Topic 'Website viruses can't infect you if you use Firefox?' in forum 'Security' - dslreports.com

Re: Website viruses can't infect you if you use Firefox?

Sun, 04 Jan 2009 16:11:40 EDT

OZO posted :

said by Doctor Four:

Of course, none of these are true drive-by downloads per se; they rely mostly on social engineering to get themselves installed. Though in some cases, trying to close the windows that pop up by clicking on the red 'X' may trigger an install attempt by the rogue.

Could you please elaborate. What browser does it? (I mean, an installing instead of closing a box). Some links would be appreciated.

Re: Website viruses can't infect you if you use Firefox?

Sun, 04 Jan 2009 11:17:45 EDT

FiOS Dan posted :

said by bangaroo:

I am too lazy and too busy to learn how to secure another browser.

LUA, AV, FW, AS, and HIPS keep me reasonably secure with Opera right out of the box. I suspect the same would be true for FF.
--
Courage is being scared to death but saddling up anyway.

Re: Website viruses can't infect you if you use Firefox?

Sun, 04 Jan 2009 08:42:22 EDT

bangaroo posted : I am too lazy and too busy to learn how to secure another browser. I will stick with IE.

I have spent way too much time learning IE weaknesses and strengths to start over with another browser.

Re: Website viruses can't infect you if you use Firefox?

Sun, 04 Jan 2009 04:51:51 EDT

Kayrac posted :

said by VirtualLarry:

said by Kayrac:

i have never seen the fake alert programs be installed through exploits, they have all been social engineering

your example makes 0 sense btw

Well then, open your eyes. Fully patched IE7, exploited by trojans, downloaded into the internet temp file directory, and executed by teh local user context.

Possible with IE.

Not possible with Firefox.

That was the point of my example.

PM me a few links

i would love to view these websites, as would some of my cohorts, since that 0-day was patched, the rest i've seen are all patched

@mysec, you are correct, active-x they are :)

Re: Mozilla Firefox ActiveX

Sun, 04 Jan 2009 04:13:07 EDT

Dustyn posted :

said by Mele20:

That support ended with Fx 1.5. There is no ActiveX support for Fx 2 and there has been no support for Fx 3 until about a month ago.

»groups.google.com/group/mozilla.···012c186a

Interesting nevertheless to see that at one point in time, Firefox did indeed support ActiveX.

Re: Mozilla Firefox ActiveX

Sun, 04 Jan 2009 03:41:16 EDT

Mele20 posted : That support ended with Fx 1.5. There is no ActiveX support for Fx 2 and there has been no support for Fx 3 until about a month ago.

»groups.google.com/group/mozilla.···012c186a
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason

Mozilla Firefox ActiveX

Sun, 04 Jan 2009 03:10:18 EDT

Dustyn posted :

said by nwrickert:

It is true that firefox does not support ActiveX. And it is true that virus writers are more likely to target IE. However, using firefox is not a guarantee of safety.

I think a lot of people are unaware that Firefox DOES/DID support ActiveX: The Mozilla Active-X Project.
LINK:»www.iol.ie/~locka/mozilla/mozilla.htm

Re: Website viruses can't infect you if you use Firefox?

Sun, 04 Jan 2009 01:37:56 EDT

VirtualLarry posted :

said by Kayrac:

i have never seen the fake alert programs be installed through exploits, they have all been social engineering

your example makes 0 sense btw

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 14:36:19 EDT

mysec posted : Thanks for posting. Very revealing and informative!

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 13:59:55 EDT

fatdcuk posted : Exploit laiden site....24 in the current Fiesta pack :o
»www.prevx.com/blog/107/Fiesta---···oit.html

Interesting data in the screenshots of the management console at the bottom of the article;)

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 13:09:09 EDT

mysec posted :

said by Kayrac:

correct me if i'm wrong here, but are the two vulnerabilities you first posted about, for windows, not IE specifically?

