Safe/Unsafe Websites

Discussion in 'other security issues & news' started by ErikAlbert, Sep 6, 2005.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    This thread is NOT about IE-SPYAD or any HOSTS File (like MVPS, Bluetack, ...).
    I know already that both tools, protect you against visiting unsafe websites and I have IE-SPYAD and MVPS Hosts on my computer already.
    I also know that visiting websites, like porn, cracks, serials, illegal softwares, ... is unsafe and I avoid visiting these websites also.
    I also don't consider websites that install tracking cookies only as unsafe.


    What I would like to know is the following.

    1. If you only open and close an UNSAFE website and nothing more than that, is that website able to infect your computer with malware ?
    (I once read at SWI that opening a spam-email can infect your computer and I'm not talking about attachments, just opening the email and nothing more than that.)

    2. I don't believe that IE-SPYAD or any HOSTS Files protects you against any existing UNSAFE website on the internet.
    After all both work the same way as definition-based solutions. If the unsafe website isn't mentioned in IE-SPYAD or MVPS Hosts File, it will infect your computer once you start exploring that website.

    One of the basic preventing rules says : "Do not visit unsafe websites."
    Now that is easy to say, but how is a less-knowledgeable user able to see the difference between a SAFE and UNSAFE website ?
    I know already the answer : NO, he can't see the difference.

    So my question is : how can a less-knowledgeable user detect that a website is unsafe and infected with malwares (except tracking cookies).
    Are there any softwares or methods to verify a website ?
     
    Last edited: Sep 6, 2005
  2. Beefcarver

    Beefcarver Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    263
    Location:
    michigan
    I believe its all in the code. you dont know what codes your browser is reading when you visit a website or what the webmaster has written in the site.
    netscape 8 has a website verifier built into the browser and other stuff.
    but would be nice to see or have a website verifier program. or a proof reader program that reads the user agreement of programs you download.
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Modifiying the HOSTS file for site exclusions is utterly useless. For one thing, it doesn't accept wildcards so it takes absolutely nothing to completely bypass it, or to build enough hostnames so that nobody would be able to keep it updated. And I don't use IE-SPYAD; the ONLY way to keep ahead of the malware installations is to secure your box and to apply patches as soon as possible. To rely on hosts exclusions is, at best, very short-sighted.
     
  4. ZZZ7

    ZZZ7 Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    72
    If you surf with javascript/active scripting disabled [depending on which browser],you should be pretty safe!
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I assume you are not a less-knowledgeable user, but a knowledgeable user and with all your knowledge, you are probably right about IE-SPYAD/HOSTS, but less-knowledgeable users don't have your knowledge and most less-knowledgeable users have neither the talent, nor the time to become a knowledgeable user.

    So these users rely on IE-SPYAD and HOSTS and how poor these preventive tools may be according you, they protect alot of users against visiting unsafe websites and when they don't have access to an unsafe website, they won't be infected either and the infection can't harm their computer.
    So IE-SPYAD and HOSTS prevent alot of trouble and time for these users. You can't deny that.

    If YOU don't need IE-SPYAD and HOSTS, that doesn't mean that both are useless for everybody.
    IE-SPYAD/HOSTS are both highly recommended in every security forum as a SIMPLE, EASY, preventive protection and ignorant users NEED that kind of protection, because they don't understand anything about the internet, except using it.

    Sophisticated security softwares, that require too much computer/internet knowledge, don't even have a chance and will never have a chance amongst less-knowledgeable users and some of them give it a try until they make the wrong decision and harm their own computer.
    Even a simple scanner with a false positive is dangerous for less-knowledgeable users.

    The security industry has to create safe security for EVERYBODY and IMO they created more unsafe than safe security softwares for the less-knowledgeable users.
    So they have still alot of work to do. :)
     
    Last edited: Sep 6, 2005
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    As I read your # 1 post a little closer....I'll only add this comment at this time.

    Would you possibly consider using a word such as less-knowledgeable instead of ignorant Please.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    No problem. I don't use the word ignorant in a negative sense and my English hasn't a very rich vocabulary.
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Thank You Erik :)

    I'll assume since you mentioned IE-Spyad we are speaking of Internet Explorer. If so that's what my answers reflect.

