Would Geswall or Haute Secure be good protection for XSS or password theft?

I understand if I use sandboxie for surfing, close it, erasing sandbox, then use new browser to go to financial sites, my risk is low. I use sandboxie, wife wont.

Anyone know if Geswall or Haute Secure would be fairly reliable protection for XSS scripting or malware that targets password/personal info theft? I guess here you are dependent on the particular method of stealing to be detected, as it violates some prewritten policy?

XSS scripting as I understand, can be via HTML or script injection into legitimate page. Should a policy sandbox reliably intercept this? (note I would have geswall set to high so auto blocks, no chance of wife allowing by accident)

Or said another way, can anyone think of a way that the behavoir policy would be bypassed easily for theft of password etc?

 

I've been using GeSWall for a short period of time so i'm limited on my knowledge on it , but the way I understand it , it should prevent this.
Maybe someone with more experance with it can educate both of us on this.
That's just what i'm gathering from thier web site.
http://www.gentlesecurity.com/features.html#preventing
I started using GeSWall and PRSC in hopes of stoping things like this. (password stealers/keyloggers)

 

If it's in the same session, i think it's the same problem (everything is just in the same sandbox). If it's another session (clean start), or perhaps another browser (maybe used just for this purpose), i think XSS would be dead provided the website you visit is not compromised, no bugs (we all expect the bank to be safe, so i guess that answers it).
You would have to clearly separate banking/normal sessions, and when banking, do nothing else. A different browser could be simpler to handle.
SandboxIE could flush things from normal browsing, GeSWall i don't know how to approach it (again, different browser seems to make it simple and straightforward). That brings the question of whether the flushing is needed, or just close all tabs and visit the bank from the bookmark. This is important to know.

There's bound to be a flaw(s) in my reasoning, i can only hope that someone points it out. Please do.

 

Others on Wilders have pointed out that, currently, only Noscript and LinkScannerPro can provide some protection against XSS attacks, other than completely disabling Javascript.

 

Hello spamyou,

Thanks Dogbiscuit for posting that link. You beat me to it.

The following links will shed some light on XSS and LinkScanner Pro.

https://www.wilderssecurity.com/showpost.php?p=1054528&postcount=28
https://www.wilderssecurity.com/showpost.php?p=1062349&postcount=2

FYI, Ilya has informed me that DefenseWall(policy restriction sandbox) will not protect against XSS, but it will protect against the interception/theft of personal information(user name, password, credit card #'s, acct. #'s, ss #'s, etc...) when using "Go Banking/Shopping" mode while banking or performing online transactions. Until proven otherwise, GesWall which is similar to DW, should also offer no protection against XSS.

As far as Haute Secure is concerned, since it is similar to LinkScanner Pro, but with a soft sandbox and HIPS functionality, it too should offer protection against XSS.

Hope this helps.


Peace & Love,

CogitoErgoSum

 

Crap. I need noscript for IE7. guess I will look at linkscanner.

 

Thanks, I am trying out haute secure now on my computer, so maybe there is some hope for that one defending against xss. It does not hinder performance, so wife would be ok with that one.

Also thanks for links.

Wish there was a site that collected/copied real malware exploits (only change payload so its harmless) so could test these things.

 

Ok, so If wife (and probably me too) surfs with IE7 with dropmyrights, and some policy based sandbox to try to just prevent malware installations.

But all financial transactions, close IE7, clean cache, and use firefox with noscript, script only enabled on some banking sites that require it, I should be relatively safe from everything but XSS with HTML, (like the exploit at Paypal). And if add linkscanner should help prevent against HTML XSS. Is that correct?

Assuming linkscanner wont conflict with nod32 or ZAP.

 

Your wife would prefer to have her money/identity potentially stolen, than use some software that slows down the loading of a browser by 10%?

I know what I'd do to that wife...

