• If you are having problems logging in please use the Contact Us in the lower right hand corner of the forum page for assistance.

If you are using Internet Explorer

Goodpasture

Well-known member
This is a quote from a forum where I am an admin. It concerns Internet Explorer. If you are using IE for your primary browser, be aware that it is the least secure browser out there. I know, there are some websites that require IE. Also, you cannot really remove IE from your system. But if you cruise forums and other web sites, it can certainly keep your computer safer from viruses and from hackers. If you want to load Firefox on your computer, go to http://www.mozilla.com/en-US/firefox/ . In addition to being safer, it is free..........


e-cop said:
I've been saying this for many years now.

The Honeynet Project handed us some very compelling experimental evidence for that claim just over a week ago.

I won't hit you over the head with the whole thing - it weighs in at 21 pages after printing. But I'll hit the high spots that will be most directly relevant to people trying to avoid and evade the crooks.

Know Your Enemy: Malicious Web Servers

INTRODUCTION

Today, many attackers are part of organized crime with the intent to defraud their victims. Their goal is to deploy malware on a victim’s machine and to start collecting sensitive data, such as online account credentials and credit card numbers. Since attackers have a tendency to take the path of least resistance and many traditional attack paths are barred by a basic set of security measures, such as firewalls or anti-virus engines, the "black hats" are turning to easier, unprotected attack paths to place their malware onto the end user’s machine. They are turning to client-side attacks.

In this paper, we examine these client-side attacks and evaluate methods to defend against client-side attacks on web browsers. First, we provide an overview of client-side attacks and introduce the honeypot technology that allows security researchers to detect and examine these attacks. We then proceed to examine a number of cases in which malicious web servers on the Internet were identified with our client honeypot technology and evaluate different defense methods. We conclude with a set of recommendations that one can implement to make web browsing safer.
IDENTIFICATION OF MALICIOUS WEB SERVERS

We identified malicious web servers with the high interaction client honeypot Capture-HPC. Capture-HPC is an open source client honeypot developed by Victoria University of Wellington in conjunction with the New Zealand Honeynet Project. This high interaction client honeypot monitors the system at various levels:
  • registry modifications to detect modification of the Windows registry, like new or modified keys
  • file system modifications to detect changes to the file system, like files created or deleted files, and
  • creation/destruction of processes to detect changes in the process structure.
Client honeypot instances are run within a VMware virtual machine. If unauthorized state changes are detected - in other words when a malicious server is encountered - the event is recorded and the virtual machine is reset to a clean state before interacting with the next server. (Appendix A contains download details as well as a detailed description of the tool’s functionality and underlying technical aspects).

With our focus on unauthorized state changes to identify a malicious server, we are narrowing our view to a particular type of malicious server: the ones that can alter the state of the client without user consent or interaction, which usually means that the server is able to control and install malware on the client machine without the user noticing such actions. These attacks are commonly referred to as drive-by-downloads.
Table 1 - Input URLs/ hosts by category
Figure3.JPG


Table 2 – Identified malicious URLs/ hosts by category
Figure4.JPG


Yes, Willow. Your contention was correct. The porn sites are more risky. A fact that I used about six years ago to bust employees surfing porn from work.

Blacklisting
Effective, but figuring out the reason why takes some skull sweat.

Very useful so long as you patch promptly and do not delay. But not perfect, since patching does nothing at all to protect against 0-Day attacks. Which are rare, but nevertheless DO happen. The Windows Metafile business that made the papers about 20 months ago was an example of a 0-Day.

Different Browser
Solid gold here, people.

First, here's what you get just by counting security bug reports. This is what resulted when bugs from the SecurityFocus database were counted up:

Figure 6 - Remote code execution vulnerabilities per browser
Figure6.JPG


Now, here's why that sort of analysis is crap.

To determine which browser is actually safer to use, we set up our client honeypots to use these browsers to interact with the servers. Due to time constraints, we were not able to re-evaluate all 300,000 URLs with each browser, but we did reinspect the highly malicious category of adult content comprising approximately 30,000 URLs.
In other words, the lab team deliberately visited sites that were most likely to house drive-by download compromises.

Out of a total of 30,000 risky URLS thery visited, here's how many compromises they got, broken down per-browser.

Figure 7 - Malicious classifications of adult content URLs per browser
Figure7.JPG


The interesting thing is that not only did Firefox get away cleaner than IE, it was compromised exactly zero times, despite a quite extensive history of security flaws.

We can only speculate why Firefox wasn’t targeted. We suspect that attacking Firefox is a more difficult task as it uses an automated and "immediate" update mechanism. Since Firefox is a standalone application that is not as integrated with the operating system as Internet Explorer, we suspect that users are more likely to have this update mechanism turned on. Firefox is truly a moving target. The success of an attack on a user of Internet Explorer 6 SP2 is likely to be higher than on a Firefox user, and therefore attackers target Internet Explorer 6 SP2.
For those of you who are still using Microsoft Internet Explorer routinely, in situtations where the server at the other end does not actually force you to do so .......

Look at figure 7 again and ask yourself why you're still using IE?
 

Mrs.Greg

Well-known member
Your right Goodpasture,our modem went on our computer a couple weeks ago,took it into a good computer guy we heard about.We also wanted him to clean it up,he told us our computer was infected with lots of spyware that came from Internet explorer and guided us to firefox,things are working way better,faster.
 

Goodpasture

Well-known member
Yes

The local MLS services REQUIRE IE. For just about everything else I use Firefox.....when you install Firefox you can choose to make it your default browser.....do so.

FWIW, e-cop, the author of the above quote, is a computer security specialist located in Seattle.....he knows his stuff.
 
Top