    1. If you only open and close an UNSAFE website and nothing more than that, is that website able to infect your computer with malware ? If you do not have your settings proper....as soon as you Open the site you are susceptible to infection.

    2. I don't believe that IE-SPYAD or any HOSTS Files protects you against any existing UNSAFE website on the internet.
    After all both work the same way as definition-based solutions. If the unsafe website isn't mentioned in IE-SPYAD or MVPS Hosts File, it will infect your computer once you start exploring that website.
    Taking both sentences as one you are correct. If your Internet Zone is not securely set or the site is not in the Restricted Zone you are had.

    So my question is : how can an less-knowledgeable user detect that a website is unsafe and infected with malwares (except tracking cookies).
    Are there any softwares or methods to verify a website ?
    We as users classify sites. There is no such as a bad site except for those that get classified by us as users and those that list them as such according to their criteria.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    When you visit a site, you load a script that runs some content. This content can be anything. Now, can this content affect your computer?
    It depends? If it's activex for instance, and you use firefox, then you're safe. If it's javascript and you disable javascript, you're safe. If it's a windows vulnerability and you're patched, you're safe.
    Otherwise, you might not be safe.
    A less knowledgeable user cannot detect a bad site the same way an average person cannot tell if a cell is cancerous or not. You could run the sites in a sandbox or load them through a text browser to see the code. But it requires knowledge of scripting and html.
    The best I can offer you, Albert, is to use non-IE browser, for instance firefox with addons like noscript, adblock, and possibly more (if you want to control cookies, referrer etc.), run it with reduced privileges using DropMyRights and run it as a limited user in windows (or not).
    Mrk
     
  10. What you read in SWI can happen, though is pretty rare. This usually occurs due to a flaw in the email client AND?OR poor security settings when reading HTML mail.

    As far as I know, this only happened to Outlook . A fully patched system should be safe.

    Huh? I find a site that tries to install malware via activex, I put it in the hosts file, now i can no longer go to the site. So I'm protected.

    or I put it in the restricted zone, now the site cannot use activex, so I'm protected.

    Or do you mean something else?

    IE spyad - Puts "unsafe" sites into your Internet restricted zone. Typically, this stops activex, javascript, java from running.

    Hosts - Completely blocks access to the site in question.

    Indeed. The irony in calling others ignorant, when you yourself aint too knowledgable....
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    As far as I understand and if I'm wrong correct me.

    1) Running a browser in a sandbox IS the very best solution, because whatever happens in the sandbox, it won't affect your computer.
    In that case it doesn't matter how unsafe your browser is or how unsafe your browser settings are and you don't even need IE-SPYAD or HOSTS, because nothing can happen to your computer.
    If that solution is so good, I wonder why I hardly hear about using a browser in a sandbox.
    Maybe sandboxes aren't that good o_O

    2) Running a browser with the right security settings SEEMS to be a very good solution, but as far as I understand it depends on WHICH browser you are using.
    Nevertheless, I'm still not convinced that this solution is as safe as using a browser in a sandbox.

    3) Running a browser with default security settings IS NOT safe.
    Even the default settings of Firefox aren't safe and you need to change some settings and install extensions, like NoScript and AdBlock to make Firefox safer.

    @justpassingthru
    I don't consider emails as a problem anymore.
    I don't OPEN my spam-emails, like many users still do, I ignore and delete them, as soon they appear in my inbox and Thunderbird does that in one second.
    I'm not even curious, because I know what spam-emails really are.
    Spam-emails = TROUBLES and I have read enough bad stories about spam-emails on the internet.

    Do you really think that a less-knowledgeable user knows what an ActiveX is or even recognize it and will add an unsafe website to Restricted Zones or the Windows Hosts File because of that ?
    Forget it, only knowledgeable users are able to do that.

    If you want to use the word "ignorant" against me, well I can assure you that you don't know anything about less-knowledgeable users.
    You won't find these users at Wilders, but you will find them in the subforum "Malware Removal" at SWI and many other Malware Forums, crying for help and waiting until their HijackThis Log is solved.
    They are lucky they accidentally heard about forums (free of charge) like that, because the rest is looking for help elsewhere : family, friends, at work, at computer stores, ... and sometimes they have to pay the bill.
    At work they don't even listen to the computer department.
    Their answer : "Sorry but I don't understand you. I have alot more important work to do than security. My boss pays me to earn money and I'm very good at it. If you want my computer clean, do it yourself. Don't waste my time and leave me alone."