 

As I understand XSS is a problem of the web, not ur system. Any sandbox like GW, DW or SandBoxie will not protect against XSS in anyway. These sandboxes isolate browser from the rest of system while XSS plays at browser/ web level( without touching ur real system) so obviously it can,t be stopped. AFAIK only protection againt XSS is turning off JS globally on all sites or NoScript( not sure how effective NoScript is). Turning off JS globally while allowing JS on certain sites in other browsers like Opera and IE is not equivalent to NoScript( with reagrd to protection against XSS- NS offers more protection).

GW and DW stop keyloggers while sandboxie doesn,t. DW stops screenreading ( according to Ilya, I have not tested it myself) and GW probably doesn,t but I am not sure about screen reading protection. I need to test it some day but not sure how to do it.

 

It's the only tool, and in light of a recent/not so recent discussion, very effective. Has features specifically designed with XSS in mind, and updated frequently.

 

Hello spamyou,

In short, for protection against XSS with IE7, you should consider using either Haute Secure(HS) or LinkScanner Pro(LSP). For FF, No-Script is a simple and effective protection against XSS. For the Opera user, LSP is the only game in town against XSS.


Peace & Love,

CogitoErgoSum

 

So then LinkScanner Pro protects aginst XXS
and GeSWall or Defense Wall protects aginst keyloggers/password stealers.
Am I understanding this correctly ?

 

Hello LoneWolf,

Yes on both counts.


Peace & Love,

CogitoErgoSum

 

Hello aigle,

Although, yet to be released to the general public, I am currently using one of the latest DefenseWall driver builds. I have personally tested it against AKLT and it passes all five tests successfully. The first three keylogger tests are detected and can be "terminated" on the spot and the two screen capture tests are not able to capture anything of consequence. In contrast, tests against AKLT, the current version of DW(v2.05) is able to detect all three keylogging attempts, but is "unable" to terminate them on the spot. On the other hand, it is still successful in passing both screen capture tests.


Peace & Love,

CogitoErgoSum

 

As far as XSS- does KIS 7 protect against it? Also, what about IE7 in protected mode on Vista?

 

Good to hear about the latest driver builds.
Any idea on when it will be available?

 

You bet! In the end of October- early November.

 

Thanks Ilya

 

Outpost should offer some protection if the the active content plugin is used - this can filter ActiveX, J script and Java by site

 

Great
Thank You

 

That,s good.
Very few HIPS protect against screen reading.
BTW I wonder is there practical benefit of this feature? Any malware/ websites using it? etc

 

Hi CogitoErgoSum! Can u try this version of DW against system shut down utilities mentioned in this thread and post ur results in that thread.

https://www.wilderssecurity.com/showthread.php?t=187831

Thanks

 

Would firefox with noscript even stop these, I got these two videos off linksys pro site, which I am considering.

Watch these two videos. Especially the bbb search one.

http://www.youtube.com/watch?v=aWV8d2rWf8E

http://www.youtube.com/watch?v=iD0wdzQb8XY

Now go to the real bbb site (but imagine you clicked on fake one). The real site you cannot access until you whitelist it with noscript. Now if you whitelist that fake link because you had to for access and you though it was real, like you did real bbb, would you not be hosed?

I just dont think my wife would be able to make that distinction.

(by the way, I appreciate all the informative replies and help so far. I have been anal since last month the credit card my wife only uses on line got in wrong hands, around same time when she made a few evening purchases. They only tried one 3K charge which was declined as they did not have the 3 digit code, though they emailed my wife posing as a company she had just done business with, and asked for it. Luckily my wife knew not to respond. Since changed cards, email addresses and contacted company. Couldnt find any malware with multiple engines, techniques, reformatted anyway. Trying to make surfing secure, yet still enjoyable for wife.)

 

There is no need to do it- DW has no "shutdown computer" protection as I see no reasons in it. For example, by some reasons, Explorer is turned by user to untrusted. Right after that, he will loose the ability to shutdown its computer properly.