They could still just display an advertisement, but have the page it loads have scripts as well.
You can always iframe to a page that just displays an image and has a script in the header that runs on load. A user would never know.
Instead, iFrames need to be changed so that you can't iframe in a source that not from the same root address. And if you try, the browser should give an allow/deny warning.
Discussion on:
View:
Show:
I wouldn't go by the title as much as what I had in the main body.
I've been using it along with an ad blocker and and anti tracker, for a while now. Everytime I hop on a new computer, or one with out these tools, I see just what I'm "missing." Mostly garbage.
Not to get too melancholy about things, but I remember when the Internet was accessed mostly by modem. It's a real shame that such a wonderful source of a nearly infinite wealth information has been turned into such a cesspool.
Not to get too melancholy about things, but I remember when the Internet was accessed mostly by modem. It's a real shame that such a wonderful source of a nearly infinite wealth information has been turned into such a cesspool.
Many security pundits also informed me that NoScript is fairly knowledge intensive. I'm betting you know all sorts of people that would not have the patience for NoScript.
This is why I tell folks when I introduce them to No Script to just keep it simple. I suggest that they simply let No Script block all - and if they suspect there is content they need, at least make a guess which page control they should allow before giving the "allow all". I counsel them that they will eventually get the ability to recognize trusted scripts by name, or at least recognize that unfamiliar ones should not be trusted.
I seem to remember an Internet Explorer setting that blocks iFrames? I've become lazy about them, because of Avast. It always seems be able to manage blocking bad scripts in the first place. My foggy memory recalls tests I used to do, where I went to test sites to see how iFrames react to IE settings, and script blockers - I don't remember the URLs, but my defenses passed the tests every time. This was before stealth malware become ubiquitous, of course. There can be no guaranty now, that any malicious script will be recognized - not even by good heuristics. So far the operating system security seems to be winning that part of the battle - CCleaner closes the victory.
I seem to remember an Internet Explorer setting that blocks iFrames? I've become lazy about them, because of Avast. It always seems be able to manage blocking bad scripts in the first place. My foggy memory recalls tests I used to do, where I went to test sites to see how iFrames react to IE settings, and script blockers - I don't remember the URLs, but my defenses passed the tests every time. This was before stealth malware become ubiquitous, of course. There can be no guaranty now, that any malicious script will be recognized - not even by good heuristics. So far the operating system security seems to be winning that part of the battle - CCleaner closes the victory.
You help the people you can, and fix the computers of those you can't.
Printed on my business card is: "My job is to put myself out of a job. I want to teach you how to help yourself."
Printed on my business card is: "My job is to put myself out of a job. I want to teach you how to help yourself."
My goal was always to write SW so good people wouldn't bother me about it later. I've been fairly successful at that to the point I had the comment sent to me "why did you do such a good job, now they want the newer version to do that!" It helped to be "in their shoes" when I wrote it in the first place. Be the user before you design what's not there!
It's too confusing to them, they don't know the check which scripts are blocked, or how to tell if a page is loading correctly. Or those times you fill out a form and hit submit and nothing happens, so you allow the scripts, the page reloads and your form data is gone.
Instead, I use adblock, and WOT on Avant(firefox engine). So far they have never had a virus. I'll update Avant every year or so.
Windows 7 makes it better, I put UAC to max and explained to them how it works, and that they should only ever say yes to one when its triggered by something they are doing, otherwise choose no. UAC is a fairly weak security measure, but it does stop a good chuck of XP and earlier viruses.
Instead, I use adblock, and WOT on Avant(firefox engine). So far they have never had a virus. I'll update Avant every year or so.
Windows 7 makes it better, I put UAC to max and explained to them how it works, and that they should only ever say yes to one when its triggered by something they are doing, otherwise choose no. UAC is a fairly weak security measure, but it does stop a good chuck of XP and earlier viruses.