I think that many of the exploits depend on IE and Windows/MS applications being integrated. IE is the trigger --often ActiveX. Here are the first two you ask about:

Microsoft Security Bulletin MS06-014
Vulnerability in the Microsoft Data Access Components (MDAC) Function
»www.microsoft.com/technet/securi···014.mspx

A remote code execution vulnerability exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Mitigating Factors for Microsoft Windows MDAC Vulnerability - CVE-2006-0003:

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to attempt to exploit this vulnerability.

Microsoft Security Bulletin MS08-041
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access
»www.microsoft.com/technet/securi···041.mspx

A remote code execution vulnerability exists in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page.
When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

said by Kayrac :

and most probably using javascript, which effects firefox as well?

I've not tested with Firefox, but using Opera to view these pages with IE exploits with Javascript enabled, the .js file that contains the code for the exploits will cache, but nothing will happen since they require IE as the trigger. None of these exploits will run in Opera. I can see the .js file in the cache, but it just sits there and does nothing. I assume this is be true also of Firefox.

----
rich

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 11:52:00 EDT

goofy01 posted : I have been on the net like this for over 10 years and haven't had to do a reformat yet. Like I said, it all depends on the user. I don't go to cracked/warez sites and don't click every link I see.

I do back up important stuff onto an external drive just in case. Usually I end up with Windows errors before I get any nasties.

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 11:21:13 EDT

antiphishing posted :

said by EG:

Microsoft in part has created this mess and should take full responsibility in securing their products and not rely solely on the person who owns their software to do it for them.

If Microsoft knew that their operating system was going to be on every computer, then should have known that it would have been a huge target from nefarious sources. From day one of the operating system releases it should have not been openly prone to security flaws that plague it month after month. Microsoft knows that Windows is not secure, but continues to hide the truth with service patches and service packs which just bloats the OS to extremes
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 11:13:12 EDT
antiphishing posted :
said by goofy01:

I have always ran my systems as an admin using IE and I have never gotten any nasties that I can remember. The kids comp here only has limited user accounts and use Fx, but I have had to clean it a few times due to nasties like WinXP2008 Antivirus due to them just clicking links, even after being told how to be careful.

Good luck with running your computer in administrator because one day you may or may not have to reformat that hard drive. Any good Windows book will tell you not to run your computer in the administrator mode because of the apparent risks of the operating system being vulnerable to malice code coming from the internet.
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 10:45:53 EDT
Kayrac posted : correct me if i'm wrong here, but are the two vulnerabilities you first posted about, for windows, not IE specifically?

and most probably using javascript, which effects firefox as well?

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 09:59:47 EDT
mysec posted :
said by 53059959:

nothing is 100% secure.

I would phrase it this way:

"Any software code has the potential to be exploited."

Vulnerabilites appear daily. Until I hear about an exploit in the wild, I don't dwell on the vulnerability. Often, it's patched quickly, anyway. To do otherwise would have me in a constant state of worry.

said by Kayrac:

besides the most recent 0day IE exploit, whens the last time you saw a IE exploit being exploited?

I've noticed that IE exploits are packaged in current attacks. In the recent IE7, for example, at least one web site included two old exploits along with the IE7 one:

document.write("i frame src=14.htm> document.write("i frame src=office.htm>

The first was MS06-014 (MDAC)
and the second was MS08-041 (Snapshot Viewer)

The recent massive injection of mtno.ru/style.js into dozens of web sites contained these exploits, all triggered through IE6:

88d969c5-f192-11d4-a65f-0040963251e5XMLCore Services (MS06-061) F0E42D50-368C-11D0-AD81-00A0C90DC8D9ActiveX Control for the Microsoft Snapshot Viewer (MS08-041) BD96C556-65A3-11D0-983A-00C04FC29E36Microsoft Data Access Components (MDAC) (MS06-014) EC444CB6-3E7E-4865-B1C3-0DE72EF39B3FMicrosoft 'msdds.dll' COM Object (MS05-052) obj=cobj("WebViewFolderIcon.WebViewFolderIcon.1");WebViewFolderIcon (MS06-057)

I identified them from the CLSID # listed in the .js file. Unfortunately, these "packages" are all to easily available for sale or otherwise, such as Mpack. Anyone can tailor them to their own use.

