Spoof your User Agent String to secure browser on secure operating system

Discussion in 'other security issues & news' started by squash, Jun 22, 2005.

Thread Status:
Not open for further replies.
  1. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    I really run Mozilla Firefox 1.04 on Windows XP SP2, but I spoof my user agent string, just in case some rouge website targets users of the Windows XP operating system.

    I downloaded the user agent switcher extension and installed it, Just add a new string and beside the User Agent box, put this in:

    ELinks/0.10.5 (textmode; OpenBSD 3.7 i386; 80x25)

    0.10.5 is the latest version of ELinks which the most actively patched/worked text browser available. Text browsers are known to be almost immune to all javascript, activex vulnerabilities, and this is the latest version of the most patched text browser! OpenBSD is generally regarded to be one of the - if not the most secure operating system in the world.

    it just adds a extra sense of security... :)
     
    Last edited: Jun 22, 2005
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Re: Spoof your User Agent String to Elinks (Text browser) on OpenBSD

    Hi,
    What does it do exactly? If you use firefox and have java enabled, then if you click on a java applet, it will run, no? Or . . . does malware first check the agent to see if it can run on that machine?
    BTW, why not use a text browser?
    Mrk
     
  3. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    Re: Spoof your User Agent String to Elinks (Text browser) on OpenBSD

    If you click on a hostile java applet with virus, it will still infect your computer. Your computer is just the same protection as before.

    But some websites might get your user agent string in their web traffic logs with your IP number and target you. If they know you use Windows XP they are more likely to try and crack you than if you are (pretending to be) on OpenBSD since they'll think you are running a secure operating system, they won't be as bothered... since they _know_ that the trojans or viruses they want to infect your computer with just simply (and probably) won't work on a non-Windows operating system.
     
    Last edited: Jun 22, 2005
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    So what you say, a human behind the malware might decide to go for xp. But automated scripts, drive-by-downloads etc will not discriminate . . . Is that it? Then, the tool is not that useful. As far as I know, hackers do not actively try to crack home user computers. Unless they have a vendetta gainst users or know something that interests them can be found there. They go for top-ego sites, like companies, security sites etc. No point breaching someone's comp to discover all he has on the disk is 3,000 songs by christina acquilera (spelling?), right? But, a hacker might say: look at this guy, he's got bsd, let's try to crack this one.

    The best thing to do is keep your data offline. And if someone breaches the machine, just format it. Besides, I read many people have encryption programs for their data. I wonder what is it they store on their comps? Except porn, I have little else .... :cool: :cool:
    Cheers,
    Mrk
     
  5. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    Yes, something like that.

    But if they think I'm using OpenBSD, they'll use the wrong methods, such as trying to rootkit me with a BSD rootkit instead of trying to gain access to this computer through any services vulnerabilities in the Windows XP operating system (although I'm fully patched)... ;)

    Every since I started surfing with a spoofed UA, the most I get is just ICMP 8 (Ping) instead of those load of Windows service attempts..., :D
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Crackers are not going to bother launching a manual attack on a home PC for one simple reason - the rewards do not justify the effort. Manual attacks will be done on business servers where there is the potential for gaining access to whole networks, company confidential data or sensitive information (e.g. customer credit card numbers).

    For home users, the danger is from automated attacks like worms (malware spreading from PC to PC which are easily countered with a well-configured firewall), web pages containing malicious content (a non-IE browser coupled with a web-filter to strip out ActiveX/Java/Javascript is the best defense here) or downloaded files with hidden malware (avoid downloading programs via P2P/IRC/warez sites, or use a dedicated anti-trojan scanner if you have to).

    The User-Agent is only going to be relevant for website access and provides little security in itself compared to a decent web filter. By all means, change it to what you like, but don't make the mistake of thinking any "hacker" is going to take notice - the only people that may will be webmasters checking their logs for access by browser type who will probably have you listed as "Unknown".

    As for the reduction in connection attempts, this will most likely be down to other factors - like a tightening up of firewall settings (either by you or your ISP).
     
  7. hacker7

    hacker7 Guest


    Unless you really piss off the wrong person. ;)
     
  8. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    Wow, thanks for the detailed answer.
    Looks like this UA thing is just useless...
     
  9. James Taylor

    James Taylor Guest

    Except as a privacy thing, and even that is doubtful, there are trivals ways to sniff out your browser other than relying on the self-declared User agent string.

    James
     
  10. westwardflow

    westwardflow Guest

    I know that some firewalls will block your OS and Browser type. I don't know if that would stand up against all the "trivial" techniques James Taylor is talking about.

    Here's a good site that will tell you your OS and Browser type (along with your IP) even if you have JS disabled. http://www.ipchicken.com You can test different User Agent Strings here to see how they will appear to the sites your visiting.
     
Loading...
Thread Status:
Not open for further replies.