Is the following trick enough to stop all malwares downloads?

Discussion in 'malware problems & news' started by CoolWebSearch, Jan 16, 2013.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    Everybody know that all malwares download from web-browsers. So why not have the option disable Downloads for those who don't need Downloads section or they use it very rarely.

    Also, why web browsers don't have options to disable start/run on all applications and exe processes and also disable saving those application in the first place, shouldn't that be enough?

    But I'm talking about times when you don't need to download anything, would this work against exploits, drive by downloads, clickjacking, fake avs, rootkits, keyloggers and similar?

    How do web browsers protect against malware? As far as I know that don't.
    It's all up to user.

    Thank you in advance and cheers.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    First of all, not all malware comes through browsers.
    You forgot p2p, scp, usb, shares, network traffic, etc.

    Second, any request to get a web page is effectively a download.
    The fact it happens behind the curtain does not make it any less of a download.

    Disabling downloads in a browser, you mean disabling user-prompted, interactive downloads not trigger as part of the loading of html pages without keyboard and mouse events? Possibly yes, but won't change anything for what happens in the background. Besides, how do you differentiate a click on a URL that redirects to a page from one that downloads a file? Do you go by extensions/file types?

    You are asking for not making a web browser what it is. That's a paradox. Either you use it or you don't, and if you do, be smart, and then the question you're asking becomes a non-issue.

    Mrk
     
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    They do? What about P2P? What about email attachments like PDF files, Excel sheets and such?
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Internet Explorer has an option that prevents file downloads. Enabling this setting will make Chrome download but delete certain file types. I'm not sure about Firefox/Opera.

    But, you can prevent Firefox from downloading, if you set it to run with a low integrity level. Until very recently, Firefox still required to interact with Temp (in the user profile folder) folder to download files. Considering that it has a default Medium integrity level, it won't be able to initiate the downloads. This only works in Vista+.

    I suppose another option would be to use something like Sandboxie, and then block read access to the temp folder? Not sure which setting would work. Never tried it.
     
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Do you mean to disable file downloads through Internet Explorer security custom settings and if so what about third party browsers and what about what was was mentioned already. I wish it was that simple because none of us would need any real time or OD scanners or things like sandboxie or perhaps imaging or restore.
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    P2P does not download files by itself like many people wrongly thinks. You have to initiate a download, just like through a browser or for email attachments, PDF, excel files.
    Malware that can download by itself using an iframe or other silent methods is negligible. Therefore it is safe to say, that it is always a user, who downloads malware files.
     
  7. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
  8. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    There are Group Policy tweaks in XP Pro you can use to block downloads, and/or filter them by file extension. If memory serves you can filter by other means as well. In the Attachment Manager settings, I think. And doing so will work for any browser, not just IE.

    I used it for awhile. But then one day I trimmed back several settings that I realized were just an unnecessary PITA... that I was sacrificing too much usability for security. And that was among them.
     
  9. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    That was my point. The OP said "Everybody know that all malwares download from web-browsers.". I don't know anyone who could possibly think P2P downloads anything by itself.
     
  10. Security Novice

    Security Novice Registered Member

    Joined:
    Jan 12, 2013
    Posts:
    15
    Try this. Perform all your downloads from a virtual machine (like Virtual Box) first. If it is safe, then download it onto your actual OS. Even if the download contains a virus, as long as it is inside your virtual machine, your computer will be safe. The malware has to leave the VM and infect your actual OS to do any damage. Just delete the virtual machine if you downloaded a virus. Create a new VM.
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Just keep your browser and plug-ins up to date and disable any plug-ins you don't need. If you then sandbox this browser setup there should be no concern whatsoever of being successfully attacked.
     
  12. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Preventing downloads won't stop exploits and their usual payloads. However, if your computer(s) are shared, it helps to minimize unwanted junk. Just make sure the other users do not have the rights to override your restrictions and do not have other means to download.
     
  13. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    Hi, Mrkvonic, thank you for your input.
    But how do you protect from such websites? Through sandbox or something else?
     
  14. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    I didn't know this is so easy and simple.
     
  15. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    Like wat said sandboxing should take care of that plus update of the web browser, I guess this is very simple.
     
  16. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    I can't believe it that you still use win xp pro sp 3 like I do.
    My main problem is that I have only 1 gigabytes of ram memory. It's really hard to define my security approach with such a low ram memory, currently I'm trying to decide between DefenseWall, GesWall and Sandboxie plus Avast as an antivirus free.
    I do have excellent router with spi firewall, so at least in that area I'm secured and there is no heaviness on resources.
     
  17. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    The first two recommendations I made are just a couple of the basic and essential steps to employ, with the sandbox idea an additional hardening step. Of course there's so much else at one's disposal in mitigating the threats.

    If you want to keep things simple yet secure, you might look at something like:

    -Chrome with only essential plug-ins enabled.