Note that old exploits are evidently successful, or they wouldn't continue to be used. The reason should be obvious: many people don't patch, nor otherwise have adequate security.

said by Kayrac:

i have never seen the fake alert programs be installed through exploits, they have all been social engineering

Before the animated fake scans, remote code execution exploits were quite common. Here is one from a couple of years ago. eTrust had this analysis:

While testing SurfSideKick, a well-known adware application,
a deceptive popup ad was displayed. The ad appears to be an application
interface, when in fact it is a popup ad in which the entire gif file
is a hyperlink. Whether intentionally or unintentionally, clicking on
the popup ad leads to the forced install of BundleAJ_V1.exe, which includes
MySearch Toolbar and Registry Cleaner, an adware application that claims to
find errors in the system's registry. (PestPatrol currently detects Registry Cleaner).
The misleading popup ad was served from HTTP://Z1.ADSERVER.COM
and this redirects to HTTP://CERTIFIED-SAFE-DOWNLOADS.COM

[att=1]
__________________________________________________________

I think it is just wise to be prepared for any remote code execution exploit, no matter the application exploited.

One reason for the emphasis today on social engineering (update_flash.exe; Storm; Antivirus2009, etc) rather than remote code execution exploits is that it is becoming more difficult to target specific applications, since there are so many versions. This is true not only of browsers, but 3rd party applications. An exploit may not work on all versions of Adobe Reader, for example. So, in many cases, you have a limited target audience.

Social engineering doesn't have to worry about an application: just trick to click!

----
rich

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 08:41:48 EDT
Kayrac posted :
said by VirtualLarry:

FWIW, I've used Firefox as my primary "security tool", and thus far, it hasn't let me down. I've never gotten malware on my computers, no matter how many pr0n/warez/etc. sites I've surfed.

I think that there is something to be said for more secure design, and careful implementation.

For an example, consider recent IE exploits, "FakeAlert" trojans. They get downloaded into the IE temp files directory, and execute under the local user context.

In Firefox, temporary files don't have file extensions, so they cannot be arbitrarily executed by the host OS.

Conclusion? Firefox is safer, by design.

I'm sure that this isn't the only example, either.

i have never seen the fake alert programs be installed through exploits, they have all been social engineering

your example makes 0 sense btw

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 08:39:11 EDT
Kayrac posted :
said by RetroMUFC:

I disagree with that. I think the main issue with Microsoft is that they create software that they want to do everything yet still be easily accessible to the end user. They have tried to turn IE into a jack-of-all-trades application at the expense of security. All of these extra features like activex add areas of potential exploitability.

besides the most recent 0day IE exploit, whens the last time you saw a IE exploit being exploited?

everything i saw was real player, adobe reader, flash, etc

and lately all javascript(which firefox uses)

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 08:30:11 EDT
Cudni posted : running unsecured browser of your choice (allowing scripting indiscriminately) will lead to exploit at some point, it does not matter who is blamed afterwards. Who is at loss is the user who believes that the myth of secure design just by itself will protect the system. It will not and it does not and how can it when it has you and me using it ;)

Cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 00:47:48 EDT
VirtualLarry posted : FWIW, I've used Firefox as my primary "security tool", and thus far, it hasn't let me down. I've never gotten malware on my computers, no matter how many pr0n/warez/etc. sites I've surfed.

I think that there is something to be said for more secure design, and careful implementation.

For an example, consider recent IE exploits, "FakeAlert" trojans. They get downloaded into the IE temp files directory, and execute under the local user context.

In Firefox, temporary files don't have file extensions, so they cannot be arbitrarily executed by the host OS.

Conclusion? Firefox is safer, by design.

