts. It lets you choose which ones you want to run, and you can black list ones you don't want.

 

Or just run that IE sandboxed.

 

Thank you. If anyone can be a bit more specific, it would be appreciated.

Btw, WHY Firefox with NoScipt ?

In IE 7 it's possible to disable scripts. Why (if) is Firefox much better in that regard ?

Btw, for the time being I'm sticking with IE 7, I'm used to it and my security software offers some special protection for IE 7. Of course I use higher than normal security settings in all zones

 

More granular control (per-site control, quick on/off), more extensive control (plug-ins, etc) and XSS

 

The only thing, I could add to this, is there is so much hatred against MS in the hacker community that they are very persistent @ finding holes and exploiting them just to give MS a black eye... The short = Use MS and you become an extended target. Also the economic incentive is great for those who exploit explorer vulnerability as the sheer number of those using it makes it the preferable target as well...

 

Thanks, but not enough to convince me to switch.

 

Have you even tried Firefox to see if you like it? You can have more than one browser installed on your system if you want.

 

Hi guys,

With the currently released version of FF, can one now use it exclusively (for ALL browsing), or are there still some websites that require IE?

Aaron

 

I use it for about 99% of my browsing with no problems.

 

The only site I have ever been to in the last couple of years that I couldn't use Firefox on and had to have IE is the Window's Update site. I am sure if I wanted to I could install the IE Tab or IE View extensions for Firefox and use it there too.

 

blocking scripts with fire fox no script isn't the only way to filter out scripts.

Admuncher and Proxomitron with its hugh list of filtering rules filters out scripts.

Outpost pro with its active content plug in gives you the option of blocking
activex,javascript,VBscript and scripting activex.

and the recently released opera 9.26 version has a fix for cross-site scripting attacks. http://secunia.com/product/10615/?task=advisories

Opera is a much faster browser than fire is.

and for all you firefox lovers read this.
http://home.comcast.net/~SupportCD/FirefoxMyths.html

 

NoScript features

 

Maybe due to the tweaks I have made to Firefox or the fact that NoScript blocks a lot of scripts for me that don't have to be run but on my systems websites load faster with Firefox than with Opera. I think both browsers are great though and I use them both. I do like Firefox better but that's just me.