    -Run from a Standard user account

    -Use Microsoft EMET (especially because you are using XP)

    -Use a properly configured Sandboxie to contain Chrome.
     
  18. ravnen

    ravnen Registered Member

    Joined:
    Mar 2, 2009
    Posts:
    17
    Maybe I am missing something here, but why do I need to do all that, to stay secure while surfing the web?
    I would say, keep it simple and know what you are doing.
    How about just use the build-in security features in the OS?

    1. Update your OS and apps
    2. Make sure you have activated SmartScreen and ActiveX filtering in IE9/10
    3. Make sure you have a fully updated AV (e.g. MSE)
    4. Common sense (deny anything you did not ask for)

    1-2-3 should take care of any zero day exploit (flash,java) or drive-by attack (exploit, download exe or zip files)
    4 should eliminate phishing links or drive-by attack

    IE9 with SmartScreen Leads Malware Protection Once Again
    http://blogs.technet.com/b/privacyi...reen-leads-malware-protection-once-again.aspx

    SmartScreen® Application Reputation in IE9
    http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-174-application-reputation-in-ie9.aspx

    ActiveX Filtering for Consumers
    http://blogs.msdn.com/b/ie/archive/2011/02/28/activex-filtering-for-consumers.aspx

    Protect yourself from Flash attacks in Internet Explorer
    http://www.zdnet.com/protect-yourself-from-flash-attacks-in-internet-explorer-7000003921/

    Building Reputation with Microsoft Security Essentials
    http://blogs.technet.com/b/mmpc/arc...ation-with-microsoft-security-essentials.aspx

    /Jesper
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    My sample recommendation can hardly be classified as "all that". There are so many ways to secure a system. I used this as an example because I know the OP uses Sandboxie.

    Running as a Standard user is using what's built in to the O/S. EMET helps to mitigate software vulnerabilities. Chrome is just a browser. Sandboxie is 3rd party security - no different that using antivirus which you recommend, but undeniably a more secure option and one that probably runs far lighter than av.
     
  20. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    Problesm with Emet I have downloaded Emet 3.5 for windows xp pro service pack 3, I installed it, and than I tried to open its GUI, I couldn't it says that there is en error or something like that and than it gives me options to send or don't send this problem on Microsoft website or something like that...

    So does it mean if I can't open Emet's gui a problem for security does it still protect and fills the holes of my windows xp pro service pack 3 (32-bit)?
     
  21. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Does 3.5 add anything that functions on XP? If not 3.0 might be a better choice. Also, do you have the .NET Framework installed? I think 2.0 is required for the EMET GUI.
     
  22. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    I have both 2.0 and 3.0 Net frameworks installed, this is why I don't understand, what is wrong? I have tried both EMET 3.0 and EMET 3.5, GUI does not work in neither version, what a shame, it seems to me that I will try NoVirusthanks exe radar pro.
     
    Last edited: Jan 18, 2013
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    It's too bad you can't open EMET. Jack is right that .NET 2.0 is needed.
     
  24. Because you have to at least download HTML files for the browser to work at all. :)

    Unfortunately not.

    - Plugins necessarily execute another process, from which they can do whatever

    - Code injected into a browser process could download a nasty file and call CreateProcess() to run it

    Short answer, no. Most of what you mention IIRC uses Javascript parsing vulnerabilities (usually for in-browser stuff) or exploits against plugins (for drive-by installs). Some of it might use HTML rendering vulnerabilities... But the point is, browsers are not designed to execute arbitrary code without the user's input. There has to be some flaw in the browser for these attacks to work.

    - Sandboxing. Chrome and IE use mandatory access control to restrict the HTML and JS engines, i.e. they run the processes with more limitations than the account running the browser. If there's an exploitable bug, this makes it more difficult to gain useful privileges.

    - Plugin blocking. Plugins (especially Java) tend to be pretty vulnerable; you wouldn't want an untrusted website (or an ad on a trusted one) running them. Blocking plugins puts some security in the hands of the user; OTOH, if the blocking mechanism works, then you at least have to click on a plugin exploit to get infected rather than having it happen with no input.

    - Javascript blocking, as per Noscript. If a hostile domain can't run Javascript on your browser, the possibilities for exploits are seriously diminished.

    - Blocking various other elements (Noscript again). Frames can be used to embed hostile content. Custom fonts can be used to attack an OS's display system. Etc. You might not technically be secure against this stuff, but if the browser never parses it, it can't hurt you.

    - Ad blacklisting. This is kind of a lame tactic IMO, but ads do seem to be pretty frequently used for malicious purposes.

    No prob.
     
  25. guest

    guest Guest

    just keep a CLEAN image of your system
    and you have no worries:thumb:
     
Loading...
Thread Status:
Not open for further replies.