Unfortunately, it is also, as mentioned by another commentator, rather knowledge intensive (or at least, decision intensive), which is why I don't dare suggest installing it to (the vast majority of) the retirees whom I help with their computer problems. It must be said, however, that most of them - with a few notable exceptions ! - are very circumspect in their surfing habits, which means that it's not quite as incumbent upon them to have NoScript installed as would otherwise be the case. Still, I'd very much like to be able to introduce it to my friends and would be grateful for any feasible suggestions as to how to descend from the horns of this dilemma....
Henri
Henri
I always install Firefox+NoScript+AdBlock and make it the default browser for all friends and family.
I explain that they should only accept domains they expect to see .e.g. if they go to fredbloggs.co.uk then accepting fredbloggs.com and fredbloggsstatic.co.uk is probably ok, but accepting joepublic.com is probably not ok, unless they already know some affliation between fredbloggs and joepublic.
I do also go through their favourites and explain why they should accept or deny each domain, point out that most are not required from their perspective but allow ads tracking etc.
At that point I offer to remove it all; no one has ever taken me up on this, and all have managed to update the permissions as they needed to.
I maybe get 1 call per year per person asking if a certain domain is acceptable.
For some, I also install the WOT plugin, and again educate 'dont touch the red circle'.
BTW, this is what I use for my own surfing, and most of the domains for this TechRepublic page are not allowed, without any loss of functionality that I care about.
I explain that they should only accept domains they expect to see .e.g. if they go to fredbloggs.co.uk then accepting fredbloggs.com and fredbloggsstatic.co.uk is probably ok, but accepting joepublic.com is probably not ok, unless they already know some affliation between fredbloggs and joepublic.
I do also go through their favourites and explain why they should accept or deny each domain, point out that most are not required from their perspective but allow ads tracking etc.
At that point I offer to remove it all; no one has ever taken me up on this, and all have managed to update the permissions as they needed to.
I maybe get 1 call per year per person asking if a certain domain is acceptable.
For some, I also install the WOT plugin, and again educate 'dont touch the red circle'.
BTW, this is what I use for my own surfing, and most of the domains for this TechRepublic page are not allowed, without any loss of functionality that I care about.
I betting you are a great teacher. I try my best, but my dad, for instance, disables it right away. Then I learned from Giorgio that even in " Allow all" mode there is some benefit. He talked about it in this article:
http://www.techrepublic.com/blog/security/an-interview-with-giorgio-maone-creator-of-noscript/8025
http://www.techrepublic.com/blog/security/an-interview-with-giorgio-maone-creator-of-noscript/8025
You may want to read my interview with Giorgio, he talks about where just using NoScript in wide open mode has several advantages.
http://www.techrepublic.com/blog/security/an-interview-with-giorgio-maone-creator-of-noscript/8025
http://www.techrepublic.com/blog/security/an-interview-with-giorgio-maone-creator-of-noscript/8025
I use several solutions that are not only free, but do an excellent job as a substitute for No Script. They use no system resources - or at least I use all of them on old equipment with no problems.
Avast
SpywareBlaster
Comodo w/Defense+ (free personal firewall)
Winpatrol - in case a sneaky one gets through ( Thanks to Michael for reminding me of this old work horse!)
It seems like Spybot Search and Destroy used to have an effective setting for iFrames, but it is a very weak rivet in the armor now days - IMO.
AdAware was one of the most wondrous solutions to many malware, I'd ever used; but they can't be trusted anymore - since January - I'm afraid. I was never sure how it worked, but suspected it had the ability to disrupt communications of the malware, both internally and out to their web minions on web servers. This left them basically de-horned until CCleaner could dump them in the trash. I used to notice a quite large performance enhancement back then; no longer the case now.
Avast
SpywareBlaster
Comodo w/Defense+ (free personal firewall)
Winpatrol - in case a sneaky one gets through ( Thanks to Michael for reminding me of this old work horse!)
It seems like Spybot Search and Destroy used to have an effective setting for iFrames, but it is a very weak rivet in the armor now days - IMO.
AdAware was one of the most wondrous solutions to many malware, I'd ever used; but they can't be trusted anymore - since January - I'm afraid. I was never sure how it worked, but suspected it had the ability to disrupt communications of the malware, both internally and out to their web minions on web servers. This left them basically de-horned until CCleaner could dump them in the trash. I used to notice a quite large performance enhancement back then; no longer the case now.
