Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to eburger68
Re: Anatomy of a Drive-by-Install
I'd love to read the article, but the webmaster needs to fix that site. It sprawls so badly that I have a horizontal scroll bar there and cannot see the article without long horizontal scrolling of each line. If I make the zoom below 100% then the horizontal scroll bar disappears but I can't read the tiny print. This is on Firefox and usually 100% to 120% text zoom is what I use on sites, but that site needs 150% or higher text zoom to be comfortably readable.
ON IE, with the text set to "medium" I get an even WORSE horizontal scroll bar! So, that site really needs to fix things. Do they expect everyone to use "smallest" font size on IE? That is the only one that doesn't produce the horizontal scroll bar. I have a 19" flat panel LCD at 1280x1024. I think that site is designed for 800x600. Maybe I can read it with out the horizontal scroll bar appearing if I used my 17" Trinitron connected to my older computer.
I suppose I can copy the article to Word when I have time and read it that way.
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 |
|
xblock
join:2004-12-16
Willoughby, OH
| B.
"The Porter/Hertens article seems to omit a rather important little detail -- what does the user have to do, if anything, in order to allow the spyware to install?"
In the case of IE SP1- they have to do nothing. Just hit the web page which appears blank. I posed this question to my son (a 7 year old) and asked him what happened when he hit the web page on the IE SP1 page. He said "nothing happens Dad". Obviously if you look at the packet log a lot things happpen.
In the case of IE SP2- The user will see an elaborate movie explaining how to accept the installation. But there is reference to what is being installed, why it is being installed, or from where it is being installed. The only information they receive from the little movie, aside from install instructions, is a large sign that says THEY MUST INSTALL it.
In the Firefox the user is presented with a java prompt which asks them to install, but the key factor here is again no EULA is presented.
Much more analysis is planned on that piece- we worked on it over the weekend to get some dialogue started. It was like digging into a hole and finding a pool of water, the further we swam into the water the more stuff we found until we realized it wasn't water we were wading through but more like a high-stream sewer. So we took one aspect of the problem and focused on it. There are a myriad of things that can be studied and learned from that page.
The idea for this piece was taken from watching how my son (an eight year old) interacted with a web page and a discussion with my wife ( a teacher) about how kids interact with web pages in her lab.
So naturally prevention is important, if not the cornerstone of the problem, but we wanted to focus on what the user sees versus what it is actually happening and how the entire installation is mixed up with inadequate diclosure, confusing prompts, and no real attempt to tell the user what is going to happen.
regards,
Wayne |
|
B
Premium,MVM
join:2000-10-28
|
It's really unfortunate. It seems that the only way to properly secure clueless newbie browsing under Mozilla is to disable Java entirely?
I realize it's not Mozilla's issue per se; perhaps Sun can address this. I believe I've said before in a different thread here -- the Java plug-in really shouldn't even be capable, by default, of breaking the sandbox with a single real-time "drive-by" style query.
-- B
--
In a realm outside causality and function |
|
ElJay
join:2004-03-17
 ·Great Works Internet
2 edits | 
Java Control Panel Security Settings |
Would this help save a Mozilla/Firefox user from this "drive-by?" |
|
B
Premium,MVM
join:2000-10-28 |
Good find; I don't know.
The Java 1.4.2 control panel I have doesn't offer anything like that tab...
-- B
--
In a realm outside causality and function |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
1 edit | reply to ElJay
said by ElJay  :Would this help save a Mozilla/Firefox user from this "drive-by?" I'm glad you asked:
With the second option unchecked, I was still given options Yes No and Cancel. With the first one unchecked, it went away, but applets using the "<applet="">" code still worked on other (legit) websites.
For some reason I can't get 3 sites to give a me a popup anymore... trying to undo what I did but they may have taken it down and left the flash one in IE up. I'll restore a fresh image and see what happens...
--
Asus A7N8X-X, Athlon XP 2400+ @ 2.0GHz, 1024MB DDR RAM (@ PC2100), GeForce FX 5600Ultra 128MB, Samsung SD-616T 16x DVD-ROM and Sony CRX215E1 48x24x48 CD-RW, 40GB & 120GB HDD.
Y I Hate L-i-n-u-x |
|
Bobby_Peru
Premium
join:2003-06-16
1 edit | reply to B
Weasel Java Toggle |
For my own installs, I keep the JavaScript (Per Tab) Toggle right next to it, as well.
--
**~~Infected/Hijacked? FAQ~~~Protect/Secure Your Box/Data FAQ~~~Security Forum FAQs~~** |
|