I'm sure that this isn't the only example, either.

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 00:39:52 EDT
RetroMUFC posted : I disagree with that. I think the main issue with Microsoft is that they create software that they want to do everything yet still be easily accessible to the end user. They have tried to turn IE into a jack-of-all-trades application at the expense of security. All of these extra features like activex add areas of potential exploitability.

Re: Website viruses can't infect you if you use Firefox?

Sat, 03 Jan 2009 00:05:54 EDT
EG posted :
said by antiphishing:

Microsoft in part has created this mess and should take full responsibility in securing their products and not rely solely on the person who owns their software to do it for them.

Let me ask you this,Do you real think Windows 7 will be any better then Vista when it comes to security or will they continue to release patches each and every month to hide the fact that they offer substandard software.
They didn't "create this mess", nor is it a matter of "substandard software".

It is a matter of the most targeted software due to market share..

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 23:21:06 EDT
EGeezer posted :
said by Hank:

I have always operated with the understanding that if a human being designed something, whether if be the internet, a browser or an OS (and yes including Linux and MAC OS) someone will at some point exploit it not matter how much protection or prevention someone has taken. I have to agree with Cudni.

Agreed, someone will exploit OS, browsers, security tools, applications etc, but the exploits will need to overcome several substantial hurdles including technical and nontechnical measures to if they are to compromise my protected systems.

That being said, I assume the possibility of failure, and have response plans in place to mitigate and recover from a breach, whether to my systems or other systems that affect me.

So far I've been successful and believe I will continue to be as long as I consider security to be an ongoing process.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 22:43:38 EDT
Hank posted : I have always operated with the understanding that if a human being designed something, whether if be the internet, a browser or an OS (and yes including Linux and MAC OS) someone will at some point exploit it not matter how much protection or prevention someone has taken. I have to agree with Cudni.

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 21:57:10 EDT
EGeezer posted :
said by 53059959:

nothing is 100% secure.

I can bet tool points I can find a crackz/serialz website that can infect any member here no matter what

And I can bet tool points that my security implementation will keep my protected system(s) free of malware. Part of that implementation is not going to serialz/crackz sites.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 18:41:36 EDT
53059959 posted : nothing is 100% secure.

I can bet tool points I can find a crackz/serialz website that can infect any member here no matter what

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 16:56:03 EDT
goofy01 posted :
said by antiphishing:

Do you realize how many internet users use their computer in administrator mode?
The biggest problem here is not the OS, but the user. I have always ran my systems as an admin using IE and I have never gotten any nasties that I can remember. The kids comp here only has limited user accounts and use Fx, but I have had to clean it a few times due to nasties like WinXP2008 Antivirus due to them just clicking links, even after being told how to be careful.

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 16:34:40 EDT
mysec posted :
said by 53059959:

I just got infected a week ago with a new virtumonde trojan from a pdf exploit in firefox so it is not completely secure

1) Isn't this really an unpatched PDF Reader exploit, rather than a browser exploit?

2) What protection do you have against remote code execution exploits where the payload is a trojan?

Here, running as user, not Administrator, would protect. Also, any solution that prevents unauthorized executables from installing by remote code execution would have stopped the virtumonde trojan in its tracks.

The browser is a gateway, if you will, to the internet, and many streams of different types pass through it. It's not wise to depend on the browser as a secure defense mechanism for everything on the web.

More secure would be to understand the different methods by which malware can infect from the web and set up preventative measures accordingly. Some can be handled by the Browser's built-in protection, some require other measures.

----
rich

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 15:37:25 EDT
anon posted :
said by quatrix:

said by peter_m:

run as a limited user, not an administrator, make surethe OS gets all updates. Will keep you safe from 95% of threats.
And brains plus a simple hardware router will keep you safe from 99.99%, but even some of the self-proclaimed security "experts" are lacking in one of those departments (take NoScript users for example).
Why is it so many of your posts take the opportunity to 1.) tell us all how incredibly computer-smart you are, and 2.) slam NoScript?

