|
How to Block the New Drive-by Exploits
|
|
AfterDawn Addict
|
6. February 2014 @ 17:46 |
Link to this message
|
|
Occasionally a drive-by download will prompt users to take an action that allows malicious software to take over their machines. The most common example of this today is rogue antivirus software. You'll visit a web page when suddenly a popup window that looks like a legitimate antivirus program appears on your computer; indicating that it's detected a virus and asking you to click for a free virus scan
While rogue anti-virus software and exploits like it are a real danger, these days they aren't the biggest threat because only some of the [drive-by download] attacks rely on people to accidentally click something. The ones that are completely independent of user interaction are the most devastating.
Today there are Drive-by downloads that work by exploiting vulnerabilities in web browsers, plug-ins or other components that work within browsers and they can take place a number of ways. For example, you can be innocently cruising the web when you happen upon a site that downloads malware onto your computer without any interaction. The site could have been set up by cybercriminals, specifically for the purpose of infecting people's computers, or it could be a legitimate website that cybercriminals compromised through existing vulnerabilities in the site.
Infection Links are becoming widespread and you no longer have to click on them to be infected. Even on sites you think you can trust.
Most of these new drive-by exploits are using Scripts and are not blocked by a router. That?s because it?s coming from the site you just clicked on therefore, the router thinks you have requested it and will allow all scripts to run.
How to protect yourself?
One option is to use NoScript (Firefox) and ScriptSafe (Chrome, formerly ScriptNo): Both disable all scripts from running on pages without you specifically adding them to an allow list. This includes Java, JavaScript, Flash, Adobe and others. They're powerful, but they're also really aggressive, and will break an awful lot of sites. They are a pain in the pa-toot if you use them while cruising the internet; you have to be up to the task of digging through scripts on every new site you visit to figure out which ones will make the site even work properly.
What about my AntiVirus?
As some of you know, I test Free security software to determine the best products to combat malware. Some of the Paid AV?s have a script shield but until this year No Free AV had one. Avast! 2014 is the first and Only Free AV with a real time script shield and it works beautifully.
I am really impressed with Avast! 2014. In the past 2 weeks I have tested avast against 155 Zeroday malware, javascripts, exploit kits, bots, Trojans, etc. etc. and it blocked them 100% (bareback). That?s not to say it will always do that well, that?s why in my real computer I always back it up with MBAM Pro and K-9 web protection for the nasty dudes it might miss ..
Here?s something to keep an eye on if you really want to use a free av like AVG, Avira or anything without a script filter:
MBAE Beta, Malwarebytes Anti Exploit. I have been testing it since it has been in beta and it?s really doing good. Malwarebytes will be sending me an Alpha version soon for testing and I?ll let everyone know. Don?t know what the price is going to be yet..
Any questions? I left out a lot of details : )
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
|
Senior Member
|
6. February 2014 @ 20:09 |
Link to this message
|
|
thank you very much my erudite old friend.
|
AfterDawn Addict
|
6. February 2014 @ 20:16 |
Link to this message
|
Originally posted by aldan:
thank you very much my erudite old friend.
erudite? No, just eccentricity's..
|
AfterDawn Addict
|
6. February 2014 @ 20:20 |
Link to this message
|
|
By the way, I'm in a VM testing MBAM 2.0.0501 beta. looks like another gold ring so far.
|
Senior Member
|
6. February 2014 @ 20:21 |
Link to this message
|
|
cool.i finally got pro version.i like it.
|
AfterDawn Addict
|
6. February 2014 @ 20:26 |
Link to this message
|
|
Your lifetime license will work with ver 2 when released... maybe late march.
|
Senior Member
|
6. February 2014 @ 20:43 |
Link to this message
|
|
good deal.just installed k-9 as well.
|
AfterDawn Addict
|
6. February 2014 @ 20:43 |
Link to this message
|
Originally posted by aldan:
cool.i finally got pro version.i like it.
You know you can schedule scans and have it update auto. I have mine set to update every 15mins. Sometimes get 16 or so updates a day.
|
Senior Member
|
6. February 2014 @ 20:45 |
Link to this message
|
|
ive got the auto update on but prefer manual scans.i even remember to do them periodically.lol
|
AfterDawn Addict
|
6. February 2014 @ 20:49 |
Link to this message
|
Originally posted by aldan:
ive got the auto update on but prefer manual scans.i even remember to do them periodically.lol
But I'm old and have CRS. I have more tasks scheduled than most could deal with. lol
|
Senior Member
|
6. February 2014 @ 20:55 |
Link to this message
|
|
feel for you.im a little lysdexic myself.
|
AfterDawn Addict
|
6. February 2014 @ 21:06 |
Link to this message
|
|
I just Can't Remember Shite!
|
AfterDawn Addict
|
6. February 2014 @ 22:28 |
Link to this message
|
Originally posted by aldan:
good deal.just installed k-9 as well.
