no such thing as safe surfing

Discussion in 'other security issues & news' started by larryb52, Dec 5, 2008.

Thread Status:
Not open for further replies.
  1. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    for those that like I think they surf safely, I have advise, be well protected. I usually visit just a few sites to do with my baseball simulations & baseball in general. Well one of the forums had just introduced ads and I went there & pop goes Kaspersky catching a trojan that was part of the ad and it was endless, till the forum mod paid for no ads. So even what seems like a casual visit to a baseball forum can be an adventure in how good is your protection is, I'm thankful it wasn't worse...
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,958
    Location:
    U.S.A.
    larryb52, out of sheer curiosity, what browser were you using?
     
  3. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    784
    So Firefox + Adblocker Plus could avoided this in the begining ? :p
     
  4. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    It's all relative.

    It's almost 100% safe to visit certain websites, and for the rest the risk varies from small to high.
     
  5. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    it is just that surfing the internet is not fun anymore. Too many restrictions. don't go here, don't go there and pray if you go there you can turn on your computer in the morning. <g>

    We all now have to follow "safe s*x-ooops <grin> "Safe Computing" ;)

    robin
     
  6. normishmael

    normishmael Guest

    Freudian slip aside, both need the suffix "er" appended.
     
  7. TrojanHunter

    TrojanHunter Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    151
    Location:
    United Kingdom
    Safe surfing on a Vulnerable Internet don't go together, but being careful as possible can reduce the risks.
     
  8. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    you both miss the point of the topic,
     
  9. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    everyone read what I wrote. The site WAS a good site, a mishap occured making the 'so called' safe site not so safe. My point is DON'T THINK FOR A MINUTE THAT YOU CAN SURF SAFELY' there is no such thing. It should be added that if you computer is hooked up to the internet your not safe. Use protection as in AV or suite of choice...no one reads anymore...
     
  10. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    784
    I get the point. I know I-Frames infections and javascript "obscure" exploits are a real danger , a simple ad banner could lead you to a infection but ofcourse it isnt the end of the world ... Keep your system and aplications updated , use a different browser like Firefox with security plugins ( Ad Blocker Plus + NoScript) will protect you against drive by download much more effective than antivirus , and if you get "paranoia infection" use Sandboxie to surf ;)


    Surf Safely doesnt exist anymore because "safe" websites can be hacked with I Frames , javascripts , flash infections and etc ... thats it Larry i got your point , sorry if i was inpolite making my sugestion of Firefox.
     
    Last edited: Dec 5, 2008
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I understand what larry means, but the fact his AV caught it means he was "safe" in that instance. It's all about minimising the risks. Yes, legitimate sites can fall prey to malware, but it's how you're protected in the first place to deal with that.

    Some users are not even bothered by such things because of having other measures in place, like having an ad blocker so the ads wouldn't show. (Not sure if the malware would still attempt to get through though even if ad was blocked.) Some people use a HOSTS file, SpywareBlaster and other things to protect against such attacks. Minimising the risks is the key, and that's where tiered protection comes into play.

    PS: I think that when people talk of "safe surfing", they generally mean not venturing onto areas where such malware is more prevalent, but being mindful of the fact that attacks could occur anywhere on the web if sites are compromised. I informed a book publishers here in UK not so long ago they had code injection on their site delivering a trojan; they soon removed it and corrected things to prevent it happening again.
     
    Last edited: Dec 5, 2008
  12. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    I just get upset because I guess the bad guys are winning the bandwidth war, makes you paranoid & yes I usually use Opera & yes it's pretty safe , I see alot of average Joes that are customers at a bank I work for get ripped off dailey, they don't know any different, it's sad when you see people steal peoples cards & use all their money. Yes they get their money back that's what we do as a bank but we take the loss & it's just frustrating when people tell me well I surf safely...there just is no such thing...
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Agree with larry to an extent.The moment even the most reputable site becomes compromissed it is no longer safe until its rectified.Even many Adult sites are clean believe it or not.But it is expected to be malware infested for those who know better and usually keep are guard up or avoid at all cost.I think the problem with reputable sites that many may take for granted its clean so we may let are guard Down,big no.Good example someone installing reputable software but didn't see the tool bar that came with the package and not happy they have it,slow down I say.As far as general web browsing If you use Sandboxie,returnil,shadow defender and the like the chances of infection is very slim and If you have a clean image you can restore for worst case senario why worry at all.
     