Did NoScript do you some personal injury at some time?

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 15:36:23 EDT
53059959 posted : I just got infected a week ago with a new virtumonde trojan from a pdf exploit in firefox so it is not completely secure

Just keep clicking every link on every crack site you can find you'll eventually infect anything

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 15:28:11 EDT
quatrix posted :
said by peter_m:

run as a limited user, not an administrator, make surethe OS gets all updates. Will keep you safe from 95% of threats.
And brains plus a simple hardware router will keep you safe from 99.99%, but even some of the self-proclaimed security "experts" are lacking in one of those departments (take NoScript users for example).

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 15:21:01 EDT
antiphishing posted :
said by Blackbird:

1) Force a manufacturer to choose between incorporating security improvements or "rich user experiences" in a product, and security hasn't got a prayer... particularly if the $ costs are easily measured.
2) Give a user the means to overcome or defeat an inconvenient security feature and he will find a way to do it... and in the process, will believe it won't really matter for his situation.

In my opinion, I strongly believe that Microsoft should have incorporated malware software into Windows years ago, and not charged users for updates. This would have guaranteed that each and every copy of Windows would be protected from the start and you wouldn't have to rely on assuming that the user would download the necessary software. Look how long it took for Microsoft to incorporate a software firewall and Defender into their products.
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 15:04:57 EDT
Blackbird posted :
said by antiphishing:

... Social engineering is getting better due in part because Cyber criminals know that internet users are becoming more careless about internet security.

‘Classmates Reunion’ Used as Malware Ploy
»blog.trendmicro.com/classmates-r···re-ploy/

I disagree that "internet users are becoming more careless about internet security." I believe a great majority of users have always been careless... but their carelessness is being increasingly 'enabled' by expanding software gadgetry and the progression of 'social practice' - with increasingly destructive result.

For example, a reasonably 'careful' person may reject risky file downloads if they're directly presented to him as such. But will that 'carefulness' be basic enough and sufficient for him to reject a spontaneous (and malicious) upgrade warning for a video viewer program when he tries to view some nifty video at a website he's come to believe is trustworthy? Does falling for that make him more careless today than yesterday? I don't believe so, but instead I believe that the increasingly common practices of warning users, at the time of usage, of outdated legitimate software gadgetry (and offers to immediately update it) have simply enabled a version of the user's carelessness that's always existed but that's only now being exploited. And please note: that's just one of myriad practices and products that have similarly enabled careless user behavior. The foundational user carelessness issues (in this case, a core willingness to download unverified and unsolicited material, along with inherent lack of knowledge of how to verify authenticity) have not increased. But the number of ways of approaching that user which end-run those limited areas of carefulness he does possess are multiplying geometrically.

A major part of the problem is that convenience, gadgetry, and price always trump security. They shouldn't, but they do, in every aspect: at product conceptualization, design, and testing... at product evaluation/purchase time... at large-scale deployment... during user training... and during usage by actual users. Over the years, I've found two realities transcend all others:
1) Force a manufacturer to choose between incorporating security improvements or "rich user experiences" in a product, and security hasn't got a prayer... particularly if the $ costs are easily measured.
2) Give a user the means to overcome or defeat an inconvenient security feature and he will find a way to do it... and in the process, will believe it won't really matter for his situation.
--
If God wanted us to work with electrons, He'd make them big enough to see...

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 14:41:12 EDT
antiphishing posted :
said by LaZZZy_bOi:

When I used IE I used to get a lot of time alerts from Avira that the websites I visited where infected. Since using Firefox I don't get those alerts anymore and then I decided to go to eicar.com and clicked the eicar.txt and avira didn't detect nothing but in IE it did.

Securing Your Web Browser
»www.cert.org/tech_tips/securing_browser/
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 14:22:19 EDT
peter_m posted :
said by mysec:

Unfortunately, many of today's exploits trick users into granting Administrator privileges to install. And this pertains to users with any Browser or any Operating system.

