Shouldn't safe online be protecting me?

Discussion in 'Prevx Releases' started by overangry, Oct 26, 2010.

Thread Status:
Not open for further replies.
  1. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    im just curious how keyscrambler fails this? i figured its supposed to encrypt ur keystrokes even hereo_O
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    SafeOnline works similarly to KeyScrambler - in this test, the keystrokes don't make it into the underlying OS - they are sent from the browser to the browser, not letting any protection from any application take place in the middle. Disabling this ability would break dozens of features in the browser, which is why disabling javascript or mixed conten are the only ways to deal with this.

    SafeOnline, KeyScrambler, and any other protection software like them are trying to protect the browser from software on the system. Protecting the browser from the browser's intrinsic functionality is too dangerous because it will immediately break functions that need to work in browsers today.
     
  3. PhantomPhenix

    PhantomPhenix Registered Member

    Joined:
    Jul 24, 2010
    Posts:
    29
    OnlineArmor with RunSafer IE8 blocked it.
     
  4. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,029
    Location:
    Ontario, Canada
    Try Firefox and or Opera?

    TIA,

    TH
     
  5. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Just run NoScript for Firefox and you'll have no problem with these sort of scams.
     
  6. rolarocka

    rolarocka Guest

  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    In IE it's "just" a matter of setting the Internet Zone security to High and manually adding sites to the Trusted Sites zone.

    it's a bloddy PITA if you ask me...
     
  8. Jav

    Jav Guest

    Am I the only one, who is seeing a lot of paranoia in this thread?

    It is not really a rocket science to realise that you are not on full https site.

    I think even most of the average joes will realise that putting their logins in site where it shows some crossed lock isn't good idea.

    Yet, I am amazed to see paranoia amongst security forum users? :rolleyes:

    And I don't think it is something new....
     
  9. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Firefox warns about it and NoScript blocks it if you haven't trusted the site. No problem for me, and if I really want to login I can always come back with IE8 that offers the possibility of showing only the secured content.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    THANKS!!! Your guidance was the singularly most useful post on this entire thread. :thumb: :thumb: :thumb:
     
  11. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Agreed :thumb:
     
  12. 1Jnodder

    1Jnodder Registered Member

    Joined:
    Apr 8, 2009
    Posts:
    28
    Using IE8 without SOL I got this:

    Mixed content site.JPG
     
  13. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Agree.

    Would I trust using IE9 and surfing the web against threats, or trusting safeonline's protection?

    Safeonline has passed many more user tests. Prevx might 'fail' this test, but protect against 1000 others which are in use and affecting users. Your choice what you want to use. :D
     
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,517
    Location:
    Outer space
    Thanks :)
    I also found out that you can block it with a special rule in ABE of NoScript, but when going from a HTTPS site to a HTTP one, for example when using a SSL search engine or logging into Hotmail, it will also block that, so you have to add all those sites to the exceptions:
    http://forums.informaction.com/viewtopic.php?f=10&t=5269&sid=8209e7034665ee14f32d0470064f97d9
     
  15. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Problem is when folks start relying on other symbols/icons/usage.
    While Firefox doesn't show the blue/green icon and lock, Prevx SOL does show 'green' and a lock icon.

    Not hammering on PSOL but reliance on their icons/colorscheme might be counterproductive in this particular case.
    Especially for those folks who have learned that if their browser shows green and a lock 'somewhere', all is well.
     
  16. Jav

    Jav Guest

    no, point is:
    Don't rely on green icons as they may be misleading as you have mentioned.
    But at the same time don't do anything sensitive if there is red icon or crossed icon or skull....

    see, it IS easy.
     
  17. Bonnie

    Bonnie Registered Member

    Joined:
    Dec 11, 2004
    Posts:
    18
    Any difference between that and Tools > Options > Security > Settings... > I'm about to view an encrypted page that contains some unencrypted information ??
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    In a word, Yes. Why not test it yourself?
     
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You can disable javascript for Chrome, globally, as well, and only allow for the websites you wish. No need for extensions for that. :)

    I wouldn't say by 99%, but 90%. ;) At least, that's my own experience.
     
  20. rolarocka

    rolarocka Guest

    If u disable it globally then some extensions dont work..
     
  21. Bonnie

    Bonnie Registered Member

    Joined:
    Dec 11, 2004
    Posts:
    18
    I have, can't see any difference. That's why I wanted to check with the experts. Sorry I'm not up there with you, if you could spell it out for me it would be really helpful.

    Additionally, not everyone wants to be a dragon slayer, if the two acheive the same result some might prefer not to mix it with the dragons.
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    When setting the boolean trigger to "True" you will see the following pop-up warning by FF when visiting the poisoned site (et alia) . . .

    ScrHunt01 28-Oct-10.gif

    Without setting the boolean to "True" the only visible clue of being on a mixed site is that the lock (indicating a secure site) will have an exclamation mark over it. At least that is what transpires with my computer and all 17 of those computers in my granddaughter's computer classroom.

    As to dragon slaying -- this is an exercise akin to swatting a fly. No dragons involved. ;)
     
  23. Bonnie

    Bonnie Registered Member

    Joined:
    Dec 11, 2004
    Posts:
    18
    Bellgamin, thanks for taking the time and effort to post. I've been reading and re-reading, changing settings and changing settings again. What am I missing? It still seems to work the same if you do it through Tools > Options > Security > Settings > check 5th box down > OK > OK

    After doing that I've been and checked the boolean(??) and that's altered to True as a result.

    As you say, no dragons involved but it sure reads scary the about:config way.

    Whichever way it's done, I think it's best done, the padlock is tiny and if the Status Bar is disabled it's not visible anyway.
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    True. :argh:

    But I always image so nothing scares me except keyloggers. Every other computer bleep is merely a minor inconvenience.
     
  25. Smirs

    Smirs Registered Member

    Joined:
    Mar 24, 2007
    Posts:
    24
    Noscript can pass this test without disabling Java; on the 'Advanced' tab of Noscript's Options, set 'Forbid active web content unless it comes from a secure (HTTPS) connection' to 'Always'.

    screenshot

    You can then white-list the sites that you trust on the same tab.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.