    The actual security solutions are VERY DISTURBING for hardworking users with their messages about updatings, warnings, and scanning results. Do you really think that these users like that, while they are doing their job ?
    Good security is SILENT and runs in the BACKGROUND, just like a guarding dog that doesn't bark.
    The security industry hasn't the slightest idea what users need and they better start listening to less-knowledgeable users.
    Don't tell me that the actual security solutions are fine, because they aren't and I can give you a list of serious problems.
    I'm not at Wilders for myself, I'm here to see what kind of security, the security industry offers to less-knowledgeable users and I'm certainly not impressed. Maybe they don't like to talk about it, but that doesn't mean the problems are gone.


    @Bubba,
    I understand you perfectly and "less-knowledgeable users" is indeed a better expression than "ignorant users" and that's why I changed my posts in this thread immediately.
    I will never use that expression again and it was never my intention to offend anyone.
    After all I consider myself as a less-knowledgeable (ignorant) user and I'm even glad you corrected me, because I finally found the right expression in English.
    One remark : "Ignorant" was alot shorter and easier to spell than "less-knowledgeable", so I have to get used to that. :D

    @MrkVonic,
    I certainly learned from your posts and your advices are correct, because I'm doing this for quite some time.
    Any preventive advice or software has my full attention, because prevention is always smarter.
    Removing malware with scanners is already too late and you don't know exactly what the malware already did to your system before removing it, unless you have the source program of the malware and you are able to read it.
    Before I became an application analyst, I was a programmer under DOS during 10 years and what a programmer displays on a screen is just SHOW and what a program does behind that screen can be entirely different.
    Programmers have all the power on a computer and users are just there to be fooled or not to be fooled.
    Users are just lucky that most malwares, don't destroy their computer completely, because malwares have another purpose : MONEY and you don't kill the goose with the golden eggs.
     
  12. Wrong. Sandboxing is a very *complicated* business, and it is easy to make mistakes. If you look at what sandboxie does, it isn't a 100% sandbox for example.

    Because they are difficult to get working as you found out. They can also be slow.


    You want to be as close as possible to 100% safe? Run vmware. then on the simulated operating system run your browser.

    Define "Not safe". As far as I know firefox by default without any extensions is safe. No public exploits are known.

    Extensions like Noscript are used to disable javascript, just in case there is some unknown exploit out there, but that isn't a big consideration - a one in a million shot at best. Adblock isn't really meant for security.

    For all intents and purposes Firefox 1.0.6 out of the box is completely safe enough for rank beginners (or ignorant users as you call them).



    I know what you do, no need to explain. I and many others open and read spam to study the spam techniques they use, and how to counter them. It is perfectly harmless.

    LOL, just because there are more ignorant people than you, doesn't really say anything about how ignarant you are (or I am for that matter) does it? :)

    My point is not to run you down, but to point out that if you want to call other people who know less than you as ignorant, be prepared to be called ignarant in turn by others who know more than you.
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    justpassingthru,
    I thought I was wrong, but didn't dare to say it.
    In other words sandboxes are again not a foolproof security solution and I had indeed problems with Sandboxie, that's why I ditched it in three days, like most security softwares. Just the n'th disappointment in my security diary.
    I hope ShadowSurfer/ShadowUser does a better job, but I prefer to wait before I use it.
    Sandboxie was free, ShadowUser isn't and I don't like to pay for insecure security.

    The default settings of Firefox allow indeed java and java scripts.
    A security expert adviced me to turn them OFF, because it's safer.
    Firefox safe ? As long the bad guys don't put their claws in it, Firefox will be safer.
    The bad guys have also their priorities and Firefox isn't really an interesting target, like MSIE, yet.
    Any software is vulnerable, it's just a matter of time and it will be just another warning post in a forum like always.
    In fact, I read more news about the bad guys, than the good guys. Weird.