Yep, WinPatrol is a great stand by and Bill is constantly working on it.
Which of your tools works against iFrames?
Which of your tools works against iFrames?
I used to block all using IE and set trusted sites later. I swore the old version of SaferNetworking's Spybot S&D had a setting for it, but not anymore, if at all. I was doing the testing in 2008, and I've had a lot of brain damage since then. So my memory is fuzzy about that. I don't do much to IE9 settings now, I just let SS&D control what cookies it does.
I've been nervous every since I had to dump Lavasoft, and I'm finding out malware can do a lot to a limited account to mess with the user. I have little hope of finding a replacement. Fortunately I no longer need AdAware for performance gain; modern browsers are quite capable of doing a good job by them selves. Some very disreputable concerns bought Lavasoft in January, and I just can't trust them anymore. I'll be playing with stuff I've never considered before - CNET user reviews will be my favorite reading for a while.
I've been nervous every since I had to dump Lavasoft, and I'm finding out malware can do a lot to a limited account to mess with the user. I have little hope of finding a replacement. Fortunately I no longer need AdAware for performance gain; modern browsers are quite capable of doing a good job by them selves. Some very disreputable concerns bought Lavasoft in January, and I just can't trust them anymore. I'll be playing with stuff I've never considered before - CNET user reviews will be my favorite reading for a while.
It is probably a dumb question but if the answer is no, perhaps browsers could be programmed so that invisible iFrames are not allowed.
I'm not sure myself. Ill as the experts and get back to you.
for invisible iframes. As with most functionality, there are good and bad uses.
This area of the page is often not visible and the scripts are no longer controllable and even the user won't even know that the script is generating some so called (Request/ Response) to remote machines. This may even account to as DDOS Attack.
We can have solid examples if Google enough.
Good Luck Chaps
Good Day
We can have solid examples if Google enough.
Good Luck Chaps
Good Day
It is an interesting approach this as you say hidden from the user's view.
I have started using a Netgear UTM5 (Unified Threat Management) firewall and was stunned at the number of web site links it blocked. This, or equivalents, are a good way for small businesses to protect against this type of threat.
How does the device work? It blocks egress activity? How do you know that you capture all of it?
As far as my UTM appliance; I know I can purchase VStream anti-virus/malware service from CheckPoint that blocks bad page controls, if they are infected and a definition exists. Because the scanner is embedded hardware, it takes a load off your internal server or workstations, and it is crazy fast! I've not experienced it on my box, but my sister has the Z100G variant of the same appliance, and it works very well.
I plan to migrate to the "N" version of the Netgear UTM5 as soon as my connection turns gigabyte speed. I think their service packs are a little more economical, if I remember correctly.
I plan to migrate to the "N" version of the Netgear UTM5 as soon as my connection turns gigabyte speed. I think their service packs are a little more economical, if I remember correctly.
I have no-script installed and I use it. 99% of the time it tells me scripts are partially allowed. Even this page shows techrepublic is allowed, but I have to tell NoScript to allow com.com, trstatic, spstatic, and google-analytics.com (every page, but I find them via Google).
From what I think you've said, Michael, the pages I go to (supposedly valid) likely don't have the no-size invisible iframes, it's the pages that those link to or which show up as a result of something like a google search, or a page a URL resulting from a google search takes me to, that I have to worry about the invisible iframes.
Suppose, one forbade any size 0 by 0 iframe from "showing" (even though it's invisible) [maybe loading is a better word]? Might a malicious site then instigate a 1 by 1 size iframe? A period might be larger than 1 by 1. Or any character could be the iframe! If you don't have to click on it, why does it have be 0 by 0?
From what I think you've said, Michael, the pages I go to (supposedly valid) likely don't have the no-size invisible iframes, it's the pages that those link to or which show up as a result of something like a google search, or a page a URL resulting from a google search takes me to, that I have to worry about the invisible iframes.
Suppose, one forbade any size 0 by 0 iframe from "showing" (even though it's invisible) [maybe loading is a better word]? Might a malicious site then instigate a 1 by 1 size iframe? A period might be larger than 1 by 1. Or any character could be the iframe! If you don't have to click on it, why does it have be 0 by 0?