I missed this earlier. I know you'll like it. I have mine set for blocking spyware/malware sources, spyware effects, suspicious, phishing and then under other settings, filter secure traffic. I don't set it to block porn that way when I go to those sites (for test purposes) it only blocks the malware there. 
|
Senior Member
|
6. February 2014 @ 23:17 |
Link to this message
|
|
that sounds good to me.what settings am i looking at to do that? or would i have to do a custom setting for that?
This message has been edited since posting. Last time this message was edited on 6. February 2014 @ 23:17
|
AfterDawn Addict
|
6. February 2014 @ 23:35 |
Link to this message
|
Originally posted by aldan:
that sounds good to me.what settings am i looking at to do that? or would i have to do a custom setting for that?
click the k-9 icon to open it, click on settings, enter your password (you have installed it, correct?) look it over and if you can't figure it out, send me a question....
|
Senior Member
|
7. February 2014 @ 02:06 |
Link to this message
|
|
got it.
|
AfterDawn Addict
|
7. February 2014 @ 15:17 |
Link to this message
|
Originally posted by aldan:
got it.
Sorry I didn?t get this sent to you last night, I had misplaced it. lol
K-9 User Manual -> HERE
|
Senior Member
|
7. February 2014 @ 15:20 |
Link to this message
|
|
thanks.
|
AfterDawn Addict
|
8. February 2014 @ 21:00 |
Link to this message
|
Originally posted by aldan:
thanks.
You?re more than welcome, old friend..
Looks like you have it together, I know you will like K-9.
At this time, for my customers and clients, I recommend:
1. A router with SPI firewall. To stop the scans on WAN, port 80 normally.
2. Avast 2014
3. K-9
4. MBAM Pro
Today I tested against 79 ZeroDay Attacks and Avast caught all 79?..
On a lot of them K-9 was the first to block and after disabling it, Avast got it!
Currently in the process of testing MBAE beta (anti exploits) and MBAM ver. 2 beta. Both are looking exceptional but still have bugs. Will try to keep all informed of the progress.
2oG
|
Senior Member
|
20. February 2014 @ 08:25 |
Link to this message
|
|
Just wanted to say I cleaned some adware off a friends machine and since he never paid for Nortons after the free trial expired months ago, i deleted it and gave him free Avast2014. Also hid his Internet Explorer icons,while making the already-installed Chrome browser more prominent and adding AdBlock Plus to it. Nothing serious,just saying thanks for giving an updated best practice guide.
|
AfterDawn Addict
|
20. February 2014 @ 12:32 |
Link to this message
|
Originally posted by Deadrum:
Nothing serious,just saying thanks for giving an updated best practice guide.
You are welcome. I do a lot of testing of security and privacy software and try to share when I can. Avast has made some big leaps and I find that Avast 2014 is the best FREE AV and better than most commercial paid av?s.
I don?t hate IE, just hate the fact that I am sometimes forced to use an inferior browser for certain things and can?t just delete it from my operating system. Lol
I?m big on privacy and do not use Chrome because it?s made by Google who has shown absolutely no concern for your privacy. Firefox is my preference with Adblock Edge that blocks the Google Ads that Adblock Plus lets through. Also use Self Destructing Cookies, Disconnect and AnonymoX to avoid ANY Tracking..
Stay Safe,
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
22. February 2014 @ 09:56 |
Link to this message
|
|
For personal use I have Firefox and adblock, but don't worry about google because of an access point I flashed with DD-WRT used as a vpn. google analytics thinks my location is 300miles away so that's my method of anonymity.
I have no issues letting friends use chrome because they can't be bothered with all.the steps you or I might take to stay safe so i must find the happy middle ground.
This message has been edited since posting. Last time this message was edited on 22. February 2014 @ 10:02
|
AfterDawn Addict
|
22. February 2014 @ 12:53 |
Link to this message
|
|
Have been using Firefox since it's conception and have no intention of changing..
Chrome is now the most used browser so Google has a lot of subjects to keep up with. lol
I try to determine what my customers are comfortable with and then show them how to tighten it for security and privacy. As you say, happy middle ground.
|
|
Mez
AfterDawn Addict
|
27. February 2014 @ 21:38 |
Link to this message
|
|
2old, this post is quite timely. I have been using one of the script blockers for a few weeks. I browse the web with the browser sandboxed. This is by last bastion of defense. Nothing is supposed to get that far. My browser was attacked about the time you posted this. So I added another layer of defense. The script is a huge pain in the ass! I was seriously planning to remove it until I was attacked again from of all places Hotmail. The url was a bizarre one and some how it had partial permission to run scripts so I blocked it. I am liking that blocker a lot more. I like that each tab page is handled separately. I had 4 tab pages with only one page allowing any scripts to run.
This message has been edited since posting. Last time this message was edited on 27. February 2014 @ 21:40
|
|
Advertisement
|
|
|
Senior Member
|
27. February 2014 @ 21:40 |
Link to this message
|
|
using noscript mez?
|