You are right, we should get rid of the users!?!?!?

What I do with some clients is to put a password on the Admin account and I then use tightVNC to install/manage his Pc remotely... for a fee! The client never gets the password and the dirtiest machines turn into the cleanest machines I service!!!

Some people are just incapable of understanding, but a $35 dollar service fee makes them think twice!

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 14:08:52 EDT
FiOS Dan posted :
said by antiphishing:

Many internet users don't know that you are suppose to set up accounts. I know this because my sisters computer booted to the administrator and was nailed by malware. She had no clue about setting up user account and not using administrator for your day to day computer activities.
After I got my first PC with XP, I surfed for a while as an administrator until learning at BBR about the LUA.
--
Courage is being scared to death but saddling up anyway.

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 14:03:36 EDT
FiOS Dan posted :
said by mysec:

Unfortunately, many of today's exploits trick users into granting Administrator privileges to install. And this pertains to users with any Browser or any Operating system.
You are of course correct mysec but at least the LUA acts as a "speed bump" in the road for exploiters.
--
Courage is being scared to death but saddling up anyway.

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 14:01:51 EDT
antiphishing posted :
said by FiOS Dan:

said by antiphishing:

Do you realize how many internet users use their computer in administrator mode?
A travesty that M$ chose to set administrator as the default mode in XP. :(

The company (Microsoft) that is suppose to help secure internet users makes the problem worse by booting to the administrator account, when you first turn on the computer after the purchase. Where is the logic behind this?

Many internet users don't know that you are suppose to set up accounts. I know this because my sisters computer booted to the administrator and was nailed by malware.

Not only was she not using a firewall with cable broadband, but also no anti-virus software.She had no clue about setting up user account and not using administrator for your day to day computer activities.

--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 13:54:20 EDT
mysec posted :
said by peter_m:

run as a limited user, not an administrator, make surethe OS gets all updates. Will keep you safe from 95% of threats.
said by FiOS Dan:

Thanks peter_m. IMHO running under LUA should be the very first security recommendation and yet it is only occasionally mentioned.

Unfortunately, many of today's exploits trick users into granting Administrator privileges to install. And this pertains to users with any Browser or any Operating system.

From my notes taken from analyses:

update_flash.exe exploit for MAC
The user is then prompted to install the package and during this process he will have to supply the administrator credentials. Yep, it's game over from this point in time (and the attack is exactly the same as on Windows - keep in mind that these users *will* willingly supply these credentials.

DNS Changer exploit on MAC
Users are then prompted to download a "new version of codec". But instead users are downloading an executable .dmg file granting the Trojan it contains full user privileges.

Intego said the Trojan, which requires the user to enter their administrative password to proceed with the installation, is a form of DNSChanger and uses a sophisticated method to change a mac's domain name system (DNS) server.

----
rich

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 13:49:51 EDT
FiOS Dan posted :
said by antiphishing:

Do you realize how many internet users use their computer in administrator mode?
A travesty that M$ chose to set administrator as the default mode in XP. :(
--
Courage is being scared to death but saddling up anyway.

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 13:42:03 EDT
antiphishing posted :
said by peter_m:

run as a limited user, not an administrator, make surethe OS gets all updates. Will keep you safe from 95% of threats.

WOW! Do you realize how many internet users use their computer in administrator mode? Why do you think computer repair store do such a good business? Most of the computer stores where I live specialize in removal of malware. It's either pay to protect your computer or you pay to have the crap removed.
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 13:36:52 EDT
antiphishing posted :
said by Doctor Four:

Of course, none of these are true drive-by downloads per se; they rely mostly on social engineering to get themselves installed. Though in some cases, trying to close the windows that pop up by clicking on the red 'X' may trigger an install attempt by the rogue.

