Shouldn't safe online be protecting me?

Discussion in 'Prevx Releases' started by overangry, Oct 26, 2010.

Thread Status:
Not open for further replies.
  1. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Should safe online be protecting me?

    This site was designed to show how the new IE9 protects users from a web based attack.

    https://ie.microsoft.com/testdrive/browser/mixedcontent/assets/woodgrove.htm

    Now I didn't want to test my browser, I wanted to test SOL (HTTPS)and it failed.:ouch:
    I was using IE8, and allowed mixed content after receiving a warning from IE8.

    Win7 64Bit Prevx v3.0.5.217
     
    Last edited: Oct 26, 2010
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Re: Shouldn't safe online protect me

    Very interesting!

    TH
     
  3. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Big Time Fail - Yuck :cautious:
     
  4. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    strange, even keyscrambler fails it :doubt:
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    At the moment, this type of attack is very browser-specific and outside the scope of SafeOnline. Stopping this function within the browser inadvertently will cause several major browser features to break so unfortunately this will likely be exclusively up to the browser manufacturers (and Microsoft appears to be doing so with IE9).

    SafeOnline could potentially handle cases like this but it would likely cause far more complaints than actual benefits whereas it is able to circumvent any malware running on the PC from affecting the browser.

    There have been no real attacks which use this technique but if there is one, we will be adding blacklisting for the domains affected.

    Let me know if you have any questions!
     
  6. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I passed the test in IE 8, but failed in Firefox. Both are protected by Prevx SafeOnline. Is it man-in-the-middle attack?
     
  7. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Thanks for your reply, just out of curiosity if an attack was to take place how would it happen? What I mean is would it be a drive by attack or what attack methods would or could be used for one to become infected.
    Just one more quick question, I uninstalled IE9 because SOL doesn't support beta browsers,
    using SOL, is IE9 safer than IE8?
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Some more info:
    https://ie.microsoft.com/testdrive/browser/mixedcontent/

    At least most Wilders visitors and other people with computer knowledge would notice an attack like this, as Firefox doesn't show the green or blue icon from a secure HTTPS page as not everything is in HTTPS.

    A lot of banking sites I know, also ask the user to check if there is a lock icon, blue/green icon or whatever the user's browser shows on a secure HTTPS connection.

    The secure version of the Hotmail login page had this for quite a while, as one picture was loaded in HTTP, however you can use AdBlock Plus to select all HTTP content and block it so you will have a confirmed secure connection.

    It would be nice though if Firefox could incorporate this like IE9.
     
  9. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    378
    Location:
    England
    NoScript initially appeared to prevent it - but certainly failed when MS was allowed.

    How on earth would we even know this was happening for real ?
     
  10. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    even keyscrambler pro failed it.. I am about to turn off the internet and go to sleep:mad:
     
  11. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    IE8 showed this
    you pass if you click yes
    you failed if you click no
     

    Attached Files:

  12. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    avast was very silent too:(o_O
     
  13. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    doesnt matter, IE 9 did what it was suppose to for me. Going to be a very good browser.
     
  14. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Not good :mad:

    See here for other apps etc also failing - https://www.wilderssecurity.com/showthread.php?p=1773998#post1773998

    I don't see why, as i expect PSOL, at least, to protect ALL such attacks ! That's it's MO surely ?

    Not yet maybe, but we Don't want to wait to find out, thanks :p

    Too late by then !
     
  15. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Quote:
    Originally Posted by Kernelwars
    avast was very silent too

    doesnt matter, IE 9 did what it was suppose to for me. Going to be a very good browser.
    __________________

    indeed I hope so.. it will be really scary opening up any page and have to use login information knowing I am not protected by the products I pay for or trust. :doubt:
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    IE 9 in action
     

    Attached Files:

  17. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Correct me if I am wrong but I thought Safeonline("Protects your private information when shopping, banking and social networking online.")

    is browser specific? I thought its suppose to help protect users when browsing..o_O
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    You can set Firefox to warn for HTTPS sites showing HTTP content, but you cannot set it to load only the HTTPS content. To let it show a warning go to about:config and set security.warn_viewing_mixed to True.
     
  19. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    well we believe what we are told :p ....atleast now i would keep the mixed content setting in IE8 disabled
     

    Attached Files:

  20. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    there are other online tests http://ie.microsoft.com/testdrive/views/alldemos/default.html

    i got the red skull and crossbones in Google Chrome ..... didtnt block but at least it warns

    i was just wondering what if this link was just set up to fit IE9 ..i mean like advertising ...all other products supposed to fail only IE9 pass !!!
     
  21. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    this made me think HTTP is soooooooooo very unsecure...
    can someone explain me why most websites use HTTP instead of HTTPS? :D
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Most web addresses begin with "HTTP," which is an acronym for "Hyper Text Transfer Protocol." It's the protocol used to allow you to communicate with web sites.

    "HTTPS" stands for "Hyper Text Transfer Protocol Secure." It means that information exchanged between you and a web site is encrypted and cannot be hijacked by someone who might want to electronically eavesdrop when you type a credit card number, a password, a social security number, or any other person information.
     
  23. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    IE9 blocked the "dangerous" content.

    PrevxHelp:
    protection has to come from behavior analysis or heuristic.
    signature based protection is not worth much, IMO
     
    Last edited: Oct 27, 2010
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The reason why SafeOnline and all other security products fail this test is because it is virtually impossible to pass from an application outside of the browser without potentially breaking substantial amounts of browser functionality. By far the best approach here is to disable mixed content.
     
  25. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Disable javascript.
     
Thread Status:
Not open for further replies.