    I'm reading so many different and conflicting opinions at forums and everybody claims to have the right answers.
    Who do I have to believe ? It's always a wild guess. I'm just following my intuition. :)
     
  14. Erikalbert, nothing is foolproof! Only a fool looks for certainty in this world.

    It's even safer if you don't turn on your computer. As I said there is nothing foolproof! If you are seeking a reasonable amount of security firefox out of the box is sufficent. If you are seeking 100% foolproof security, even with javascript turned off you are not.

    I can think of a lot of other things you can do with firefox that can make it "safer" in theory. Whether it makes a practical difference is another matter.

    You can say that for any security precaution/software you can think of. So what? Nothing is foolproof. Not even if you combine all the security software together.


    Thank you for stating the obvious.100% foolproof security doesn't exist. Understand?


    Actually, there isn't that much conflicting opinions , at least not in this case. Your insistence on foolproof security, is what is tripping you up.

    People differ on their assessment of risk. You can always do something to make things "safer", but whether the cost involved is worth it is another matter.

    As for your initution, let's hope yours is better than that of an "ignorant user". :)
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    This thread is finished for me. I learned a new word in English "less-knowledgeable" and that's it.
    The rest wasn't really sensational and didn't improve anything on my computer.
    Thunderbird is still the best thing that happened to me at Wilders and it isn't even a security software. :)

    So my only hope goes to ShadowUser and Wilders has some pretty good posts about it.
    I will have a hard time to convince my wife to buy ShadowUser.
    My wife is a LESS-knowledgeable user and she has only 4 brain cells : one for each cooking plate. :D
    Maybe on 2005.12.25 or 2006.01.01 a great time for presents. :cool:
     
  16. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    When I first came on Wilders, I also wanted the 100% secure solution......but like everything else in life there is a low probability that the 100% solution FOR EVERYONE will be found any time soon.

    It is possible that you might find what is considered the 100% solution for yourself but you might get frustrated trying to convince others that it is the 100% solution for everyone.

    Part of the reason there is so many disagreements as far as security is concerned is that most people consider their own personal security solution the "Holy Grail" and feel it is their duty to preach to convert the "less knowledgeable".

    Shadowuser might be your 100% solution for yourself but realize that it might not be a solution for others for a variety of different reasons.

    If you continue coming to Wilders to find the "Ultimate" Security solution that everyone will use and that everyone will agree is the greatest thing since sliced bread then you are liable to be disappointed.

    I work as a Engineer on a ship....We engineers sort of have a belief out there that goes like this "A fool can break even the most foolproof system".

    We usually use this as a reference to the mates on the ship because most mates are not mechanically inclined....mates only know how to steer the ship but when it comes to machinery, they find ways to break things that are seemingly "unbreakable".

    I know some think Shadowuser unbreakable but I have seen enough real life things to have severe doubts that anything is truly "unbreakable". There is probably one "ignorant" person in the world that could do something to somehow break the "unbreakable".

    While working on machinery, I found that most breakdowns occur due to operator error and I suspect that this also occurs on computers.

    If you wonder why I keep speaking about ships.....well, it is because I have switched my brain off of security (my hobby) and on to my job. I leave for my ship tomorrow. Tomorrow evening, I fly to Paris and connect to a city which I can not name.....so I will soon be leaving all of these interesting discussions for a few months. I should be back in January....by the time I get back, I expect all types of interesting things in security to have taken place.

    The last time I went to sea, TDS-4 was just around the corner and I was jokingly saying that if it was not out by the time I got back then it will never be out....turned out it was not a joke.

    When I come to Wilders every day, it seems like events move at a snails pace but when I don't look at this board for months it seems that a practical revolution in thinking has taken place. If it ever seems like there is no solutions then stop reading Wilders for a few months and then come back....you will find a great deal of "new" ideas and "new" criticisms of those ideas.

    I would like to say goodbye to everyone for awhile.....I heard my ship might be headed back to the USA and if it is then I might be able to come back on using my wireless connection at whatever US port we return to.....Even in a months time, I expect a lot of "new" developments. Success to everyone.....



    Starrob


     
Loading...
Thread Status:
Not open for further replies.