Cyber-Criminals know that by using social engineering tactics they can not only get I.E. users to install malware, but also people who use Firefox. Let me give you a example, I am seeing classmates.com phishing scams that state that your class reunion is coming up and to click on a phishing link. Once you enter the site , you see what looks like a online video display. When you click on "play" it will download a Trojan horse on your computer. Likewise, if you do nothing JavaScript code will try to install the malware by way of a prompts, asking the user to update their Adobe software. Regardless, of the browser, their is no way distinguish if the site is a legitimate or if it's a spoof. Social engineering is getting better due in part because Cyber criminals know that internet users are becoming more careless about internet security.

‘Classmates Reunion’ Used as Malware Ploy
»blog.trendmicro.com/classmates-r···re-ploy/
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 13:31:32 EDT
FiOS Dan posted : Thanks peter_m. IMHO running under LUA should be the very first security recommendation and yet it is only occasionally mentioned.
--
Courage is being scared to death but saddling up anyway.

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 13:27:44 EDT
peter_m posted : run as a limited user, not an administrator, make surethe OS gets all updates. Will keep you safe from 95% of threats.

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 13:16:31 EDT
antiphishing posted :
said by Cudni:

see how non trivial it is to secure software
»What makes software 'secure' or 'insecure'?

Cudni

No one software manufacture makes one hundred percent secure software. The only way to keep Windows and all it's installed software completely secure is not to connect it to the internet. But that is not reality since without cyberspace life would be quite boring :D.
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 13:11:47 EDT
Doctor Four posted :
said by antiphishing:

In my opinion,I've yet to see my computer get infected by spyware or get nailed by a drive by download when using both FireFox version 2.0xx and 3.0x.

This is partially true, at least for me. On two PCs that had Firefox on them, without additional security such as NoScript and the MVPS hosts file, I encountered redirects to Winfixer fraudware sites at intellicast.com and wfaa.com:

»Another WinFixer infiltration...this time on www.wfaa.com

The redirects never occurred again after putting the MVPS hosts file on those two PCs. Nor did they occur on my PC, which already had the MVPS hosts file on it. And later when I put NoScript on my PC, I encountered unsuccessful redirect attempts to pages hosting Antivirus 2009.

Of course, none of these are true drive-by downloads per se; they rely mostly on social engineering to get themselves installed. Though in some cases, trying to close the windows that pop up by clicking on the red 'X' may trigger an install attempt by the rogue.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 12:42:02 EDT
anon posted :
said by LaZZZy_bOi:

Website viruses can't infect you if you use Firefox?
I'll make sure to tell that to my friend who only uses Firefox:

»puter shuts off and reboots

»rebooted and still here

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 12:08:28 EDT
Cudni posted :
said by antiphishing:

Microsoft in part has created this mess and should take full responsibility in securing their products and not rely solely on the person who owns their software to do it for them. :huh:

i don't think i should depend solely on somebody else for security, so I don't

see how non trivial it is to secure software
»What makes software 'secure' or 'insecure'?

Cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 12:01:23 EDT
antiphishing posted :
said by Cudni:

It is a damaging myth to perpetuate that some software or system it runs on is more secure just because of its name because it is not. Learn to secure a browser, learn to secure a system and enjoy internet

Cudni

But you continue to hold on to the simple fact that each and every internet user will secure their browser and or operating system. If this was a true fact then we wouldn't have to deal with Botnets,malware, zombie machines and spam. Microsoft in part has created this mess and should take full responsibility in securing their products and not rely solely on the person who owns their software to do it for them. :huh:

Let me ask you this,Do you real think Windows 7 will be any better then Vista when it comes to security or will they continue to release patches each and every month to hide the fact that they offer substandard software. Mozillia from the very beginning has offered a better product and the mass exodus away from IE proves this point.
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/

Re: Website viruses can't infect you if you use Firefox?

Fri, 02 Jan 2009 11:49:24 EDT
Cudni posted : It is a damaging myth to perpetuate that some software or system it runs on is more secure just because of its name because it is not. Learn to secure a browser, learn to secure a system and enjoy internet

Cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008