Lenny made that same comment. It is not just zero by zero iFrames. Other small ones will usually work just as well.
As long as its the same as the background.
You can also make one of those collapsing sections and put the iframe in there.
You can also make one of those collapsing sections and put the iframe in there.
If the enduser is browsing in a Standard User profile that does not have installation priveleges, can this type of malware still imbed itself or will this prevent the the malware from infecting the machine like with other more common infections?
If the malware is active x based; SpywareBlaster will block the intrusion automatically by registry entry. The control will look like a blank box with a red 'X' on it. Most of the time Avast will auto block any bad scripts similar to the way No Script works except it is automatic; occasionally you will notice a slight delay in page response, but rarely so.(I use Comodo Dragon and get stellar performance)
As was mentioned before by Tony; the UTM applance can block the object through streaming AV/AM service.
In my experience, such drive by attacks will try to leverage any flash or Adobe reader vulnerabilities by opening said application and attacking the OS system. However, if they are updated you only get an amusing failure of the malware to enter into an attempt to foist admin privileges! HA! I love it when the crooks fail!
Surprisingly about 75 to 85% of the time, even though it may be a zero day threat, the IE9 browser will block all attempts by malware to attack through the browser - either by smart sense scanner, bad certificate, ASLR, DEP, or the UAC will pop off for no explainable reason, and then of course you would be a fool to give permission in such instances.
If the malware is a Zeus type variant or similar and doesn't need elevated priveledges, it will attempt to inject into the startup folder; CCleaner can defeat this if ran before reboot or log off; CCleaner itself will be attacked by the malware, and nothing will set this off - BTW - but you will notice the desktop shortcut will be gone for this venerable application, and the icon will be removed from the Programs list applet. Running CCleaner will still rid you of the temp file trying to do this. Winpatrol can sometimes pop an alert after reboot if you fail to stop the survival attempt by the malware, but you have to watch it, because malware can attack it too - Emisoft's Mamutu is invulnerable to these attacks so far, because it is a kernel based solution; but it isn't as sensitive as Winpatrol on the fast draw. Comodo's Defense+ is another kernel based solution to this. I sometimes run all of them concurrently - there is no system degradation of performance with blended defenses such as these.
(edited) - I return to edit this last statement as Defense + now slows older XP systems to a crawl. I have to disable it now in those circumstances, but the other defenses still stand - so far.
As was mentioned before by Tony; the UTM applance can block the object through streaming AV/AM service.
In my experience, such drive by attacks will try to leverage any flash or Adobe reader vulnerabilities by opening said application and attacking the OS system. However, if they are updated you only get an amusing failure of the malware to enter into an attempt to foist admin privileges! HA! I love it when the crooks fail!
Surprisingly about 75 to 85% of the time, even though it may be a zero day threat, the IE9 browser will block all attempts by malware to attack through the browser - either by smart sense scanner, bad certificate, ASLR, DEP, or the UAC will pop off for no explainable reason, and then of course you would be a fool to give permission in such instances.
If the malware is a Zeus type variant or similar and doesn't need elevated priveledges, it will attempt to inject into the startup folder; CCleaner can defeat this if ran before reboot or log off; CCleaner itself will be attacked by the malware, and nothing will set this off - BTW - but you will notice the desktop shortcut will be gone for this venerable application, and the icon will be removed from the Programs list applet. Running CCleaner will still rid you of the temp file trying to do this. Winpatrol can sometimes pop an alert after reboot if you fail to stop the survival attempt by the malware, but you have to watch it, because malware can attack it too - Emisoft's Mamutu is invulnerable to these attacks so far, because it is a kernel based solution; but it isn't as sensitive as Winpatrol on the fast draw. Comodo's Defense+ is another kernel based solution to this. I sometimes run all of them concurrently - there is no system degradation of performance with blended defenses such as these.
(edited) - I return to edit this last statement as Defense + now slows older XP systems to a crawl. I have to disable it now in those circumstances, but the other defenses still stand - so far.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
