active content filter programs?

Discussion in 'other anti-trojan software' started by Yair, May 31, 2004.

Thread Status:
Not open for further replies.
  1. Yair

    Yair Guest

    recently someone tried to infect me with an undetected java trojan (i made it detectable now by the progrmas i use ;) )
    i realized how easy it is to get infected while doing nothing but visiting a site

    what do you recommend for active content (activex, java, java script...) protection?
     
  2. controler

    controler Guest

    Hi

    I am sure there are alot of programs out there that can help disable java, activeX ect. All depends on the browser you use also. Best to disable all that in your browser and not use Internet Explorer eccept for updating. then you need ActiveX enabled.
    there are some here that use SafeXP which is another free program to help out in dissabling alot of Windows XP crap.
    I see in the new version they added a recommended key.
    Gkweb has a little program called WWDC to disable some stuff like DCOM, RPC Locator and Netbios ports 137, 138, and 139 which SafeXp allready does i believe.

    controler
     
  3. Yair

    Yair Guest

    i have those ports closed and stealthed so that's not a problem :)
    i don't want to simply disable Java, ActiveX etc
    i want to use it in a more secure manner


    i googled a bit and found a program called
    SurfinGuard Pro 5.7
    http://www.finjan.com/products/surfinguard.cfm

    it supposed to do just what i asked for
    i also read that Outpost firewall do it with a plugin


    anyone heard about SurfinGuard? is it any good? or recommend another?


    i will later test SurfinGuard with that trojan i wrote about :)

    i will check SafeXP, but it seems to me most of its tweaks i already did manually or with other programs
     
  4. controler

    controler Guest

    Hi ans yes I tried surfinguard about 3 or 4 years ago and bragged it up then so I am guessing they have really improved it since then :D
     
  5. Yair

    Yair Guest

    well i tested SurfinGuard with the java trojan
    the trojan did not install :)

    this program is a must have because you don't need to do anything other than visit a website to be infected with an undetected trojan
    i thought my computer was safe before i saw how easy it is to get infected

    i am pleased :D
     
  6. lostcause

    lostcause Guest

    Wouldn't Proxomitron do the same things and alot more? And it's absolutely FREE.
     
  7. Yair

    Yair Guest

    SurfinGuard specializes on security, not on annoyance
    it's not a proxy
    the real test will be to see if Proxomitron blocks the java trojan i tested SurfinGuard with

    i will test that tomorrow :)
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Proxomitron certainly can block Java and any other active content. The problem is that you most likely will want enable some content for certain sites that you trust - this can be done using its blocklist files but this is a little awkward. The controls offered with some firewalls (I use Outpost's Active Content plugin for this but others like Kerio and ZAPro also offer similar functions) and other filters like WebWasher Classic (free for home use) may be easier to configure on a per-site basis.

    SurfinGuard takes a different approach of running any active content in a sandboxed environment and alerting you to suspicious actions. This may be more suitable if you wish to view active content generally (animated greetings cards for example), but blocking it by default is safer and less time consuming.
     
  9. ramblin'man

    ramblin'man Guest

    So what happens if i just completely disable java and javascript in my browser? Would that then stop that nasty java trojan without having to get some fancy software?
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    With Java disabled, no Java applets would be downloaded so the Java trojan should not even reach your PC.
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Outpost firewall does a splendid job of blocking active schtuff.

    From what I've heard, it's Java that is potentially dangerous, but Java Script isn't. Am I misinformed?
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    ActiveX is the most dangerous since there is no control over what an applet can do. Java applets run in a sandbox which should limit the scope for mischief - but vulnerabilities have been found with some Java VMs (notably Microsoft's) that allow malicious applets to cause some havoc.

    Javascript should be limited to the browser itself and would appear the least problematic - but it allows browser and window settings to be altered so considerable mischief could be created here too.
     
  13. Yair

    Yair Guest

    great, then i'll keep using SurfinGuard so i can surf normally but safely
    it came from an Israeli company, that's a plus for me (Israeli :) )
     
  14. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    SurfinGuard would be safer than using raw ActiveX but disabling ActiveX completely (or ditching Internet Explorer for a more secure browser) would be safer still and cheaper.
     
  15. Yair

    Yair Guest

    when i disable it in the past all the errors drove me nuts
    i tried moving to another browser, always came back to IE
    SP2 should make it a bit more secure, or at least less annoying
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    What errors? I have never come across a site that could not function without ActiveX - except for Windows Update. Care to post some URLs?

    As for SP2, it will patch some known problems but IE is insecure by design and will continally need new fixes. In addition, patches can only cover problems that are (a) known, (b) acknowledged by the vendor and (c) fixed. That period between (a) and (c) is a window of vulnerability which can last for months (several critical patches for Windows were released over 200 days after Microsoft was first informed of the problem). And since IE is tied into Windows itself, an IE flaw can escalate into a severe Windows vulnerability which would not be the case with alternative browsers.

    As for returning to IE - how much time did you spend checking the extra features available in alternatives like Firefox and Opera? There are major usability enhancements (tabbed browsing, mouse gestures, fast search-engine access, e.g. typing "g opera" will to a Google search on Opera, "e opera" will do an Ebay search) which I could not envisage doing without.

    Check out 30 Days to Becoming an Opera7 Lover for a description of lots of the features you are missing by sticking with IE. The biggest thing you have to lose by dropping IE is compatibility with all those browser hijackers out there. :D
     
  17. Yair

    Yair Guest

    i just remember i got "your security settings prohibit running activex controls" all over the place

    i liked using mozilla
    but some websites don't load as they load in IE
    that's what made me come back to IE

    i can always use one of those tabs add ons for IE (like netcaptor) but when i need a lot of windows simultaneously i open mozilla

    i am fine with the google toolbar BTW ;)
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Using a third party filter should avoid this - it sounds like IE trying to nag you into turning your system into the security equivalent of swiss cheese.
    If I come across serious issues, I typically send a polite note to the webmaster asking them to consider using the design guidelines of the Any Browser Campaign. Ultimately, IE is a time-bomb for most users (check today's IE bug story) so any webmaster trying to force IE on visitors is being thoroughly irresponsible, IMHO.
     
  19. Yair

    Yair Guest

    I'm gonna stay with IE for now :D
    for some reason i really like SurfinGuard now :p and it supports opera, not firefox
     
  20. Yair

    Yair Guest

  21. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well kudos to SurfinGuard - however disabling ActiveX completely is still a safer choice since even the best sandbox can leak. ;)
     
  22. charlesvar

    charlesvar Guest

    NOD protects from this as well.

    Regards - Charles
     
  23. Yair

    Yair Guest

    but only now when it is known, after it was traced in the wild
    SurfinGuard always did that because it's a sandbox (it needs no updates) for the active content
     
Thread Status:
Not open for further replies.