    Last edited: Dec 5, 2008
  14. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,958
    Location:
    U.S.A.
    larryb52, no, I did not miss the point you were trying to make and read your post loud & clear. My own Internet doctrine is to treat all sites as bad (guilty until proven innocent) and allow minimal access for any site to operate, even the good ones, so from a technical point of view, I just wanted to know what was your browser, that's all. Thanks for posting that it was Opera.
     
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Anything's possible I suppose... but the fact that something popped up on your web scanner doesn't necessarily mean it would have been able to go any further anyway, or load anything, etc etc.. The web scanners will see all kinds of stuff in a http stream, but whether they do any harm or not is another question.

    I have been surfing the web for 12 or 13 years now, and never once had any real problems, and that with just about every browser made. It's good to be educated, but not so good to be paranoid.....
     
  16. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126

    it just showed me that my safe setup & safe websurfing doesn't mean crap & Opera has been pretty good to me as has my AV's that I run ( I run a couple differnt ones but of course not at the same time)...I use to use Firefox but I like Opera's compactness & use it's mail client, blocks malware...
     
  17. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    safe setup?? when you allow ads! LOL:D
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    Let me yank the magic carpet from underneath you.
    Use non-IE browser and all the evil surprises you can think of are no more.

    Popups, malware, wahoonies, they don't happen if you use a normal browser.

    Mrk
     
  19. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    For host based malware this is a good advice Mrk, why use a highway to the kernel willingly? However, for non-host based/server-side attacks the only solution for the user today, regardless of browser choice, is to tweak the browser by disable javascript, java, plug-ins, Iframe etc. Even if these vectors are mainly used for downloading a host based payload that could easily be countered with different methods, the difficulty for the user lies with threats where the malicious code (e.g. keylogging methods) is injected in the websites.

    /C.
     
  20. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    to be less ambiguous, there's no such thing as safe sites anymore, though it's still possible to surf them relatively safely if you use things like noscript or sandboxie...

    when sites like cbs or yahoo mail serve malware (and they have) then it's time to stop relying on the reputation of the site and start treating all sites as potentially unsafe...

    and using a non-ie browser isn't enough... if the drive-by download utilizes a flaw in a plugin (like flash or windows media player or something like that) rather than in the browser itself then it won't matter if you're using ie or firefox or opera or whatever...
     
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I wish someone would publish some real statistics on how many people actually fall prey to a real drive-by download or other exploit which results in harm to the system these days. I've been browsing everywhere (good and bad sites) for over a decade now, with all browsers, including all versions of IE, and have yet to see any problems. I tend to think most of this is just fear and paranoia about the possibility of a nasty happening, as opposed to anything really taking place. All these "threats" you hear and read about... hmmm.... how come I never run into any of them? Strange.... ;)
     
  22. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    maybe you're just lucky... although bad stuff on good sites is a relatively new phenomenon - it certainly wasn't something you would have had to worry about 10 years ago...

    give it some time - maybe the next time a major internet property like yahoo serves malware through 3rd party ads you'll manage to see it yourself...
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Ok, I will keep my eyes peeled.... but I won't hold my breath... :)
     
  24. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I Guess I must be living on the edge with the worlds most dangerous browser IE on Vista with java enable and when Intentionally invest my machine with parasites of trojans and rogue antivirus in shadow mode i still come out clean, what am I doing wrong.:p
     
  25. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,958
    Location:
    U.S.A.
    No, I believe your setup is correct, however, you "trusted" this baseball forum to be safe and that's when you fell prey. I understand your frustration of thinking that you are safe and the next moment, bang! That's one of the reasons why I adopted my "guilty before innocent" stand against the Internet. Paranoid? Perhaps... but I don't get any surprises. And if I want to venture into the dark side of the force, sandboxie is my true friend.

    I use the NoScript add-on in Firefox and as an example, take the nytimes.com site. NoScript Options reveals nytimes.com/ questionmarket.com/ tacoda.net/ googlesyndication.com/ atdmt.com as part of their site and if I only allow nytimes.com, it reveals brightcove.com and revsci.net as additional entries to the above. The more you allow, the more entries appear and pretty soon I see all kinds of ads, pop-ups, etc. If I can read their site or any other, without allowing it to pester me, why would I want to give it complete access to my PC?
     
Loading...
Thread Status:
Not open for further replies.