Does Ewido protect against CoolWebsearch?

Discussion in 'other anti-trojan software' started by Starrob, Dec 29, 2004.

Thread Status:
Not open for further replies.
  1. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    I was just wondering how much protection does Ewido provide against CoolWebSearch? Does Ewido protect against all known versions of CWS?


    Starrob
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    No it does not. If ewido can really do that I would be very surprised! :D
     
  3. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I think you would:)
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    It is one thing to be protected against all KNOWN varients of CWS (something I would expect) and quite another to be protected FULLY against CWS (something I would not expect).

    CWS is a fast mutating family of malware quite determined to 'stay ahead of the game' and with the financial clout to do so.
     
  5. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Don't use Insecure Explorer. Wow, that was so hard.

    That'll be $35.
    -
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Well I do use I.E., exclusively, and I've never been infected yet. If you configure it correctly it is MUCH safer than a lot of ill-informed individuals seem to be suggesting.
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Secunia's security vulnerability list at the time of posting:

    Internet Explorer 6.x - 21 unpatched vulnerabilities, the worst being highly critical.
    Firefox 1.x - 3 unpatched vulnerabilities, the worst moderately critical.
    Opera 7.x - 3 unpatched vulnerabilities, the worst moderately critical.

    So yes, it is possible to harden Internet Explorer to some extent, but you will always be more vulnerable than if you switch to an alternative browser.
     
  8. Atangel

    Atangel Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    53
    I believe that BOClean does protect against various CoolWeb variants, but that's not free software, its fee. I don't think any of the free AT's do, but I'm sure someone will correct me if I'm wrong :)

    But really, ditching IE is the safest route today. Glad you haven't been infected yet, but there's a world of pain once you do (and lets be honest, all the security software any of us run is run as a contingecy, for that time when something does happen).
     
  9. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Paranoid, you've trotted these theoretical vulnerabilities out before, which ones are you arguing applies to a CORRECTLY configured I.E.?

    Most of them have no application to system configured for maximum safety; if you wanted 100% safety you had better not surf the net at all with ANY browser.
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    First, please define what you mean by "correctly configured". All of these vulnerabilities have practical use as mentioned in the individual advisories (and there are plenty of examples of spyware/hijackers using previous vulnerabilities to cause havoc).
    Since some of the unpatched vulerabilities bypass XP SP2 security features or Security Zone restrictions, even a cautiously-configured IE user could be affected. Others can only be avoided by restricting online activity (e.g. not browsing an untrusted site while browsing a trusted one for the IE Window Injection Vulnerability).

    Yes, 100% safety can only be achieved by staying offlline but 99.999% while staying online is what most people would be happy with - and it should be pretty obvious that using an alternative to IE improves the odds greatly.
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    'Correctly configured' means a configuration capable of defeating the vulnerability referred to. If there is nothing you can do with the configuration of your system to prevent the exploitation from occuring, then the threat, though theoretical, is of concern. The large majority of the weaknesses contained within the link you gave us can be defeated and are therefore only an issue for the user unaware of the potential dangers.

    The specific link above referrs to a moderately critical spoofing threat, no more dangerous in the practical sense than the moderately critical threats which Firefox may be subjected to. I am arguing that, if you are familiar with the ways to defend yourself, jumping ship to an unfamiliar browser is not going to SIGNIFICANTLY increase your safety.

    If you are a novice then maybe it would be different. But I'm strongly objecting to this ill thought out, and ignorant, mantra that goes up as people shriek that users of I.E. are doomed to infection and should change immediately. I have been to plenty of sites where infection with I.E. is said (by some!) to be a near certainty and I have come away unscathed - and not through luck, 'Spanner' on this site can tell of the same experiences!

    Finally, the cross-domain scripting vulnerabilities, that apply when coding is given privileges by virtue of placing itself in other zones can be ameliorated by removing those privileges from the zones in question (eg Trusted and My Computer zones).

    As an afterthought, I have just noticed that the spoofing threat you gave us in the link above only applies if you are at a 'trusted' site, with consequently lowered settings, if you are not in the habit of lowering your settings (or only when really necessary) you are most unlikely to suffer from this highly theoretical example - which after all requires maliceous code to be injected into the web site of a legitimate organisation.
     
    Last edited: Jan 3, 2005
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Today's reported vulnerabilities become tomorrow's spyware attack routes and many IE problems can only be fixed by a patch (e.g. the "Extremely Critical" HTML Elements Buffer Overflow, IE Multiple Vulnerabilities and Local Resource Access and Cross-Zone Scripting Vulnerabilities advisories).
    The three examples given previously cannot be defeated by configuration (the last one even bypasses security zone settings). The only fix is a patch. While these have been patched, the most serious vulnerabilities are those that have not been disclosed or fixed ("zero day exploits") - while any software is subject to these, it should be blindingly obvious both from the track record and other empirical measurements (e.g. code size: Opera 7.54 - 3.5MB without Java, Firefox 1.0 - 4.7MB, IE6 SP1 - 11-75MB) that IE has performed wretchedly and will continue to do so - do you seriously believe that Microsoft can match Opera or Firefox's security with a codebase over 10 times as large?
    The other advisories should disprove the point - even considering that patches are available you have the certainty of more equally serious problems being discovered in the future due to (a) the larger codebase of IE (more code = more bugs = more vulnerabilities) and (b) Microsoft's integration of IE into Windows itself meaning that an IE vulnerability is far more likely to become a Windows system vulnerability (14% of IE's vulnerabilities were rated "Extremely Critical" compared to 3% for Opera 7.x and 0% for Firefox 1.x). And if you are thinking that all the problems have been fixed, just check out Eeye's Upcoming Advisory list...
    Well bully for you - enjoy the view from your ivory tower then. The reality for most IE users is having their settings hijacked, their systems compromised to varying degrees and their network access hampered by adware. The reality for Opera and Firefox users is far better so helpers here and elsewhere are doing a service in advising people to switch. If you want to stick with IE that's your decision but that does not make it a worthy recommendation for others - some people do not run anti-virus software on their systems and avoid infection but this does not mean that everyone else should.
    All you have to do for this "theoretical" vulnerability is to visit 2 sites at the same time, with one of them being trusted (e.g. your online bank). Now people who have read that advisory know that this can be risky with IE, but how many "typical" users would?
     
  13. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Gentlemen....let's keep the rambling browser wars to an appropriate thread.

    The discussion should concern the thread title....Does Ewido protect against CoolWebsearch?
     
  14. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    In view of what Bubba says, it would be advisable not to respond to the above. I will therefore confine myself to one final point. The Secunia document states:- " A cross-zone scripting error can be exploited to execute files in the "Local Machine" security zone."
    Since I have stated that my Local zone (the My Computer zone) is configured to prevent this (I allow no extra privileges in this zone) the stated vulnerability does not apply. I am therefore forced to conclude that either Paranoid has not read the document he quotes, or else he simply does not understand it.
     
Thread Status:
Not open for further replies.